From caba2bff8003832477522f11163b34f16a1940d6 Mon Sep 17 00:00:00 2001 From: Chandrasekhar Raman <33996892+chandrasekhar1996@users.noreply.github.com> Date: Sat, 28 Sep 2024 11:36:30 -0700 Subject: [PATCH] send notification for put group membership decision (#2742) Signed-off-by: craman Co-authored-by: craman --- .../messages/ServerCommon.properties | 4 + .../messages/ServerCommon.properties | 4 + .../java/com/yahoo/athenz/zms/DBService.java | 15 + .../java/com/yahoo/athenz/zms/ZMSImpl.java | 38 +- .../MembershipDecisionNotificationCommon.java | 86 + ...oupMembershipDecisionNotificationTask.java | 159 ++ ...oleMembershipDecisionNotificationTask.java | 49 +- .../zms/store/ObjectStoreConnection.java | 1 + .../zms/store/impl/jdbc/JDBCConnection.java | 33 + .../pending-group-membership-approve.html | 34 + .../pending-group-membership-reject.html | 34 + .../pending-role-membership-approve.html | 2 +- .../com/yahoo/athenz/zms/DBServiceTest.java | 69 + .../com/yahoo/athenz/zms/ZMSImplTest.java | 473 ++++- ...bershipDecisionNotificationCommonTest.java | 195 +++ ...embershipDecisionNotificationTaskTest.java | 356 ++++ .../store/impl/jdbc/JDBCConnectionTest.java | 1515 +++++++++-------- 17 files changed, 2236 insertions(+), 831 deletions(-) create mode 100644 servers/zms/src/main/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommon.java create mode 100644 servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTask.java create mode 100644 servers/zms/src/main/resources/messages/pending-group-membership-approve.html create mode 100644 servers/zms/src/main/resources/messages/pending-group-membership-reject.html create mode 100644 servers/zms/src/test/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommonTest.java create mode 100644 servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTaskTest.java diff --git a/libs/java/server_common/src/main/resources/messages/ServerCommon.properties b/libs/java/server_common/src/main/resources/messages/ServerCommon.properties index 5c353c90b17..0649ac11db9 100644 --- a/libs/java/server_common/src/main/resources/messages/ServerCommon.properties +++ b/libs/java/server_common/src/main/resources/messages/ServerCommon.properties @@ -25,3 +25,7 @@ athenz.notification.email.group_member.expiry.subject=Athenz Group Member Expira athenz.notification.email.pending_role_membership.decision.reject.subject=Athenz Pending Role Member Rejected athenz.notification.email.pending_role_membership.decision.approval.subject=Athenz Pending Role Member Approved + +athenz.notification.email.pending_group_membership.decision.reject.subject=Athenz Pending Group Member Rejected + +athenz.notification.email.pending_group_membership.decision.approval.subject=Athenz Pending Group Member Approved diff --git a/libs/java/server_common/src/test/resources/messages/ServerCommon.properties b/libs/java/server_common/src/test/resources/messages/ServerCommon.properties index 96322377f9d..7b593cc01ba 100644 --- a/libs/java/server_common/src/test/resources/messages/ServerCommon.properties +++ b/libs/java/server_common/src/test/resources/messages/ServerCommon.properties @@ -1,3 +1,7 @@ athenz.notification.email.role_member.expiry.subject=Athenz Role Member Expiration Notification + athenz.notification.email.pending_role_membership.decision.reject.subject=Athenz Pending Role Member Rejected athenz.notification.email.pending_role_membership.decision.approval.subject=Athenz Pending Role Member Approved + +athenz.notification.email.pending_group_membership.decision.reject.subject=Athenz Pending Group Member Rejected +athenz.notification.email.pending_group_membership.decision.approval.subject=Athenz Pending Group Member Approved diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java index 32be934b70f..7a3a678ffb5 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java @@ -9743,6 +9743,21 @@ RoleMember getPendingRoleMember(String domainName, String roleName, String membe } } + GroupMember getPendingGroupMember(String domainName, String groupName, String memberName) { + final String caller = "getPendingGroupMember"; + try (ObjectStoreConnection con = store.getConnection(true, false)) { + GroupMember pendingMember = con.getPendingGroupMember(domainName, groupName, memberName); + if (pendingMember == null) { + throw ZMSUtils.notFoundError("Pending group member " + memberName + " not found", caller); + } + return pendingMember; + } catch (ResourceException ex) { + LOG.error("getPendingGroupMember: error getting pending group member {} from {}:group.{} - error {}", + memberName, domainName, groupName, ex.getMessage()); + throw ex; + } + } + class UserAuthorityFilterEnforcer implements Runnable { public UserAuthorityFilterEnforcer() { diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java index 3554a0b7afa..25d6d63d58c 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java @@ -50,10 +50,7 @@ import com.yahoo.athenz.common.server.util.config.providers.ConfigProviderFile; import com.yahoo.athenz.common.utils.SignUtils; import com.yahoo.athenz.zms.config.*; -import com.yahoo.athenz.zms.notification.PutGroupMembershipNotificationTask; -import com.yahoo.athenz.zms.notification.PutRoleMembershipDecisionNotificationTask; -import com.yahoo.athenz.zms.notification.PutRoleMembershipNotificationTask; -import com.yahoo.athenz.zms.notification.ZMSNotificationTaskFactory; +import com.yahoo.athenz.zms.notification.*; import com.yahoo.athenz.zms.provider.DomainDependencyProviderResponse; import com.yahoo.athenz.zms.provider.ServiceProviderClient; import com.yahoo.athenz.zms.provider.ServiceProviderManager; @@ -5062,6 +5059,33 @@ void sendRoleMembershipDecisionNotification(final String domain, final String ro notificationManager.sendNotifications(notifications); } + void sendGroupMembershipDecisionNotification(final String domain, final String groupName, + final GroupMember groupMember, final String auditRef, + final String actionPrincipal, final String pendingState, final String requestPrincipal) { + + + Map details = new HashMap<>(); + details.put(NOTIFICATION_DETAILS_DOMAIN, domain); + details.put(NOTIFICATION_DETAILS_GROUP, groupName); + details.put(NOTIFICATION_DETAILS_MEMBER, groupMember.getMemberName()); + details.put(NOTIFICATION_DETAILS_REASON, auditRef); + details.put(NOTIFICATION_DETAILS_REQUESTER, requestPrincipal); + details.put(NOTIFICATION_DETAILS_PENDING_MEMBERSHIP_DECISION_PRINCIPAL, actionPrincipal); + details.put(NOTIFICATION_DETAILS_PENDING_MEMBERSHIP_STATE, pendingState); + + String membershipDecision = groupMember.getApproved() ? ZMSConsts.PENDING_REQUEST_APPROVE : ZMSConsts.PENDING_REQUEST_REJECT; + details.put(NOTIFICATION_DETAILS_PENDING_MEMBERSHIP_DECISION, membershipDecision); + + if (LOG.isDebugEnabled()) { + LOG.debug("Sending group membership decision notification after putGroupMembershipDecision"); + } + + List notifications = new PutGroupMembershipDecisionNotificationTask(details, + groupMember.getApproved(), dbService, userDomainPrefix, + notificationToEmailConverterCommon).getNotifications(); + notificationManager.sendNotifications(notifications); + } + @Override public void deletePendingMembership(ResourceContext ctx, String domainName, String roleName, String memberName, String auditRef) { @@ -11567,7 +11591,13 @@ public void putGroupMembershipDecision(ResourceContext ctx, String domainName, S userAuthorityFilterSet, principalDomainFilter, caller); } + //get the pending group member details to send notification + GroupMember pendingMember = dbService.getPendingGroupMember(domainName, groupName, memberName); + dbService.executePutGroupMembershipDecision(ctx, domainName, group, groupMember, auditRef); + + sendGroupMembershipDecisionNotification(domainName, groupName, + groupMember, auditRef, principal.getFullName(), pendingMember.getPendingState(), pendingMember.getRequestPrincipal()); } @Override diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommon.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommon.java new file mode 100644 index 00000000000..387876d4c92 --- /dev/null +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommon.java @@ -0,0 +1,86 @@ +/* + * Copyright The Athenz Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.yahoo.athenz.zms.notification; + +import com.yahoo.athenz.auth.AuthorityConsts; +import com.yahoo.athenz.auth.util.AthenzUtils; +import com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher; +import com.yahoo.athenz.zms.DBService; +import com.yahoo.athenz.zms.Group; +import com.yahoo.athenz.zms.utils.ZMSUtils; +import org.apache.commons.lang3.StringUtils; +import org.eclipse.jetty.util.StringUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import static com.yahoo.athenz.common.ServerCommonConsts.ADMIN_ROLE_NAME; + +public class MembershipDecisionNotificationCommon { + private static final Logger LOGGER = LoggerFactory.getLogger(MembershipDecisionNotificationCommon.class); + private final DBService dbService; + private final DomainRoleMembersFetcher domainRoleMembersFetcher; + private final String userDomainPrefix; + + MembershipDecisionNotificationCommon(DBService dbService, DomainRoleMembersFetcher domainRoleMembersFetcher, String userDomainPrefix) { + this.dbService = dbService; + this.domainRoleMembersFetcher = domainRoleMembersFetcher; + this.userDomainPrefix = userDomainPrefix; + } + + public Set getRecipients(List members) { + Set notifyMembers = new HashSet<>(); + for (String memberName : members) { + if (StringUtils.isEmpty(memberName)) { + continue; + } + int idx = memberName.indexOf(AuthorityConsts.GROUP_SEP); + if (idx != -1) { + final String domainName = memberName.substring(0, idx); + final String groupName = memberName.substring(idx + AuthorityConsts.GROUP_SEP.length()); + Group group = dbService.getGroup(domainName, groupName, Boolean.FALSE, Boolean.FALSE); + if (group == null) { + LOGGER.error("unable to retrieve group: {} in domain: {}", groupName, domainName); + continue; + } + if (!StringUtil.isEmpty(group.getNotifyRoles())) { + notifyMembers.addAll(NotificationUtils.extractNotifyRoleMembers(domainRoleMembersFetcher, + domainName, group.getNotifyRoles())); + } else { + notifyMembers.addAll(domainRoleMembersFetcher.getDomainRoleMembers(domainName, ADMIN_ROLE_NAME)); + } + } else { + final String domainName = AthenzUtils.extractPrincipalDomainName(memberName); + if (userDomainPrefix.equals(domainName + ".")) { + notifyMembers.add(memberName); + } else { + // domain role fetcher only returns the human users + Set domainAdminMembers = domainRoleMembersFetcher.getDomainRoleMembers(domainName, ADMIN_ROLE_NAME); + if (!ZMSUtils.isCollectionEmpty(domainAdminMembers)) { + for (String domainAdminMember : domainAdminMembers) { + notifyMembers.add(domainAdminMember); + } + } + } + } + } + return notifyMembers; + } +} diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTask.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTask.java new file mode 100644 index 00000000000..c6d710afab3 --- /dev/null +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTask.java @@ -0,0 +1,159 @@ +/* + * Copyright The Athenz Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.yahoo.athenz.zms.notification; + +import com.yahoo.athenz.common.server.notification.*; +import com.yahoo.athenz.zms.DBService; +import com.yahoo.rdl.Timestamp; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.text.MessageFormat; +import java.util.*; + +import static com.yahoo.athenz.common.server.notification.NotificationServiceConstants.*; +import static com.yahoo.athenz.common.server.notification.NotificationServiceConstants.NOTIFICATION_DETAILS_REQUESTER; +import static com.yahoo.athenz.common.server.notification.impl.MetricNotificationService.*; +import static com.yahoo.athenz.common.server.notification.impl.MetricNotificationService.METRIC_NOTIFICATION_REQUESTER_KEY; + +public class PutGroupMembershipDecisionNotificationTask implements NotificationTask { + + private static final Logger LOGGER = LoggerFactory.getLogger(PutRoleMembershipDecisionNotificationTask.class); + + private final Map details; + private final NotificationCommon notificationCommon; + private final static String DESCRIPTION = "Pending Group Membership Decision Notification"; + private final PutGroupMembershipDecisionNotificationToEmailConverter putMembershipNotificationToEmailConverter; + private final PutGroupMembershipDecisionNotificationToMetricConverter putMembershipNotificationToMetricConverter; + private final DBService dbService; + private final DomainRoleMembersFetcher domainRoleMembersFetcher; + private final String userDomainPrefix; + + public PutGroupMembershipDecisionNotificationTask(Map details, Boolean approved, DBService dbService, String userDomainPrefix, NotificationToEmailConverterCommon notificationToEmailConverterCommon) { + this.details = details; + this.userDomainPrefix = userDomainPrefix; + this.domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbService, userDomainPrefix); + this.notificationCommon = new NotificationCommon(domainRoleMembersFetcher, userDomainPrefix); + this.putMembershipNotificationToEmailConverter = new PutGroupMembershipDecisionNotificationToEmailConverter(notificationToEmailConverterCommon, approved); + this.putMembershipNotificationToMetricConverter = new PutGroupMembershipDecisionNotificationToMetricConverter(); + this.dbService = dbService; + } + + @Override + public List getNotifications() { + if (details == null) { + return new ArrayList<>(); + } + // we need to send the notification to both the member whose pending membership was approved or rejected + // and also the member who requested the pending member + List members = new ArrayList<>(); + members.add(details.getOrDefault(NOTIFICATION_DETAILS_MEMBER, "")); + members.add(details.getOrDefault(NOTIFICATION_DETAILS_REQUESTER, "")); + + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbService, domainRoleMembersFetcher, userDomainPrefix); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); + + return Collections.singletonList(notificationCommon.createNotification( + Notification.Type.GROUP_MEMBER_DECISION, + recipients, + details, + putMembershipNotificationToEmailConverter, + putMembershipNotificationToMetricConverter)); + } + + @Override + public String getDescription() { + return DESCRIPTION; + } + + public static class PutGroupMembershipDecisionNotificationToEmailConverter implements NotificationToEmailConverter { + private static final String EMAIL_TEMPLATE_NOTIFICATION_APPROVAL = "messages/pending-group-membership-approve.html"; + private static final String PENDING_MEMBERSHIP_APPROVAL_SUBJECT = "athenz.notification.email.pending_group_membership.decision.approval.subject"; + + private static final String EMAIL_TEMPLATE_NOTIFICATION_REJECT = "messages/pending-group-membership-reject.html"; + private static final String PENDING_MEMBERSHIP_REJECT_SUBJECT = "athenz.notification.email.pending_group_membership.decision.reject.subject"; + + private final NotificationToEmailConverterCommon notificationToEmailConverterCommon; + private final String emailMembershipDecisionBody; + private final boolean pendingMemberApproved; + + public PutGroupMembershipDecisionNotificationToEmailConverter(NotificationToEmailConverterCommon notificationToEmailConverterCommon, boolean approved) { + this.notificationToEmailConverterCommon = notificationToEmailConverterCommon; + pendingMemberApproved = approved; + emailMembershipDecisionBody = getEmailBody(); + } + + String getMembershipDecisionBody(Map metaDetails) { + if (metaDetails == null) { + return null; + } + String athenzUIUrl = notificationToEmailConverterCommon.getAthenzUIUrl(); + String body = MessageFormat.format(emailMembershipDecisionBody, metaDetails.get(NOTIFICATION_DETAILS_DOMAIN), + metaDetails.get(NOTIFICATION_DETAILS_GROUP), metaDetails.get(NOTIFICATION_DETAILS_MEMBER), + metaDetails.get(NOTIFICATION_DETAILS_REASON), metaDetails.get(NOTIFICATION_DETAILS_REQUESTER), + metaDetails.get(NOTIFICATION_DETAILS_PENDING_MEMBERSHIP_STATE), + metaDetails.get(NOTIFICATION_DETAILS_PENDING_MEMBERSHIP_DECISION_PRINCIPAL), + athenzUIUrl); + return notificationToEmailConverterCommon.addCssStyleToBody(body); + } + + @Override + public NotificationEmail getNotificationAsEmail(Notification notification) { + String subject = notificationToEmailConverterCommon.getSubject(getNotificationSubjectProp()); + String body = getMembershipDecisionBody(notification.getDetails()); + Set fullyQualifiedEmailAddresses = notificationToEmailConverterCommon.getFullyQualifiedEmailAddresses(notification.getRecipients()); + return new NotificationEmail(subject, body, fullyQualifiedEmailAddresses); + } + + String getEmailBody() { + if (pendingMemberApproved) { + return notificationToEmailConverterCommon.readContentFromFile(getClass().getClassLoader(), EMAIL_TEMPLATE_NOTIFICATION_APPROVAL); + } else { + return notificationToEmailConverterCommon.readContentFromFile(getClass().getClassLoader(), EMAIL_TEMPLATE_NOTIFICATION_REJECT); + } + } + + String getNotificationSubjectProp() { + if (pendingMemberApproved) { + return PENDING_MEMBERSHIP_APPROVAL_SUBJECT; + } else { + return PENDING_MEMBERSHIP_REJECT_SUBJECT; + } + } + } + + public static class PutGroupMembershipDecisionNotificationToMetricConverter implements NotificationToMetricConverter { + private final static String NOTIFICATION_TYPE = "pending_group_membership_decision"; + + @Override + public NotificationMetric getNotificationAsMetrics(Notification notification, Timestamp currentTime) { + String[] record = new String[] { + METRIC_NOTIFICATION_TYPE_KEY, NOTIFICATION_TYPE, + METRIC_NOTIFICATION_DOMAIN_KEY, notification.getDetails().get(NOTIFICATION_DETAILS_DOMAIN), + METRIC_NOTIFICATION_GROUP_KEY, notification.getDetails().get(NOTIFICATION_DETAILS_GROUP), + METRIC_NOTIFICATION_MEMBER_KEY, notification.getDetails().get(NOTIFICATION_DETAILS_MEMBER), + METRIC_NOTIFICATION_REASON_KEY, notification.getDetails().get(NOTIFICATION_DETAILS_REASON), + METRIC_NOTIFICATION_REQUESTER_KEY, notification.getDetails().get(NOTIFICATION_DETAILS_REQUESTER), + METRIC_NOTIFICATION_MEMBERSHIP_DECISION, notification.getDetails().get(NOTIFICATION_DETAILS_PENDING_MEMBERSHIP_DECISION) + }; + + List attributes = new ArrayList<>(); + attributes.add(record); + return new NotificationMetric(attributes); + } + } +} diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutRoleMembershipDecisionNotificationTask.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutRoleMembershipDecisionNotificationTask.java index 702b2f11560..30881023c76 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutRoleMembershipDecisionNotificationTask.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/notification/PutRoleMembershipDecisionNotificationTask.java @@ -16,22 +16,15 @@ package com.yahoo.athenz.zms.notification; -import com.yahoo.athenz.auth.AuthorityConsts; -import com.yahoo.athenz.auth.util.AthenzUtils; import com.yahoo.athenz.common.server.notification.*; import com.yahoo.athenz.zms.DBService; -import com.yahoo.athenz.zms.Group; -import com.yahoo.athenz.zms.utils.ZMSUtils; import com.yahoo.rdl.Timestamp; -import org.apache.commons.lang3.StringUtils; -import org.eclipse.jetty.util.StringUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.text.MessageFormat; import java.util.*; -import static com.yahoo.athenz.common.ServerCommonConsts.ADMIN_ROLE_NAME; import static com.yahoo.athenz.common.server.notification.NotificationServiceConstants.*; import static com.yahoo.athenz.common.server.notification.NotificationServiceConstants.NOTIFICATION_DETAILS_REQUESTER; import static com.yahoo.athenz.common.server.notification.impl.MetricNotificationService.*; @@ -71,7 +64,8 @@ public List getNotifications() { members.add(details.getOrDefault(NOTIFICATION_DETAILS_MEMBER, "")); members.add(details.getOrDefault(NOTIFICATION_DETAILS_REQUESTER, "")); - Set recipients = getRecipients(members); + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbService, domainRoleMembersFetcher, userDomainPrefix); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); return Collections.singletonList(notificationCommon.createNotification( Notification.Type.ROLE_MEMBER_DECISION, @@ -86,45 +80,6 @@ public String getDescription() { return DESCRIPTION; } - Set getRecipients(List members) { - Set notifyMembers = new HashSet<>(); - for (String memberName : members) { - if (StringUtils.isEmpty(memberName)) { - continue; - } - int idx = memberName.indexOf(AuthorityConsts.GROUP_SEP); - if (idx != -1) { - final String domainName = memberName.substring(0, idx); - final String groupName = memberName.substring(idx + AuthorityConsts.GROUP_SEP.length()); - Group group = dbService.getGroup(domainName, groupName, Boolean.FALSE, Boolean.FALSE); - if (group == null) { - LOGGER.error("unable to retrieve group: {} in domain: {}", groupName, domainName); - continue; - } - if (!StringUtil.isEmpty(group.getNotifyRoles())) { - notifyMembers.addAll(NotificationUtils.extractNotifyRoleMembers(domainRoleMembersFetcher, - domainName, group.getNotifyRoles())); - } else { - notifyMembers.addAll(domainRoleMembersFetcher.getDomainRoleMembers(domainName, ADMIN_ROLE_NAME)); - } - } else { - final String domainName = AthenzUtils.extractPrincipalDomainName(memberName); - if (userDomainPrefix.equals(domainName + ".")) { - notifyMembers.add(memberName); - } else { - // domain role fetcher only returns the human users - Set domainAdminMembers = domainRoleMembersFetcher.getDomainRoleMembers(domainName, ADMIN_ROLE_NAME); - if (!ZMSUtils.isCollectionEmpty(domainAdminMembers)) { - for (String domainAdminMember : domainAdminMembers) { - notifyMembers.add(domainAdminMember); - } - } - } - } - } - return notifyMembers; - } - public static class PutRoleMembershipDecisionNotificationToEmailConverter implements NotificationToEmailConverter { private static final String EMAIL_TEMPLATE_NOTIFICATION_APPROVAL = "messages/pending-role-membership-approve.html"; private static final String PENDING_MEMBERSHIP_APPROVAL_SUBJECT = "athenz.notification.email.pending_role_membership.decision.approval.subject"; diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/ObjectStoreConnection.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/ObjectStoreConnection.java index 4e96cc444e5..75609af0f32 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/ObjectStoreConnection.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/ObjectStoreConnection.java @@ -131,6 +131,7 @@ public interface ObjectStoreConnection extends Closeable { DomainGroupMembers listDomainGroupMembers(String domainName); DomainGroupMember getPrincipalGroups(String principal, String domainName); List listGroupsWithUserAuthorityRestrictions(); + GroupMember getPendingGroupMember(String domainName, String groupName, String memberName); // Policy commands diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java index c71c01d67f3..0f21540169c 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java @@ -7031,6 +7031,39 @@ public List listGroupsWithUserAuthorityRestrictions() { return groups; } + @Override + public GroupMember getPendingGroupMember(String domainName, String groupName, String memberName) { + final String caller = "getPendingGroupMember"; + + int domainId = getDomainId(domainName); + if (domainId == 0) { + throw notFoundError(caller, ZMSConsts.OBJECT_DOMAIN, domainName); + } + int groupId = getGroupId(domainId, groupName); + if (groupId == 0) { + throw notFoundError(caller, OBJECT_GROUP, ResourceUtils.groupResourceName(domainName, groupName)); + } + + try (PreparedStatement ps = con.prepareStatement(SQL_GET_PENDING_GROUP_MEMBER)) { + ps.setInt(1, groupId); + ps.setString(2, memberName); + try (ResultSet rs = executeQuery(ps, caller)) { + GroupMember groupMember = new GroupMember(); + if (rs.next()) { + groupMember.setMemberName(memberName); + groupMember.setRequestPrincipal(rs.getString(3)); + groupMember.setPendingState(rs.getString(4)); + return groupMember; + } else { + return null; + } + + } + } catch (SQLException ex) { + throw sqlError(ex, caller); + } + } + @Override public boolean updatePrincipal(String principal, int newState) { diff --git a/servers/zms/src/main/resources/messages/pending-group-membership-approve.html b/servers/zms/src/main/resources/messages/pending-group-membership-approve.html new file mode 100644 index 00000000000..2992ebeef4c --- /dev/null +++ b/servers/zms/src/main/resources/messages/pending-group-membership-approve.html @@ -0,0 +1,34 @@ + + + + + + + + +
+
+ +
Pending Group Membership Approved Details
+
Please find below the details of the decision regarding the pending group member:
+
+
+ + + + + + + + +
DOMAIN{0}
GROUP{1}
MEMBER{2}
REASON{3}
REQUESTER{4}
PENDING OPERATION{5}
APPROVED BY{6}
+
+
+ +
+ + diff --git a/servers/zms/src/main/resources/messages/pending-group-membership-reject.html b/servers/zms/src/main/resources/messages/pending-group-membership-reject.html new file mode 100644 index 00000000000..4cb14246efa --- /dev/null +++ b/servers/zms/src/main/resources/messages/pending-group-membership-reject.html @@ -0,0 +1,34 @@ + + + + + + + + +
+
+ +
Pending Group Membership Rejected Details
+
Please find below the details of the decision regarding the pending group member:
+
+
+ + + + + + + + +
DOMAIN{0}
GROUP{1}
MEMBER{2}
REASON{3}
REQUESTER{4}
PENDING OPERATION{5}
REJECTED BY{6}
+
+
+ +
+ + diff --git a/servers/zms/src/main/resources/messages/pending-role-membership-approve.html b/servers/zms/src/main/resources/messages/pending-role-membership-approve.html index 77714efb708..31ed6e9b59a 100644 --- a/servers/zms/src/main/resources/messages/pending-role-membership-approve.html +++ b/servers/zms/src/main/resources/messages/pending-role-membership-approve.html @@ -21,7 +21,7 @@ MEMBER{2} REASON{3} REQUESTER{4} - PENDING STATE{5} + PENDING OPERATION{5} APPROVED BY{6} diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java index ed466cfecb2..f3a06bf8654 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java @@ -13448,4 +13448,73 @@ public void testGetPendingRoleMemberException() { zms.dbService.store = saveStore; } + + @Test + public void testGetPendingGroupMember() { + String domainName = "domain1"; + String groupName = "group1"; + String memberName = "user.user1"; + String requestPrincipal = "user.joe"; + + GroupMember dummyResult = new GroupMember(); + dummyResult.setPendingState(PENDING_REQUEST_ADD_STATE); + dummyResult.setMemberName(memberName); + dummyResult.setRequestPrincipal(requestPrincipal); + + Mockito.when(mockJdbcConn.getPendingGroupMember(domainName, groupName, memberName)).thenReturn(dummyResult); + + ObjectStore saveStore = zms.dbService.store; + zms.dbService.store = mockObjStore; + + GroupMember groupMember = zms.dbService.getPendingGroupMember(domainName, groupName, memberName); + assertNotNull(groupMember); + assertEquals(groupMember.getMemberName(), memberName); + assertEquals(groupMember.getRequestPrincipal(), requestPrincipal); + assertEquals(groupMember.getPendingState(), PENDING_REQUEST_ADD_STATE); + assertEquals(groupMember.getExpiration(), null); + + zms.dbService.store = saveStore; + } + + @Test + public void testGetPendingGroupMemberNotFound() { + String domainName = "domain1"; + String groupName = "group1"; + String memberName = "user.user1"; + + Mockito.when(mockJdbcConn.getPendingGroupMember(domainName, groupName, memberName)).thenReturn(null); + + ObjectStore saveStore = zms.dbService.store; + zms.dbService.store = mockObjStore; + + try { + zms.dbService.getPendingGroupMember(domainName, groupName, memberName); + fail(); + } catch (ResourceException ex) { + assertEquals(ex.getCode(), ResourceException.NOT_FOUND); + } + + zms.dbService.store = saveStore; + } + + @Test + public void testGetPendingGroupMemberException() { + String domainName = "domain1"; + String groupName = "group1"; + String memberName = "user.user1"; + + Mockito.when(mockJdbcConn.getPendingGroupMember(domainName, groupName, memberName)).thenThrow(new ResourceException(ResourceException.INTERNAL_SERVER_ERROR)); + + ObjectStore saveStore = zms.dbService.store; + zms.dbService.store = mockObjStore; + + try { + zms.dbService.getPendingGroupMember(domainName, groupName, memberName); + fail(); + } catch (ResourceException ex) { + assertEquals(ex.getCode(), ResourceException.INTERNAL_SERVER_ERROR); + } + + zms.dbService.store = saveStore; + } } diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java index a4924857cd5..15b9a9c890f 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java @@ -48,6 +48,7 @@ import com.yahoo.athenz.zms.ZMSImpl.AccessStatus; import com.yahoo.athenz.zms.ZMSImpl.AthenzObject; import com.yahoo.athenz.zms.config.MemberDueDays; +import com.yahoo.athenz.zms.notification.PutGroupMembershipDecisionNotificationTask; import com.yahoo.athenz.zms.notification.PutRoleMembershipDecisionNotificationTask; import com.yahoo.athenz.zms.notification.PutRoleMembershipNotificationTask; import com.yahoo.athenz.zms.provider.ServiceProviderManager; @@ -507,7 +508,7 @@ public void testPostTopLevelDomainNameReduceSizeLimitTooSmall() { System.clearProperty(ZMSConsts.ZMS_PROP_DOMAIN_NAME_MAX_SIZE); zmsImpl.objectStore.clearConnections(); } - + @Test public void testGetDomainList() { @@ -1004,11 +1005,11 @@ public void testCreateSubDomain() { final String auditRef = zmsTestInitializer.getAuditRef(); TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject("AddSubDom1", - "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser(), ctx.principal().getFullName()); + "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser(), ctx.principal().getFullName()); zmsImpl.postTopLevelDomain(ctx, auditRef, null, dom1); SubDomain dom2 = zmsTestInitializer.createSubDomainObject("AddSubDom2", "AddSubDom1", - "Test Domain2", null, zmsTestInitializer.getAdminUser()); + "Test Domain2", null, zmsTestInitializer.getAdminUser()); Domain resDom1 = zmsImpl.postSubDomain(ctx, "AddSubDom1", auditRef, null, dom2); assertNotNull(resDom1); @@ -1064,7 +1065,7 @@ public void testCreateUserDomain() { assertSingleChangeMessage(ctx.getDomainChangeMessages(), DOMAIN, "user.john-doe", "user.john-doe", "postUserDomain"); - + Domain resDom2 = zmsImpl.getDomain(ctx, "user.john-doe"); assertNotNull(resDom2); @@ -4412,7 +4413,7 @@ public void testPutPolicyVersionCopyAssertionConditions() { } catch (ResourceException ex) { assertEquals(ex.getCode(), 400); assertTrue(ex.getMessage().contains("does not exist")); - } + } // add the doesn't exist role - now the addition should be successful addRoleNeededForTest(domainName,"Role1"); zmsImpl.putAssertionPolicyVersion(ctx, domainName, policyName, newVersion, auditRef, null, assertion); @@ -4994,7 +4995,7 @@ private boolean assertionConditionListEqual(List list1, List } return true; } - + @Test public void testPutPolicyAssertionConditionsChanges() { String domain = "PutPolicyAssertionConditionsChanges"; @@ -5019,10 +5020,10 @@ public void testPutPolicyAssertionConditionsChanges() { // add the admin policy policy1.getAssertions().add(new Assertion() - .setRole(domain + ":role.admin") - .setAction("*") - .setResource(domain + ":*") - .setEffect(AssertionEffect.ALLOW)); + .setRole(domain + ":role.admin") + .setAction("*") + .setResource(domain + ":*") + .setEffect(AssertionEffect.ALLOW)); String userId = "hank"; @@ -29070,7 +29071,7 @@ public void testPutAssertionConditions() { AssertionCondition conditionResp = new AssertionCondition().setId(1).setConditionsMap(new HashMap<>()); // zms is going to lowercase data conditionResp.getConditionsMap().put("instances", new AssertionConditionData().setOperator(AssertionConditionOperator.EQUALS) - .setValue("host1,host2,host3")); + .setValue("host1,host2,host3")); conditionResp.getConditionsMap().put("enforcementstate", new AssertionConditionData().setOperator(AssertionConditionOperator.EQUALS) .setValue("enforce")); conditionResp.getConditionsMap().put("scope", new AssertionConditionData().setOperator(AssertionConditionOperator.EQUALS) @@ -29547,12 +29548,12 @@ public void testDomainChangeMessages() { // postTopLevelDomain events String domainName = "test-dom-change-msg"; TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject("test-dom-change-msg", - "Test description Domain1", "testOrg", zmsTestInitializer.getAdminUser()); + "Test description Domain1", "testOrg", zmsTestInitializer.getAdminUser()); dom1.setAuditEnabled(true); - + ctx = zmsTestInitializer.contextWithMockPrincipal("postTopLevelDomain"); zmsImpl.postTopLevelDomain(ctx, auditRef, null, dom1); - + assertSingleChangeMessage(ctx.getDomainChangeMessages(), DOMAIN, domainName, domainName, "postTopLevelDomain"); // putDomainTemplate events @@ -29612,7 +29613,7 @@ public void testDomainChangeMessages() { // putMembership events using user.doe principal ctx = zmsTestInitializer.contextWithMockPrincipal("putMembership", "doe"); - + Membership mbr = new Membership(); mbr.setMemberName("user.doe"); mbr.setActive(false); @@ -29620,17 +29621,17 @@ public void testDomainChangeMessages() { zmsImpl.putMembership(ctx, domainName, roleName, "user.doe", auditRef, false, null, mbr); assertSingleChangeMessage(ctx.getDomainChangeMessages(), ROLE, domainName, roleName, "putMembership"); - + // putRoleReview events ctx = zmsTestInitializer.contextWithMockPrincipal("putRoleReview"); - + Role inputRole = new Role().setName(roleName); List inputMembers = new ArrayList<>(); inputRole.setRoleMembers(inputMembers); inputMembers.add(new RoleMember().setMemberName("user.doe").setActive(false)); zmsImpl.putRoleReview(ctx, domainName, roleName, auditRef, false, null, inputRole); assertSingleChangeMessage(ctx.getDomainChangeMessages(), ROLE, domainName, roleName, "putRoleReview"); - + // putMembershipDecision events ctx = zmsTestInitializer.contextWithMockPrincipal("putMembershipDecision"); mbr.setActive(true); @@ -29653,7 +29654,7 @@ public void testDomainChangeMessages() { ctx = zmsTestInitializer.contextWithMockPrincipal("deletePendingMembership"); zmsImpl.deletePendingMembership(ctx, domainName, roleName, "user.pend", auditRef); assertSingleChangeMessage(ctx.getDomainChangeMessages(), ROLE, domainName, roleName, "deletePendingMembership"); - + // deleteMembership events ctx = zmsTestInitializer.contextWithMockPrincipal("deleteMembership"); zmsImpl.deleteMembership(ctx, domainName, roleName, "user.doe", auditRef, null); @@ -29664,7 +29665,7 @@ public void testDomainChangeMessages() { RoleSystemMeta rsm = ZMSTestUtils.createRoleSystemMetaObject(true); zmsImpl.putRoleSystemMeta(ctx, domainName, roleName, "auditenabled", auditRef, rsm); assertSingleChangeMessage(ctx.getDomainChangeMessages(), ROLE, domainName, roleName, "putRoleSystemMeta"); - + // deleteRole events ctx = zmsTestInitializer.contextWithMockPrincipal("deleteRole"); zmsImpl.deleteRole(ctx, domainName, roleName, auditRef, null); @@ -29700,7 +29701,7 @@ public void testDomainChangeMessages() { zmsImpl.putGroupMembership(ctx, domainName, groupName, "user.doe", auditRef, false, null, gmbr); assertSingleChangeMessage(ctx.getDomainChangeMessages(), GROUP, domainName, groupName, "putGroupMembership"); - + // putGroupReview events ctx = zmsTestInitializer.contextWithMockPrincipal("putGroupReview"); @@ -29775,7 +29776,7 @@ public void testDomainChangeMessages() { ctx = zmsTestInitializer.contextWithMockPrincipal("deleteAssertion"); zmsImpl.deleteAssertion(ctx, domainName, policyName, assertion.getId(), auditRef, null); assertSingleChangeMessage(ctx.getDomainChangeMessages(), POLICY, domainName, policyName, "deleteAssertion"); - + // putPolicyVersion events ctx = zmsTestInitializer.contextWithMockPrincipal("putPolicyVersion"); String newVersion = "new-version"; @@ -29843,7 +29844,7 @@ public void testDomainChangeMessages() { zmsImpl.deleteAssertionCondition(ctx, domainName, policyConditionName, assertionId, 1, auditRef, null); assertSingleChangeMessage(ctx.getDomainChangeMessages(), POLICY, domainName, policyConditionName, "deleteAssertionCondition"); - + // deleteAssertionConditions events ctx = zmsTestInitializer.contextWithMockPrincipal("deleteAssertionConditions"); zmsImpl.deleteAssertionConditions(ctx, domainName, policyConditionName, assertionId, auditRef, null); @@ -29855,11 +29856,11 @@ public void testDomainChangeMessages() { zmsImpl.deletePolicy(ctx, domainName, policyConditionName, auditRef, null); assertSingleChangeMessage(ctx.getDomainChangeMessages(), POLICY, domainName, policyConditionName, "deletePolicy"); - + // putServiceIdentity events String serviceName = "test-srv"; ServiceIdentity service = zmsTestInitializer.createServiceObject(domainName, serviceName, - "http://localhost", "/usr/bin/test", "root", "users", "host1"); + "http://localhost", "/usr/bin/test", "root", "users", "host1"); ctx = zmsTestInitializer.contextWithMockPrincipal("putServiceIdentity"); zmsImpl.putServiceIdentity(ctx, domainName, serviceName, auditRef, false, null, service); assertSingleChangeMessage(ctx.getDomainChangeMessages(), SERVICE, domainName, @@ -29892,9 +29893,9 @@ public void testDomainChangeMessages() { // putTenancy events String tenantDomainName = domainName + "-tenant"; TopLevelDomain tenDom = zmsTestInitializer.createTopLevelDomainObject(tenantDomainName, - "Test Tenant Provider Domain", "testOrg", zmsTestInitializer.getAdminUser()); + "Test Tenant Provider Domain", "testOrg", zmsTestInitializer.getAdminUser()); zmsImpl.postTopLevelDomain(ctx, auditRef, null, tenDom); - + Tenancy tenancy = zmsTestInitializer.createTenantObject(tenantDomainName, domainName + "." + serviceName); ctx = zmsTestInitializer.contextWithMockPrincipal("putTenancy"); zmsImpl.putTenancy(ctx, tenantDomainName, domainName + "." + serviceName, auditRef, tenancy); @@ -29904,7 +29905,7 @@ public void testDomainChangeMessages() { "test-dom-change-msg-tenant:role.tenancy.test-dom-change-msg.test-srv.admin", "putTenancy"); ZMSTestUtils.assertChange(changeMsgs.get(1), POLICY, tenantDomainName, "test-dom-change-msg-tenant:policy.tenancy.test-dom-change-msg.test-srv.admin", "putTenancy"); - + // deleteTenancy events ctx = zmsTestInitializer.contextWithMockPrincipal("deleteTenancy"); zmsImpl.deleteTenancy(ctx, tenantDomainName, domainName + "." + serviceName, auditRef); @@ -29914,9 +29915,9 @@ public void testDomainChangeMessages() { // putTenant events String tenantServiceName = serviceName + "-tenant"; ServiceIdentity tenantService = zmsTestInitializer.createServiceObject(tenantDomainName, tenantServiceName, - "http://localhost", "/usr/bin/test", "root", "users", "host1"); + "http://localhost", "/usr/bin/test", "root", "users", "host1"); zmsImpl.putServiceIdentity(ctx, tenantDomainName, tenantServiceName, auditRef, false, null, tenantService); - + ctx = zmsTestInitializer.contextWithMockPrincipal("putTenant"); Tenancy tenant = new Tenancy().setDomain(tenantDomainName).setService(domainName + "." + serviceName); zmsImpl.putTenant(ctx, domainName, serviceName, tenantDomainName, auditRef, tenant); @@ -29926,7 +29927,7 @@ public void testDomainChangeMessages() { "test-srv.tenant.test-dom-change-msg-tenant.admin", "putTenant"); ZMSTestUtils.assertChange(changeMsgs.get(1), POLICY, domainName, "test-srv.tenant.test-dom-change-msg-tenant.admin", "putTenant"); - + // deleteTenant events ctx = zmsTestInitializer.contextWithMockPrincipal("deleteTenant"); zmsImpl.deleteTenant(ctx, domainName, serviceName, tenantDomainName, auditRef); @@ -29940,10 +29941,10 @@ public void testDomainChangeMessages() { // putProviderResourceGroupRoles events ctx = zmsTestInitializer.contextWithMockPrincipal("putProviderResourceGroupRoles"); ProviderResourceGroupRoles providerRoles = new ProviderResourceGroupRoles() - .setDomain(domainName).setService(serviceName) - .setTenant(tenantDomainName).setRoles(Collections.singletonList( - new TenantRoleAction().setRole("role").setAction("action"))) - .setResourceGroup("set1-test"); + .setDomain(domainName).setService(serviceName) + .setTenant(tenantDomainName).setRoles(Collections.singletonList( + new TenantRoleAction().setRole("role").setAction("action"))) + .setResourceGroup("set1-test"); zmsImpl.putProviderResourceGroupRoles(ctx, tenantDomainName, domainName, serviceName, "set1-test", auditRef, providerRoles); changeMsgs = ctx.getDomainChangeMessages(); @@ -29957,9 +29958,9 @@ public void testDomainChangeMessages() { // putTenantResourceGroupRoles events ctx = zmsTestInitializer.contextWithMockPrincipal("putTenantResourceGroupRoles"); TenantResourceGroupRoles tenantRoles = new TenantResourceGroupRoles().setDomain(domainName) - .setService(serviceName).setTenant(tenantDomainName) - .setRoles(Collections.singletonList(new TenantRoleAction().setRole("role").setAction("action"))) - .setResourceGroup("set1-test"); + .setService(serviceName).setTenant(tenantDomainName) + .setRoles(Collections.singletonList(new TenantRoleAction().setRole("role").setAction("action"))) + .setResourceGroup("set1-test"); zmsImpl.putTenantResourceGroupRoles(ctx, domainName, serviceName, tenantDomainName, "set1-test", auditRef, tenantRoles); @@ -29992,7 +29993,7 @@ public void testDomainChangeMessages() { assertSingleChangeMessage(changeMsgs, POLICY, tenantDomainName, "tenancy.test-dom-change-msg.test-srv.res_group.set1-test.role", "deleteProviderResourceGroupRoles"); - + // deleteTenant events ctx = zmsTestInitializer.contextWithMockPrincipal("deleteTenant"); zmsImpl.deleteTenant(ctx, domainName, serviceName, tenantDomainName, auditRef); @@ -30012,7 +30013,7 @@ public void testDomainChangeMessages() { // deleteDomainRoleMember events role = zmsTestInitializer.createRoleObject(domainName, "some-role", null, "user.user222", "user.todelete"); zmsImpl.putRole(ctx, domainName, "some-role", auditRef, false, null, role); - + ctx = zmsTestInitializer.contextWithMockPrincipal("deleteDomainRoleMember"); zmsImpl.deleteDomainRoleMember(ctx, domainName, "user.todelete", auditRef); assertSingleChangeMessage(ctx.getDomainChangeMessages(), ROLE, domainName, "some-role", @@ -30021,7 +30022,7 @@ public void testDomainChangeMessages() { // putQuota events ctx = zmsTestInitializer.contextWithMockPrincipal("putQuota"); Quota quota = new Quota().setName(domainName) - .setRole(14).setRoleMember(15).setGroup(16); + .setRole(14).setRoleMember(15).setGroup(16); zmsImpl.putQuota(ctx, domainName, auditRef, quota); assertSingleChangeMessage(ctx.getDomainChangeMessages(), DOMAIN, domainName, domainName, "putQuota"); @@ -30029,12 +30030,12 @@ public void testDomainChangeMessages() { ctx = zmsTestInitializer.contextWithMockPrincipal("deleteQuota"); zmsImpl.deleteQuota(ctx, domainName, auditRef); assertSingleChangeMessage(ctx.getDomainChangeMessages(), DOMAIN, domainName, domainName, "deleteQuota"); - + // postSubDomain events RsrcCtxWrapper subCtx = zmsTestInitializer.contextWithMockPrincipal("postSubDomain"); SubDomain subDomain = zmsTestInitializer.createSubDomainObject("AddSubDom1", domainName, - "Test Domain2", null, zmsTestInitializer.getAdminUser()); + "Test Domain2", null, zmsTestInitializer.getAdminUser()); zmsImpl.postSubDomain(subCtx,domainName, auditRef, null, subDomain); assertSingleChangeMessage(subCtx.getDomainChangeMessages(), DOMAIN, "test-dom-change-msg.addsubdom1", "test-dom-change-msg.addsubdom1", "postSubDomain"); @@ -30053,7 +30054,7 @@ public void testDomainChangeMessages() { zmsImpl.deleteSubDomain(ctx, "sys", "network", auditRef, null); } - + private void assertSingleChangeMessage(List changeMsgs, DomainChangeMessage.ObjectType objType, String domainName, String objName, String apiName) { assertEquals(changeMsgs.size(), 1); @@ -30104,8 +30105,8 @@ public void testMultipleTopics() { ZMSImpl zmsImpl = zmsTestInitializer.zmsInit(); assertNotNull(zmsImpl.domainChangePublishers); List topicNames = zmsImpl.domainChangePublishers.stream() - .map(publisher -> ((MockDomainChangePublisher) publisher).getTopicName()) - .collect(Collectors.toList()); + .map(publisher -> ((MockDomainChangePublisher) publisher).getTopicName()) + .collect(Collectors.toList()); assertThat(topicNames, containsInAnyOrder("topic1", "topic2")); System.clearProperty(ZMS_PROP_DOMAIN_CHANGE_TOPIC_NAMES); System.clearProperty(ZMS_PROP_DOMAIN_CHANGE_PUBLISHER_FACTORY_CLASS); @@ -30118,21 +30119,21 @@ public void testPublishEvent() { ZMSImpl zmsImpl = zmsTestInitializer.zmsInit(); assertNotNull(zmsImpl.domainChangePublishers); List topicNames = zmsImpl.domainChangePublishers.stream() - .map(publisher -> ((MockDomainChangePublisher) publisher).getTopicName()) - .collect(Collectors.toList()); + .map(publisher -> ((MockDomainChangePublisher) publisher).getTopicName()) + .collect(Collectors.toList()); assertThat(topicNames, containsInAnyOrder("topic1")); ResourceContext mockContext = Mockito.mock(ResourceContext.class); when(mockContext.getApiName()).thenReturn("apiName"); when(mockContext.getDomainChangeMessages()). - thenReturn(Collections.singletonList(new DomainChangeMessage() - .setDomainName("domainName") - .setObjectName("objectName") - .setObjectType(DOMAIN) - .setApiName("apiName") - .setPublished(Instant.now().toEpochMilli()) - .setMessageId(java.util.UUID.randomUUID().toString()) - )); + thenReturn(Collections.singletonList(new DomainChangeMessage() + .setDomainName("domainName") + .setObjectName("objectName") + .setObjectType(DOMAIN) + .setApiName("apiName") + .setPublished(Instant.now().toEpochMilli()) + .setMessageId(java.util.UUID.randomUUID().toString()) + )); zmsImpl.publishChangeMessage(mockContext, 200); // verify publish messages @@ -30152,12 +30153,12 @@ public void testPublishEvent() { private MockDomainChangePublisher.Recorder getEventRecorder(ZMSImpl zmsImpl) { return ((MockDomainChangePublisher) zmsImpl.domainChangePublishers.get(0)).getRecorder(); } - + @Test public void testPublisherNonSuccessErrorCode() { System.setProperty(ZMS_PROP_DOMAIN_CHANGE_PUBLISHER_FACTORY_CLASS, "com.yahoo.athenz.common.messaging.MockDomainChangePublisherFactory"); System.setProperty(ZMS_PROP_DOMAIN_CHANGE_TOPIC_NAMES, "topic1 , topic2"); - + ZMSImpl zmsImpl = zmsTestInitializer.zmsInit(); String apiName = "postTopLevelDomain"; ResourceContext mockContext = Mockito.mock(ResourceContext.class); @@ -30172,7 +30173,7 @@ public void testPublisherNonSuccessErrorCode() { System.clearProperty(ZMS_PROP_DOMAIN_CHANGE_PUBLISHER_FACTORY_CLASS); System.clearProperty(ZMS_PROP_DOMAIN_CHANGE_TOPIC_NAMES); } - + @Test public void testEmptyTopicName() { System.setProperty(ZMS_PROP_DOMAIN_CHANGE_PUBLISHER_FACTORY_CLASS, "com.yahoo.athenz.common.messaging.MockDomainChangePublisherFactory"); @@ -30181,8 +30182,8 @@ public void testEmptyTopicName() { assertNotNull(zmsImpl.domainChangePublishers); assertEquals(zmsImpl.domainChangePublishers.size(), 2); List topicNames = zmsImpl.domainChangePublishers.stream() - .map(publisher -> ((MockDomainChangePublisher) publisher).getTopicName()) - .collect(Collectors.toList()); + .map(publisher -> ((MockDomainChangePublisher) publisher).getTopicName()) + .collect(Collectors.toList()); assertThat(topicNames, containsInAnyOrder("topic1", "topic2")); System.clearProperty(ZMS_PROP_DOMAIN_CHANGE_PUBLISHER_FACTORY_CLASS); System.clearProperty(ZMS_PROP_DOMAIN_CHANGE_TOPIC_NAMES); @@ -30637,7 +30638,7 @@ public void testValidateResourceOwner() { } catch (ResourceException ex) { assertEquals(ex.getCode(), 400); assertTrue(ex.getMessage().contains("Invalid resource owner: " + resourceOwner + - " : name length cannot exceed 32 characters")); + " : name length cannot exceed 32 characters")); } } @@ -31145,4 +31146,352 @@ public void testDeletePutRoleMembershipRejectDecisionNotification() { zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, null); } + + @Test + public void testPutGroupMembershipApproveDecisionNotification() { + + ZMSImpl zmsImpl = zmsTestInitializer.getZms(); + RsrcCtxWrapper ctx = zmsTestInitializer.getMockDomRsrcCtx(); + final String auditRef = zmsTestInitializer.getAuditRef(); + + final String domainName = "pending-mbr-approve-decision-notif"; + TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Approval test Domain1", + "testOrg", "user.user1"); + dom1.getAdminUsers().add("user.user2"); + zmsImpl.postTopLevelDomain(ctx, auditRef, null, dom1); + + final String groupName = "review-group"; + Group group1 = zmsTestInitializer.createGroupObject(domainName, groupName, null, null); + zmsImpl.putGroup(ctx, domainName, groupName, auditRef, false, null, group1); + + GroupMeta rm = new GroupMeta().setReviewEnabled(true); + zmsImpl.putGroupMeta(ctx, domainName, groupName, auditRef, null, rm); + + // switch to user.user2 principal to add a member to a group + + Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String unsignedCreds = "v=U1;d=user;n=user2"; + final Principal rsrcPrince = SimplePrincipal.create("user", "user2", + unsignedCreds + ";s=signature", 0, principalAuthority); + assertNotNull(rsrcPrince); + ((SimplePrincipal) rsrcPrince).setUnsignedCreds(unsignedCreds); + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcPrince); + when(ctx.principal()).thenReturn(rsrcPrince); + + GroupMembership mbr = new GroupMembership(); + mbr.setMemberName("user.bob"); + mbr.setActive(false); + mbr.setApproved(false); + + zmsImpl.putGroupMembership(ctx, domainName, groupName, "user.bob", auditRef, false, null, mbr); + + // verify the user is added with pending state + + Group resGroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resGroup.getGroupMembers().size(), 1); + assertEquals(resGroup.getGroupMembers().get(0).getMemberName(), "user.bob"); + assertEquals(resGroup.getGroupMembers().get(0).getPendingState(), PENDING_REQUEST_ADD_STATE); + assertFalse(resGroup.getGroupMembers().get(0).getApproved()); + + Mockito.clearInvocations(zmsTestInitializer.getMockNotificationManager()); + // revert back to admin principal + + Authority adminPrincipalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String adminUnsignedCreds = "v=U1;d=user;n=user1"; + final Principal rsrcAdminPrince = SimplePrincipal.create("user", "user1", + adminUnsignedCreds + ";s=signature", 0, adminPrincipalAuthority); + assertNotNull(rsrcAdminPrince); + ((SimplePrincipal) rsrcAdminPrince).setUnsignedCreds(adminUnsignedCreds); + + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcAdminPrince); + when(ctx.principal()).thenReturn(rsrcAdminPrince); + + // approve the message which should be successful + mbr = new GroupMembership(); + mbr.setMemberName("user.bob"); + mbr.setActive(true); + mbr.setApproved(true); + zmsImpl.putGroupMembershipDecision(ctx, domainName, groupName, "user.bob", auditRef, mbr); + + // verify user is active + resGroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resGroup.getGroupMembers().size(), 1); + assertEquals(resGroup.getGroupMembers().get(0).getMemberName(), "user.bob"); + assertTrue(resGroup.getGroupMembers().get(0).getApproved()); + + List expextedNotifications = Collections.singletonList( + new Notification(Notification.Type.GROUP_MEMBER_DECISION) + .addRecipient("user.bob") + .addRecipient("user.user2") + .addDetails("requester", "user.user2") + .addDetails("reason", auditRef) + .addDetails("group", "review-group") + .addDetails("domain", domainName) + .addDetails("member", "user.bob") + .addDetails("pendingState", "ADD") + .addDetails("actionPrincipal", "user.user1") + .addDetails("membershipDecision", "approve") + .setNotificationToEmailConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(new NotificationToEmailConverterCommon(null), true)) + .setNotificationToMetricConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter())); + + verify(zmsTestInitializer.getMockNotificationManager(), + times(1)).sendNotifications(eq(expextedNotifications)); + + zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, null); + } + + @Test + public void testPutGroupMembershipRejectDecisionNotification() { + + ZMSImpl zmsImpl = zmsTestInitializer.getZms(); + RsrcCtxWrapper ctx = zmsTestInitializer.getMockDomRsrcCtx(); + final String auditRef = zmsTestInitializer.getAuditRef(); + + final String domainName = "pending-mbr-reject-decision-notif"; + TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Approval test Domain1", + "testOrg", "user.user1"); + dom1.getAdminUsers().add("user.user2"); + zmsImpl.postTopLevelDomain(ctx, auditRef, null, dom1); + + final String groupName = "review-group"; + Group group1 = zmsTestInitializer.createGroupObject(domainName, groupName, null, null); + zmsImpl.putGroup(ctx, domainName, groupName, auditRef, false, null, group1); + + GroupMeta rm = new GroupMeta().setReviewEnabled(true); + zmsImpl.putGroupMeta(ctx, domainName, groupName, auditRef, null, rm); + + // switch to user.user2 principal to add a member to a role + + Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String unsignedCreds = "v=U1;d=user;n=user2"; + final Principal rsrcPrince = SimplePrincipal.create("user", "user2", + unsignedCreds + ";s=signature", 0, principalAuthority); + assertNotNull(rsrcPrince); + ((SimplePrincipal) rsrcPrince).setUnsignedCreds(unsignedCreds); + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcPrince); + when(ctx.principal()).thenReturn(rsrcPrince); + + GroupMembership mbr = new GroupMembership(); + mbr.setMemberName("user.bob"); + mbr.setActive(false); + mbr.setApproved(false); + + zmsImpl.putGroupMembership(ctx, domainName, groupName, "user.bob", auditRef, false, null, mbr); + + // verify the user is added with pending state + + Group resgroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resgroup.getGroupMembers().size(), 1); + assertEquals(resgroup.getGroupMembers().get(0).getMemberName(), "user.bob"); + assertEquals(resgroup.getGroupMembers().get(0).getPendingState(), PENDING_REQUEST_ADD_STATE); + assertFalse(resgroup.getGroupMembers().get(0).getApproved()); + + Mockito.clearInvocations(zmsTestInitializer.getMockNotificationManager()); + // revert back to admin principal + + Authority adminPrincipalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String adminUnsignedCreds = "v=U1;d=user;n=user1"; + final Principal rsrcAdminPrince = SimplePrincipal.create("user", "user1", + adminUnsignedCreds + ";s=signature", 0, adminPrincipalAuthority); + assertNotNull(rsrcAdminPrince); + ((SimplePrincipal) rsrcAdminPrince).setUnsignedCreds(adminUnsignedCreds); + + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcAdminPrince); + when(ctx.principal()).thenReturn(rsrcAdminPrince); + + // reject the message which should be successful + mbr = new GroupMembership(); + mbr.setMemberName("user.bob"); + mbr.setActive(false); + mbr.setApproved(false); + zmsImpl.putGroupMembershipDecision(ctx, domainName, groupName, "user.bob", auditRef, mbr); + + // verify user is not active + resgroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resgroup.getGroupMembers().size(), 0); + + List expextedNotifications = Collections.singletonList( + new Notification(Notification.Type.GROUP_MEMBER_DECISION) + .addRecipient("user.bob") + .addRecipient("user.user2") + .addDetails("requester", "user.user2") + .addDetails("reason", auditRef) + .addDetails("group", "review-group") + .addDetails("domain", domainName) + .addDetails("member", "user.bob") + .addDetails("pendingState", "ADD") + .addDetails("actionPrincipal", "user.user1") + .addDetails("membershipDecision", "reject") + .setNotificationToEmailConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(new NotificationToEmailConverterCommon(null), false)) + .setNotificationToMetricConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter())); + + verify(zmsTestInitializer.getMockNotificationManager(), + times(1)).sendNotifications(eq(expextedNotifications)); + + zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, null); + } + + @Test + public void testDeletePutGroupMembershipApproveDecisionNotification() { + + ZMSImpl zmsImpl = zmsTestInitializer.getZms(); + RsrcCtxWrapper ctx = zmsTestInitializer.getMockDomRsrcCtx(); + final String auditRef = zmsTestInitializer.getAuditRef(); + + final String domainName = "delete-pending-mbr-decision-notif"; + TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Approval test Domain1", + "testOrg", "user.user1"); + dom1.getAdminUsers().add("user.user2"); + zmsImpl.postTopLevelDomain(ctx, auditRef, null, dom1); + + final String groupName = "group1"; + Group group1 = zmsTestInitializer.createGroupObject(domainName, groupName, "user.joe", null); + Response response = zmsImpl.putGroup(ctx, domainName, groupName, auditRef, true, null, group1); + Group group = (Group) response.getEntity(); + assertEquals(group.getGroupMembers().size(), 1); + + GroupMeta rm = new GroupMeta().setReviewEnabled(true).setDeleteProtection(true); + zmsImpl.putGroupMeta(ctx, domainName, groupName, auditRef, null, rm); + + // switch to user2 for delete membership + Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String unsignedCreds = "v=U1;d=user;n=user2"; + final Principal rsrcPrince = SimplePrincipal.create("user", "user2", + unsignedCreds + ";s=signature", 0, principalAuthority); + assertNotNull(rsrcPrince); + ((SimplePrincipal) rsrcPrince).setUnsignedCreds(unsignedCreds); + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcPrince); + when(ctx.principal()).thenReturn(rsrcPrince); + + zmsImpl.deleteGroupMembership(ctx, domainName, groupName, "user.joe", auditRef, null); + + // verify user is present + Group resgroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resgroup.getGroupMembers().size(), 2); + assertEquals(resgroup.getGroupMembers().get(0).getMemberName(), "user.joe"); + + // revert back to admin principal + Authority adminPrincipalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String adminUnsignedCreds = "v=U1;d=user;n=user1"; + final Principal rsrcAdminPrince = SimplePrincipal.create("user", "user1", + adminUnsignedCreds + ";s=signature", 0, adminPrincipalAuthority); + assertNotNull(rsrcAdminPrince); + ((SimplePrincipal) rsrcAdminPrince).setUnsignedCreds(adminUnsignedCreds); + + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcAdminPrince); + when(ctx.principal()).thenReturn(rsrcAdminPrince); + + // approve the message which should be successful + GroupMembership mbr = new GroupMembership(); + mbr.setMemberName("user.joe"); + mbr.setActive(false); + mbr.setApproved(true); + zmsImpl.putGroupMembershipDecision(ctx, domainName, groupName, "user.joe", auditRef, mbr); + + // verify user is not present + resgroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resgroup.getGroupMembers().size(), 0); + + List expextedNotifications = Collections.singletonList( + new Notification(Notification.Type.GROUP_MEMBER_DECISION) + .addRecipient("user.joe") + .addRecipient("user.user2") + .addDetails("requester", "user.user2") + .addDetails("reason", auditRef) + .addDetails("group", "group1") + .addDetails("domain", domainName) + .addDetails("member", "user.joe") + .addDetails("pendingState", "DELETE") + .addDetails("actionPrincipal", "user.user1") + .addDetails("membershipDecision", "approve") + .setNotificationToEmailConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(new NotificationToEmailConverterCommon(null), true)) + .setNotificationToMetricConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter())); + + verify(zmsTestInitializer.getMockNotificationManager(), + times(1)).sendNotifications(eq(expextedNotifications)); + + zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, null); + } + + @Test + public void testDeletePutGroupMembershipRejectDecisionNotification() { + + ZMSImpl zmsImpl = zmsTestInitializer.getZms(); + RsrcCtxWrapper ctx = zmsTestInitializer.getMockDomRsrcCtx(); + final String auditRef = zmsTestInitializer.getAuditRef(); + + final String domainName = "delete-pending-mbr-reject-decision-notif"; + TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Approval test Domain1", + "testOrg", "user.user1"); + dom1.getAdminUsers().add("user.user2"); + zmsImpl.postTopLevelDomain(ctx, auditRef, null, dom1); + + final String groupName = "group1"; + Group group1 = zmsTestInitializer.createGroupObject(domainName, groupName, "user.joe", null); + Response response = zmsImpl.putGroup(ctx, domainName, groupName, auditRef, true, null, group1); + Group group = (Group) response.getEntity(); + assertEquals(group.getGroupMembers().size(), 1); + + GroupMeta rm = new GroupMeta().setReviewEnabled(true).setDeleteProtection(true); + zmsImpl.putGroupMeta(ctx, domainName, groupName, auditRef, null, rm); + + // switch to user2 for delete membership + Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String unsignedCreds = "v=U1;d=user;n=user2"; + final Principal rsrcPrince = SimplePrincipal.create("user", "user2", + unsignedCreds + ";s=signature", 0, principalAuthority); + assertNotNull(rsrcPrince); + ((SimplePrincipal) rsrcPrince).setUnsignedCreds(unsignedCreds); + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcPrince); + when(ctx.principal()).thenReturn(rsrcPrince); + + zmsImpl.deleteGroupMembership(ctx, domainName, groupName, "user.joe", auditRef, null); + + // verify user is present + Group resgroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resgroup.getGroupMembers().size(), 2); + assertEquals(resgroup.getGroupMembers().get(0).getMemberName(), "user.joe"); + + // revert back to admin principal + Authority adminPrincipalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority(); + String adminUnsignedCreds = "v=U1;d=user;n=user1"; + final Principal rsrcAdminPrince = SimplePrincipal.create("user", "user1", + adminUnsignedCreds + ";s=signature", 0, adminPrincipalAuthority); + assertNotNull(rsrcAdminPrince); + ((SimplePrincipal) rsrcAdminPrince).setUnsignedCreds(adminUnsignedCreds); + + when(zmsTestInitializer.getMockDomRestRsrcCtx().principal()).thenReturn(rsrcAdminPrince); + when(ctx.principal()).thenReturn(rsrcAdminPrince); + + // reject the message which should be successful + GroupMembership mbr = new GroupMembership(); + mbr.setMemberName("user.joe"); + mbr.setActive(true); + mbr.setApproved(false); + zmsImpl.putGroupMembershipDecision(ctx, domainName, groupName, "user.joe", auditRef, mbr); + + // verify user is not present + resgroup = zmsImpl.getGroup(ctx, domainName, groupName, false, true); + assertEquals(resgroup.getGroupMembers().size(), 1); + + List expextedNotifications = Collections.singletonList( + new Notification(Notification.Type.GROUP_MEMBER_DECISION) + .addRecipient("user.joe") + .addRecipient("user.user2") + .addDetails("requester", "user.user2") + .addDetails("reason", auditRef) + .addDetails("group", "group1") + .addDetails("domain", domainName) + .addDetails("member", "user.joe") + .addDetails("pendingState", "DELETE") + .addDetails("actionPrincipal", "user.user1") + .addDetails("membershipDecision", "reject") + .setNotificationToEmailConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(new NotificationToEmailConverterCommon(null), false)) + .setNotificationToMetricConverter(new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter())); + + verify(zmsTestInitializer.getMockNotificationManager(), + times(1)).sendNotifications(eq(expextedNotifications)); + + zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, null); + } } diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommonTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommonTest.java new file mode 100644 index 00000000000..fc0deaf0b78 --- /dev/null +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/MembershipDecisionNotificationCommonTest.java @@ -0,0 +1,195 @@ +/* + * Copyright The Athenz Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.yahoo.athenz.zms.notification; + +import com.yahoo.athenz.common.server.notification.*; +import com.yahoo.athenz.zms.DBService; +import com.yahoo.athenz.zms.Group; +import com.yahoo.athenz.zms.Role; +import com.yahoo.athenz.zms.RoleMember; +import com.yahoo.rdl.Timestamp; +import org.mockito.ArgumentCaptor; +import org.mockito.Mockito; +import org.testng.annotations.Test; + +import java.util.*; + +import static com.yahoo.athenz.common.ServerCommonConsts.USER_DOMAIN_PREFIX; +import static com.yahoo.athenz.common.server.notification.impl.MetricNotificationService.*; +import static com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.*; +import static org.mockito.Mockito.never; +import static org.testng.Assert.*; +import static org.testng.Assert.assertFalse; +import static org.testng.AssertJUnit.assertEquals; + +public class MembershipDecisionNotificationCommonTest { + + @Test + public void testGetRecipientsUser() { + DBService dbsvc = Mockito.mock(DBService.class); + + DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX); + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbsvc, domainRoleMembersFetcher, USER_DOMAIN_PREFIX); + + List members = new ArrayList<>(); + members.add("user.joe"); + members.add("user.jane"); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); + + assertEquals(2, recipients.size()); + assertTrue(recipients.contains("user.joe")); + assertTrue(recipients.contains("user.jane")); + } + + @Test + public void testGetRecipientsService() { + DBService dbsvc = Mockito.mock(DBService.class); + + DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX); + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbsvc, domainRoleMembersFetcher, USER_DOMAIN_PREFIX); + + List roleMembers = new ArrayList<>(); + RoleMember rm = new RoleMember().setMemberName("user.approver1").setActive(true); + roleMembers.add(rm); + + rm = new RoleMember().setMemberName("user.approver2").setActive(true); + roleMembers.add(rm); + + Role localRole = new Role().setName("dom2:role.admin").setRoleMembers(roleMembers); + + // get role call for the admin role of service getting added + Mockito.when(dbsvc.getRole("dom2", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(localRole); + + List members = new ArrayList<>(); + members.add("user.joe"); + members.add("dom2.svc1"); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); + + assertEquals(3, recipients.size()); + assertTrue(recipients.contains("user.joe")); + assertTrue(recipients.contains("user.approver1")); + assertTrue(recipients.contains("user.approver2")); + } + + @Test + public void testGetRecipientsGroupAdmin() { + DBService dbsvc = Mockito.mock(DBService.class); + List roleMembers = new ArrayList<>(); + RoleMember rm = new RoleMember().setMemberName("user.approver1").setActive(true); + roleMembers.add(rm); + + rm = new RoleMember().setMemberName("user.approver2").setActive(true); + roleMembers.add(rm); + + Role localRole = new Role().setName("dom1:role.admin").setRoleMembers(roleMembers); + + // get role call for the admin role of service getting added + Mockito.when(dbsvc.getRole("dom1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(localRole); + Group group = new Group(); + Mockito.when(dbsvc.getGroup("dom1", "group1", Boolean.FALSE, Boolean.FALSE)) + .thenReturn(group); + + DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX); + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbsvc, domainRoleMembersFetcher, USER_DOMAIN_PREFIX); + + List members = new ArrayList<>(); + members.add("user.jane"); + members.add("dom1:group.group1"); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); + + assertEquals(3, recipients.size()); + assertTrue(recipients.contains("user.jane")); + assertTrue(recipients.contains("user.approver1")); + assertTrue(recipients.contains("user.approver2")); + } + + @Test + public void testGetRecipientsGroupNotifyRoles() { + DBService dbsvc = Mockito.mock(DBService.class); + List roleMembers = new ArrayList<>(); + RoleMember rm = new RoleMember().setMemberName("user.notifier1").setActive(true); + roleMembers.add(rm); + + rm = new RoleMember().setMemberName("user.notifier2").setActive(true); + roleMembers.add(rm); + + Role notifyRole1 = new Role().setName("dom2:role.notify1").setRoleMembers(roleMembers); + + roleMembers = new ArrayList<>(); + rm = new RoleMember().setMemberName("user.joe").setActive(true); + roleMembers.add(rm); + + rm = new RoleMember().setMemberName("user.dom").setActive(true); + roleMembers.add(rm); + + Role notifyRole2 = new Role().setName("dom2:role.notify2").setRoleMembers(roleMembers); + + Group group = new Group().setNotifyRoles("dom2:role.notify2,dom2:role.notify1"); + + Mockito.when(dbsvc.getGroup("dom1", "group1", Boolean.FALSE, Boolean.FALSE)) + .thenReturn(group); + Mockito.when(dbsvc.getRole("dom2", "notify1", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(notifyRole1); + Mockito.when(dbsvc.getRole("dom2", "notify2", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(notifyRole2); + DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX); + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbsvc, domainRoleMembersFetcher, USER_DOMAIN_PREFIX); + + List members = new ArrayList<>(); + members.add("user.jane"); + members.add("dom1:group.group1"); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); + + assertEquals(5, recipients.size()); + assertTrue(recipients.contains("user.jane")); + assertTrue(recipients.contains("user.notifier1")); + assertTrue(recipients.contains("user.notifier2")); + assertTrue(recipients.contains("user.joe")); + assertTrue(recipients.contains("user.dom")); + } + + @Test + public void testGetRecipientsGroupEmptyAdmin() { + DBService dbsvc = Mockito.mock(DBService.class); + List roleMembers = new ArrayList<>(); + + Role localRole = new Role().setName("dom1:role.admin").setRoleMembers(roleMembers); + + // get role call for the admin role of service getting added + Mockito.when(dbsvc.getRole("dom1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(localRole); + Group group = new Group(); + Mockito.when(dbsvc.getGroup("dom1", "group1", Boolean.FALSE, Boolean.FALSE)) + .thenReturn(group); + + DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX); + MembershipDecisionNotificationCommon membershipDecisionNotificationCommon = new MembershipDecisionNotificationCommon(dbsvc, domainRoleMembersFetcher, USER_DOMAIN_PREFIX); + + List members = new ArrayList<>(); + members.add("user.jane"); + members.add("dom1:group.group1"); + Set recipients = membershipDecisionNotificationCommon.getRecipients(members); + + assertEquals(1, recipients.size()); + assertTrue(recipients.contains("user.jane")); + } + +} diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTaskTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTaskTest.java new file mode 100644 index 00000000000..c8d74342df6 --- /dev/null +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipDecisionNotificationTaskTest.java @@ -0,0 +1,356 @@ +/* + * Copyright The Athenz Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.yahoo.athenz.zms.notification; + +import com.yahoo.athenz.common.server.notification.*; +import com.yahoo.athenz.zms.DBService; +import com.yahoo.athenz.zms.Role; +import com.yahoo.athenz.zms.RoleMember; +import com.yahoo.rdl.Timestamp; +import org.mockito.ArgumentCaptor; +import org.mockito.Mockito; +import org.testng.annotations.Test; + +import java.util.*; + +import static com.yahoo.athenz.common.ServerCommonConsts.USER_DOMAIN_PREFIX; +import static com.yahoo.athenz.common.server.notification.impl.MetricNotificationService.*; +import static com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.*; +import static org.mockito.Mockito.never; +import static org.testng.Assert.*; +import static org.testng.Assert.assertFalse; +import static org.testng.AssertJUnit.assertEquals; + +public class PutGroupMembershipDecisionNotificationTaskTest { + private final NotificationToEmailConverterCommon notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(null); + + @Test + public void testGenerateAndSendPostPutMembershipDecisionNotificationUsers() { + DBService dbsvc = Mockito.mock(DBService.class); + NotificationService mockNotificationService = Mockito.mock(NotificationService.class); + NotificationServiceFactory testfact = () -> mockNotificationService; + NotificationManager notificationManager = getNotificationManager(dbsvc, testfact); + notificationManager.shutdown(); + Map details = new HashMap<>(); + details.put("domain", "testdomain1"); + details.put("group", "group1"); + details.put("actionPrincipal", "user.approver1"); + details.put("member", "user.user1"); + details.put("requester", "user.user2"); + + ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); + + List notifications = new PutGroupMembershipDecisionNotificationTask(details, true, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications(); + notificationManager.sendNotifications(notifications); + + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + notification.addRecipient("user.user1") + .addRecipient("user.user2"); + notification.addDetails("domain", "testdomain1").addDetails("group", "group1") + .addDetails("actionPrincipal", "user.approver1").addDetails("member", "user.user1") + .addDetails("requester", "user.user2"); + + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter converter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(notificationToEmailConverterCommon, true); + notification.setNotificationToEmailConverter(converter); + + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter metricConverter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter(); + notification.setNotificationToMetricConverter(metricConverter); + + Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture()); + Notification actualNotification = captor.getValue(); + + assertEquals(actualNotification, notification); + } + + @Test + public void testGenerateAndSendPostPutMembershipDecisionNotificationService() { + DBService dbsvc = Mockito.mock(DBService.class); + NotificationService mockNotificationService = Mockito.mock(NotificationService.class); + NotificationServiceFactory testfact = () -> mockNotificationService; + NotificationManager notificationManager = getNotificationManager(dbsvc, testfact); + notificationManager.shutdown(); + Map details = new HashMap<>(); + details.put("domain", "testdomain1"); + details.put("group", "group1"); + details.put("actionPrincipal", "user.approver1"); + details.put("member", "dom2.testsvc1"); + + List roleMembers = new ArrayList<>(); + RoleMember rm = new RoleMember().setMemberName("user.approver1").setActive(true); + roleMembers.add(rm); + + rm = new RoleMember().setMemberName("user.approver2").setActive(true); + roleMembers.add(rm); + + Role localRole = new Role().setName("dom2:role.admin").setRoleMembers(roleMembers); + + // get role call for the admin role of service getting added + Mockito.when(dbsvc.getRole("dom2", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(localRole); + + ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); + + List notifications = new PutGroupMembershipDecisionNotificationTask(details, true, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications(); + notificationManager.sendNotifications(notifications); + + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + notification.addRecipient("user.approver1") + .addRecipient("user.approver2"); + notification.addDetails("domain", "testdomain1").addDetails("group", "group1") + .addDetails("actionPrincipal", "user.approver1").addDetails("member", "dom2.testsvc1"); + + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter converter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(notificationToEmailConverterCommon, true); + notification.setNotificationToEmailConverter(converter); + + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter metricConverter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter(); + notification.setNotificationToMetricConverter(metricConverter); + + Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture()); + Notification actualNotification = captor.getValue(); + + assertEquals(actualNotification, notification); + } + + @Test + public void testGenerateAndSendPostPutMembershipNotificationNullNotificationSvc() { + + DBService dbsvc = Mockito.mock(DBService.class); + NotificationServiceFactory testfact = () -> null; + NotificationService mockNotificationService = Mockito.mock(NotificationService.class); + NotificationManager notificationManager = getNotificationManager(dbsvc, testfact); + notificationManager.shutdown(); + List notifications = new PutGroupMembershipDecisionNotificationTask(null, true, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications(); + notificationManager.sendNotifications(notifications); + verify(mockNotificationService, never()).notify(any(Notification.class)); + } + + @Test + public void testGenerateAndSendPostPutMembershipNotificationNullGroup() { + + DBService dbsvc = Mockito.mock(DBService.class); + NotificationService mockNotificationService = Mockito.mock(NotificationService.class); + NotificationServiceFactory testfact = () -> mockNotificationService; + NotificationManager notificationManager = getNotificationManager(dbsvc, testfact); + notificationManager.shutdown(); + Map details = new HashMap<>(); + details.put("domain", "testdomain1"); + details.put("group", "group1"); + details.put("actionPrincipal", "user.approver1"); + details.put("member", "dom2:group.nullgrp"); + + // get role call for the admin role of service getting added + Mockito.when(dbsvc.getGroup("dom2", "nullgrp", Boolean.FALSE, Boolean.FALSE)) + .thenReturn(null); + + ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); + + List notifications = new PutGroupMembershipDecisionNotificationTask(details, true, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications(); + notificationManager.sendNotifications(notifications); + + Mockito.verify(mockNotificationService, atMost(0)).notify(captor.capture()); + } + + @Test + public void testDescription() { + DBService dbsvc = Mockito.mock(DBService.class); + PutGroupMembershipDecisionNotificationTask putgroupMembershipDecisionNotificationTask = new PutGroupMembershipDecisionNotificationTask( + new HashMap<>(), + true, + dbsvc, + USER_DOMAIN_PREFIX, + notificationToEmailConverterCommon); + + String description = putgroupMembershipDecisionNotificationTask.getDescription(); + assertEquals("Pending Group Membership Decision Notification", description); + } + + @Test + public void testGetRejectEmailBody() { + System.setProperty("athenz.notification_workflow_url", "https://athenz.example.com/workflow"); + System.setProperty("athenz.notification_support_text", "#Athenz slack channel"); + System.setProperty("athenz.notification_support_url", "https://link.to.athenz.channel.com"); + System.setProperty("athenz.notification_athenz_ui_url", "https://athenz.example.com"); + + Map details = new HashMap<>(); + details.put("domain", "dom1"); + details.put("group", "group1"); + details.put("member", "user.member1"); + details.put("reason", "test reason"); + details.put("requester", "user.requester"); + details.put("actionPrincipal", "user.actionPrincipal"); + details.put("membershipDecision", "reject"); + + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + notification.setDetails(details); + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter converter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(new NotificationToEmailConverterCommon(null), false); + NotificationEmail notificationAsEmail = converter.getNotificationAsEmail(notification); + + String body = notificationAsEmail.getBody(); + assertNotNull(body); + assertTrue(body.contains("dom1")); + assertTrue(body.contains("group1")); + assertTrue(body.contains("user.member1")); + assertTrue(body.contains("test reason")); + assertTrue(body.contains("user.requester")); + assertTrue(body.contains("user.actionPrincipal")); + assertTrue(body.contains("https://athenz.example.com")); + assertTrue(body.contains("Pending Group Membership Rejected Details")); + assertTrue(body.contains("REJECTED BY")); + + // Make sure support text and url do not appear + + assertFalse(body.contains("slack")); + assertFalse(body.contains("link.to.athenz.channel.com")); + + System.clearProperty("athenz.notification_workflow_url"); + System.clearProperty("athenz.notification_support_text"); + System.clearProperty("athenz.notification_support_url"); + System.clearProperty("athenz.notification_athenz_ui_url"); + } + + @Test + public void testGetApproveEmailBody() { + System.setProperty("athenz.notification_workflow_url", "https://athenz.example.com/workflow"); + System.setProperty("athenz.notification_support_text", "#Athenz slack channel"); + System.setProperty("athenz.notification_support_url", "https://link.to.athenz.channel.com"); + System.setProperty("athenz.notification_athenz_ui_url", "https://athenz.example.com"); + + Map details = new HashMap<>(); + details.put("domain", "dom1"); + details.put("group", "group1"); + details.put("member", "user.member1"); + details.put("reason", "test reason"); + details.put("requester", "user.requester"); + details.put("actionPrincipal", "user.actionPrincipal"); + details.put("membershipDecision", "reject"); + + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + notification.setDetails(details); + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter converter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(new NotificationToEmailConverterCommon(null), true); + NotificationEmail notificationAsEmail = converter.getNotificationAsEmail(notification); + + String body = notificationAsEmail.getBody(); + assertNotNull(body); + assertTrue(body.contains("dom1")); + assertTrue(body.contains("group1")); + assertTrue(body.contains("user.member1")); + assertTrue(body.contains("test reason")); + assertTrue(body.contains("user.requester")); + assertTrue(body.contains("user.actionPrincipal")); + assertTrue(body.contains("https://athenz.example.com")); + assertTrue(body.contains("Pending Group Membership Approved Details")); + assertTrue(body.contains("APPROVED BY")); + + // Make sure support text and url do not appear + + assertFalse(body.contains("slack")); + assertFalse(body.contains("link.to.athenz.channel.com")); + + System.clearProperty("athenz.notification_workflow_url"); + System.clearProperty("athenz.notification_support_text"); + System.clearProperty("athenz.notification_support_url"); + System.clearProperty("athenz.notification_athenz_ui_url"); + } + + @Test + public void getRejectEmailSubject() { + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter converter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(notificationToEmailConverterCommon, false); + NotificationEmail notificationAsEmail = converter.getNotificationAsEmail(notification); + String subject = notificationAsEmail.getSubject(); + assertEquals(subject, "Athenz Pending Group Member Rejected"); + } + + @Test + public void getApproveEmailSubject() { + Notification notification = new Notification(Notification.Type.ROLE_MEMBER_DECISION); + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter converter = new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToEmailConverter(notificationToEmailConverterCommon, true); + NotificationEmail notificationAsEmail = converter.getNotificationAsEmail(notification); + String subject = notificationAsEmail.getSubject(); + assertEquals(subject, "Athenz Pending Group Member Approved"); + } + + @Test + public void testGetApproveNotificationAsMetric() { + Map details = new HashMap<>(); + details.put("domain", "dom1"); + details.put("group", "group1"); + details.put("member", "user.member1"); + details.put("reason", "test reason"); + details.put("requester", "user.requester"); + details.put("actionPrincipal", "user.actionPrincipal"); + details.put("membershipDecision", "approve"); + + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + notification.setDetails(details); + + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter converter = + new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter(); + + NotificationMetric notificationAsMetrics = converter.getNotificationAsMetrics(notification, Timestamp.fromMillis(System.currentTimeMillis())); + String[] record = new String[] { + METRIC_NOTIFICATION_TYPE_KEY, "pending_group_membership_decision", + METRIC_NOTIFICATION_DOMAIN_KEY, "dom1", + METRIC_NOTIFICATION_GROUP_KEY, "group1", + METRIC_NOTIFICATION_MEMBER_KEY, "user.member1", + METRIC_NOTIFICATION_REASON_KEY, "test reason", + METRIC_NOTIFICATION_REQUESTER_KEY, "user.requester", + METRIC_NOTIFICATION_MEMBERSHIP_DECISION, "approve" + }; + + List expectedAttributes = new ArrayList<>(); + expectedAttributes.add(record); + + assertEquals(new NotificationMetric(expectedAttributes), notificationAsMetrics); + } + + @Test + public void testGetRejectNotificationAsMetric() { + Map details = new HashMap<>(); + details.put("domain", "dom1"); + details.put("group", "group1"); + details.put("member", "user.member1"); + details.put("reason", "test reason"); + details.put("requester", "user.requester"); + details.put("actionPrincipal", "user.actionPrincipal"); + details.put("membershipDecision", "reject"); + + Notification notification = new Notification(Notification.Type.GROUP_MEMBER_DECISION); + notification.setDetails(details); + + PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter converter = + new PutGroupMembershipDecisionNotificationTask.PutGroupMembershipDecisionNotificationToMetricConverter(); + + NotificationMetric notificationAsMetrics = converter.getNotificationAsMetrics(notification, Timestamp.fromMillis(System.currentTimeMillis())); + String[] record = new String[] { + METRIC_NOTIFICATION_TYPE_KEY, "pending_group_membership_decision", + METRIC_NOTIFICATION_DOMAIN_KEY, "dom1", + METRIC_NOTIFICATION_GROUP_KEY, "group1", + METRIC_NOTIFICATION_MEMBER_KEY, "user.member1", + METRIC_NOTIFICATION_REASON_KEY, "test reason", + METRIC_NOTIFICATION_REQUESTER_KEY, "user.requester", + METRIC_NOTIFICATION_MEMBERSHIP_DECISION, "reject" + }; + + List expectedAttributes = new ArrayList<>(); + expectedAttributes.add(record); + + assertEquals(new NotificationMetric(expectedAttributes), notificationAsMetrics); + } +} diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnectionTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnectionTest.java index 8fe5d3440a3..9c70972be8c 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnectionTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnectionTest.java @@ -855,14 +855,14 @@ public void testListDomains() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("zdomain") - .thenReturn("adomain") - .thenReturn("bdomain"); + .thenReturn("zdomain") + .thenReturn("adomain") + .thenReturn("bdomain"); List domains = jdbcConn.listDomains(null, 0); @@ -1427,7 +1427,7 @@ public void testUpdateRole() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //role id + .thenReturn(4); //role id boolean requestSuccess = jdbcConn.updateRole("my-domain", role); assertTrue(requestSuccess); @@ -1476,8 +1476,8 @@ public void testUpdateRoleWithTrust() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id boolean requestSuccess = jdbcConn.updateRole("my-domain", role); assertTrue(requestSuccess); @@ -1554,8 +1554,8 @@ public void testUpdateRoleInvalidRoleId() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getInt(1)).thenReturn(5); // return domain id Role role = new Role().setName("my-domain:role.role1"); @@ -1598,8 +1598,8 @@ public void testUpdateRoleModTimestampSuccess() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id boolean requestSuccess = jdbcConn.updateRoleModTimestamp("my-domain", "role1"); assertTrue(requestSuccess); @@ -1622,8 +1622,8 @@ public void testUpdateRoleModTimestampFailure() throws Exception { Mockito.doReturn(0).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id boolean requestSuccess = jdbcConn.updateRoleModTimestamp("my-domain", "role1"); assertFalse(requestSuccess); @@ -1732,15 +1732,15 @@ public void testListRoles() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(1)) - .thenReturn("zrole") - .thenReturn("arole") - .thenReturn("brole"); + .thenReturn("zrole") + .thenReturn("arole") + .thenReturn("brole"); List roles = jdbcConn.listRoles("my-domain"); @@ -1783,7 +1783,7 @@ public void testCountRolesInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.countRoles("my-domain"); @@ -1801,11 +1801,11 @@ public void testCountRolesException() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countRoles("my-domain"); @@ -1822,7 +1822,7 @@ public void testListRolesInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.listRoles("my-domain"); @@ -1840,11 +1840,11 @@ public void testListRolesException() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.listRoles("my-domain"); @@ -1877,7 +1877,7 @@ public void testCountRoleMembers() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7) - .thenReturn(4); // return domain/role id/count + .thenReturn(4); // return domain/role id/count Mockito.when(mockResultSet.next()).thenReturn(true); @@ -1891,7 +1891,7 @@ public void testCountRoleMembersInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // invalid domain + .thenReturn(false); // invalid domain try { jdbcConn.countRoleMembers("my-domain", "role1"); @@ -1909,8 +1909,8 @@ public void testCountRoleMembersInvalidRole() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for role id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for role id try { jdbcConn.countRoleMembers("my-domain", "role1"); @@ -1928,13 +1928,13 @@ public void testCountRoleMembersException() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for role id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for role id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countRoleMembers("my-domain", "role1"); @@ -1952,7 +1952,7 @@ public void testCountRoleMembersNoResult() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); Mockito.when(mockResultSet.next()).thenReturn(true) - .thenReturn(true).thenReturn(false); + .thenReturn(true).thenReturn(false); assertEquals(jdbcConn.countRoleMembers("my-domain", "role1"), 0); jdbcConn.close(); @@ -1965,20 +1965,20 @@ public void testListRoleMembers() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); // return domain/role id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(1)) - .thenReturn("zdomain.user1") - .thenReturn("adomain.storage") - .thenReturn("bdomain.user2"); + .thenReturn("zdomain.user1") + .thenReturn("adomain.storage") + .thenReturn("bdomain.user2"); Mockito.when(mockResultSet.getTimestamp(2)) - .thenReturn(new java.sql.Timestamp(System.currentTimeMillis() + 100)) - .thenReturn(new java.sql.Timestamp(System.currentTimeMillis() + 200)) - .thenReturn(null); + .thenReturn(new java.sql.Timestamp(System.currentTimeMillis() + 100)) + .thenReturn(new java.sql.Timestamp(System.currentTimeMillis() + 200)) + .thenReturn(null); List roleMembers = jdbcConn.listRoleMembers("my-domain", "role1", false); @@ -2002,7 +2002,7 @@ public void testListRoleMembersInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // invalid domain + .thenReturn(false); // invalid domain try { jdbcConn.listRoleMembers("my-domain", "role1", false); @@ -2020,8 +2020,8 @@ public void testListRoleMembersInvalidRole() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for role id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for role id try { jdbcConn.listRoleMembers("my-domain", "role1", false); @@ -2039,13 +2039,13 @@ public void testListRoleMembersException() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for role id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for role id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.listRoleMembers("my-domain", "role1", false); @@ -2085,15 +2085,15 @@ public void testInsertRoleMember() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // role id - .thenReturn(9); // principal id + .thenReturn(5) // domain id + .thenReturn(7) // role id + .thenReturn(9); // principal id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true) // validate principle domain - .thenReturn(true) // principal id - .thenReturn(false); // member exists + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true) // validate principle domain + .thenReturn(true) // principal id + .thenReturn(false); // member exists Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); boolean requestSuccess = jdbcConn.insertRoleMember("my-domain", "role1", @@ -2201,15 +2201,15 @@ public void testInsertRoleMemberUpdate() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // role id - .thenReturn(9); // principal id + .thenReturn(5) // domain id + .thenReturn(7) // role id + .thenReturn(9); // principal id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true) // validate principle domain - .thenReturn(true) // principal id - .thenReturn(true); // member exists + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true) // validate principle domain + .thenReturn(true) // principal id + .thenReturn(true); // member exists Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); RoleMember roleMember = new RoleMember().setMemberName("user.user1"); @@ -2261,17 +2261,17 @@ public void testInsertRoleMemberNewPrincipal() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // role id - .thenReturn(8) // principal domain id - .thenReturn(9); // principal id + .thenReturn(5) // domain id + .thenReturn(7) // role id + .thenReturn(8) // principal domain id + .thenReturn(9); // principal id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true) // this one is for valid principal domain - .thenReturn(false) // principal does not exist - .thenReturn(true) // get last id (for new principal) - .thenReturn(false); // role member exists + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true) // this one is for valid principal domain + .thenReturn(false) // principal does not exist + .thenReturn(true) // get last id (for new principal) + .thenReturn(false); // role member exists Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -2316,16 +2316,16 @@ public void testInsertRoleMemberException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // role id - .thenReturn(9) // member domain id - .thenReturn(11); // principal id + .thenReturn(5) // domain id + .thenReturn(7) // role id + .thenReturn(9) // member domain id + .thenReturn(11); // principal id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true) // member domain id - .thenReturn(true) // principal id - .thenReturn(false); // role member exists + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true) // member domain id + .thenReturn(true) // principal id + .thenReturn(false); // role member exists Mockito.when(mockPrepStmt.executeUpdate()).thenThrow( new SQLException("failed operation", "state", 1001)); @@ -2347,16 +2347,16 @@ public void testInsertRoleMemberNewPrincipalFailure() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // role id - .thenReturn(8) // principal domain id - .thenReturn(9); // principal id + .thenReturn(5) // domain id + .thenReturn(7) // role id + .thenReturn(8) // principal domain id + .thenReturn(9); // principal id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true) // this one is for valid principal domain - .thenReturn(false) // principal does not exist - .thenReturn(false); // last id returns 0 + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true) // this one is for valid principal domain + .thenReturn(false) // principal does not exist + .thenReturn(false); // last id returns 0 // principal add returns success but unable to // fetch last id resulting principal id of 0 @@ -2432,7 +2432,7 @@ public void testInsertPendingRoleMemberException() throws Exception { new SQLException("failed operation", "state", 1001)); try { - jdbcConn.insertRoleMember("my-domain", "role1", + jdbcConn.insertRoleMember("my-domain", "role1", new RoleMember().setApproved(false).setMemberName("user.user1"), "user.admin", "audit-ref"); fail(); } catch (ResourceException ex) { @@ -2452,7 +2452,7 @@ public void testInsertPendingRoleMemberUpdate() throws Exception { .thenReturn(7) // role id .thenReturn(9); // principal id Mockito.when(mockResultSet.getString(1)) - .thenReturn("ADD"); // pending state + .thenReturn("ADD"); // pending state Mockito.when(mockResultSet.next()) .thenReturn(true) // this one is for domain id .thenReturn(true) // this one is for role id @@ -2541,8 +2541,8 @@ public void testGetRoleMemberYes() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); // yes a member Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id Membership membership = jdbcConn.getRoleMember("my-domain", "role1", "user.user1", 0, false); @@ -2694,12 +2694,12 @@ public void testGetRoleMemberNo() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()) - .thenReturn(true) // domain id - .thenReturn(true) // role id - .thenReturn(false); // not a member + .thenReturn(true) // domain id + .thenReturn(true) // role id + .thenReturn(false); // not a member Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id Membership membership = jdbcConn.getRoleMember("my-domain", "role1", "user.user1", 0, false); @@ -2753,13 +2753,13 @@ public void testDeleteRoleMember() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // role id - .thenReturn(9); // principal id + .thenReturn(5) // domain id + .thenReturn(7) // role id + .thenReturn(9); // principal id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(true); // principal id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(true); // principal id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -2789,13 +2789,13 @@ public void testDeleteRoleMember() throws Exception { jdbcConn.close(); } - + @Test public void testDeleteRoleMemberInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -2814,10 +2814,10 @@ public void testDeleteRoleMemberInvalidRole() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for role id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for role id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -2836,12 +2836,12 @@ public void testDeleteRoleMemberInvalidPrincipalId() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for role id - .thenReturn(false); // principal id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for role id + .thenReturn(false); // principal id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -3098,7 +3098,7 @@ public void testUpdatePolicy() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //policy id + .thenReturn(4); //policy id boolean requestSuccess = jdbcConn.updatePolicy("my-domain", policy); assertTrue(requestSuccess); @@ -3251,15 +3251,15 @@ public void testListPolicies() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(1)) - .thenReturn("zpolicy") - .thenReturn("apolicy") - .thenReturn("bpolicy"); + .thenReturn("zpolicy") + .thenReturn("apolicy") + .thenReturn("bpolicy"); List policies = jdbcConn.listPolicies("my-domain", null); @@ -3319,7 +3319,7 @@ public void testCountPoliciesInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.countPolicies("my-domain"); @@ -3337,11 +3337,11 @@ public void testCountPoliciesException() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countPolicies("my-domain"); @@ -3364,12 +3364,12 @@ public void testInsertAssertion() throws Exception { .setRole("my-domain:role.role1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for policy id - .thenReturn(false); // insertion is not found + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for policy id + .thenReturn(false); // insertion is not found Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -3405,12 +3405,12 @@ public void testInsertAssertionDuplicate() throws Exception { .setRole("my-domain:role.role1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for policy id - .thenReturn(true); // insertion is found + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for policy id + .thenReturn(true); // insertion is found Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -3444,7 +3444,7 @@ public void testInsertAssertionInvalidDomain() throws Exception { .setRole("my-domain:role.role1"); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -3489,10 +3489,10 @@ public void testInsertAssertionInvalidPolicy() throws Exception { .setRole("my-domain:role.role1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for policy id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for policy id try { jdbcConn.insertAssertion("my-domain", "policy1", null, assertion); @@ -3515,12 +3515,12 @@ public void testInsertAssertionException() throws Exception { .setRole("my-domain:role.role1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for policy id - .thenReturn(false); // assume insertion is not found + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for policy id + .thenReturn(false); // assume insertion is not found Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); try { @@ -3538,11 +3538,11 @@ public void testDeleteAssertion() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for policy id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for policy id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -3568,7 +3568,7 @@ public void testDeleteAssertionInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -3587,10 +3587,10 @@ public void testDeleteAssertionInvalidPolicy() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for policy id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for policy id try { jdbcConn.deleteAssertion("my-domain", "policy1", null, (long) 101); @@ -3607,11 +3607,11 @@ public void testDeleteAssertionException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for policy id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for policy id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); try { @@ -3755,7 +3755,7 @@ public void testInsertServiceIdentityInvalidName() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //service id + .thenReturn(4); //service id try { jdbcConn.insertServiceIdentity("my-domain", service); @@ -3830,7 +3830,7 @@ public void testUpdateServiceIdentity() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //service id + .thenReturn(4); //service id boolean requestSuccess = jdbcConn.updateServiceIdentity("my-domain", service); assertTrue(requestSuccess); @@ -3900,7 +3900,7 @@ public void testUpdateServiceIdentityInvalidName() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //service id + .thenReturn(4); //service id try { jdbcConn.updateServiceIdentity("my-domain", service); @@ -3927,7 +3927,7 @@ public void testUpdateServiceIdentityAllFields() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //service id + .thenReturn(4); //service id boolean requestSuccess = jdbcConn.updateServiceIdentity("my-domain", service); assertTrue(requestSuccess); @@ -3957,7 +3957,7 @@ public void testUpdateServiceIdentityException() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5) // return domain id - .thenReturn(4); //service id + .thenReturn(4); //service id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); try { @@ -4026,15 +4026,15 @@ public void testListServiceIdentities() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(1)) - .thenReturn("zservice") - .thenReturn("aservice") - .thenReturn("bservice"); + .thenReturn("zservice") + .thenReturn("aservice") + .thenReturn("bservice"); List services = jdbcConn.listServiceIdentities("my-domain"); @@ -4094,7 +4094,7 @@ public void testCountServiceIdentitiesInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.countServiceIdentities("my-domain"); @@ -4112,11 +4112,11 @@ public void testCountServiceIdentitiesException() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countServiceIdentities("my-domain"); @@ -4135,8 +4135,8 @@ public void testUpdateServiceModTimestampSuccess() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id boolean requestSuccess = jdbcConn.updateServiceIdentityModTimestamp("my-domain", "service1"); assertTrue(requestSuccess); @@ -4159,8 +4159,8 @@ public void testUpdateServiceModTimestampFailure() throws Exception { Mockito.doReturn(0).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id boolean requestSuccess = jdbcConn.updateServiceIdentityModTimestamp("my-domain", "service1"); assertFalse(requestSuccess); @@ -4283,20 +4283,20 @@ public void testListPublicKeys() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); // return domain/service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_ID)) - .thenReturn("zms1.zone1") - .thenReturn("zms2.zone1") - .thenReturn("zms3.zone1"); + .thenReturn("zms1.zone1") + .thenReturn("zms2.zone1") + .thenReturn("zms3.zone1"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)) - .thenReturn("Value1") - .thenReturn("Value2") - .thenReturn("Value3"); + .thenReturn("Value1") + .thenReturn("Value2") + .thenReturn("Value3"); List publicKeys = jdbcConn.listPublicKeys("my-domain", "service1"); @@ -4355,7 +4355,7 @@ public void testCountPublicKeys() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7).thenReturn(2); - // return domain/service id/count + // return domain/service id/count Mockito.when(mockResultSet.next()).thenReturn(true); @@ -4369,7 +4369,7 @@ public void testCountPublicKeysInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.countPublicKeys("my-domain", "service1"); @@ -4386,7 +4386,7 @@ public void testCountPublicKeysInvalidService() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()).thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(false); // this one is for service id Mockito.when(mockResultSet.getInt(1)).thenReturn(5); try { @@ -4404,8 +4404,8 @@ public void testCountPublicKeysNoResult() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()).thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(false); // no result for count + .thenReturn(true) // this one is for service id + .thenReturn(false); // no result for count Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); assertEquals(jdbcConn.countPublicKeys("my-domain", "service1"), 0); @@ -4417,15 +4417,15 @@ public void testCountPublicKeysException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7) - .thenReturn(1); // return domain/service id/count + .thenReturn(1); // return domain/service id/count Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countPublicKeys("my-domain", "service1"); @@ -4443,24 +4443,24 @@ public void testListAssertions() throws Exception { Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for policy id - .thenReturn(true) // for first assertion - .thenReturn(true) // for second assertion - .thenReturn(false) // for assertion - .thenReturn(false); // for assertion condition + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for policy id + .thenReturn(true) // for first assertion + .thenReturn(true) // for second assertion + .thenReturn(false) // for assertion + .thenReturn(false); // for assertion condition Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1") - .thenReturn("role2"); + .thenReturn("role1") + .thenReturn("role2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)) - .thenReturn("my-domain:*") - .thenReturn("my-domain:service.*"); + .thenReturn("my-domain:*") + .thenReturn("my-domain:service.*"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("*") - .thenReturn("read"); + .thenReturn("*") + .thenReturn("read"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)) - .thenReturn("ALLOW") - .thenReturn("DENY"); + .thenReturn("ALLOW") + .thenReturn("DENY"); Mockito.when(mockResultSet.getInt(ZMSConsts.DB_COLUMN_ASSERT_ID)) .thenReturn(11) .thenReturn(12); @@ -4566,7 +4566,7 @@ public void testListAssertionsInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.listAssertions("my-domain", "policy1", null); @@ -4662,9 +4662,9 @@ public void testCountAssertions() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7) - .thenReturn(1); // return domain/policy id/count + .thenReturn(1); // return domain/policy id/count Mockito.when(mockResultSet.next()) - .thenReturn(true); + .thenReturn(true); assertEquals(jdbcConn.countAssertions("my-domain", "policy1", null), 1); jdbcConn.close(); @@ -4676,7 +4676,7 @@ public void testCountAssertionsInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.countAssertions("my-domain", "policy1", null); @@ -4693,7 +4693,7 @@ public void testCountAssertionsInvalidPolicy() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()).thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for policy id + .thenReturn(false); // this one is for policy id Mockito.when(mockResultSet.getInt(1)).thenReturn(5); try { @@ -4711,8 +4711,8 @@ public void testCountAssertionsNoResult() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()).thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for policy id - .thenReturn(false); // no result for count + .thenReturn(true) // this one is for policy id + .thenReturn(false); // no result for count Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7); assertEquals(jdbcConn.countAssertions("my-domain", "policy1", null), 0); @@ -4724,15 +4724,15 @@ public void testCountAssertionsException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)).thenReturn(5).thenReturn(7) - .thenReturn(1); // return domain/policy id/count + .thenReturn(1); // return domain/policy id/count Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countAssertions("my-domain", "policy1", null); @@ -4749,15 +4749,15 @@ public void testGetPublicKeyEntry() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true); // for key + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true); // for key Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)) - .thenReturn("Value1"); + .thenReturn("Value1"); PublicKeyEntry publicKey = jdbcConn.getPublicKeyEntry("my-domain", "service1", "zone1", false); assertNotNull(publicKey); @@ -4772,7 +4772,7 @@ public void testGetPublicKeyEntryInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.getPublicKeyEntry("my-domain", "service1", "zone1", false); @@ -4789,10 +4789,10 @@ public void testGetPublicKeyEntryInvalidServiceId() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for service id try { jdbcConn.getPublicKeyEntry("my-domain", "service1", "zone1", false); @@ -4809,12 +4809,12 @@ public void testGetPublicKeyEntryInvalidKeyId() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(false); // for key + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(false); // for key PublicKeyEntry publicKey = jdbcConn.getPublicKeyEntry("my-domain", "service1", "zone1", false); assertNull(publicKey); @@ -4827,17 +4827,17 @@ public void testGetPublicKeyEntryException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(false); // for key + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(false); // for key Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.getPublicKeyEntry("my-domain", "service1", "zone1", false); @@ -4856,11 +4856,11 @@ public void testInsertPublicKeyEntry() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for service id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -4889,7 +4889,7 @@ public void testInsertPublicKeyEntryInvalidDomain() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -4910,10 +4910,10 @@ public void testInsertPublicKeyEntryInvalidService() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for service id try { jdbcConn.insertPublicKeyEntry("my-domain", "service1", publicKey); @@ -4932,11 +4932,11 @@ public void testInsertPublicKeyEntryException() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for service id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); try { @@ -4956,11 +4956,11 @@ public void testUpdatePublicKeyEntry() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for service id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -4989,7 +4989,7 @@ public void testUpdatePublicKeyEntryInvalidDomain() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5010,10 +5010,10 @@ public void testUpdatePublicKeyEntryInvalidService() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for service id try { jdbcConn.updatePublicKeyEntry("my-domain", "service1", publicKey); @@ -5032,11 +5032,11 @@ public void testUpdatePublicKeyEntryException() throws Exception { PublicKeyEntry publicKey = new PublicKeyEntry().setId("zms1").setKey("Value1"); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for service id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); try { @@ -5054,11 +5054,11 @@ public void testDeletePublicKeyEntry() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for service id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5084,7 +5084,7 @@ public void testDeletePublicKeyEntryInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5103,10 +5103,10 @@ public void testDeletePublicKeyEntryInvalidService() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for service id try { jdbcConn.deletePublicKeyEntry("my-domain", "service1", "zms1"); @@ -5115,7 +5115,7 @@ public void testDeletePublicKeyEntryInvalidService() throws Exception { assertEquals(ex.getCode(), ResourceException.NOT_FOUND); } jdbcConn.close(); - } + } @Test public void testDeletePublicKeyEntryException() throws Exception { @@ -5123,11 +5123,11 @@ public void testDeletePublicKeyEntryException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for service id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); try { @@ -5145,13 +5145,13 @@ public void testInsertServiceHost() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // service id - .thenReturn(9); // host id + .thenReturn(5) // domain id + .thenReturn(7) // service id + .thenReturn(9); // host id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true); // this on is for host id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true); // this on is for host id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5179,14 +5179,14 @@ public void testInsertServiceHostNewHost() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // service id - .thenReturn(9); // host id + .thenReturn(5) // domain id + .thenReturn(7) // service id + .thenReturn(9); // host id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(false) // this on is for host does not exist - .thenReturn(true); // insert last id (for new host) + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(false) // this on is for host does not exist + .thenReturn(true); // insert last id (for new host) Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5216,7 +5216,7 @@ public void testInsertServiceHostInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.insertServiceHost("my-domain", "service1", "host1"); @@ -5225,7 +5225,7 @@ public void testInsertServiceHostInvalidDomain() throws Exception { assertEquals(ex.getCode(), ResourceException.NOT_FOUND); } jdbcConn.close(); - } + } @Test public void testInsertServiceHostInvalidService() throws Exception { @@ -5233,10 +5233,10 @@ public void testInsertServiceHostInvalidService() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for service id try { jdbcConn.insertServiceHost("my-domain", "service1", "host1"); @@ -5253,13 +5253,13 @@ public void testInsertServiceHostException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // service id - .thenReturn(9); // host id + .thenReturn(5) // domain id + .thenReturn(7) // service id + .thenReturn(9); // host id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true); // this on is for host id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true); // this on is for host id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); @@ -5278,13 +5278,13 @@ public void testDeleteServiceHost() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // service id - .thenReturn(9); // host id + .thenReturn(5) // domain id + .thenReturn(7) // service id + .thenReturn(9); // host id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true); // this on is for host id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true); // this on is for host id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5312,7 +5312,7 @@ public void testDeleteServiceHostInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.deleteServiceHost("my-domain", "service1", "host1"); @@ -5329,10 +5329,10 @@ public void testDeleteServiceHostInvalidService() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(false); // this one is for service id + .thenReturn(true) // this one is for domain id + .thenReturn(false); // this one is for service id try { jdbcConn.deleteServiceHost("my-domain", "service1", "host1"); @@ -5349,12 +5349,12 @@ public void testDeleteServiceHostInvalidHost() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service ie + .thenReturn(5) // domain id + .thenReturn(7); // service ie Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(false); // this one is for host id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(false); // this one is for host id try { jdbcConn.deleteServiceHost("my-domain", "service1", "host1"); @@ -5371,13 +5371,13 @@ public void testDeleteServiceHostException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7) // service id - .thenReturn(9); // host id + .thenReturn(5) // domain id + .thenReturn(7) // service id + .thenReturn(9); // host id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true); // this on is for host id + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true); // this on is for host id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); @@ -5555,20 +5555,20 @@ public void testListServiceHosts() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // service id + .thenReturn(5) // domain id + .thenReturn(7); // service id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) // this one is for service id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) // this one is for service id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("host1") - .thenReturn("host3") - .thenReturn("host2"); + .thenReturn("host1") + .thenReturn("host3") + .thenReturn("host2"); List serviceHosts = jdbcConn.listServiceHosts("my-domain", "service1"); @@ -5624,9 +5624,9 @@ public void testInsertDomainTemplate() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5650,7 +5650,7 @@ public void testInsertDomainTemplateInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5669,9 +5669,9 @@ public void testInsertDomainTemplateNewTemplate() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5686,7 +5686,7 @@ public void testInsertDomainTemplateNewTemplate() throws Exception { assertTrue(requestSuccess); jdbcConn.close(); - } + } @Test public void testInsertDomainTemplateException() throws Exception { @@ -5694,11 +5694,11 @@ public void testInsertDomainTemplateException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // template id + .thenReturn(5) // domain id + .thenReturn(7); // template id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for template id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for template id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); @@ -5765,9 +5765,9 @@ public void testDeleteDomainTemplate() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5790,7 +5790,7 @@ public void testDeleteDomainTemplateInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -5809,11 +5809,11 @@ public void testDeleteDomainTemplateException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // template id + .thenReturn(5) // domain id + .thenReturn(7); // template id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true); // this one is for template id + .thenReturn(true) // this one is for domain id + .thenReturn(true); // this one is for template id Mockito.when(mockPrepStmt.executeUpdate()).thenThrow(new SQLException("failed operation", "state", 1001)); @@ -5832,15 +5832,15 @@ public void testListDomainTemplates() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) // domain id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // domain id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(1)) - .thenReturn("vipng") - .thenReturn("platforms") - .thenReturn("user_understanding"); + .thenReturn("vipng") + .thenReturn("platforms") + .thenReturn("user_understanding"); Mockito.when(mockResultSet.getInt(1)).thenReturn(1); // domain id List templates = jdbcConn.listDomainTemplates("my-domain"); @@ -6006,15 +6006,15 @@ public void testListEntities() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true) // this one is for domain id - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // this one is for domain id + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(1)) - .thenReturn("z-entity") - .thenReturn("a-entity") - .thenReturn("b-entity"); + .thenReturn("z-entity") + .thenReturn("a-entity") + .thenReturn("b-entity"); List entities = jdbcConn.listEntities("my-domain"); @@ -6074,7 +6074,7 @@ public void testCountEntitiesInvalidDomain() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // this one is for domain id + .thenReturn(false); // this one is for domain id try { jdbcConn.countEntities("my-domain"); @@ -6092,11 +6092,11 @@ public void testCountEntitiesException() throws Exception { Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.countEntities("my-domain"); @@ -6128,10 +6128,10 @@ public void testGetEntity() throws Exception { public void testGetEntityNotFound() throws Exception { Mockito.when(mockResultSet.next()) - .thenReturn(true) // for domain id - .thenReturn(false); + .thenReturn(true) // for domain id + .thenReturn(false); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Entity entity = jdbcConn.getEntity("my-domain", "entity1"); @@ -6159,13 +6159,13 @@ public void testGetEntityDomainNotFound() throws Exception { public void testGetEntityException() throws Exception { Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); Mockito.when(mockResultSet.next()) - .thenReturn(true); // for domain id + .thenReturn(true); // for domain id Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); try { @@ -6459,9 +6459,9 @@ public void testListModifiedDomains() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()).thenReturn(true) // 3 domains without tags - .thenReturn(true).thenReturn(true).thenReturn(false); + .thenReturn(true).thenReturn(true).thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("domain1").thenReturn("domain2").thenReturn("domain3"); // 3 domains + .thenReturn("domain1").thenReturn("domain2").thenReturn("domain3"); // 3 domains Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACCOUNT)) .thenReturn("acct1").thenReturn("acct2").thenReturn("acct3"); // 3 domains Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_YPM_ID)) @@ -6554,55 +6554,55 @@ public void testGetAthenzDomain() throws Exception { // 2 policies, 2 assertions // 1 service, 1 public key Mockito.when(mockResultSet.next()).thenReturn(true) // domain - .thenReturn(true).thenReturn(false) // domain with 1 tag - .thenReturn(true).thenReturn(false) // domain with 1 contact - .thenReturn(true).thenReturn(true).thenReturn(false) // 2 roles - .thenReturn(true).thenReturn(true).thenReturn(false) // 1 member each - .thenReturn(true).thenReturn(true).thenReturn(false)// roles tags - .thenReturn(true).thenReturn(true).thenReturn(false) // 2 groups - .thenReturn(true).thenReturn(true).thenReturn(false) // 1 member each - .thenReturn(true).thenReturn(true).thenReturn(false)// groups tags - .thenReturn(true).thenReturn(true).thenReturn(false) // 2 policies - // 1 assertion each. true for first assertion, false for assertion condition for that assertion - // true for second assertion, false for assertion condition for second assertion, last false to get out - .thenReturn(true).thenReturn(true).thenReturn(false).thenReturn(false) - .thenReturn(false) // no conditions - .thenReturn(true).thenReturn(false) // 1 service - .thenReturn(true).thenReturn(false) // 1 public key - .thenReturn(true).thenReturn(false); // 1 host + .thenReturn(true).thenReturn(false) // domain with 1 tag + .thenReturn(true).thenReturn(false) // domain with 1 contact + .thenReturn(true).thenReturn(true).thenReturn(false) // 2 roles + .thenReturn(true).thenReturn(true).thenReturn(false) // 1 member each + .thenReturn(true).thenReturn(true).thenReturn(false)// roles tags + .thenReturn(true).thenReturn(true).thenReturn(false) // 2 groups + .thenReturn(true).thenReturn(true).thenReturn(false) // 1 member each + .thenReturn(true).thenReturn(true).thenReturn(false)// groups tags + .thenReturn(true).thenReturn(true).thenReturn(false) // 2 policies + // 1 assertion each. true for first assertion, false for assertion condition for that assertion + // true for second assertion, false for assertion condition for second assertion, last false to get out + .thenReturn(true).thenReturn(true).thenReturn(false).thenReturn(false) + .thenReturn(false) // no conditions + .thenReturn(true).thenReturn(false) // 1 service + .thenReturn(true).thenReturn(false) // 1 public key + .thenReturn(true).thenReturn(false); // 1 host Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_TYPE)) .thenReturn("security-contact"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("user.joe") // contact name - .thenReturn("role1").thenReturn("role2") // role names - .thenReturn("group1").thenReturn("group2") // group names - .thenReturn("service1"); // service name + .thenReturn("user.joe") // contact name + .thenReturn("role1").thenReturn("role2") // role names + .thenReturn("group1").thenReturn("group2") // group names + .thenReturn("service1"); // service name Mockito.when(mockResultSet.getString(1)) - .thenReturn("tag-key") // tag key - .thenReturn("role1").thenReturn("role2") // role names - .thenReturn("role1").thenReturn( "role2") // roles tags - .thenReturn("group1").thenReturn("group2") // group names - .thenReturn("group1").thenReturn( "group2") // groups tags - .thenReturn("service1"); // service names + .thenReturn("tag-key") // tag key + .thenReturn("role1").thenReturn("role2") // role names + .thenReturn("role1").thenReturn( "role2") // roles tags + .thenReturn("group1").thenReturn("group2") // group names + .thenReturn("group1").thenReturn( "group2") // groups tags + .thenReturn("service1"); // service names Mockito.when(mockResultSet.getInt(ZMSConsts.DB_COLUMN_POLICY_ID)) - .thenReturn(10001).thenReturn(10002) // policy ids - .thenReturn(10001).thenReturn(10002); + .thenReturn(10001).thenReturn(10002) // policy ids + .thenReturn(10001).thenReturn(10002); Mockito.when(mockResultSet.getString(2)) - .thenReturn("tag-val") // tag value - .thenReturn("user").thenReturn("user") // role member domain names - .thenReturn("role1-tag-key").thenReturn("role2-tag-key") // roles tags - .thenReturn("user").thenReturn("user") // group member domain names - .thenReturn("group1-tag-key").thenReturn("group2-tag-key") // group tags - .thenReturn("host1"); // service host name + .thenReturn("tag-val") // tag value + .thenReturn("user").thenReturn("user") // role member domain names + .thenReturn("role1-tag-key").thenReturn("role2-tag-key") // roles tags + .thenReturn("user").thenReturn("user") // group member domain names + .thenReturn("group1-tag-key").thenReturn("group2-tag-key") // group tags + .thenReturn("host1"); // service host name Mockito.when(mockResultSet.getString(3)) - .thenReturn("role1-tag-val").thenReturn("role2-tag-val") //tag values - .thenReturn("group1-tag-val").thenReturn("group2-tag-val"); //tag values + .thenReturn("role1-tag-val").thenReturn("role2-tag-val") //tag values + .thenReturn("group1-tag-val").thenReturn("group2-tag-val"); //tag values Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED); Mockito.doReturn(true).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_ENABLED); @@ -6619,15 +6619,15 @@ public void testGetAthenzDomain() throws Exception { Mockito.doReturn("root").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_USER); Mockito.doReturn("https://server.athenzcompany.com").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1").thenReturn("role2"); + .thenReturn("role1").thenReturn("role2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_PRINCIPAL_GROUP)) .thenReturn("group1").thenReturn("group2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)) - .thenReturn("my-domain:*").thenReturn("my-domain:service.*"); + .thenReturn("my-domain:*").thenReturn("my-domain:service.*"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("*").thenReturn("read"); + .thenReturn("*").thenReturn("read"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)) - .thenReturn("ALLOW").thenReturn("DENY"); + .thenReturn("ALLOW").thenReturn("DENY"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_ID)).thenReturn("zms1.zone1"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)).thenReturn("Value1"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)).thenReturn("Value1"); @@ -7215,14 +7215,14 @@ public void testLookupDomainByRole() throws Exception { // 3 domain being returned Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("zdomain") - .thenReturn("adomain") - .thenReturn("bdomain"); + .thenReturn("zdomain") + .thenReturn("adomain") + .thenReturn("bdomain"); JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); List domains = jdbcConn.lookupDomainByRole("user.user", "admin"); @@ -7255,14 +7255,14 @@ public void testLookupDomainByRoleDuplicateDomains() throws Exception { // so our end result must be the unique 2 only Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("zdomain") - .thenReturn("adomain") - .thenReturn("zdomain"); + .thenReturn("zdomain") + .thenReturn("adomain") + .thenReturn("zdomain"); JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); List domains = jdbcConn.lookupDomainByRole("user.user", "admin"); @@ -7278,7 +7278,7 @@ public void testListRoleAuditLogsInvalidDomain() throws SQLException { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); // invalid domain + .thenReturn(false); // invalid domain try { jdbcConn.listRoleAuditLogs("my-domain", "role1"); @@ -7295,8 +7295,8 @@ public void testListRoleAuditLogsInvalidRole() throws SQLException { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) // domain id success - .thenReturn(false); // role id failure + .thenReturn(true) // domain id success + .thenReturn(false); // role id failure Mockito.doReturn(5).when(mockResultSet).getInt(1); // return domain id try { @@ -7314,15 +7314,15 @@ public void testListRoleAuditLogsException() throws SQLException { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) // domain id success - .thenReturn(true); // role id success + .thenReturn(true) // domain id success + .thenReturn(true); // role id success Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.listRoleAuditLogs("my-domain", "role1"); @@ -7339,28 +7339,28 @@ public void testListRoleAuditLogs() throws SQLException { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) // domain id success - .thenReturn(true) // role id success - .thenReturn(true) // 2 log entries - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) // domain id success + .thenReturn(true) // role id success + .thenReturn(true) // 2 log entries + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // role id + .thenReturn(5) // domain id + .thenReturn(7); // role id Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("ADD") - .thenReturn("DELETE"); + .thenReturn("ADD") + .thenReturn("DELETE"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_MEMBER)) - .thenReturn("user.member1") - .thenReturn("user.member2"); + .thenReturn("user.member1") + .thenReturn("user.member2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ADMIN)) - .thenReturn("user.admin1") - .thenReturn("user.admin2"); + .thenReturn("user.admin1") + .thenReturn("user.admin2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_AUDIT_REF)) - .thenReturn("") - .thenReturn("audit-ref"); + .thenReturn("") + .thenReturn("audit-ref"); Mockito.doReturn(new java.sql.Timestamp(1454358916)) - .when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_CREATED); + .when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_CREATED); List logs = jdbcConn.listRoleAuditLogs("my-domain", "role1"); assertNotNull(logs); @@ -7408,30 +7408,30 @@ public void testGetRoleAssertions() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("dom1") - .thenReturn("dom1") - .thenReturn("dom2"); + .thenReturn("dom1") + .thenReturn("dom1") + .thenReturn("dom2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("101") - .thenReturn("102"); + .thenReturn("101") + .thenReturn("101") + .thenReturn("102"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1") - .thenReturn("role1") - .thenReturn("role3"); + .thenReturn("role1") + .thenReturn("role1") + .thenReturn("role3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)) - .thenReturn("resource1") - .thenReturn("resource2") - .thenReturn("resource3"); + .thenReturn("resource1") + .thenReturn("resource2") + .thenReturn("resource3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("update"); + .thenReturn("update"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)) - .thenReturn("ALLOW"); + .thenReturn("ALLOW"); Map> roleAssertions = jdbcConn.getRoleAssertions("update", "getRoleAssertions"); assertEquals(2, roleAssertions.size()); @@ -7466,22 +7466,22 @@ public void testGetRolePrincipals() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("user.user1") - .thenReturn("user.user1") - .thenReturn("user.user1"); + .thenReturn("user.user1") + .thenReturn("user.user1") + .thenReturn("user.user1"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("101") - .thenReturn("102"); + .thenReturn("101") + .thenReturn("101") + .thenReturn("102"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE_NAME)) - .thenReturn("role1") - .thenReturn("role1") - .thenReturn("role3"); + .thenReturn("role1") + .thenReturn("role1") + .thenReturn("role3"); Set rolePrincipals = jdbcConn.getRolePrincipals("user.user1", "getRolePrincipals"); assertEquals(2, rolePrincipals.size()); @@ -7499,33 +7499,33 @@ public void testGetTrustedRoles() throws Exception { jdbcConn.resetTrustRolesMap(); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) - .thenReturn(false) // end of first call - .thenReturn(true) // for timestamp lookup - .thenReturn(true) // single entry returned - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) + .thenReturn(false) // end of first call + .thenReturn(true) // for timestamp lookup + .thenReturn(true) // single entry returned + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("trole1") - .thenReturn("trole2") - .thenReturn("trole3"); + .thenReturn("trole1") + .thenReturn("trole2") + .thenReturn("trole3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("102") - .thenReturn("103"); + .thenReturn("101") + .thenReturn("102") + .thenReturn("103"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1") - .thenReturn("role1") - .thenReturn("role3"); + .thenReturn("role1") + .thenReturn("role1") + .thenReturn("role3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ASSERT_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("101") - .thenReturn("103"); + .thenReturn("101") + .thenReturn("101") + .thenReturn("103"); long now = System.currentTimeMillis(); Mockito.when(mockResultSet.getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED)) - .thenReturn(new java.sql.Timestamp(now + 30000)); + .thenReturn(new java.sql.Timestamp(now + 30000)); Map> trustedRoles = jdbcConn.getTrustedRoles("getTrustedRoles"); assertEquals(2, trustedRoles.size()); @@ -7573,18 +7573,18 @@ public void testListDomainsByCloudProviderAWS() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("dom1") - .thenReturn("dom2") - .thenReturn("dom3"); + .thenReturn("dom1") + .thenReturn("dom2") + .thenReturn("dom3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACCOUNT)) - .thenReturn("101") - .thenReturn("102") - .thenReturn("103"); + .thenReturn("101") + .thenReturn("102") + .thenReturn("103"); Map awsDomains = jdbcConn.listDomainsByCloudProvider("aws"); assertEquals(3, awsDomains.size()); @@ -7757,7 +7757,7 @@ public void testListResourceAccessNotRegisteredRolePrincipals() throws SQLExcept // no role principals Mockito.when(mockResultSet.next()) - .thenReturn(false); + .thenReturn(false); // we must get back 404 since the user doesn't exist in system @@ -7780,9 +7780,9 @@ public void testListResourceAccessRegisteredRolePrincipals() throws SQLException // no role principals Mockito.when(mockResultSet.next()) - .thenReturn(false) // no role principal return - .thenReturn(false) // no groups principal return - .thenReturn(true); // valid principal id + .thenReturn(false) // no role principal return + .thenReturn(false) // no groups principal return + .thenReturn(true); // valid principal id Mockito.doReturn(7).when(mockResultSet).getInt(1); ResourceAccessList resourceAccessList = jdbcConn.listResourceAccess("user.user1", "update", "user"); @@ -7806,23 +7806,23 @@ public void testListResourceAccessEmptyRoleAssertions() throws SQLException { jdbcConn.resetTrustRolesMap(); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) // up to here is role principals - .thenReturn(false); // we have no role assertions + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) // up to here is role principals + .thenReturn(false); // we have no role assertions Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("user.user1") - .thenReturn("user.user2") - .thenReturn("user.user3"); + .thenReturn("user.user1") + .thenReturn("user.user2") + .thenReturn("user.user3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("101") - .thenReturn("102"); + .thenReturn("101") + .thenReturn("101") + .thenReturn("102"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE_NAME)) - .thenReturn("role1") - .thenReturn("role1") - .thenReturn("role3"); + .thenReturn("role1") + .thenReturn("role1") + .thenReturn("role3"); ResourceAccessList resourceAccessList = jdbcConn.listResourceAccess("user.user1", "update", "user"); @@ -7845,45 +7845,45 @@ public void testListResourceAccess() throws SQLException { jdbcConn.resetTrustRolesMap(); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) // up to here is role principals - .thenReturn(false) // no groups - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) // up to here is role assertions - .thenReturn(false); // no trusted role + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) // up to here is role principals + .thenReturn(false) // no groups + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) // up to here is role assertions + .thenReturn(false); // no trusted role Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("dom1") - .thenReturn("dom1") - .thenReturn("dom2"); + .thenReturn("dom1") + .thenReturn("dom1") + .thenReturn("dom2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("101") - .thenReturn("102") // up to here is role principals - .thenReturn("101") - .thenReturn("101") - .thenReturn("102"); + .thenReturn("101") + .thenReturn("101") + .thenReturn("102") // up to here is role principals + .thenReturn("101") + .thenReturn("101") + .thenReturn("102"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE_NAME)) - .thenReturn("role1") - .thenReturn("role2") - .thenReturn("role3"); + .thenReturn("role1") + .thenReturn("role2") + .thenReturn("role3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1") - .thenReturn("role2") - .thenReturn("role3") - .thenReturn("role4"); + .thenReturn("role1") + .thenReturn("role2") + .thenReturn("role3") + .thenReturn("role4"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)) - .thenReturn("resource1") - .thenReturn("resource2") - .thenReturn("resource3") - .thenReturn("resource4"); + .thenReturn("resource1") + .thenReturn("resource2") + .thenReturn("resource3") + .thenReturn("resource4"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("update"); + .thenReturn("update"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)) - .thenReturn("ALLOW"); + .thenReturn("ALLOW"); ResourceAccessList resourceAccessList = jdbcConn.listResourceAccess("user.user1", "update", "user"); List resources = resourceAccessList.getResources(); @@ -7911,71 +7911,71 @@ public void testListResourceAccessAws() throws SQLException { jdbcConn.resetTrustRolesMap(); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) // up to here is role principals - .thenReturn(false) // no groups - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) // up to here is role assertions - .thenReturn(true) // this is for last modified timestamp - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false) // up to here standard trusted roles - .thenReturn(false) // up to here wildcard trusted roles - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); // up to here is aws domains + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) // up to here is role principals + .thenReturn(false) // no groups + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) // up to here is role assertions + .thenReturn(true) // this is for last modified timestamp + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false) // up to here standard trusted roles + .thenReturn(false) // up to here wildcard trusted roles + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); // up to here is aws domains Mockito.when(mockResultSet.getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED)) - .thenReturn(new java.sql.Timestamp(1454358916)); + .thenReturn(new java.sql.Timestamp(1454358916)); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("dom1") - .thenReturn("dom2") - .thenReturn("dom3") // up to here is role assertions - .thenReturn("trole1") - .thenReturn("trole2") - .thenReturn("trole3") // up to here trusted roles - .thenReturn("dom1") - .thenReturn("dom2"); + .thenReturn("dom1") + .thenReturn("dom2") + .thenReturn("dom3") // up to here is role assertions + .thenReturn("trole1") + .thenReturn("trole2") + .thenReturn("trole3") // up to here trusted roles + .thenReturn("dom1") + .thenReturn("dom2"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("102") - .thenReturn("103") // up to here is role principals - .thenReturn("101") - .thenReturn("102") - .thenReturn("103") // up to here role assertions - .thenReturn("101") - .thenReturn("102") - .thenReturn("103"); // up to here trusted roles + .thenReturn("101") + .thenReturn("102") + .thenReturn("103") // up to here is role principals + .thenReturn("101") + .thenReturn("102") + .thenReturn("103") // up to here role assertions + .thenReturn("101") + .thenReturn("102") + .thenReturn("103"); // up to here trusted roles Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE_NAME)) - .thenReturn("role1") - .thenReturn("role2") - .thenReturn("role3"); + .thenReturn("role1") + .thenReturn("role2") + .thenReturn("role3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1") - .thenReturn("role2") - .thenReturn("role3") // up to here role assertions - .thenReturn("role1") - .thenReturn("role2") - .thenReturn("role3"); // up to here trusted roles + .thenReturn("role1") + .thenReturn("role2") + .thenReturn("role3") // up to here role assertions + .thenReturn("role1") + .thenReturn("role2") + .thenReturn("role3"); // up to here trusted roles Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)) - .thenReturn("dom1:role1") - .thenReturn("dom2:role2") - .thenReturn("resource3"); + .thenReturn("dom1:role1") + .thenReturn("dom2:role2") + .thenReturn("resource3"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("assume_aws_role"); + .thenReturn("assume_aws_role"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)) - .thenReturn("ALLOW"); + .thenReturn("ALLOW"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACCOUNT)) - .thenReturn("12345") - .thenReturn("12346"); + .thenReturn("12345") + .thenReturn("12346"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ASSERT_DOMAIN_ID)) - .thenReturn("101") - .thenReturn("102") - .thenReturn("103"); + .thenReturn("101") + .thenReturn("102") + .thenReturn("103"); ResourceAccessList resourceAccessList = jdbcConn.listResourceAccess("user.user1", "assume_aws_role", "user"); List resources = resourceAccessList.getResources(); @@ -8032,8 +8032,8 @@ public void testUpdatePolicyModTimestampSuccess() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id boolean requestSuccess = jdbcConn.updatePolicyModTimestamp("my-domain", "policy1", null); assertTrue(requestSuccess); @@ -8077,8 +8077,8 @@ public void testUpdatePolicyModTimestampFailure() throws Exception { Mockito.doReturn(0).when(mockPrepStmt).executeUpdate(); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5) // domain id - .thenReturn(7); // policy id + .thenReturn(5) // domain id + .thenReturn(7); // policy id boolean requestSuccess = jdbcConn.updatePolicyModTimestamp("my-domain", "policy1", null); assertFalse(requestSuccess); @@ -8114,15 +8114,15 @@ public void testGetAssertion() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true); + .thenReturn(true); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)) - .thenReturn("role1"); + .thenReturn("role1"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)) - .thenReturn("my-domain:*"); + .thenReturn("my-domain:*"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)) - .thenReturn("*"); + .thenReturn("*"); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)) - .thenReturn("ALLOW"); + .thenReturn("ALLOW"); Assertion assertion = jdbcConn.getAssertion("my-domain", "policy1", 101L); @@ -8143,7 +8143,7 @@ public void testGetAssertionNoMatch() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); + .thenReturn(false); Assertion assertion = jdbcConn.getAssertion("my-domain", "policy1", 101L); assertNull(assertion); @@ -8196,16 +8196,16 @@ public void testListPrincipals() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(true) - .thenReturn(false); + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(true) + .thenReturn(false); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("user.joe") - .thenReturn("user.jane") - .thenReturn("user.doe") - .thenReturn("user.jack"); + .thenReturn("user.joe") + .thenReturn("user.jane") + .thenReturn("user.doe") + .thenReturn("user.jack"); List principals = jdbcConn.listPrincipals("user"); @@ -8255,14 +8255,14 @@ public void testGetPrincipalRolesForAllDomainsException() throws SQLException { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockPrepStmt.executeQuery()) - .thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(mockResultSet) + .thenThrow(new SQLException("failed operation", "state", 1001)); Mockito.when(mockResultSet.next()) - .thenReturn(true); // get principal id + .thenReturn(true); // get principal id Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // principal id + .thenReturn(5); // principal id try { jdbcConn.getPrincipalRoles("user.joe", null); @@ -8442,7 +8442,7 @@ public void testDeletePrincipalDomainException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockPrepStmt.executeUpdate()) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.deletePrincipal("user.jake", true); @@ -8459,8 +8459,8 @@ public void testDeletePrincipalSubDomainException() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockPrepStmt.executeUpdate()) - .thenReturn(1) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenReturn(1) + .thenThrow(new SQLException("failed operation", "state", 1001)); try { jdbcConn.deletePrincipal("user.jake", true); @@ -8537,7 +8537,7 @@ public void testGetQuotaNull() throws Exception { public void testGetQuotaException() throws Exception { Mockito.when(mockPrepStmt.executeQuery()).thenReturn(mockResultSet) - .thenThrow(new SQLException("failed operation", "state", 1001)); + .thenThrow(new SQLException("failed operation", "state", 1001)); Mockito.when(mockResultSet.next()).thenReturn(true); Mockito.doReturn(7).when(mockResultSet).getInt(1); // domain id @@ -9225,7 +9225,7 @@ public void testConfirmRoleMemberApprove() throws Exception { .thenReturn(7) // role id .thenReturn(9); // principal id Mockito.when(mockResultSet.getString(1)) - .thenReturn(pendingState); + .thenReturn(pendingState); Mockito.when(mockResultSet.next()) .thenReturn(true) // this one is for domain id .thenReturn(true) // this one is for role id @@ -9509,7 +9509,7 @@ public void testConfirmRoleMemberErrors() throws Exception { .thenReturn(7) // role id .thenReturn(9); // principal id Mockito.when(mockResultSet.getString(1)) - .thenReturn("ADD"); + .thenReturn("ADD"); Mockito.when(mockResultSet.next()) .thenReturn(true) // this one is for domain id .thenReturn(true) // this one is for role id @@ -9518,7 +9518,7 @@ public void testConfirmRoleMemberErrors() throws Exception { .thenReturn(false); // member exists assertFalse(jdbcConn.confirmRoleMember("my-domain4", "role4", new RoleMember() - .setMemberName("user.user1").setActive(true), "user.admin", "audit-ref")); + .setMemberName("user.user1").setActive(true), "user.admin", "audit-ref")); Mockito.when(mockResultSet.getInt(1)) .thenReturn(5) // domain id @@ -13062,7 +13062,7 @@ public void testConfirmGroupMemberErrors() throws Exception { .thenReturn(false); // member exists assertFalse(jdbcConn.confirmGroupMember("my-domain4", "group4", new GroupMember() - .setMemberName("user.user1").setActive(true), "user.admin", "audit-ref")); + .setMemberName("user.user1").setActive(true), "user.admin", "audit-ref")); Mockito.when(mockResultSet.getInt(1)) .thenReturn(5) // domain id @@ -13789,10 +13789,10 @@ public void testLookupDomainByTags() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)) - .thenReturn("domain-key-val").thenReturn("domain-key-only"); + .thenReturn("domain-key-val").thenReturn("domain-key-only"); Mockito.when(mockResultSet.next()) - .thenReturn(true, false, true, false); + .thenReturn(true, false, true, false); List domains = jdbcConn.lookupDomainByTags("tagKey", "tagVal"); assertEquals(domains.get(0), "domain-key-val"); @@ -13811,7 +13811,7 @@ public void testLookupDomainByTagsEmpty() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); + .thenReturn(false); List domains = jdbcConn.lookupDomainByTags("tagKey", "tagVal"); assertTrue(domains.isEmpty()); @@ -13826,7 +13826,7 @@ public void testLookupDomainByTagsEmpty() throws Exception { public void testLookupDomainByTagsError() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true).thenThrow(new SQLException("sql error")); + .thenReturn(true).thenThrow(new SQLException("sql error")); try { jdbcConn.lookupDomainByTags("tagKey", "tagVal"); fail(); @@ -13841,12 +13841,12 @@ public void testGetDomainTags() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getString(1)) - .thenReturn("tagKey"); + .thenReturn("tagKey"); Mockito.when(mockResultSet.getString(2)) - .thenReturn("tagVal1", "tagVal2"); + .thenReturn("tagVal1", "tagVal2"); Mockito.when(mockResultSet.next()) - .thenReturn(true, true, false); + .thenReturn(true, true, false); Map domainTags = jdbcConn.getDomainTags(5); assertNotNull(domainTags); @@ -13866,7 +13866,7 @@ public void testGetDomainTagsEmpty() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(false); + .thenReturn(false); Map domainTags = jdbcConn.getDomainTags(5); assertNull(domainTags); @@ -13879,7 +13879,7 @@ public void testGetDomainTagsEmpty() throws Exception { public void testGetDomainTagsError() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.next()) - .thenReturn(true).thenThrow(new SQLException("sql error")); + .thenReturn(true).thenThrow(new SQLException("sql error")); try { jdbcConn.getDomainTags(5); fail(); @@ -13895,15 +13895,15 @@ public void testInsertDomainTags() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Map domainTags = Collections.singletonMap( - "tagKey", new TagValueList().setList(Collections.singletonList("tagVal")) + "tagKey", new TagValueList().setList(Collections.singletonList("tagVal")) ); assertTrue(jdbcConn.insertDomainTags("domain", domainTags)); @@ -13921,14 +13921,14 @@ public void testInsertDomainTagsInvalid() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(0).when(mockPrepStmt).executeUpdate(); Map domainTags = Collections.singletonMap( - "tagKey", new TagValueList().setList(Collections.singletonList("tagVal")) + "tagKey", new TagValueList().setList(Collections.singletonList("tagVal")) ); assertFalse(jdbcConn.insertDomainTags("domain", domainTags)); jdbcConn.close(); @@ -13957,16 +13957,16 @@ public void testInsertDomainTagsUnknownDomain() throws Exception { public void testInsertDomainTagsError() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeUpdate()) - .thenThrow(new SQLException("sql error")); + .thenThrow(new SQLException("sql error")); try { Map domainTags = Collections.singletonMap( - "tagKey", new TagValueList().setList(Collections.singletonList("tagVal")) + "tagKey", new TagValueList().setList(Collections.singletonList("tagVal")) ); jdbcConn.insertDomainTags("domain", domainTags); fail(); @@ -13982,10 +13982,10 @@ public void testDeleteDomainTags() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); @@ -14022,10 +14022,10 @@ public void testDeleteDomainTagsInvalid() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.doReturn(0).when(mockPrepStmt).executeUpdate(); Set tagKeys = new HashSet<>(Collections.singletonList("tagKey")); @@ -14037,13 +14037,13 @@ public void testDeleteDomainTagsInvalid() throws Exception { public void testDeleteDomainTagsError() throws Exception { JDBCConnection jdbcConn = new JDBCConnection(mockConn, true); Mockito.when(mockResultSet.getInt(1)) - .thenReturn(5); // domain id + .thenReturn(5); // domain id Mockito.when(mockResultSet.next()) - .thenReturn(true); // this one is for domain id + .thenReturn(true); // this one is for domain id Mockito.when(mockPrepStmt.executeUpdate()) - .thenThrow(new SQLException("sql error")); + .thenThrow(new SQLException("sql error")); try { Set tagKeys = new HashSet<>(Collections.singletonList("tagKey")); jdbcConn.deleteDomainTags("domain", tagKeys); @@ -14829,12 +14829,12 @@ public void testInsertServiceTagsExceptions() throws Exception { Mockito.doReturn(1).when(mockPrepStmt).executeUpdate(); Mockito.when(mockConn.prepareStatement(ArgumentMatchers.isA(String.class))) - .thenReturn(mockPrepStmt) - .thenReturn(mockPrepStmt) - .thenReturn(mockPrepStmt) - .thenReturn(mockPrepStmt) - .thenReturn(mockPrepStmt) - .thenThrow(SQLException.class); + .thenReturn(mockPrepStmt) + .thenReturn(mockPrepStmt) + .thenReturn(mockPrepStmt) + .thenReturn(mockPrepStmt) + .thenReturn(mockPrepStmt) + .thenThrow(SQLException.class); // Mockito.doThrow(SQLException.class).when(mockConn).prepareStatement(ArgumentMatchers.isA(String.class)); @@ -14847,7 +14847,7 @@ public void testInsertServiceTagsExceptions() throws Exception { jdbcConn.insertServiceTags("service", "domain", serviceTags); fail(); } catch (ResourceException e) { - assertEquals(e.getCode(), 404); + assertEquals(e.getCode(), 404); assertEquals(e.getMessage(), "ResourceException (404): {code: 404, message: \"unknown domain - domain\"}"); } @@ -16140,4 +16140,85 @@ public void testGetPendingRoleMemberRoleNotFound() throws Exception { jdbcConn.con.close(); } + + @Test + public void testGetPendingGroupMember() throws Exception { + JDBCConnection jdbcConn = new JDBCConnection(mockConn, false); + Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(true); + Mockito.when(mockResultSet.getInt(1)).thenReturn(321).thenReturn(456); + + Mockito.when(mockResultSet.getString(3)).thenReturn("user.bob"); + Mockito.when(mockResultSet.getString(4)).thenReturn(ZMSConsts.PENDING_REQUEST_ADD_STATE); + + GroupMember groupMember = jdbcConn.getPendingGroupMember("testDomain", "group1", "user.joe"); + + // get pending member + assertEquals(groupMember.getPendingState(), ZMSConsts.PENDING_REQUEST_ADD_STATE); + assertEquals(groupMember.getMemberName(), "user.joe"); + assertEquals(groupMember.getRequestPrincipal(), "user.bob"); + + jdbcConn.con.close(); + } + + @Test + public void testGetPendingGroupMemberNotFound() throws Exception { + JDBCConnection jdbcConn = new JDBCConnection(mockConn, false); + Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(false); + Mockito.when(mockResultSet.getInt(1)).thenReturn(321).thenReturn(456); + + GroupMember groupMember = jdbcConn.getPendingGroupMember("testDomain", "group1", "user.joe"); + + // get pending member + assertNull(groupMember); + + jdbcConn.con.close(); + } + @Test + public void testGetPendingGroupMemberException() throws Exception { + JDBCConnection jdbcConn = new JDBCConnection(mockConn, false); + Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(false); + Mockito.when(mockResultSet.getInt(1)).thenReturn(321).thenReturn(456); + Mockito.when(mockPrepStmt.executeQuery()).thenReturn(mockResultSet).thenReturn(mockResultSet).thenThrow(new SQLException("failed operation", "state", 1001)); + + try { + jdbcConn.getPendingGroupMember("testDomain", "group1", "user.joe"); + fail(); + } catch (ResourceException ex) { + assertEquals(ex.getCode(), ResourceException.INTERNAL_SERVER_ERROR); + } + jdbcConn.con.close(); + } + + @Test + public void testGetPendingGroupMemberDomainNotFound() throws Exception { + JDBCConnection jdbcConn = new JDBCConnection(mockConn, false); + Mockito.when(mockResultSet.next()).thenReturn(true); + Mockito.when(mockResultSet.getInt(1)).thenReturn(0); + + try { + jdbcConn.getPendingGroupMember("testDomain", "group1", "user.joe"); + fail(); + } catch (ResourceException ex) { + assertEquals(ex.getCode(), ResourceException.NOT_FOUND); + } + + jdbcConn.con.close(); + } + + @Test + public void testGetPendingGroupMemberGroupNotFound() throws Exception { + JDBCConnection jdbcConn = new JDBCConnection(mockConn, false); + Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true); + Mockito.when(mockResultSet.getInt(1)).thenReturn(123).thenReturn(0); + + + try { + jdbcConn.getPendingGroupMember("testDomain", "group1", "user.joe"); + fail(); + } catch (ResourceException ex) { + assertEquals(ex.getCode(), ResourceException.NOT_FOUND); + } + + jdbcConn.con.close(); + } }