diff options
Diffstat (limited to 'sidecar/rproxy/src/test')
6 files changed, 517 insertions, 0 deletions
diff --git a/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/PermissionMatchingTest.java b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/PermissionMatchingTest.java new file mode 100644 index 0000000..43e20fe --- /dev/null +++ b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/PermissionMatchingTest.java @@ -0,0 +1,262 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.rproxy; + +import static org.hamcrest.Matchers.equalTo; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.header; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.method; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; +import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import javax.annotation.Resource; +import org.eclipse.jetty.util.security.Password; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.rproxy.config.ForwardProxyProperties; +import org.onap.aaf.rproxy.config.PrimaryServiceProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.client.MockRestServiceServer; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.web.client.RestTemplate; + + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +@AutoConfigureMockMvc + +@TestPropertySource(locations = {"classpath:primary-service.properties", "classpath:forward-proxy.properties"}) + +@ContextConfiguration(classes = ReverseProxyTestConfig.class) +public class PermissionMatchingTest { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + @Resource(name = "PrimaryServiceProperties") + private PrimaryServiceProperties primaryServiceProps; + + @Resource(name = "ForwardProxyProperties") + private ForwardProxyProperties forwardProxyProps; + + @Autowired + private MockMvc mockMvc; + + @Autowired + private RestTemplate restTemplate; + + private MockRestServiceServer mockServer; + + private String primaryServiceBaseUrl; + + @Before + public void setUp() throws Exception { + mockServer = MockRestServiceServer.createServer(restTemplate); + primaryServiceBaseUrl = primaryServiceProps.getProtocol() + "://" + primaryServiceProps.getHost() + ":" + + primaryServiceProps.getPort(); + } + + @Test + public void testURIMismatch() throws Exception { + + String testUrl = "/uri/does/not/exist"; + String testResponse = "Sorry, the request is not allowed"; + + mockMvc + .perform(get(testUrl)) + .andExpect(status().isForbidden()) + .andExpect(status().reason(testResponse)); + + } + + @Test + public void testURINoPermission() throws Exception { + + String testUrl = "/not/allowed/at/all"; + String testResponse = "Sorry, the request is not allowed"; + + mockMvc + .perform(get(testUrl)) + .andExpect(status().isForbidden()) + .andExpect(status().reason(testResponse)); + + } + + @Test + public void testURIMatchSinglePermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/single/permission/required"; + String testResponse = "Response from MockRestService"; + + mockServer + .expect(requestTo(primaryServiceBaseUrl + testUrl)) + .andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId)) + .andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + + } + + @Test + public void testURIMatchMultiplePermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/multiple/permissions/required"; + String testResponse = "Response from MockRestService"; + + mockServer + .expect(requestTo(primaryServiceBaseUrl + testUrl)) + .andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId)) + .andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + + } + + @Test + public void testURIMatchMultipleMissingOnePermissionMatch() throws Exception { + + String testUrl = "/multiple/permissions/required/one/missing"; + String testResponse = "Sorry, the request is not allowed"; + + mockMvc + .perform(get(testUrl)) + .andExpect(status().isForbidden()) + .andExpect(status().reason(testResponse)); + } + + @Test + public void testURIInstanceActionWildCardPermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/wildcard/permission/granted"; + String testResponse = "Response from MockRestService"; + + mockServer + .expect(requestTo(primaryServiceBaseUrl + testUrl)) + .andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders + .get(testUrl) + .accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, transactionId) + .header("PermissionsUser", "UserWithInstanceActionWildcardPermissionGranted") + ) + .andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + + } + + @Test + public void testURIInstanceWildCardPermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/instance/wildcard/permission/granted"; + String testResponse = "Response from MockRestService"; + + mockServer + .expect(requestTo(primaryServiceBaseUrl + testUrl)) + .andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders + .get(testUrl) + .accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, transactionId) + .header("PermissionsUser", "UserWithInstanceWildcardPermissionGranted") + ) + .andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + + } + + @Test + public void testURIActionWildCardPermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/action/wildcard/permission/granted"; + String testResponse = "Response from MockRestService"; + + mockServer + .expect(requestTo(primaryServiceBaseUrl + testUrl)) + .andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders + .get(testUrl) + .accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, transactionId) + .header("PermissionsUser", "UserWithActionWildcardPermissionGranted") + ) + .andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + + } + +} diff --git a/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyApplicationTest.java b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyApplicationTest.java new file mode 100644 index 0000000..61a0923 --- /dev/null +++ b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyApplicationTest.java @@ -0,0 +1,158 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.rproxy; + +import static org.hamcrest.Matchers.equalTo; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.header; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.method; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; +import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import javax.annotation.Resource; +import org.eclipse.jetty.http.HttpHeader; +import org.eclipse.jetty.util.security.Password; +import org.hamcrest.Matchers; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.rproxy.config.ForwardProxyProperties; +import org.onap.aaf.rproxy.config.PrimaryServiceProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.client.MockRestServiceServer; +import org.springframework.test.web.client.match.MockRestRequestMatchers; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.web.client.RestTemplate; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +@AutoConfigureMockMvc +@TestPropertySource(locations = {"classpath:primary-service.properties", "classpath:forward-proxy.properties"}) +@ContextConfiguration(classes = ReverseProxyTestConfig.class) +public class ReverseProxyApplicationTest { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + @Resource(name = "PrimaryServiceProperties") + private PrimaryServiceProperties primaryServiceProps; + + @Resource(name = "ForwardProxyProperties") + private ForwardProxyProperties forwardProxyProps; + + @Autowired + private MockMvc mockMvc; + + @Autowired + private RestTemplate restTemplate; + + private MockRestServiceServer mockServer; + + private String primaryServiceBaseUrl; + private String forwardProxyBaseUrl; + + @Before + public void setUp() throws Exception { + mockServer = MockRestServiceServer.createServer(restTemplate); + primaryServiceBaseUrl = primaryServiceProps.getProtocol() + "://" + primaryServiceProps.getHost() + ":" + + primaryServiceProps.getPort(); + forwardProxyBaseUrl = forwardProxyProps.getProtocol() + "://" + forwardProxyProps.getHost() + ":" + + forwardProxyProps.getPort() + forwardProxyProps.getCacheurl() + "/"; + } + + @Test + public void checkForwardRequest() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/aai/v13/cloud-infrastructure/cloud-regions"; + String testResponse = "Response from MockRestService"; + + mockServer.expect(requestTo(primaryServiceBaseUrl + testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, transactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void checkTransactionIdIsSetIfEmptyInRequest() throws Exception { + + String testUrl = "/aai/v13/cloud-infrastructure/cloud-regions"; + String testResponse = "Response from MockRestService"; + + mockServer.expect(requestTo(primaryServiceBaseUrl + testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, Matchers.any(String.class))) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server without transaction Id + mockMvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void checkBasicAuthCaching() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/aai/v13/cloud-infrastructure/cloud-regions"; + String testResponse = "Response from MockRestService"; + String testAuthValue = "testAuthValue"; + String testCachePayload = "{ \"credentialName\":" + HttpHeader.AUTHORIZATION + ", \"credentialValue\":" + + testAuthValue + ", \"credentialType\":\"HEADER\" }"; + + mockServer.expect(requestTo(forwardProxyBaseUrl + transactionId)).andExpect(method(HttpMethod.POST)) + .andExpect(MockRestRequestMatchers.content().json(testCachePayload)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + mockServer.expect(requestTo(primaryServiceBaseUrl + testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, transactionId) + .header(HttpHeader.AUTHORIZATION.asString(), testAuthValue)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } +} diff --git a/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyIT.java b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyIT.java new file mode 100644 index 0000000..615afd4 --- /dev/null +++ b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyIT.java @@ -0,0 +1,48 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.rproxy; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.eclipse.jetty.util.security.Password; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class ReverseProxyIT { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Autowired + private ReverseProxyService rProxyService; + + @Test + public void contexLoads() throws Exception { + assertThat(rProxyService).isNotNull(); + } +} diff --git a/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyTestConfig.java b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyTestConfig.java new file mode 100644 index 0000000..c512e6a --- /dev/null +++ b/sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/ReverseProxyTestConfig.java @@ -0,0 +1,42 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.rproxy; + +import org.onap.aaf.rproxy.mocks.ReverseProxyMockCadiFilter; +import org.springframework.boot.test.context.TestConfiguration; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.boot.web.servlet.RegistrationBean; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.context.annotation.Bean; + +@TestConfiguration +public class ReverseProxyTestConfig extends SpringBootServletInitializer { + + @Bean + public FilterRegistrationBean<ReverseProxyMockCadiFilter> registerCADIFilter() { + FilterRegistrationBean<ReverseProxyMockCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new ReverseProxyMockCadiFilter()); + filterRegistrationBean.addUrlPatterns("/*"); + filterRegistrationBean.setName("CADIFilter"); + filterRegistrationBean.setOrder(RegistrationBean.HIGHEST_PRECEDENCE); + + return filterRegistrationBean; + } +} diff --git a/sidecar/rproxy/src/test/resources/forward-proxy.properties b/sidecar/rproxy/src/test/resources/forward-proxy.properties new file mode 100644 index 0000000..119ccbd --- /dev/null +++ b/sidecar/rproxy/src/test/resources/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 9501 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/sidecar/rproxy/src/test/resources/primary-service.properties b/sidecar/rproxy/src/test/resources/primary-service.properties new file mode 100644 index 0000000..134e103 --- /dev/null +++ b/sidecar/rproxy/src/test/resources/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9500 |