summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java8
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java339
3 files changed, 344 insertions, 5 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 53548423..8d148ec1 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -114,7 +114,7 @@ public class Question {
public static final String NS = Type.ns.name();
public static final String CRED = Type.cred.name();
private static final String DELG = "delg";
- public static final String ROOT_NS = Define.ROOT_NS();
+ public static final String ROOT_NS = Define.isInitialized() ? Define.ROOT_NS() : "undefined";
public static final String ATTRIB = "attrib";
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java
index 1e7a0530..ce0033cc 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.config.Config;
public class Define {
private static String ROOT_NS = null;
private static String ROOT_COMPANY = null;
+ private static boolean initialized = false;
private final static String MSG = ".set(Access access) must be called before use";
public static final CharSequence ROOT_NS_TAG = "AAF_NS"; // use for certain Replacements in Location
@@ -67,7 +68,8 @@ public class Define {
access.getProperties().setProperty(es.getKey().toString(),varReplace(es.getValue().toString()));
}
}
-
+
+ initialized = true;
access.printf(Level.INIT,"AAF Root NS is %s, and AAF Company Root is %s",ROOT_NS,ROOT_COMPANY);
}
@@ -78,5 +80,9 @@ public class Define {
return potential;
}
}
+
+ public static boolean isInitialized() {
+ return initialized;
+ }
}
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
index b3630c7a..deea14c2 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
@@ -21,12 +21,346 @@
******************************************************************************/
package org.onap.aaf.authz.service.mapper;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.verify;
+import aaf.v2_0.NsRequest;
+import aaf.v2_0.Nss;
+import aaf.v2_0.Nss.Ns;
+import aaf.v2_0.Perm;
+import aaf.v2_0.Perms;
+import aaf.v2_0.Request;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.junit.Assert;
+import org.junit.Before;
import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.onap.aaf.auth.dao.cass.Namespace;
+import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.NsSplit;
+import org.onap.aaf.auth.dao.cass.NsType;
+import org.onap.aaf.auth.dao.cass.PermDAO;
+import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.hl.Question;
+import org.onap.aaf.auth.dao.hl.Question.Access;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.rserv.Pair;
+import org.onap.aaf.auth.service.mapper.Mapper.API;
+import org.onap.aaf.auth.service.mapper.Mapper_2_0;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.TimeTaken;
+@RunWith(MockitoJUnitRunner.class)
public class JU_Mapper_2_0 {
+ private static final String USER = "John";
+
+ private Mapper_2_0 mapper;
+ @Mock
+ private Question question;
+ @Mock
+ private AuthzTrans transaction;
+ @Mock
+ private TimeTaken tt;
+
+
+ @Before
+ public void setUp() throws APIException, IOException, CadiException {
+ given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt);
+ given(transaction.user()).willReturn(USER);
+ this.mapper = new Mapper_2_0(question);
+ }
+
+ @Test(expected = ClassCastException.class)
+ public void ns_willThrowException_whenInvalidRequestType() {
+ //given
+ Request rq = new Request();
+
+ //when
+ mapper.ns(transaction, rq);
+
+ //then
+ fail("Expected ClassCastException");
+ }
+
+ @Test
+ public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() {
+ //given
+ String namespaceName = "org.companyA.app1";
+ String namespaceType = "APP";
+ NsType expectedNsType = NsType.APP;
+ NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, namespaceName);
+ verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
+ }
+
+ @Test
+ public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() {
+ //given
+ String namespaceName = "org.companyA.app1.service0";
+ String invalidNsType = "BLUE";
+ NsType expectedNsType = NsType.APP;
+ NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, namespaceName);
+ verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
+ }
+
+ @Test
+ public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() {
+ //given
+ String rootNsName = "org";
+ NsType expectedNsType = NsType.ROOT;
+ NsRequest nsRequest = createNsRequestForType(rootNsName, null);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, rootNsName);
+ verify(transaction).checkpoint(rootNsName,Env.ALWAYS);
+ }
+
+ @Test
+ public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() {
+ //given
+ String companyNsName = "org.companyA";
+ NsType expectedNsType = NsType.COMPANY;
+ NsRequest nsRequest = createNsRequestForType(companyNsName, null);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, companyNsName);
+ verify(transaction).checkpoint(companyNsName,Env.ALWAYS);
+ }
+
+ private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) {
+ List<String> people = Lists.newArrayList("tk007@people.osaaf.org");
+ assertEquals(Integer.valueOf(nsType.type), value.type);
+ assertEquals(namespaceName, value.name);
+ assertEquals("some namespace description", value.description);
+ assertEquals(people, value.admin);
+ assertEquals(people, value.owner);
+ }
+
+ private NsRequest createNsRequestForType(String nsName, String nsType) {
+ NsRequest req = mapper.newInstance(API.NS_REQ);
+ req.setType(nsType);
+ req.setName(nsName);
+ req.setDescription("some namespace description");
+ req.getAdmin().add("tk007@people.osaaf.org");
+ req.getResponsible().add("tk007@people.osaaf.org");
+ return req;
+ }
+
+ @Test
+ public void nss_shouldConvertNamespaceToNss_withoutAttributes() {
+ //given
+ Nss nss = mapper.newInstance(API.NSS);
+ Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
+
+ //when
+ Result<Nss> result = mapper.nss(transaction, ns, nss);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Only one Ns should be added",1, result.value.getNs().size());
+ Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
+ assertEquals(ns.admin, addedNs.getAdmin());
+ assertEquals(ns.name, addedNs.getName());
+ assertEquals(ns.owner, addedNs.getResponsible());
+ assertEquals(ns.description, addedNs.getDescription());
+ assertTrue(addedNs.getAttrib().isEmpty());
+ }
+
+ @Test
+ public void nss_shouldConvertNamespaceToNss_withAttributes() {
+ //given
+ Nss nss = mapper.newInstance(API.NSS);
+ Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
+ ns.attrib = Lists.newArrayList();
+ int attribNum = 5;
+ Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5");
+ attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val)));
+
+ //when
+ Result<Nss> result = mapper.nss(transaction, ns, nss);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Only one Ns should be added",1, result.value.getNs().size());
+ Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
+ assertEquals(attribNum, addedNs.getAttrib().size());
+ addedNs.getAttrib().forEach( attr -> {
+ assertEquals(attr.getValue(), attribs.get(attr.getKey()));
+ });
+ }
+
+ @Test
+ public void nss_shouldAddSeveralNamespacesToNss() {
+ //given
+ Nss nss = mapper.newInstance(API.NSS);
+ Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value;
+ Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value;
+
+ //when
+ Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Two namespaces should be added",2, result.value.getNs().size());
+ }
+
+ @Test
+ public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.err(9, "error"));
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data());
+ boolean filter = true;
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("No perms added",0,result.value.getPerm().size());
+ }
+
+ @Test
+ public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(transaction.requested(REQD_TYPE.ns)).willReturn(true);
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer"
+ ,"org.onap.portal.tester");
+ String namespace = "org.onap.portal";
+ String type = "access";
+ String fullType = namespace + "." +type;
+ String action = "read";
+ String description = "Portal Read Access";
+ List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description));
+ boolean filter = true;
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Perm is added",1,result.value.getPerm().size());
+ Perm perm = Iterables.getOnlyElement(result.value.getPerm());
+ assertEquals(namespace, perm.getNs());
+ assertEquals(fullType, perm.getType());
+ assertEquals(action, perm.getAction());
+ assertEquals("*", perm.getInstance());
+ assertEquals(description, perm.getDescription());
+ assertEquals(Lists.newArrayList(roles), perm.getRoles());
+ }
+
+ @Test
+ public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(transaction.requested(REQD_TYPE.ns)).willReturn(false);
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ String namespace = "org.onap.portal";
+ String type = "access";
+ String fullType = namespace + "." + type;
+ String action = "read";
+ List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null));
+ boolean filter = true;
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Perm is added",1,result.value.getPerm().size());
+ Perm perm = Iterables.getOnlyElement(result.value.getPerm());
+ assertNull(perm.getNs());
+ assertEquals(fullType, perm.getType());
+ assertEquals(action, perm.getAction());
+ }
+
+ @Test
+ public void perm_shouldAddPermsWithCorrectSortedOrder() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null);
+ PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null);
+ PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null);
+ PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null);
+ PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null);
+ List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2);
+ List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5);
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Alls Perms added",5,result.value.getPerm().size());
+ List<Perm> mappedPerms = result.value.getPerm();
+ for(int i=0; i<5; i++) {
+ comparePerm(correctOrderPerms.get(i), mappedPerms.get(i));
+ }
+ }
+
+ private void comparePerm(Data data, Perm perm) {
+ assertEquals(data.ns + "." + data.type, perm.getType());
+ assertEquals(data.instance, perm.getInstance());
+ assertEquals(data.action, perm.getAction());
+ }
+
+ private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) {
+ NsSplit nss = new NsSplit(ns, name);
+ PermDAO.Data perm = new PermDAO.Data(nss, instance, action);
+ perm.roles = roles;
+ perm.description = description;
+ return perm;
+ }
+
@Test
public void test() {
assertTrue(true);
@@ -156,7 +490,6 @@ public class JU_Mapper_2_0 {
public void testUsers(){
assertTrue(true);
}
-
-
+
}