You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/06/19 13:25:32 UTC
[airavata] branch group-based-auth updated: Adding methods needed
for GroupResourceProfile, group based auth
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/group-based-auth by this push:
new 65ddb61 Adding methods needed for GroupResourceProfile, group based auth
65ddb61 is described below
commit 65ddb61b637463906c108b79ed818735e31f723c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Tue Jun 19 09:24:41 2018 -0400
Adding methods needed for GroupResourceProfile, group based auth
---
.../service/security/KeyCloakSecurityManager.java | 15 +++++++++++++--
.../security/KeyCloakSecurityManagerTest.java | 20 ++++++++++++++++++++
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java
index 0648dab..08e4a6d 100644
--- a/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java
+++ b/airavata-services/services-security/src/main/java/org/apache/airavata/service/security/KeyCloakSecurityManager.java
@@ -72,13 +72,23 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager {
"|/airavata/deleteUserComputeResourcePreference|/airavata/deleteUserStoragePreference" +
"|/airavata/generateAndRegisterSSHKeys|/airavata/getAllCredentialSummaryForUsersInGateway" +
"|/airavata/deleteSSHPubKey|/airavata/isUserResourceProfileExists";
- private final static String SHARING_RESOURCE_METHODS = "/airavata/shareResourceWithUsers|/airavata/revokeSharingOfResourceFromUsers|/airavata/getAllAccessibleUsers|/airavata/userHasAccess";
+ private final static String SHARING_RESOURCE_METHODS = "/airavata/shareResourceWithUsers|/airavata/revokeSharingOfResourceFromUsers|/airavata/shareResourceWithGroups|/airavata/revokeSharingOfResourceFromGroups|/airavata/getAllAccessibleUsers|/airavata/userHasAccess";
private final static String SSH_ACCOUNT_PROVISIONER_METHODS =
"/airavata/getSSHAccountProvisioners|/airavata/doesUserHaveSSHAccount|/airavata" +
"/setupUserComputeResourcePreferencesForSSH|" +
// getGatewayResourceProfile is needed to look up whether ssh account provisioning is
// configured for a gateway's compute resource preference
"/airavata/getGatewayResourceProfile";
+ // These methods are protected by sharing registry authorization
+ private final static String GROUP_RESOURCE_PROFILE_METHODS =
+ "/airavata/createGroupResourceProfile|/airavata/updateGroupResourceProfile|/airavata/getGroupResourceProfile" +
+ "|/airavata/removeGroupResourceProfile|/airavata/getGroupResourceList|/airavata/removeGroupComputePrefs" +
+ "|/airavata/removeGroupComputeResourcePolicy|/airavata/removeGroupBatchQueueResourcePolicy" +
+ "|/airavata/getGroupComputeResourcePreference|/airavata/getGroupComputeResourcePolicy" +
+ "|/airavata/getBatchQueueResourcePolicy|/airavata/getGroupComputeResourcePrefList" +
+ "|/airavata/getGroupBatchQueueResourcePolicyList|/airavata/getGroupComputeResourcePolicyList";
+ // Misc. other methods needed for group based authorization
+ private final static String GROUP_BASED_AUTH_METHODS = "/airavata/getGatewayGroups";
private RegistryService.Client registryServiceClient = null;
private SharingRegistryService.Client sharingRegistryServiceClient = null;
@@ -148,7 +158,8 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager {
"/airavata/getWorkflow|/airavata/getWorkflowTemplateId|/airavata/isWorkflowExistWithName|/airavata/registerDataProduct|" +
"/airavata/getDataProduct|/airavata/registerReplicaLocation|/airavata/getParentDataProduct|/airavata/getChildDataProducts|" +
"/airavata/getAllAccessibleUsers|/airavata/getAllApplicationDeployments|/airavata/getAllAppModules|/airavata/getApplicationModule|" + USER_RESOURCE_PROFILE_USER_METHODS + "|" +
- SHARING_RESOURCE_METHODS + "|" + SSH_ACCOUNT_PROVISIONER_METHODS);
+ SHARING_RESOURCE_METHODS + "|" + SSH_ACCOUNT_PROVISIONER_METHODS + "|" + GROUP_RESOURCE_PROFILE_METHODS +
+ "|" + GROUP_BASED_AUTH_METHODS);
initializeSecurityInfra();
}
diff --git a/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java b/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java
index b22ba0c..d630161 100644
--- a/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java
+++ b/airavata-services/services-security/src/test/java/org/apache/airavata/service/security/KeyCloakSecurityManagerTest.java
@@ -117,6 +117,26 @@ public class KeyCloakSecurityManagerTest {
}
@Test
+ public void testAllowedGatewayUserMethod3(@Mocked URL anyURL, @Mocked HttpURLConnection openidConfigHttpURLConnection, @Mocked HttpURLConnection userinfoHttpURLConnection) throws AiravataSecurityException, ApplicationSettingsException, IOException, TException {
+
+ createExpectationsForTokenVerification(openidConfigHttpURLConnection, userinfoHttpURLConnection);
+ createExpectationsForAuthzCacheDisabled();
+ createExpectationsForGatewayGroupsMembership(false, false);
+
+ runIsUserAuthorizedTest("getGroupResourceList", true);
+ }
+
+ @Test
+ public void testAllowedGatewayUserMethod4(@Mocked URL anyURL, @Mocked HttpURLConnection openidConfigHttpURLConnection, @Mocked HttpURLConnection userinfoHttpURLConnection) throws AiravataSecurityException, ApplicationSettingsException, IOException, TException {
+
+ createExpectationsForTokenVerification(openidConfigHttpURLConnection, userinfoHttpURLConnection);
+ createExpectationsForAuthzCacheDisabled();
+ createExpectationsForGatewayGroupsMembership(false, false);
+
+ runIsUserAuthorizedTest("revokeSharingOfResourceFromGroups", true);
+ }
+
+ @Test
public void testAllowedAdminUserMethod(@Mocked URL anyURL, @Mocked HttpURLConnection openidConfigHttpURLConnection, @Mocked HttpURLConnection userinfoHttpURLConnection) throws AiravataSecurityException, ApplicationSettingsException, IOException, TException {
createExpectationsForTokenVerification(openidConfigHttpURLConnection, userinfoHttpURLConnection);