diff options
Diffstat (limited to 'auth')
3 files changed, 344 insertions, 5 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 53548423..8d148ec1 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -114,7 +114,7 @@ public class Question { public static final String NS = Type.ns.name(); public static final String CRED = Type.cred.name(); private static final String DELG = "delg"; - public static final String ROOT_NS = Define.ROOT_NS(); + public static final String ROOT_NS = Define.isInitialized() ? Define.ROOT_NS() : "undefined"; public static final String ATTRIB = "attrib"; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java index 1e7a0530..ce0033cc 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java @@ -31,6 +31,7 @@ import org.onap.aaf.cadi.config.Config; public class Define { private static String ROOT_NS = null; private static String ROOT_COMPANY = null; + private static boolean initialized = false; private final static String MSG = ".set(Access access) must be called before use"; public static final CharSequence ROOT_NS_TAG = "AAF_NS"; // use for certain Replacements in Location @@ -67,7 +68,8 @@ public class Define { access.getProperties().setProperty(es.getKey().toString(),varReplace(es.getValue().toString())); } } - + + initialized = true; access.printf(Level.INIT,"AAF Root NS is %s, and AAF Company Root is %s",ROOT_NS,ROOT_COMPANY); } @@ -78,5 +80,9 @@ public class Define { return potential; } } + + public static boolean isInitialized() { + return initialized; + } } diff --git a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java index b3630c7a..deea14c2 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java @@ -21,12 +21,346 @@ ******************************************************************************/ package org.onap.aaf.authz.service.mapper; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.mockito.BDDMockito.given; +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.verify; +import aaf.v2_0.NsRequest; +import aaf.v2_0.Nss; +import aaf.v2_0.Nss.Ns; +import aaf.v2_0.Perm; +import aaf.v2_0.Perms; +import aaf.v2_0.Request; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.Iterables; +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; +import java.io.IOException; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.junit.Assert; +import org.junit.Before; import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.runners.MockitoJUnitRunner; +import org.onap.aaf.auth.dao.cass.Namespace; +import org.onap.aaf.auth.dao.cass.NsDAO; +import org.onap.aaf.auth.dao.cass.NsSplit; +import org.onap.aaf.auth.dao.cass.NsType; +import org.onap.aaf.auth.dao.cass.PermDAO; +import org.onap.aaf.auth.dao.cass.PermDAO.Data; +import org.onap.aaf.auth.dao.hl.Question; +import org.onap.aaf.auth.dao.hl.Question.Access; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.rserv.Pair; +import org.onap.aaf.auth.service.mapper.Mapper.API; +import org.onap.aaf.auth.service.mapper.Mapper_2_0; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.Env; +import org.onap.aaf.misc.env.TimeTaken; +@RunWith(MockitoJUnitRunner.class) public class JU_Mapper_2_0 { + private static final String USER = "John"; + + private Mapper_2_0 mapper; + @Mock + private Question question; + @Mock + private AuthzTrans transaction; + @Mock + private TimeTaken tt; + + + @Before + public void setUp() throws APIException, IOException, CadiException { + given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt); + given(transaction.user()).willReturn(USER); + this.mapper = new Mapper_2_0(question); + } + + @Test(expected = ClassCastException.class) + public void ns_willThrowException_whenInvalidRequestType() { + //given + Request rq = new Request(); + + //when + mapper.ns(transaction, rq); + + //then + fail("Expected ClassCastException"); + } + + @Test + public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() { + //given + String namespaceName = "org.companyA.app1"; + String namespaceType = "APP"; + NsType expectedNsType = NsType.APP; + NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType); + + //when + Result<Namespace> result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, namespaceName); + verify(transaction).checkpoint(namespaceName,Env.ALWAYS); + } + + @Test + public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() { + //given + String namespaceName = "org.companyA.app1.service0"; + String invalidNsType = "BLUE"; + NsType expectedNsType = NsType.APP; + NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType); + + //when + Result<Namespace> result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, namespaceName); + verify(transaction).checkpoint(namespaceName,Env.ALWAYS); + } + + @Test + public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() { + //given + String rootNsName = "org"; + NsType expectedNsType = NsType.ROOT; + NsRequest nsRequest = createNsRequestForType(rootNsName, null); + + //when + Result<Namespace> result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, rootNsName); + verify(transaction).checkpoint(rootNsName,Env.ALWAYS); + } + + @Test + public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() { + //given + String companyNsName = "org.companyA"; + NsType expectedNsType = NsType.COMPANY; + NsRequest nsRequest = createNsRequestForType(companyNsName, null); + + //when + Result<Namespace> result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, companyNsName); + verify(transaction).checkpoint(companyNsName,Env.ALWAYS); + } + + private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) { + List<String> people = Lists.newArrayList("tk007@people.osaaf.org"); + assertEquals(Integer.valueOf(nsType.type), value.type); + assertEquals(namespaceName, value.name); + assertEquals("some namespace description", value.description); + assertEquals(people, value.admin); + assertEquals(people, value.owner); + } + + private NsRequest createNsRequestForType(String nsName, String nsType) { + NsRequest req = mapper.newInstance(API.NS_REQ); + req.setType(nsType); + req.setName(nsName); + req.setDescription("some namespace description"); + req.getAdmin().add("tk007@people.osaaf.org"); + req.getResponsible().add("tk007@people.osaaf.org"); + return req; + } + + @Test + public void nss_shouldConvertNamespaceToNss_withoutAttributes() { + //given + Nss nss = mapper.newInstance(API.NSS); + Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value; + + //when + Result<Nss> result = mapper.nss(transaction, ns, nss); + + //then + assertTrue(result.isOK()); + assertEquals("Only one Ns should be added",1, result.value.getNs().size()); + Ns addedNs = Iterables.getOnlyElement(result.value.getNs()); + assertEquals(ns.admin, addedNs.getAdmin()); + assertEquals(ns.name, addedNs.getName()); + assertEquals(ns.owner, addedNs.getResponsible()); + assertEquals(ns.description, addedNs.getDescription()); + assertTrue(addedNs.getAttrib().isEmpty()); + } + + @Test + public void nss_shouldConvertNamespaceToNss_withAttributes() { + //given + Nss nss = mapper.newInstance(API.NSS); + Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value; + ns.attrib = Lists.newArrayList(); + int attribNum = 5; + Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5"); + attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val))); + + //when + Result<Nss> result = mapper.nss(transaction, ns, nss); + + //then + assertTrue(result.isOK()); + assertEquals("Only one Ns should be added",1, result.value.getNs().size()); + Ns addedNs = Iterables.getOnlyElement(result.value.getNs()); + assertEquals(attribNum, addedNs.getAttrib().size()); + addedNs.getAttrib().forEach( attr -> { + assertEquals(attr.getValue(), attribs.get(attr.getKey())); + }); + } + + @Test + public void nss_shouldAddSeveralNamespacesToNss() { + //given + Nss nss = mapper.newInstance(API.NSS); + Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value; + Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value; + + //when + Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss); + + //then + assertTrue(result.isOK()); + assertEquals("Two namespaces should be added",2, result.value.getNs().size()); + } + + @Test + public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) + .willReturn(Result.err(9, "error")); + Perms permsContainer = mapper.newInstance(API.PERMS); + List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data()); + boolean filter = true; + + //when + Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter); + + //then + assertTrue(result.isOK()); + assertEquals("No perms added",0,result.value.getPerm().size()); + } + + @Test + public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(transaction.requested(REQD_TYPE.ns)).willReturn(true); + Perms permsContainer = mapper.newInstance(API.PERMS); + Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer" + ,"org.onap.portal.tester"); + String namespace = "org.onap.portal"; + String type = "access"; + String fullType = namespace + "." +type; + String action = "read"; + String description = "Portal Read Access"; + List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description)); + boolean filter = true; + + //when + Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter); + + //then + assertTrue(result.isOK()); + assertEquals("Perm is added",1,result.value.getPerm().size()); + Perm perm = Iterables.getOnlyElement(result.value.getPerm()); + assertEquals(namespace, perm.getNs()); + assertEquals(fullType, perm.getType()); + assertEquals(action, perm.getAction()); + assertEquals("*", perm.getInstance()); + assertEquals(description, perm.getDescription()); + assertEquals(Lists.newArrayList(roles), perm.getRoles()); + } + + @Test + public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(transaction.requested(REQD_TYPE.ns)).willReturn(false); + Perms permsContainer = mapper.newInstance(API.PERMS); + String namespace = "org.onap.portal"; + String type = "access"; + String fullType = namespace + "." + type; + String action = "read"; + List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null)); + boolean filter = true; + + //when + Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter); + + //then + assertTrue(result.isOK()); + assertEquals("Perm is added",1,result.value.getPerm().size()); + Perm perm = Iterables.getOnlyElement(result.value.getPerm()); + assertNull(perm.getNs()); + assertEquals(fullType, perm.getType()); + assertEquals(action, perm.getAction()); + } + + @Test + public void perm_shouldAddPermsWithCorrectSortedOrder() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + Perms permsContainer = mapper.newInstance(API.PERMS); + PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null); + PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null); + PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null); + PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null); + PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null); + List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2); + List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5); + + //when + Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true); + + //then + assertTrue(result.isOK()); + assertEquals("Alls Perms added",5,result.value.getPerm().size()); + List<Perm> mappedPerms = result.value.getPerm(); + for(int i=0; i<5; i++) { + comparePerm(correctOrderPerms.get(i), mappedPerms.get(i)); + } + } + + private void comparePerm(Data data, Perm perm) { + assertEquals(data.ns + "." + data.type, perm.getType()); + assertEquals(data.instance, perm.getInstance()); + assertEquals(data.action, perm.getAction()); + } + + private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) { + NsSplit nss = new NsSplit(ns, name); + PermDAO.Data perm = new PermDAO.Data(nss, instance, action); + perm.roles = roles; + perm.description = description; + return perm; + } + @Test public void test() { assertTrue(true); @@ -156,7 +490,6 @@ public class JU_Mapper_2_0 { public void testUsers(){ assertTrue(true); } - - + } |