You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/06/19 13:25:32 UTC

[airavata] branch group-based-auth updated: Adding methods needed for GroupResourceProfile, group based auth

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/group-based-auth by this push:
     new 65ddb61  Adding methods needed for GroupResourceProfile, group based auth
65ddb61 is described below

commit 65ddb61b637463906c108b79ed818735e31f723c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Tue Jun 19 09:24:41 2018 -0400

    Adding methods needed for GroupResourceProfile, group based auth
---
 .../service/security/KeyCloakSecurityManager.java    | 15 +++++++++++++--
 .../security/KeyCloakSecurityManagerTest.java        | 20 ++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java
index 0648dab..08e4a6d 100644
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java
+++ b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java
@@ -72,13 +72,23 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager {
             "|/airavata/deleteUserComputeResourcePreference|/airavata/deleteUserStoragePreference" +
             "|/airavata/generateAndRegisterSSHKeys|/airavata/getAllCredentialSummaryForUsersInGateway" +
             "|/airavata/deleteSSHPubKey|/airavata/isUserResourceProfileExists";
-    private final static String SHARING_RESOURCE_METHODS = "/airavata/shareResourceWithUsers|/airavata/revokeSharingOfResourceFromUsers|/airavata/getAllAccessibleUsers|/airavata/userHasAccess";
+    private final static String SHARING_RESOURCE_METHODS = "/airavata/shareResourceWithUsers|/airavata/revokeSharingOfResourceFromUsers|/airavata/shareResourceWithGroups|/airavata/revokeSharingOfResourceFromGroups|/airavata/getAllAccessibleUsers|/airavata/userHasAccess";
     private final static String SSH_ACCOUNT_PROVISIONER_METHODS =
             "/airavata/getSSHAccountProvisioners|/airavata/doesUserHaveSSHAccount|/airavata" +
                     "/setupUserComputeResourcePreferencesForSSH|" +
                     // getGatewayResourceProfile is needed to look up whether ssh account provisioning is
                     // configured for a gateway's compute resource preference
                     "/airavata/getGatewayResourceProfile";
+    // These methods are protected by sharing registry authorization
+    private final static String GROUP_RESOURCE_PROFILE_METHODS =
+            "/airavata/createGroupResourceProfile|/airavata/updateGroupResourceProfile|/airavata/getGroupResourceProfile" +
+                    "|/airavata/removeGroupResourceProfile|/airavata/getGroupResourceList|/airavata/removeGroupComputePrefs" +
+                    "|/airavata/removeGroupComputeResourcePolicy|/airavata/removeGroupBatchQueueResourcePolicy" +
+                    "|/airavata/getGroupComputeResourcePreference|/airavata/getGroupComputeResourcePolicy" +
+                    "|/airavata/getBatchQueueResourcePolicy|/airavata/getGroupComputeResourcePrefList" +
+                    "|/airavata/getGroupBatchQueueResourcePolicyList|/airavata/getGroupComputeResourcePolicyList";
+    // Misc. other methods needed for group based authorization
+    private final static String GROUP_BASED_AUTH_METHODS = "/airavata/getGatewayGroups";
 
     private RegistryService.Client registryServiceClient = null;
     private SharingRegistryService.Client sharingRegistryServiceClient = null;
@@ -148,7 +158,8 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager {
                 "/airavata/getWorkflow|/airavata/getWorkflowTemplateId|/airavata/isWorkflowExistWithName|/airavata/registerDataProduct|" +
                 "/airavata/getDataProduct|/airavata/registerReplicaLocation|/airavata/getParentDataProduct|/airavata/getChildDataProducts|" +
                 "/airavata/getAllAccessibleUsers|/airavata/getAllApplicationDeployments|/airavata/getAllAppModules|/airavata/getApplicationModule|" + USER_RESOURCE_PROFILE_USER_METHODS + "|" +
-                SHARING_RESOURCE_METHODS + "|" + SSH_ACCOUNT_PROVISIONER_METHODS);
+                SHARING_RESOURCE_METHODS + "|" + SSH_ACCOUNT_PROVISIONER_METHODS + "|" + GROUP_RESOURCE_PROFILE_METHODS +
+                "|" + GROUP_BASED_AUTH_METHODS);
 
         initializeSecurityInfra();
     }
diff --git a/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java b/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java
index b22ba0c..d630161 100644
--- a/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java
+++ b/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java
@@ -117,6 +117,26 @@ public class KeyCloakSecurityManagerTest {
     }
 
     @Test
+    public void testAllowedGatewayUserMethod3(@Mocked URL anyURL, @Mocked HttpURLConnection openidConfigHttpURLConnection, @Mocked HttpURLConnection userinfoHttpURLConnection) throws AiravataSecurityException, ApplicationSettingsException, IOException, TException {
+
+        createExpectationsForTokenVerification(openidConfigHttpURLConnection, userinfoHttpURLConnection);
+        createExpectationsForAuthzCacheDisabled();
+        createExpectationsForGatewayGroupsMembership(false, false);
+
+        runIsUserAuthorizedTest("getGroupResourceList", true);
+    }
+
+    @Test
+    public void testAllowedGatewayUserMethod4(@Mocked URL anyURL, @Mocked HttpURLConnection openidConfigHttpURLConnection, @Mocked HttpURLConnection userinfoHttpURLConnection) throws AiravataSecurityException, ApplicationSettingsException, IOException, TException {
+
+        createExpectationsForTokenVerification(openidConfigHttpURLConnection, userinfoHttpURLConnection);
+        createExpectationsForAuthzCacheDisabled();
+        createExpectationsForGatewayGroupsMembership(false, false);
+
+        runIsUserAuthorizedTest("revokeSharingOfResourceFromGroups", true);
+    }
+
+    @Test
     public void testAllowedAdminUserMethod(@Mocked URL anyURL, @Mocked HttpURLConnection openidConfigHttpURLConnection, @Mocked HttpURLConnection userinfoHttpURLConnection) throws AiravataSecurityException, ApplicationSettingsException, IOException, TException {
 
         createExpectationsForTokenVerification(openidConfigHttpURLConnection, userinfoHttpURLConnection);