added KeywhizPrincipalImpl class to extend Clients

square · Jun 16, 2022 · 51df0db · 51df0db
1 parent c3e3a1c
commit 51df0db
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 3 deletions.
diff --git a/server/src/main/java/keywhiz/service/permissions/AutomationClientPermissionCheck.java b/server/src/main/java/keywhiz/service/permissions/AutomationClientPermissionCheck.java
@@ -2,7 +2,6 @@
 
 import com.codahale.metrics.MetricRegistry;
 import com.google.inject.Inject;
-import io.dropwizard.auth.Auth;
 import keywhiz.api.model.Client;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

diff --git a/server/src/main/java/keywhiz/service/permissions/KeywhizPrincipal.java b/server/src/main/java/keywhiz/service/permissions/KeywhizPrincipal.java
@@ -1,4 +1,5 @@
 package keywhiz.service.permissions;
 
-public interface KeywhizPrincipal {
-}
+import java.security.Principal;
+
+public interface KeywhizPrincipal extends Principal {}
diff --git a/server/src/main/java/keywhiz/service/permissions/KeywhizPrincipalImpl.java b/server/src/main/java/keywhiz/service/permissions/KeywhizPrincipalImpl.java
@@ -0,0 +1,18 @@
+package keywhiz.service.permissions;
+
+import javax.annotation.Nullable;
+import keywhiz.api.ApiDate;
+import keywhiz.api.model.Client;
+
+public abstract class KeywhizPrincipalImpl extends Client implements KeywhizPrincipal{
+  public KeywhizPrincipalImpl(long id, String name, @Nullable String description,
+      @Nullable String spiffeId, ApiDate createdAt,
+      @Nullable String createdBy, ApiDate updatedAt,
+      @Nullable String updatedBy,
+      @Nullable ApiDate lastSeen,
+      @Nullable ApiDate expiration, boolean enabled,
+      boolean automationAllowed) {
+    super(id, name, description, spiffeId, createdAt, createdBy, updatedAt, updatedBy, lastSeen,
+        expiration, enabled, automationAllowed);
+  }
+}
diff --git a/server/src/test/java/keywhiz/service/permission/AutomationClientPermissionCheckTest.java b/server/src/test/java/keywhiz/service/permission/AutomationClientPermissionCheckTest.java
@@ -0,0 +1,75 @@
+package keywhiz.service.permission;
+
+import com.codahale.metrics.MetricRegistry;
+import java.security.Principal;
+import java.util.Objects;
+import keywhiz.auth.User;
+import keywhiz.service.permissions.Action;
+import keywhiz.service.permissions.AutomationClientPermissionCheck;
+import keywhiz.service.permissions.KeywhizPrincipal;
+import keywhiz.service.permissions.KeywhizPrincipalImpl;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class AutomationClientPermissionCheckTest {
+
+  private MetricRegistry metricRegistry;
+  private AutomationClientPermissionCheck automationCheck;
+
+  private static Objects target;
+
+  private static final String ISALLOWED_SUCCESS_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.success.histogram";
+  private static final String ISALLOWED_FAILURE_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.failure.histogram";
+  private static final String CHECKALLOWEDORTHROW_SUCCESS_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.success.histogram";
+  private static final String CHECKALLOWEDORTHROW_EXCEPTION_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.failure.histogram";
+
+  private static final KeywhizPrincipal automationClient = new KeywhizPrincipalImpl(0,
+      "automationClient", null, null, null, null, null, null, null, null, false,
+      true) {
+    @Override public String getName() {
+      return null;
+    }
+  };
+  private static final KeywhizPrincipal nonAutomationClient = new KeywhizPrincipalImpl(0,
+      "noneAutomationClient", null, null, null, null, null, null, null, null, false,
+      false) {
+    @Override public String getName() {
+      return null;
+    }
+  };
+
+  private static final User user = User.named("user");
+  // KeywhizPrincipal keywhizUser = (KeywhizPrincipal) user;
+
+  @Before
+  public void setUp() {
+    metricRegistry = new MetricRegistry();
+    automationCheck = new AutomationClientPermissionCheck(metricRegistry);
+  }
+
+  @Test public void testIsAllowedWithAutomationClient() {
+    boolean permitted = automationCheck.isAllowed(automationClient, Action.ADD, target);
+
+    assertThat(permitted);
+
+    assertThat(metricRegistry.histogram(ISALLOWED_SUCCESS_METRIC_NAME).getCount()).isEqualTo(1);
+    assertThat(metricRegistry.histogram(ISALLOWED_SUCCESS_METRIC_NAME).getSnapshot().getMean()).isEqualTo(1);
+
+    assertThat(metricRegistry.histogram(ISALLOWED_FAILURE_METRIC_NAME).getCount()).isEqualTo(1);
+    assertThat(metricRegistry.histogram(ISALLOWED_FAILURE_METRIC_NAME).getSnapshot().getMean()).isEqualTo(0);
+  }
+
+  @Test public void testIsAllowedWithNonAutomationClient() {
+    boolean permitted = automationCheck.isAllowed(nonAutomationClient, Action.ADD, target);
+
+    assertThat(!permitted);
+
+    assertThat(metricRegistry.histogram(ISALLOWED_SUCCESS_METRIC_NAME).getCount()).isEqualTo(1);
+    assertThat(metricRegistry.histogram(ISALLOWED_SUCCESS_METRIC_NAME).getSnapshot().getMean()).isEqualTo(0);
+
+    assertThat(metricRegistry.histogram(ISALLOWED_FAILURE_METRIC_NAME).getCount()).isEqualTo(1);
+    assertThat(metricRegistry.histogram(ISALLOWED_FAILURE_METRIC_NAME).getSnapshot().getMean()).isEqualTo(1);
+  }
+}