diff options
Diffstat (limited to 'auth/auth-service')
-rw-r--r-- | auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java | 15 | ||||
-rw-r--r-- | auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java | 358 |
2 files changed, 261 insertions, 112 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java index 06278f92..f414a9fd 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java @@ -416,8 +416,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) { final boolean needNS = trans.requested(REQD_TYPE.ns); for(RoleDAO.Data frole : from) { - // Only Add Data to view if User is allowed to see this Role - //if(!filter || q.mayUserViewRole(trans, trans.user(), frole).isOK()) { + // Only Add Data to view if User is allowed to see this Role if(!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) { Role role = new Role(); role.setName(frole.ns + '.' + frole.name); @@ -427,7 +426,8 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } for(String p : frole.perms(false)) { // can see any Perms in the Role he has permission for Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p); - if(rpa.notOK()) return Result.err(rpa); + if(rpa.notOK()) + return Result.err(rpa); String[] pa = rpa.value; Pkey pKey = new Pkey(); @@ -481,12 +481,6 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.ok(to); } - /** - * - * @param base - * @param start - * @return - */ @Override public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, Request base) { try { @@ -495,8 +489,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo // Setup UserRoleData, either for immediate placement, or for futureIt i UserRoleDAO.Data to = new UserRoleDAO.Data(); if (from.getUser() != null) { - String user = from.getUser(); - to.user = user; + to.user = from.getUser(); } if (from.getRole() != null) { to.role(trans,q,from.getRole()); diff --git a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java index deea14c2..a7df421b 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java @@ -22,6 +22,8 @@ package org.onap.aaf.authz.service.mapper; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -29,22 +31,42 @@ import static org.mockito.BDDMockito.given; import static org.mockito.Matchers.any; import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyZeroInteractions; +import static org.onap.aaf.auth.layer.Result.ERR_BadData; +import static org.onap.aaf.auth.layer.Result.ERR_General; import aaf.v2_0.NsRequest; import aaf.v2_0.Nss; import aaf.v2_0.Nss.Ns; import aaf.v2_0.Perm; +import aaf.v2_0.PermKey; +import aaf.v2_0.PermRequest; import aaf.v2_0.Perms; +import aaf.v2_0.Pkey; import aaf.v2_0.Request; +import aaf.v2_0.Role; +import aaf.v2_0.RoleRequest; +import aaf.v2_0.Roles; +import aaf.v2_0.UserRole; +import aaf.v2_0.UserRoleRequest; +import aaf.v2_0.UserRoles; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Iterables; import com.google.common.collect.Lists; import com.google.common.collect.Sets; import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Collection; +import java.util.Date; +import java.util.GregorianCalendar; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.stream.Collectors; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -57,11 +79,15 @@ import org.onap.aaf.auth.dao.cass.NsSplit; import org.onap.aaf.auth.dao.cass.NsType; import org.onap.aaf.auth.dao.cass.PermDAO; import org.onap.aaf.auth.dao.cass.PermDAO.Data; +import org.onap.aaf.auth.dao.cass.RoleDAO; +import org.onap.aaf.auth.dao.cass.UserRoleDAO; import org.onap.aaf.auth.dao.hl.Question; import org.onap.aaf.auth.dao.hl.Question.Access; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE; import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.org.Organization; +import org.onap.aaf.auth.org.Organization.Expiration; import org.onap.aaf.auth.rserv.Pair; import org.onap.aaf.auth.service.mapper.Mapper.API; import org.onap.aaf.auth.service.mapper.Mapper_2_0; @@ -69,6 +95,7 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; +import org.onap.aaf.org.DefaultOrg; @RunWith(MockitoJUnitRunner.class) public class JU_Mapper_2_0 { @@ -361,135 +388,264 @@ public class JU_Mapper_2_0 { return perm; } - @Test - public void test() { - assertTrue(true); - } - - @Test - public void testApprovals(){ - assertTrue(true); - } - - @Test - public void testCert(){ - assertTrue(true); - - } - - @Test - public void testCred(){ - assertTrue(true); - - } - - @Test - public void testDelegate(){ - assertTrue(true); - } - - @Test - public void testErrorFromMessage(){ - assertTrue(true); - - } - - @Test - public void testFuture(){ - assertTrue(true); - } - - @Test - public void testGetClass(){ - assertTrue(true); - } + @Test + public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception { + //given + String roleName = "admin"; + RoleRequest request = createRoleRequest(roleName, "role description"); + given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException())); - @Test - public void testGetExpires(){ - assertTrue(true); + //when + Result<RoleDAO.Data> result = mapper.role(transaction, request); + + //then + assertFalse(result.isOK()); + assertNull(result.value); + assertEquals(ERR_General, result.status); } - + @Test - public void testGetMarshal(){ - assertTrue(true); - + public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception { + //given + String roleName = "admin"; + String roleNs = "org.onap.roles"; + String roleFullName = roleNs + "." + roleName; + String description =" role description"; + RoleRequest request = createRoleRequest(roleFullName, description); + given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName))); + + //when + Result<RoleDAO.Data> result = mapper.role(transaction, request); + + //then + assertTrue(result.isOK()); + assertEquals(roleName, result.value.name); + assertEquals(roleNs, result.value.ns); + assertEquals(description, result.value.description); + verify(transaction).checkpoint(roleFullName, Env.ALWAYS); } - - @Test - public void testHistory(){ - assertTrue(true); + + private RoleRequest createRoleRequest(String name, String description) { + RoleRequest req = mapper.newInstance(API.ROLE_REQ); + req.setName(name); + req.setDescription(description); + return req; } - + @Test - public void testKeys(){ - assertTrue(true); - + public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() { + //given + Roles initialRoles = new Roles(); + RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description"); + + //when + Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false); + + //then + assertTrue(result.isOK()); + assertEquals(initialRoles.getRole(), result.value.getRole()); } - + @Test - public void testNewInstance(){ - assertTrue(true); + public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() { + //given + Roles initialRoles = new Roles(); + RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description"); + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.err(9, "error")); + + //when + Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true); + + //then + assertTrue(result.isOK()); + assertEquals(initialRoles.getRole(), result.value.getRole()); } - + @Test - public void testNs(){ - assertTrue(true); + public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() { + test_roles_shouldAddRoles(false); } - + @Test - public void testNss(){ - assertTrue(true); + public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() { + test_roles_shouldAddRoles(true); } - - @Test - public void testPerm(){ - assertTrue(true); + + private void test_roles_shouldAddRoles(boolean namespaceRequested) { + //given + String namespace = "org.onap.app1"; + String description = "role description"; + Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer"); + List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description)) + .collect(Collectors.toList()); + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested); + + //when + Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true); + + //then + assertTrue(result.isOK()); + assertEquals(2, result.value.getRole().size()); + result.value.getRole().stream().forEach( role -> { + assertTrue(role.getPerms().isEmpty()); + if(namespaceRequested) { + assertEquals(namespace, role.getNs()); + } else { + assertNull(role.getNs()); + } + assertTrue(roleNames.contains(role.getName())); + assertEquals(description, role.getDescription()); + }); } - + @Test - public void testPermFromRPRequest(){ - assertTrue(true); + public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description"); + role.perms = Sets.newHashSet("invalidPermFormat"); + + //when + Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true); + + //then + assertFalse(result.isOK()); + assertEquals(ERR_BadData, result.status); } - + @Test - public void testPermKey(){ - assertTrue(true); + public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class))); + RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description"); + role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve"); + + //when + Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true); + + //then + assertTrue(result.isOK()); + Role mappedRole = Iterables.getOnlyElement(result.value.getRole()); + Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms()); + assertEquals("org.onap.app.access", pKey.getType()); + assertEquals("*", pKey.getInstance()); + assertEquals("read,approve", pKey.getAction()); } - - @Test - public void testPerms(){ - assertTrue(true); + + private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) { + NsDAO.Data ns = new NsDAO.Data(); + ns.name = namespace; + RoleDAO.Data role = RoleDAO.Data.create(ns, rolename); + role.description = desc; + return role; } - + @Test - public void testRole(){ - assertTrue(true); + public void userRoles_shouldMapUserRolesFromDAO() { + //given + String user = "john@people.osaaf.org"; + String role = "admin"; + String namespace = "org.osaaf.aaf"; + int year = 2020; + int month = 10; + int day = 31; + Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based + UserRoles targetRoles = new UserRoles(); + + //when + Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList( + createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles); + + //then + assertTrue(result.isOK()); + UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole()); + assertEquals(user, targetRole.getUser()); + assertEquals(role, targetRole.getRole()); + assertEquals(year, targetRole.getExpires().getYear()); + assertEquals(month, targetRole.getExpires().getMonth()); + assertEquals(day, targetRole.getExpires().getDay()); } - + @Test - public void testRoleFromRPRequest(){ - assertTrue(true); + public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() { + //given + PermRequest wrongRequestType = new PermRequest(); + + //when + Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType); + + //then + assertFalse(result.isOK()); + assertEquals(ERR_BadData, result.status); + verifyZeroInteractions(transaction); } - + @Test - public void testRoles(){ - assertTrue(true); + public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() { + //given + UserRoleRequest request = new UserRoleRequest(); + given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException())); + Organization org = mock(Organization.class); + given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar()); + given(transaction.org()).willReturn(org); + + //when + Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request); + + //then + assertTrue(result.isOK()); + assertNull(result.value.ns); + assertNull(result.value.rname); + assertNull(result.value.role); + assertNull(result.value.user); + assertNotNull(result.value.expires); } - + @Test - public void testUserRole(){ - assertTrue(true); + public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() { + //given + String user = "johny@people.osaaf.org"; + String role = "org.onap.app1.deployer"; + String rName = "deployer"; + String namespace = "org.onap.app1"; + + given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName))); + Organization org = mock(Organization.class); + given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar()); + given(transaction.org()).willReturn(org); + + //when + Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user)); + + //then + assertTrue(result.isOK()); + assertEquals(user, result.value.user); + assertEquals(role, result.value.role); + assertEquals(rName, result.value.rname); + assertEquals(namespace, result.value.ns); + assertNotNull(result.value.expires); } - - @Test - public void testUserRoles(){ - assertTrue(true); + + private UserRoleRequest createUserRoleRequest(String role, String user) { + UserRoleRequest request = new UserRoleRequest(); + request.setRole(role); + request.setUser(user); + return request; } - - @Test - public void testUsers(){ - assertTrue(true); + + private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) { + UserRoleDAO.Data userRole = new UserRoleDAO.Data(); + userRole.user = userName; + userRole.expires = expires; + userRole.ns = namespace; + userRole.role = roleName; + return userRole; } - } |