summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java15
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java358
2 files changed, 261 insertions, 112 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
index 06278f92..f414a9fd 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
@@ -416,8 +416,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
final boolean needNS = trans.requested(REQD_TYPE.ns);
for(RoleDAO.Data frole : from) {
- // Only Add Data to view if User is allowed to see this Role
- //if(!filter || q.mayUserViewRole(trans, trans.user(), frole).isOK()) {
+ // Only Add Data to view if User is allowed to see this Role
if(!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
Role role = new Role();
role.setName(frole.ns + '.' + frole.name);
@@ -427,7 +426,8 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
for(String p : frole.perms(false)) { // can see any Perms in the Role he has permission for
Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);
- if(rpa.notOK()) return Result.err(rpa);
+ if(rpa.notOK())
+ return Result.err(rpa);
String[] pa = rpa.value;
Pkey pKey = new Pkey();
@@ -481,12 +481,6 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.ok(to);
}
- /**
- *
- * @param base
- * @param start
- * @return
- */
@Override
public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, Request base) {
try {
@@ -495,8 +489,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
// Setup UserRoleData, either for immediate placement, or for futureIt i
UserRoleDAO.Data to = new UserRoleDAO.Data();
if (from.getUser() != null) {
- String user = from.getUser();
- to.user = user;
+ to.user = from.getUser();
}
if (from.getRole() != null) {
to.role(trans,q,from.getRole());
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
index deea14c2..a7df421b 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
@@ -22,6 +22,8 @@
package org.onap.aaf.authz.service.mapper;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -29,22 +31,42 @@ import static org.mockito.BDDMockito.given;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.onap.aaf.auth.layer.Result.ERR_BadData;
+import static org.onap.aaf.auth.layer.Result.ERR_General;
import aaf.v2_0.NsRequest;
import aaf.v2_0.Nss;
import aaf.v2_0.Nss.Ns;
import aaf.v2_0.Perm;
+import aaf.v2_0.PermKey;
+import aaf.v2_0.PermRequest;
import aaf.v2_0.Perms;
+import aaf.v2_0.Pkey;
import aaf.v2_0.Request;
+import aaf.v2_0.Role;
+import aaf.v2_0.RoleRequest;
+import aaf.v2_0.Roles;
+import aaf.v2_0.UserRole;
+import aaf.v2_0.UserRoleRequest;
+import aaf.v2_0.UserRoles;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Date;
+import java.util.GregorianCalendar;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.stream.Collectors;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -57,11 +79,15 @@ import org.onap.aaf.auth.dao.cass.NsSplit;
import org.onap.aaf.auth.dao.cass.NsType;
import org.onap.aaf.auth.dao.cass.PermDAO;
import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
import org.onap.aaf.auth.dao.hl.Question;
import org.onap.aaf.auth.dao.hl.Question.Access;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Expiration;
import org.onap.aaf.auth.rserv.Pair;
import org.onap.aaf.auth.service.mapper.Mapper.API;
import org.onap.aaf.auth.service.mapper.Mapper_2_0;
@@ -69,6 +95,7 @@ import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.org.DefaultOrg;
@RunWith(MockitoJUnitRunner.class)
public class JU_Mapper_2_0 {
@@ -361,135 +388,264 @@ public class JU_Mapper_2_0 {
return perm;
}
- @Test
- public void test() {
- assertTrue(true);
- }
-
- @Test
- public void testApprovals(){
- assertTrue(true);
- }
-
- @Test
- public void testCert(){
- assertTrue(true);
-
- }
-
- @Test
- public void testCred(){
- assertTrue(true);
-
- }
-
- @Test
- public void testDelegate(){
- assertTrue(true);
- }
-
- @Test
- public void testErrorFromMessage(){
- assertTrue(true);
-
- }
-
- @Test
- public void testFuture(){
- assertTrue(true);
- }
-
- @Test
- public void testGetClass(){
- assertTrue(true);
- }
+ @Test
+ public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception {
+ //given
+ String roleName = "admin";
+ RoleRequest request = createRoleRequest(roleName, "role description");
+ given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException()));
- @Test
- public void testGetExpires(){
- assertTrue(true);
+ //when
+ Result<RoleDAO.Data> result = mapper.role(transaction, request);
+
+ //then
+ assertFalse(result.isOK());
+ assertNull(result.value);
+ assertEquals(ERR_General, result.status);
}
-
+
@Test
- public void testGetMarshal(){
- assertTrue(true);
-
+ public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception {
+ //given
+ String roleName = "admin";
+ String roleNs = "org.onap.roles";
+ String roleFullName = roleNs + "." + roleName;
+ String description =" role description";
+ RoleRequest request = createRoleRequest(roleFullName, description);
+ given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName)));
+
+ //when
+ Result<RoleDAO.Data> result = mapper.role(transaction, request);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(roleName, result.value.name);
+ assertEquals(roleNs, result.value.ns);
+ assertEquals(description, result.value.description);
+ verify(transaction).checkpoint(roleFullName, Env.ALWAYS);
}
-
- @Test
- public void testHistory(){
- assertTrue(true);
+
+ private RoleRequest createRoleRequest(String name, String description) {
+ RoleRequest req = mapper.newInstance(API.ROLE_REQ);
+ req.setName(name);
+ req.setDescription(description);
+ return req;
}
-
+
@Test
- public void testKeys(){
- assertTrue(true);
-
+ public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() {
+ //given
+ Roles initialRoles = new Roles();
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(initialRoles.getRole(), result.value.getRole());
}
-
+
@Test
- public void testNewInstance(){
- assertTrue(true);
+ public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() {
+ //given
+ Roles initialRoles = new Roles();
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.err(9, "error"));
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(initialRoles.getRole(), result.value.getRole());
}
-
+
@Test
- public void testNs(){
- assertTrue(true);
+ public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() {
+ test_roles_shouldAddRoles(false);
}
-
+
@Test
- public void testNss(){
- assertTrue(true);
+ public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() {
+ test_roles_shouldAddRoles(true);
}
-
- @Test
- public void testPerm(){
- assertTrue(true);
+
+ private void test_roles_shouldAddRoles(boolean namespaceRequested) {
+ //given
+ String namespace = "org.onap.app1";
+ String description = "role description";
+ Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer");
+ List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description))
+ .collect(Collectors.toList());
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested);
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(2, result.value.getRole().size());
+ result.value.getRole().stream().forEach( role -> {
+ assertTrue(role.getPerms().isEmpty());
+ if(namespaceRequested) {
+ assertEquals(namespace, role.getNs());
+ } else {
+ assertNull(role.getNs());
+ }
+ assertTrue(roleNames.contains(role.getName()));
+ assertEquals(description, role.getDescription());
+ });
}
-
+
@Test
- public void testPermFromRPRequest(){
- assertTrue(true);
+ public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
+ role.perms = Sets.newHashSet("invalidPermFormat");
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
+
+ //then
+ assertFalse(result.isOK());
+ assertEquals(ERR_BadData, result.status);
}
-
+
@Test
- public void testPermKey(){
- assertTrue(true);
+ public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class)));
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
+ role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve");
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
+
+ //then
+ assertTrue(result.isOK());
+ Role mappedRole = Iterables.getOnlyElement(result.value.getRole());
+ Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms());
+ assertEquals("org.onap.app.access", pKey.getType());
+ assertEquals("*", pKey.getInstance());
+ assertEquals("read,approve", pKey.getAction());
}
-
- @Test
- public void testPerms(){
- assertTrue(true);
+
+ private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) {
+ NsDAO.Data ns = new NsDAO.Data();
+ ns.name = namespace;
+ RoleDAO.Data role = RoleDAO.Data.create(ns, rolename);
+ role.description = desc;
+ return role;
}
-
+
@Test
- public void testRole(){
- assertTrue(true);
+ public void userRoles_shouldMapUserRolesFromDAO() {
+ //given
+ String user = "john@people.osaaf.org";
+ String role = "admin";
+ String namespace = "org.osaaf.aaf";
+ int year = 2020;
+ int month = 10;
+ int day = 31;
+ Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based
+ UserRoles targetRoles = new UserRoles();
+
+ //when
+ Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList(
+ createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles);
+
+ //then
+ assertTrue(result.isOK());
+ UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole());
+ assertEquals(user, targetRole.getUser());
+ assertEquals(role, targetRole.getRole());
+ assertEquals(year, targetRole.getExpires().getYear());
+ assertEquals(month, targetRole.getExpires().getMonth());
+ assertEquals(day, targetRole.getExpires().getDay());
}
-
+
@Test
- public void testRoleFromRPRequest(){
- assertTrue(true);
+ public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() {
+ //given
+ PermRequest wrongRequestType = new PermRequest();
+
+ //when
+ Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType);
+
+ //then
+ assertFalse(result.isOK());
+ assertEquals(ERR_BadData, result.status);
+ verifyZeroInteractions(transaction);
}
-
+
@Test
- public void testRoles(){
- assertTrue(true);
+ public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() {
+ //given
+ UserRoleRequest request = new UserRoleRequest();
+ given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException()));
+ Organization org = mock(Organization.class);
+ given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
+ given(transaction.org()).willReturn(org);
+
+ //when
+ Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request);
+
+ //then
+ assertTrue(result.isOK());
+ assertNull(result.value.ns);
+ assertNull(result.value.rname);
+ assertNull(result.value.role);
+ assertNull(result.value.user);
+ assertNotNull(result.value.expires);
}
-
+
@Test
- public void testUserRole(){
- assertTrue(true);
+ public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() {
+ //given
+ String user = "johny@people.osaaf.org";
+ String role = "org.onap.app1.deployer";
+ String rName = "deployer";
+ String namespace = "org.onap.app1";
+
+ given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName)));
+ Organization org = mock(Organization.class);
+ given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
+ given(transaction.org()).willReturn(org);
+
+ //when
+ Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user));
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(user, result.value.user);
+ assertEquals(role, result.value.role);
+ assertEquals(rName, result.value.rname);
+ assertEquals(namespace, result.value.ns);
+ assertNotNull(result.value.expires);
}
-
- @Test
- public void testUserRoles(){
- assertTrue(true);
+
+ private UserRoleRequest createUserRoleRequest(String role, String user) {
+ UserRoleRequest request = new UserRoleRequest();
+ request.setRole(role);
+ request.setUser(user);
+ return request;
}
-
- @Test
- public void testUsers(){
- assertTrue(true);
+
+ private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) {
+ UserRoleDAO.Data userRole = new UserRoleDAO.Data();
+ userRole.user = userName;
+ userRole.expires = expires;
+ userRole.ns = namespace;
+ userRole.role = roleName;
+ return userRole;
}
-
}