This repository has been archived by the owner on Nov 22, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
168 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
server/src/main/java/keywhiz/service/permissions/AutomationClientPermissionCheck.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
package keywhiz.service.permissions; | ||
|
||
import com.codahale.metrics.MetricRegistry; | ||
import com.google.inject.Inject; | ||
import keywhiz.api.model.Client; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
public class AutomationClientPermissionCheck implements PermissionCheck{ | ||
private static final Logger logger = LoggerFactory.getLogger( | ||
AutomationClientPermissionCheck.class); | ||
private static final String successMetricName = MetricRegistry.name(AutomationClientPermissionCheck.class, "success", "histogram"); | ||
private static final String failureMetricName = MetricRegistry.name(AutomationClientPermissionCheck.class, "failure", "histogram"); | ||
|
||
private MetricRegistry metricRegistry; | ||
|
||
@Inject | ||
public AutomationClientPermissionCheck(MetricRegistry metricRegistry) { | ||
this.metricRegistry = metricRegistry; | ||
} | ||
|
||
public boolean isAllowed(Object source, String action, Object target) { | ||
boolean hasPermission = isAutomation(source); | ||
|
||
emitHistogramMetrics(hasPermission); | ||
|
||
logger.info( | ||
String.format("isAllowed Actor: %s, Action: %s, Target: %s, Result: %s", source, action, target, | ||
hasPermission)); | ||
|
||
return hasPermission; | ||
} | ||
|
||
private boolean isAutomation(Object source) { | ||
if (source instanceof Client) { | ||
Client client = (Client) source; | ||
return client.isAutomationAllowed(); | ||
} | ||
|
||
return false; | ||
} | ||
|
||
private void emitHistogramMetrics(Boolean isPermitted) { | ||
int hasPermissionSuccessMetricInt = isPermitted ? 1 : 0; | ||
metricRegistry.histogram(successMetricName).update(hasPermissionSuccessMetricInt); | ||
|
||
int hasPermissionFailureMetricInt = isPermitted ? 0 : 1; | ||
metricRegistry.histogram(failureMetricName).update(hasPermissionFailureMetricInt); | ||
} | ||
} |
4 changes: 0 additions & 4 deletions
4
server/src/main/java/keywhiz/service/permissions/KeywhizPrincipal.java
This file was deleted.
Oops, something went wrong.
4 changes: 2 additions & 2 deletions
4
server/src/main/java/keywhiz/service/permissions/PermissionCheck.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
91 changes: 91 additions & 0 deletions
91
server/src/test/java/keywhiz/service/permission/AutomationClientPermissionCheckTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
package keywhiz.service.permission; | ||
|
||
import com.codahale.metrics.MetricRegistry; | ||
import java.util.Objects; | ||
import keywhiz.auth.User; | ||
import keywhiz.api.model.Client; | ||
import keywhiz.service.permissions.Action; | ||
import keywhiz.service.permissions.AutomationClientPermissionCheck; | ||
import org.junit.Before; | ||
import org.junit.Test; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
import static org.assertj.core.api.Assertions.assertThatThrownBy; | ||
|
||
public class AutomationClientPermissionCheckTest { | ||
|
||
private MetricRegistry metricRegistry; | ||
private AutomationClientPermissionCheck automationCheck; | ||
|
||
private static Objects target; | ||
|
||
private static final String ISALLOWED_SUCCESS_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.success.histogram"; | ||
private static final String ISALLOWED_FAILURE_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.failure.histogram"; | ||
private static final String CHECKALLOWEDORTHROW_SUCCESS_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.success.histogram"; | ||
private static final String CHECKALLOWEDORTHROW_EXCEPTION_METRIC_NAME = "keywhiz.service.permissions.AutomationClientPermissionCheck.failure.histogram"; | ||
|
||
private static final Client | ||
automationClient = new Client(0, "automationClient", null, null, null, null, null, null, null, null, false, | ||
true); | ||
private static final Client | ||
nonAutomationClient = new Client(0, "nonAutomationClient", null, null, null, null, null, null, null, null, false, | ||
false); | ||
private static final User user = User.named("user"); | ||
|
||
@Before | ||
public void setUp() { | ||
metricRegistry = new MetricRegistry(); | ||
automationCheck = new AutomationClientPermissionCheck(metricRegistry); | ||
} | ||
|
||
@Test public void testIsAllowedWithAutomationClient() { | ||
boolean permitted = automationCheck.isAllowed(automationClient, Action.ADD, target); | ||
|
||
assertThat(permitted); | ||
|
||
checkCorrectMetrics(1); | ||
} | ||
|
||
@Test public void testIsAllowedWithNonAutomationClient() { | ||
boolean permitted = automationCheck.isAllowed(nonAutomationClient, Action.ADD, target); | ||
|
||
assertThat(!permitted); | ||
|
||
checkCorrectMetrics(0); | ||
} | ||
|
||
@Test public void testIsAllowedWithUser() { | ||
automationCheck.isAllowed(user, Action.ADD, target); | ||
|
||
checkCorrectMetrics(0); | ||
} | ||
|
||
@Test public void testCheckAllowedOrThrowWithAutomationClient() { | ||
automationCheck.checkAllowedOrThrow(automationClient, Action.ADD, target); | ||
|
||
checkCorrectMetrics(1); | ||
|
||
} | ||
|
||
@Test public void testCheckAllowedOrThrowWithNonAutomationClient() { | ||
assertThatThrownBy(() -> automationCheck.checkAllowedOrThrow(nonAutomationClient, Action.ADD, | ||
target)).isInstanceOf(RuntimeException.class); | ||
|
||
checkCorrectMetrics(0); | ||
} | ||
|
||
@Test public void testCheckAllowedOrThrowWithUser() { | ||
assertThatThrownBy(() -> automationCheck.checkAllowedOrThrow(user, Action.ADD, | ||
target)).isInstanceOf(RuntimeException.class); | ||
|
||
checkCorrectMetrics(0); | ||
} | ||
|
||
private void checkCorrectMetrics(int isPermitted) { | ||
assertThat(metricRegistry.histogram(ISALLOWED_SUCCESS_METRIC_NAME).getCount()).isEqualTo(1); | ||
assertThat(metricRegistry.histogram(ISALLOWED_SUCCESS_METRIC_NAME).getSnapshot().getMean()).isEqualTo(isPermitted); | ||
|
||
assertThat(metricRegistry.histogram(ISALLOWED_FAILURE_METRIC_NAME).getCount()).isEqualTo(1); | ||
assertThat(metricRegistry.histogram(ISALLOWED_FAILURE_METRIC_NAME).getSnapshot().getMean()).isEqualTo(1-isPermitted); | ||
} | ||
} |