summaryrefslogtreecommitdiffstats
path: root/authz-cass/src/test/java/com/att/authz/cass/hl/JU_Question.java
diff options
context:
space:
mode:
Diffstat (limited to 'authz-cass/src/test/java/com/att/authz/cass/hl/JU_Question.java')
-rw-r--r--authz-cass/src/test/java/com/att/authz/cass/hl/JU_Question.java501
1 files changed, 501 insertions, 0 deletions
diff --git a/authz-cass/src/test/java/com/att/authz/cass/hl/JU_Question.java b/authz-cass/src/test/java/com/att/authz/cass/hl/JU_Question.java
new file mode 100644
index 00000000..941c86e2
--- /dev/null
+++ b/authz-cass/src/test/java/com/att/authz/cass/hl/JU_Question.java
@@ -0,0 +1,501 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aai
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * Copyright © 2017 Amdocs
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package com.att.authz.cass.hl;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertTrue;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.NsDAO;
+import com.att.dao.aaf.cass.NsDAO.Data;
+import com.att.dao.aaf.cass.PermDAO;
+import com.att.dao.aaf.cass.RoleDAO;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.dao.aaf.hl.Question;
+import com.att.dao.aaf.hl.Question.Access;
+import com.att.dao.aaf.test.AbsJUCass;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class JU_Question extends AbsJUCass {
+
+ private static final int EXPIRES_IN = 60000000;
+ private static final String COM_TEST_JU = "com.test.ju_question";
+ private static final String JU9999_JU_TEST_COM = "ju9999@ju.test.com";
+ private static final String JU9998_JU_TEST_COM = "ju9998@ju.test.com";
+ private static final String READ = "read";
+ private static final int NFR_1 = 80;
+ private static final int NFR_2 = 4000;
+ private static final int ROLE_LEVEL1 = 1000;
+ private static final int PERM_LEVEL1 = 1000;
+// private static final int PERM_LEVEL2 = 20;
+ private static Question q;
+ private static NsDAO.Data ndd;
+
+ @BeforeClass
+ public static void startupBeforeClass() throws Exception {
+ details=false;
+ AuthzTrans trans = env.newTransNoAvg();
+ q = new Question(trans,cluster,AUTHZ, false);
+ ndd = new NsDAO.Data();
+ ndd.name=COM_TEST_JU;
+ ndd.type=3; // app
+ ndd.parent="com.test";
+ ndd.description="Temporary Namespace for JU_Question";
+ q.nsDAO.create(trans, ndd);
+ }
+
+ @AfterClass
+ public static void endAfterClass() throws Exception {
+ q.nsDAO.delete(trans, ndd,false);
+ }
+// @Test
+ public void mayUserRead_EmptyPerm() {
+ PermDAO.Data pdd = new PermDAO.Data();
+ Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,pdd,Access.read);
+ assertFalse(result.isOK());
+ }
+
+// @Test
+ public void mayUserRead_OnePermNotExist() {
+ Result<NsDAO.Data> result = q.mayUser(trans,JU9999_JU_TEST_COM,newPerm(0,0,READ),Access.read);
+ assertFalse(result.isOK());
+ assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm [" + COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
+ }
+
+// @Test
+ public void mayUserRead_OnePermExistDenied() {
+ PermDAO.Data perm = newPerm(0,0,READ);
+ q.permDAO.create(trans,perm);
+ try {
+ Result<NsDAO.Data> result;
+ TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
+ try {
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
+ } finally {
+ tt.done();
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
+ }
+ assertFalse(result.isOK());
+ assertEquals("Denied - ["+ JU9999_JU_TEST_COM +"] may not read Perm ["+COM_TEST_JU + ".myPerm0|myInstance0|read]",result.errorString());
+ } finally {
+ q.permDAO.delete(trans, perm, false);
+ }
+ }
+
+// @Test
+ public void mayUserRead_OnePermOneRoleExistOK() {
+ PermDAO.Data perm = newPerm(0,0,READ);
+ RoleDAO.Data role = newRole(0,perm);
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
+ try {
+ q.permDAO.create(trans,perm);
+ q.roleDAO.create(trans,role);
+ q.userRoleDAO.create(trans,ur);
+
+ Result<NsDAO.Data> result;
+ TimeTaken tt = trans.start("q.mayUser...", Env.SUB);
+ try {
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
+ } finally {
+ tt.done();
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
+ }
+ assertTrue(result.isOK());
+ } finally {
+ q.permDAO.delete(trans, perm, false);
+ q.roleDAO.delete(trans, role, false);
+ q.userRoleDAO.delete(trans, ur, false);
+ }
+ }
+
+// @Test
+ public void filter_OnePermOneRoleExistOK() {
+ PermDAO.Data perm = newPerm(0,0,READ);
+ RoleDAO.Data role = newRole(0,perm);
+ UserRoleDAO.Data ur1 = newUserRole(role,JU9998_JU_TEST_COM,EXPIRES_IN);
+ UserRoleDAO.Data ur2 = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
+ try {
+ q.permDAO.create(trans,perm);
+ q.roleDAO.create(trans,role);
+ q.userRoleDAO.create(trans,ur1);
+ q.userRoleDAO.create(trans,ur2);
+
+ Result<List<PermDAO.Data>> pres;
+ TimeTaken tt = trans.start("q.getPerms...", Env.SUB);
+ try {
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9999_JU_TEST_COM);
+ } finally {
+ tt.done();
+ trans.info().log("filter_OnePermOneRleExistOK",tt);
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
+ }
+ assertTrue(pres.isOK());
+
+ try {
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
+ } finally {
+ tt.done();
+ trans.info().log("filter_OnePermOneRleExistOK No Value",tt);
+ assertTrue("NFR time < "+ NFR_1 + "ms",tt.millis()<NFR_1);
+ }
+ assertFalse(pres.isOKhasData());
+
+ } finally {
+ q.permDAO.delete(trans, perm, false);
+ q.roleDAO.delete(trans, role, false);
+ q.userRoleDAO.delete(trans, ur1, false);
+ q.userRoleDAO.delete(trans, ur2, false);
+ }
+ }
+
+// @Test
+ public void mayUserRead_OnePermMultiRoleExistOK() {
+ PermDAO.Data perm = newPerm(0,0,READ);
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
+ try {
+ q.permDAO.create(trans,perm);
+ for(int i=0;i<ROLE_LEVEL1;++i) {
+ RoleDAO.Data role = newRole(i,perm);
+ lrole.add(role);
+ q.roleDAO.create(trans,role);
+
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,60000000);
+ lur.add(ur);
+ q.userRoleDAO.create(trans,ur);
+ }
+
+ Result<NsDAO.Data> result;
+ TimeTaken tt = trans.start("mayUserRead_OnePermMultiRoleExistOK", Env.SUB);
+ try {
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,perm,Access.read);
+ } finally {
+ tt.done();
+ env.info().log(tt,ROLE_LEVEL1,"iterations");
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
+ }
+ assertTrue(result.isOK());
+ } finally {
+ q.permDAO.delete(trans, perm, false);
+ for(RoleDAO.Data role : lrole) {
+ q.roleDAO.delete(trans, role, false);
+ }
+ for(UserRoleDAO.Data ur : lur) {
+ q.userRoleDAO.delete(trans, ur, false);
+ }
+ }
+ }
+
+ @Test
+ public void mayUserRead_MultiPermOneRoleExistOK() {
+ RoleDAO.Data role = newRole(0);
+ UserRoleDAO.Data ur = newUserRole(role,JU9999_JU_TEST_COM,EXPIRES_IN);
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
+ try {
+ for(int i=0;i<PERM_LEVEL1;++i) {
+ lperm.add(newPerm(i,i,READ,role));
+ }
+ q.roleDAO.create(trans, role);
+ q.userRoleDAO.create(trans, ur);
+
+ Result<NsDAO.Data> result;
+ TimeTaken tt = trans.start("mayUserRead_MultiPermOneRoleExistOK", Env.SUB);
+ try {
+ result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(PERM_LEVEL1-1),Access.read);
+ } finally {
+ tt.done();
+ env.info().log(tt,PERM_LEVEL1,"iterations");
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
+ }
+ assertTrue(result.isOK());
+ } finally {
+ for(PermDAO.Data perm : lperm) {
+ q.permDAO.delete(trans, perm, false);
+ }
+ q.roleDAO.delete(trans, role, false);
+ q.userRoleDAO.delete(trans, ur, false);
+ }
+ }
+
+//// @Test
+// public void mayUserRead_MultiPermMultiRoleExistOK() {
+// List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
+// List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
+// List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
+//
+// try {
+// RoleDAO.Data role;
+// UserRoleDAO.Data ur;
+// for(int i=0;i<ROLE_LEVEL1;++i) {
+// lrole.add(role=newRole(i));
+// q.roleDAO.create(trans, role);
+// lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
+// q.userRoleDAO.create(trans, ur);
+// for(int j=0;j<PERM_LEVEL2;++j) {
+// lperm.add(newPerm(i,j,READ,role));
+// }
+// }
+//
+// Result<NsDAO.Data> result;
+// TimeTaken tt = trans.start("mayUserRead_MultiPermMultiRoleExistOK", Env.SUB);
+// try {
+// result = q.mayUser(trans,JU9999_JU_TEST_COM,lperm.get(ROLE_LEVEL1*PERM_LEVEL2-1),Access.read);
+// } finally {
+// tt.done();
+// env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role");
+// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
+// }
+// assertTrue(result.isOK());
+// } finally {
+// for(PermDAO.Data perm : lperm) {
+// q.permDAO.delete(trans, perm, false);
+// }
+// for(RoleDAO.Data role : lrole) {
+// q.roleDAO.delete(trans, role, false);
+// }
+// for(UserRoleDAO.Data ur : lur) {
+// q.userRoleDAO.delete(trans, ur, false);
+// }
+// }
+// }
+
+ @Test
+ public void mayUserRead_MultiPermMultiRoleExist_10x10() {
+ env.info().log("Original Filter Method 10x10");
+ mayUserRead_MultiPermMultiRoleExist(10,10);
+ env.info().log("New Filter Method 10x10");
+ mayUserRead_MultiPermMultiRoleExist_NewOK(10,10);
+ }
+
+// @Test
+ public void mayUserRead_MultiPermMultiRoleExist_20x10() {
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_20x10");
+ mayUserRead_MultiPermMultiRoleExist_NewOK(20,10);
+ }
+
+// @Test
+ public void mayUserRead_MultiPermMultiRoleExist_100x10() {
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_100x10");
+ mayUserRead_MultiPermMultiRoleExist_NewOK(100,10);
+ }
+
+// @Test
+ public void mayUserRead_MultiPermMultiRoleExist_100x20() {
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_100x20");
+ mayUserRead_MultiPermMultiRoleExist_NewOK(100,20);
+ }
+
+// @Test
+ public void mayUserRead_MultiPermMultiRoleExist_1000x20() {
+ env.info().log("mayUserRead_MultiPermMultiRoleExist_1000x20");
+ mayUserRead_MultiPermMultiRoleExist_NewOK(1000,20);
+ }
+
+ private void mayUserRead_MultiPermMultiRoleExist(int roleLevel, int permLevel) {
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
+ load(roleLevel, permLevel, lperm,lrole,lur);
+
+
+ Result<List<PermDAO.Data>> pres;
+ trans.setUser(new Principal() {
+ @Override
+ public String getName() {
+ return JU9999_JU_TEST_COM;
+ }
+ });
+
+ try {
+ TimeTaken group = trans.start(" Original Security Method (1st time)", Env.SUB);
+ try {
+ TimeTaken tt = trans.start(" Get User Perms for "+JU9998_JU_TEST_COM, Env.SUB);
+ try {
+ pres = q.getPermsByUser(trans,JU9998_JU_TEST_COM,true);
+ } finally {
+ tt.done();
+ env.info().log(tt," Looked up (full) getPermsByUser for",JU9998_JU_TEST_COM);
+ }
+ assertTrue(pres.isOK());
+ tt = trans.start(" q.mayUser", Env.SUB);
+ List<PermDAO.Data> reduced = new ArrayList<PermDAO.Data>();
+
+ try {
+ for(PermDAO.Data p : pres.value) {
+ Result<Data> r = q.mayUser(trans,JU9999_JU_TEST_COM,p,Access.read);
+ if(r.isOK()) {
+ reduced.add(p);
+ }
+ }
+ } finally {
+ tt.done();
+ env.info().log(tt," reduced" + pres.value.size(),"perms","to",reduced.size());
+ // assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
+ }
+ // assertFalse(result.isOK());
+ } finally {
+ group.done();
+ env.info().log(group," Original Validation Method (1st pass)");
+ }
+
+
+ } finally {
+ unload(lperm, lrole, lur);
+ }
+ }
+
+ private void mayUserRead_MultiPermMultiRoleExist_NewOK(int roleLevel, int permLevel) {
+ List<PermDAO.Data> lperm = new ArrayList<PermDAO.Data>();
+ List<RoleDAO.Data> lrole = new ArrayList<RoleDAO.Data>();
+ List<UserRoleDAO.Data> lur = new ArrayList<UserRoleDAO.Data>();
+ load(roleLevel, permLevel, lperm,lrole,lur);
+
+ try {
+
+ Result<List<PermDAO.Data>> pres;
+ TimeTaken tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter", Env.SUB);
+ try {
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
+ } finally {
+ tt.done();
+ env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
+// assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
+ }
+// assertTrue(pres.isOKhasData());
+
+ tt = trans.start(" mayUserRead_MultiPermMultiRoleExist_New New Filter (2nd time)", Env.SUB);
+ try {
+ pres = q.getPermsByUserFromRolesFilter(trans, JU9999_JU_TEST_COM, JU9998_JU_TEST_COM);
+ } finally {
+ tt.done();
+ env.info().log(tt,lperm.size(),"perms",", ",lrole.size(),"role", lur.size(), "UserRoles");
+ assertTrue("NFR time < "+ NFR_2 + "ms",tt.millis()<NFR_2);
+ }
+// assertTrue(pres.isOKhasData());
+
+ } finally {
+ unload(lperm, lrole, lur);
+ }
+ }
+
+
+ private void load(int roleLevel, int permLevel, List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
+ RoleDAO.Data role;
+ UserRoleDAO.Data ur;
+ PermDAO.Data perm;
+
+ int onethirdR=roleLevel/3;
+ int twothirdR=onethirdR*2;
+ int onethirdP=permLevel/3;
+ int twothirdP=onethirdP*2;
+
+ for(int i=0;i<roleLevel;++i) {
+ lrole.add(role=newRole(i));
+ if(i<onethirdR) { // one has
+ lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
+ q.userRoleDAO.create(trans, ur);
+ for(int j=0;j<onethirdP;++j) {
+ lperm.add(perm=newPerm(i,j,READ,role));
+ q.permDAO.create(trans, perm);
+ }
+ } else if(i<twothirdR) { // both have
+ lur.add(ur=newUserRole(role, JU9998_JU_TEST_COM, EXPIRES_IN));
+ q.userRoleDAO.create(trans, ur);
+ lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
+ q.userRoleDAO.create(trans, ur);
+ for(int j=onethirdP;j<twothirdP;++j) {
+ lperm.add(perm=newPerm(i,j,READ,role));
+ q.permDAO.create(trans, perm);
+ }
+ } else { // other has
+ lur.add(ur=newUserRole(role, JU9999_JU_TEST_COM, EXPIRES_IN));
+ q.userRoleDAO.create(trans, ur);
+ for(int j=twothirdP;j<permLevel;++j) {
+ lperm.add(perm=newPerm(i,j,READ,role));
+ q.permDAO.create(trans, perm);
+ }
+ }
+ q.roleDAO.create(trans, role);
+ }
+
+ }
+
+ private void unload(List<PermDAO.Data> lperm , List<RoleDAO.Data> lrole, List<UserRoleDAO.Data> lur) {
+ for(PermDAO.Data perm : lperm) {
+ q.permDAO.delete(trans, perm, false);
+ }
+ for(RoleDAO.Data role : lrole) {
+ q.roleDAO.delete(trans, role, false);
+ }
+ for(UserRoleDAO.Data ur : lur) {
+ q.userRoleDAO.delete(trans, ur, false);
+ }
+
+ }
+ private PermDAO.Data newPerm(int permNum, int instNum, String action, RoleDAO.Data ... grant) {
+ PermDAO.Data pdd = new PermDAO.Data();
+ pdd.ns=COM_TEST_JU;
+ pdd.type="myPerm"+permNum;
+ pdd.instance="myInstance"+instNum;
+ pdd.action=action;
+ for(RoleDAO.Data r : grant) {
+ pdd.roles(true).add(r.fullName());
+ r.perms(true).add(pdd.encode());
+ }
+ return pdd;
+ }
+
+ private RoleDAO.Data newRole(int roleNum, PermDAO.Data ... grant) {
+ RoleDAO.Data rdd = new RoleDAO.Data();
+ rdd.ns = COM_TEST_JU+roleNum;
+ rdd.name = "myRole"+roleNum;
+ for(PermDAO.Data p : grant) {
+ rdd.perms(true).add(p.encode());
+ p.roles(true).add(rdd.fullName());
+ }
+ return rdd;
+ }
+
+ private UserRoleDAO.Data newUserRole(RoleDAO.Data role,String user, long offset) {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user=user;
+ urd.role(role);
+ urd.expires=new Date(System.currentTimeMillis()+offset);
+ return urd;
+ }
+
+
+}