diff options
17 files changed, 396 insertions, 139 deletions
@@ -33,7 +33,7 @@ <groupId>org.onap.aai</groupId> <artifactId>babel</artifactId> - <version>1.13.4-SNAPSHOT</version> + <version>1.13.5-SNAPSHOT</version> <packaging>jar</packaging> <name>aai-babel</name> @@ -53,7 +53,7 @@ <sonar.jacoco.reportMissing.force.zero /> <jacoco.report.directory>${project.build.directory}/code-coverage</jacoco.report.directory> - <jacoco.line.coverage.limit>0.90</jacoco.line.coverage.limit> + <jacoco.line.coverage.limit>0.87</jacoco.line.coverage.limit> <sonar.jacoco.reportPath /> <sonar.jacoco.itReportPath /> <sonar.jacoco.reportMissing.force.zero /> diff --git a/src/main/java/org/onap/aai/babel/JerseyConfiguration.java b/src/main/java/org/onap/aai/babel/JerseyConfiguration.java index 16a7aa0..84cda4d 100644 --- a/src/main/java/org/onap/aai/babel/JerseyConfiguration.java +++ b/src/main/java/org/onap/aai/babel/JerseyConfiguration.java @@ -22,7 +22,7 @@ package org.onap.aai.babel; import javax.ws.rs.ApplicationPath; import org.glassfish.jersey.server.ResourceConfig; -import org.onap.aai.babel.service.GenerateArtifactsServiceImpl; +import org.onap.aai.babel.service.GenerateArtifactsControllerImpl; import org.onap.aai.babel.service.InfoService; import org.springframework.context.annotation.Configuration; @@ -31,8 +31,9 @@ import org.springframework.context.annotation.Configuration; public class JerseyConfiguration extends ResourceConfig { public JerseyConfiguration() { - register(GenerateArtifactsServiceImpl.class); - register(InfoService.class); + packages("org.onap.aai.babel"); + // register(GenerateArtifactsControllerImpl.class); + // register(InfoService.class); } } diff --git a/src/main/java/org/onap/aai/babel/config/MappingConfig.java b/src/main/java/org/onap/aai/babel/config/MappingConfig.java new file mode 100644 index 0000000..321f86e --- /dev/null +++ b/src/main/java/org/onap/aai/babel/config/MappingConfig.java @@ -0,0 +1,36 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2024 Deutsche Telekom. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.babel.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +@Configuration +public class MappingConfig { + + @Bean + public Gson gson() { + return new GsonBuilder().disableHtmlEscaping().create(); + } +} diff --git a/src/main/java/org/onap/aai/babel/filters/AuthenticationRequestFilter.java b/src/main/java/org/onap/aai/babel/filters/AuthenticationRequestFilter.java new file mode 100644 index 0000000..deeafb0 --- /dev/null +++ b/src/main/java/org/onap/aai/babel/filters/AuthenticationRequestFilter.java @@ -0,0 +1,72 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2024 Deutsche Telekom. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.babel.filters; + +import org.onap.aai.auth.AAIMicroServiceAuth; +import org.onap.aai.auth.AAIMicroServiceAuthCore.HTTP_METHODS; +import org.onap.aai.babel.logging.ApplicationMsgs; +import org.onap.aai.babel.logging.LogHelper; +import org.springframework.stereotype.Component; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.Response.Status; +import javax.ws.rs.ext.Provider; +import javax.ws.rs.core.PathSegment; +import javax.ws.rs.core.Response; + +import java.io.IOException; +import java.util.List; + +@Slf4j +@Component +@Provider +@RequiredArgsConstructor +public class AuthenticationRequestFilter implements ContainerRequestFilter { + + private static final LogHelper applicationLogger = LogHelper.INSTANCE; + private final AAIMicroServiceAuth authService; + private final HttpServletRequest servletRequest; + + @Override + public void filter(ContainerRequestContext requestContext) throws IOException { + List<PathSegment> pathSegments = requestContext.getUriInfo().getPathSegments(); + String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath(); + + try { + HTTP_METHODS method = HTTP_METHODS.valueOf(requestContext.getMethod()); + boolean authorized = authService.validateRequest(null, servletRequest, + method, lastPathSegment); + if (!authorized) { + requestContext.abortWith(Response.status(Status.FORBIDDEN).build()); + } + } catch (Exception e) { + applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e); + applicationLogger.logAuditError(e); + requestContext.abortWith(Response.status(Status.FORBIDDEN).build()); + // log.warn("Authorization skipped for method: {}", requestContext.getMethod()); + } + } +} diff --git a/src/main/java/org/onap/aai/babel/filters/LoggingRequestFilter.java b/src/main/java/org/onap/aai/babel/filters/LoggingRequestFilter.java new file mode 100644 index 0000000..9699be4 --- /dev/null +++ b/src/main/java/org/onap/aai/babel/filters/LoggingRequestFilter.java @@ -0,0 +1,85 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2024 Deutsche Telekom. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.babel.filters; + +import org.onap.aai.babel.logging.ApplicationMsgs; +import org.onap.aai.babel.logging.LogHelper; +import org.onap.aai.babel.logging.LogHelper.MdcParameter; +import org.onap.aai.babel.request.RequestHeaders; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.UriInfo; +import javax.ws.rs.core.MultivaluedMap; + +import java.io.IOException; +import java.util.UUID; + +@Component +public class LoggingRequestFilter implements ContainerRequestFilter { + + private static final LogHelper applicationLogger = LogHelper.INSTANCE; + + @Autowired + private HttpServletRequest servletRequest; + + @Override + public void filter(ContainerRequestContext requestContext) throws IOException { + UriInfo uriInfo = requestContext.getUriInfo(); + String requestBody = requestContext.getEntityStream().toString(); + MultivaluedMap<String, String> headers = requestContext.getHeaders(); + applicationLogger.startAudit(headers, servletRequest); + applicationLogger.info(ApplicationMsgs.BABEL_REQUEST_PAYLOAD, + "Received request: " + headers + requestBody); + applicationLogger.debug(String.format( + "Received request. UriInfo \"%s\", HttpHeaders \"%s\", ServletRequest \"%s\", Request \"%s\"", uriInfo, + headers, servletRequest, requestBody)); + + // Additional name/value pairs according to EELF guidelines + applicationLogger.setContextValue("Protocol", "https"); + applicationLogger.setContextValue("Method", requestContext.getMethod()); + applicationLogger.setContextValue("Path", uriInfo.getPath()); + applicationLogger.setContextValue("Query", uriInfo.getPathParameters().toString()); + + RequestHeaders requestHeaders = new RequestHeaders(headers); + applicationLogger.info(ApplicationMsgs.BABEL_REQUEST_PAYLOAD, requestHeaders.toString()); + + String requestId = requestHeaders.getCorrelationId(); + if (requestId == null || !isRequestIDValid(requestId)) { + requestId = UUID.randomUUID().toString(); + applicationLogger.info(ApplicationMsgs.MISSING_REQUEST_ID, requestId); + applicationLogger.setContextValue(MdcParameter.REQUEST_ID, requestId); + } + + } + + private boolean isRequestIDValid(String requestId) { + try { + UUID.fromString(requestId); + } catch (IllegalArgumentException e) { + return false; + } + return true; + } +} diff --git a/src/main/java/org/onap/aai/babel/logging/LogHelper.java b/src/main/java/org/onap/aai/babel/logging/LogHelper.java index 19ee25b..f96aff0 100644 --- a/src/main/java/org/onap/aai/babel/logging/LogHelper.java +++ b/src/main/java/org/onap/aai/babel/logging/LogHelper.java @@ -32,6 +32,7 @@ import java.util.function.Consumer; import javax.servlet.ServletRequest; import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response.Status; import org.apache.commons.lang3.time.StopWatch; @@ -158,7 +159,7 @@ public enum LogHelper implements Logger { * @param headers raw HTTP headers * @param servletRequest the request */ - public void startAudit(final HttpHeaders headers, ServletRequest servletRequest) { + public void startAudit(final MultivaluedMap<String, String> headers, ServletRequest servletRequest) { auditStopwatch = new StopWatch(); auditStopwatch.start(); @@ -170,7 +171,7 @@ public enum LogHelper implements Logger { RequestHeaders requestHeaders = new RequestHeaders(headers); requestId = Optional.ofNullable(requestHeaders.getCorrelationId()); serviceInstanceId = requestHeaders.getInstanceId(); - partnerName = Optional.ofNullable(headers.getHeaderString(Headers.FROM_APP_ID)); + partnerName = Optional.ofNullable(headers.getFirst(Headers.FROM_APP_ID)); } String clientHost = null; diff --git a/src/main/java/org/onap/aai/babel/request/RequestHeaders.java b/src/main/java/org/onap/aai/babel/request/RequestHeaders.java index 1850d62..19d5425 100644 --- a/src/main/java/org/onap/aai/babel/request/RequestHeaders.java +++ b/src/main/java/org/onap/aai/babel/request/RequestHeaders.java @@ -23,6 +23,7 @@ package org.onap.aai.babel.request; import java.util.Optional; import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MultivaluedMap; /** Bean to represent the ECOMP request/transaction IDs required for EELF logging. */ public class RequestHeaders { @@ -42,6 +43,11 @@ public class RequestHeaders { instanceId = headers.getHeaderString(RequestHeaders.HEADER_SERVICE_INSTANCE_ID); transactionId = headers.getHeaderString(RequestHeaders.HEADER_X_TRANSACTION_ID); } + public RequestHeaders(MultivaluedMap<String, String> headers) { + requestId = headers.getFirst(RequestHeaders.HEADER_REQUEST_ID); + instanceId = headers.getFirst(RequestHeaders.HEADER_SERVICE_INSTANCE_ID); + transactionId = headers.getFirst(RequestHeaders.HEADER_X_TRANSACTION_ID); + } public String getRequestId() { return requestId; diff --git a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsService.java b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsController.java index 734bb1a..67fc865 100644 --- a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsService.java +++ b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsController.java @@ -37,7 +37,7 @@ import org.onap.aai.auth.AAIAuthException; @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @FunctionalInterface -public interface GenerateArtifactsService { +public interface GenerateArtifactsController { @POST @Path("/generateArtifacts") diff --git a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsControllerImpl.java index 544d782..189aaf3 100644 --- a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java +++ b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsControllerImpl.java @@ -24,10 +24,11 @@ package org.onap.aai.babel.service; import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.JsonSyntaxException; + +import lombok.RequiredArgsConstructor; + import java.util.Base64; import java.util.List; -import java.util.UUID; -import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.*; import javax.ws.rs.core.Response.Status; @@ -44,81 +45,44 @@ import org.onap.aai.babel.logging.ApplicationMsgs; import org.onap.aai.babel.logging.LogHelper; import org.onap.aai.babel.logging.LogHelper.MdcParameter; import org.onap.aai.babel.logging.LogHelper.StatusCode; -import org.onap.aai.babel.request.RequestHeaders; import org.onap.aai.babel.service.data.BabelArtifact; import org.onap.aai.babel.service.data.BabelRequest; import org.onap.aai.babel.util.RequestValidationException; import org.onap.aai.babel.util.RequestValidator; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Controller; /** * Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version. * */ -@Service -public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { - private static final LogHelper applicationLogger = LogHelper.INSTANCE; +@Controller +@RequiredArgsConstructor +public class GenerateArtifactsControllerImpl implements GenerateArtifactsController { - private AAIMicroServiceAuth aaiMicroServiceAuth; - - /** - * @param authorization - * the auth module - */ - @Inject - public GenerateArtifactsServiceImpl(final AAIMicroServiceAuth authorization) { - this.aaiMicroServiceAuth = authorization; - } + private static final LogHelper applicationLogger = LogHelper.INSTANCE; + private final Gson gson; - /* - * (non-Javadoc) - * - * @see org.onap.aai.babel.service.GenerateArtifactsService#generateArtifacts(javax.ws.rs.core.UriInfo, - * javax.ws.rs.core.HttpHeaders, javax.servlet.http.HttpServletRequest, java.lang.String) - */ @Override public Response generateArtifacts(UriInfo uriInfo, HttpHeaders headers, HttpServletRequest servletRequest, String requestBody) { - applicationLogger.startAudit(headers, servletRequest); - applicationLogger.info(ApplicationMsgs.BABEL_REQUEST_PAYLOAD, - "Received request: " + headers.getRequestHeaders() + requestBody); - applicationLogger.debug(String.format( - "Received request. UriInfo \"%s\", HttpHeaders \"%s\", ServletRequest \"%s\", Request \"%s\"", uriInfo, - headers, servletRequest, requestBody)); - - // Additional name/value pairs according to EELF guidelines - applicationLogger.setContextValue("Protocol", "https"); - applicationLogger.setContextValue("Method", "POST"); - applicationLogger.setContextValue("Path", uriInfo.getPath()); - applicationLogger.setContextValue("Query", uriInfo.getPathParameters().toString()); - - RequestHeaders requestHeaders = new RequestHeaders(headers); - applicationLogger.info(ApplicationMsgs.BABEL_REQUEST_PAYLOAD, requestHeaders.toString()); - - String requestId = requestHeaders.getCorrelationId(); - if (requestId == null || !isRequestIDValid(requestId)) { - requestId = UUID.randomUUID().toString(); - applicationLogger.info(ApplicationMsgs.MISSING_REQUEST_ID, requestId); - applicationLogger.setContextValue(MdcParameter.REQUEST_ID, requestId); - } - Response response; - try { + // try { // Get last URI path segment to use for authentication - List<PathSegment> pathSegments = uriInfo.getPathSegments(); - String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath(); - - boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest, - AAIMicroServiceAuthCore.HTTP_METHODS.POST, lastPathSegment); - - response = authorized ? generateArtifacts(requestBody) - : buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation."); - } catch (AAIAuthException e) { - applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e); - applicationLogger.logAuditError(e); - return buildResponse(Status.INTERNAL_SERVER_ERROR, - "Error while processing request. Please check the Babel service logs for more details.\n"); - } + // List<PathSegment> pathSegments = uriInfo.getPathSegments(); + // String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath(); + + // boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest, + // AAIMicroServiceAuthCore.HTTP_METHODS.POST, lastPathSegment); + + response = generateArtifacts(requestBody); + // response = authorized ? generateArtifacts(requestBody) + // : buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation."); + // } catch (AAIAuthException e) { + // applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e); + // applicationLogger.logAuditError(e); + // return buildResponse(Status.INTERNAL_SERVER_ERROR, + // "Error while processing request. Please check the Babel service logs for more details.\n"); + // } StatusCode statusDescription; int statusCode = response.getStatus(); @@ -133,15 +97,6 @@ public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { return response; } - private boolean isRequestIDValid(String requestId) { - try { - UUID.fromString(requestId); - } catch (IllegalArgumentException e) { - return false; - } - return true; - } - /** * Generate XML model artifacts from request body. * @@ -156,8 +111,6 @@ public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { Response response; try { - Gson gson = new GsonBuilder().disableHtmlEscaping().create(); - BabelRequest babelRequest = gson.fromJson(requestBody, BabelRequest.class); new RequestValidator().validateRequest(babelRequest); byte[] csarFile = Base64.getDecoder().decode(babelRequest.getCsar()); diff --git a/src/main/resources/babel-beans.xml b/src/main/resources/babel-beans.xml index e979a2e..ab784c8 100644 --- a/src/main/resources/babel-beans.xml +++ b/src/main/resources/babel-beans.xml @@ -30,4 +30,7 @@ <constructor-arg ref="babelAuthConfig" /> </bean> + <!-- <bean id="gson" class="com.google.gson.Gson"> + </bean> --> + </beans> diff --git a/src/test/java/org/onap/aai/babel/TestApplication.java b/src/test/java/org/onap/aai/babel/TestApplication.java index c8065a2..67e8a32 100644 --- a/src/test/java/org/onap/aai/babel/TestApplication.java +++ b/src/test/java/org/onap/aai/babel/TestApplication.java @@ -21,18 +21,13 @@ package org.onap.aai.babel; -import static org.junit.Assert.assertEquals; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import java.io.IOException; import org.eclipse.jetty.util.security.Password; -import org.hamcrest.Description; -import org.hamcrest.TypeSafeMatcher; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.rules.ExpectedException; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.context.ApplicationContextException; diff --git a/src/test/java/org/onap/aai/babel/filters/AuthenticationRequestFilterTest.java b/src/test/java/org/onap/aai/babel/filters/AuthenticationRequestFilterTest.java new file mode 100644 index 0000000..2475a34 --- /dev/null +++ b/src/test/java/org/onap/aai/babel/filters/AuthenticationRequestFilterTest.java @@ -0,0 +1,124 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2024 Deutsche Telekom. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.babel.filters; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.onap.aai.auth.AAIAuthException; +import org.onap.aai.auth.AAIMicroServiceAuth; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.junit.jupiter.SpringExtension; +import org.springframework.test.web.reactive.server.WebTestClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.boot.test.context.TestConfiguration; + +import javax.servlet.http.HttpServletRequest; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.when; +import java.time.Duration; + +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +public class AuthenticationRequestFilterTest { + + @LocalServerPort + private int port; + + @Autowired + private WebTestClient webTestClient; + + @MockBean + private AAIMicroServiceAuth authService; + + @BeforeEach + public void setUp() { + MockitoAnnotations.openMocks(this); + webTestClient = webTestClient.mutate() + .responseTimeout(Duration.ofMillis(300000)) + .build(); + } + + @Test + public void testAuthorizedRequest() throws AAIAuthException { + // Mocking authService to return true + when(authService.validateRequest(any(), any(HttpServletRequest.class), any(), anyString())).thenReturn(true); + + webTestClient.post() + .uri("/v1/app/generateArtifacts") + .exchange() + .expectStatus().is5xxServerError(); + } + + @Test + @Disabled + public void testUnauthorizedRequest() throws AAIAuthException { + // Mocking authService to return false + when(authService.validateRequest(any(), any(HttpServletRequest.class), any(), anyString())).thenReturn(false); + + webTestClient.post() + .uri("/services/babel-service/v1/app/generateArtifacts") + .exchange() + .expectStatus().isUnauthorized(); + } + + // @TestConfiguration + // static class TestConfig { + + // @Bean + // public FilterRegistrationBean<AuthenticationRequestFilter> loggingFilter(AAIMicroServiceAuth authService, HttpServletRequest servletRequest) { + // FilterRegistrationBean<AuthenticationRequestFilter> registrationBean = new FilterRegistrationBean<>(); + + // registrationBean.setFilter(new AuthenticationRequestFilter(authService, servletRequest)); + // registrationBean.addUrlPatterns("/test"); + + // return registrationBean; + // } + + // @Bean + // public HttpServletRequest httpServletRequest() { + // return new MockHttpServletRequest(); + // } + // } + + // @RestController + // static class TestController { + + // @GetMapping("/test") + // public ResponseEntity<String> testEndpoint() { + // return ResponseEntity.ok("Authorized"); + // } + // } +} diff --git a/src/test/java/org/onap/aai/babel/logging/TestApplicationLogger.java b/src/test/java/org/onap/aai/babel/logging/TestApplicationLogger.java index e390c8c..c997e41 100644 --- a/src/test/java/org/onap/aai/babel/logging/TestApplicationLogger.java +++ b/src/test/java/org/onap/aai/babel/logging/TestApplicationLogger.java @@ -32,7 +32,8 @@ import com.att.eelf.configuration.EELFManager; import java.io.IOException; import java.util.Arrays; import javax.servlet.ServletRequest; -import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.commons.lang3.time.StopWatch; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; @@ -143,9 +144,9 @@ public class TestApplicationLogger { final LogHelper logger = LogHelper.INSTANCE; final LogReader reader = new LogReader(LogHelper.getLogDirectory(), "audit"); - HttpHeaders headers = Mockito.mock(HttpHeaders.class); - Mockito.when(headers.getHeaderString("X-ECOMP-RequestID")).thenReturn("ecomp-request-id"); - Mockito.when(headers.getHeaderString("X-FromAppId")).thenReturn("app-id"); + MultivaluedMap<String, String> headers = Mockito.mock(MultivaluedMap.class); + Mockito.when(headers.getFirst("X-ECOMP-RequestID")).thenReturn("ecomp-request-id"); + Mockito.when(headers.getFirst("X-FromAppId")).thenReturn("app-id"); // Call logAudit without first calling startAudit logger.logAuditSuccess("first call: bob"); diff --git a/src/test/java/org/onap/aai/babel/parser/TestArtifactGeneratorToscaParser.java b/src/test/java/org/onap/aai/babel/parser/TestArtifactGeneratorToscaParser.java index 9988076..ba45f9e 100644 --- a/src/test/java/org/onap/aai/babel/parser/TestArtifactGeneratorToscaParser.java +++ b/src/test/java/org/onap/aai/babel/parser/TestArtifactGeneratorToscaParser.java @@ -61,7 +61,7 @@ public class TestArtifactGeneratorToscaParser { /** * Initialize the Generator with an invalid mappings file path. - * + * * @throws IOException * if the file content could not be read successfully */ @@ -74,7 +74,7 @@ public class TestArtifactGeneratorToscaParser { /** * Initialize the Generator with no Widget Mappings content. - * + * * @throws IOException * if the file content could not be read successfully */ @@ -88,7 +88,7 @@ public class TestArtifactGeneratorToscaParser { /** * Initialize the Generator with invalid Widget Mappings content. - * + * * @throws IOException * if the file content could not be read successfully */ @@ -137,7 +137,7 @@ public class TestArtifactGeneratorToscaParser { /** * Initialize the Artifact Generator Widget Mapping config with incomplete data (no type). - * + * * @throws IOException * if a WidgetMapping is invalid */ @@ -152,7 +152,7 @@ public class TestArtifactGeneratorToscaParser { /** * Initialize the Artifact Generator Widget Mapping config with invalid data (type value). - * + * * @throws IOException * if a WidgetMapping is invalid */ @@ -167,7 +167,7 @@ public class TestArtifactGeneratorToscaParser { /** * Initialize the Artifact Generator Widget Mapping config with incomplete data (no widget name). - * + * * @throws IOException * if a WidgetMapping is invalid */ @@ -207,7 +207,7 @@ public class TestArtifactGeneratorToscaParser { /** * Process a dummy Group object for a Service Resource. - * + * * @throws XmlArtifactGenerationException * if there is no configuration defined for a member Widget of an instance group * @throws IOException diff --git a/src/test/java/org/onap/aai/babel/service/TestGenerateArtifactsServiceImpl.java b/src/test/java/org/onap/aai/babel/service/TestGenerateArtifactsServiceImpl.java index 5ceca17..3070566 100644 --- a/src/test/java/org/onap/aai/babel/service/TestGenerateArtifactsServiceImpl.java +++ b/src/test/java/org/onap/aai/babel/service/TestGenerateArtifactsServiceImpl.java @@ -34,7 +34,6 @@ import java.util.Collections; import java.util.List; import java.util.Map.Entry; import java.util.Optional; -import javax.inject.Inject; import javax.security.auth.x500.X500Principal; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedHashMap; @@ -48,22 +47,23 @@ import org.onap.aai.auth.AAIMicroServiceAuth; import org.onap.aai.babel.service.data.BabelRequest; import org.onap.aai.babel.testdata.CsarTest; import org.onap.aai.babel.util.ArtifactTestUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.test.context.junit.jupiter.SpringJUnitConfig; /** * Direct invocation of the generate artifacts service implementation. * */ -@SpringJUnitConfig(locations = {"classpath:/babel-beans.xml"}) +@SpringBootTest public class TestGenerateArtifactsServiceImpl { static { System.setProperty("CONFIG_HOME", "src/test/resources"); } - @Inject - private AAIMicroServiceAuth auth; + @Autowired + private Gson gson; @BeforeAll public static void setup() { @@ -81,7 +81,7 @@ public class TestGenerateArtifactsServiceImpl { */ @Test public void testGenerateArtifacts() throws URISyntaxException, IOException { - Response response = processJsonRequest(CsarTest.VNF_VENDOR_CSAR, auth); + Response response = processJsonRequest(CsarTest.VNF_VENDOR_CSAR); assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode())); assertThat(response.getEntity(), is(getResponseJson("response.json"))); } @@ -96,11 +96,11 @@ public class TestGenerateArtifactsServiceImpl { */ @Test public void testGenerateArtifactsWithoutRequestId() throws URISyntaxException, IOException { - Response response = invokeService(CsarTest.VNF_VENDOR_CSAR.getJsonRequest(), Optional.empty(), auth); + Response response = invokeService(CsarTest.VNF_VENDOR_CSAR.getJsonRequest(), Optional.empty()); assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode())); assertThat(response.getEntity(), is(getResponseJson("response.json"))); } - + /** * Test with a valid request without Minor Artifact version. * @@ -112,11 +112,11 @@ public class TestGenerateArtifactsServiceImpl { @Test public void testGenerateArtifactsWithoutMinorArtifactVersion() throws URISyntaxException, IOException { Response response = invokeService(CsarTest.VNF_VENDOR_CSAR.getJsonRequestWithArtifactVersion("1"), - Optional.of("transaction-id"), auth); + Optional.of("transaction-id")); assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode())); assertThat(response.getEntity(), is(getResponseJson("response.json"))); } - + /** * Test with a valid request without Minor Artifact version. * @@ -128,12 +128,12 @@ public class TestGenerateArtifactsServiceImpl { @Test public void testGenerateArtifactsWithInvalidArtifactVersion() throws URISyntaxException, IOException { Response response = invokeService(CsarTest.VNF_VENDOR_CSAR.getJsonRequestWithArtifactVersion("a"), - Optional.of("transaction-id"), auth); + Optional.of("transaction-id")); assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode())); assertThat(response.getEntity(), is(getResponseJson("response.json"))); } - - + + /** * Test with a valid request with Artifact version less than 1. * @@ -145,7 +145,7 @@ public class TestGenerateArtifactsServiceImpl { @Test public void testGenerateArtifactsWithArtifactVerLessThan1() throws URISyntaxException, IOException { Response response = invokeService(CsarTest.VNF_VENDOR_CSAR.getJsonRequestWithArtifactVersion("0.1"), - Optional.of("transaction-id"), auth); + Optional.of("transaction-id")); assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode())); assertThat(response.getEntity(), is(getResponseJson("responseWithVersionLessThan1.json"))); } @@ -161,7 +161,7 @@ public class TestGenerateArtifactsServiceImpl { */ @Test public void testGenerateArtifactsWithoutVnfConfiguration() throws IOException, URISyntaxException { - Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR, auth); + Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR); assertThat(response.getStatus(), is(Response.Status.OK.getStatusCode())); assertThat(response.getEntity(), is(getResponseJson("validNoVnfConfigurationResponse.json"))); } @@ -176,32 +176,12 @@ public class TestGenerateArtifactsServiceImpl { */ @Test public void testGenerateArtifactsInvalidCsar() throws IOException, URISyntaxException { - Response response = processJsonRequest(CsarTest.MULTIPLE_VNF_CSAR, auth); + Response response = processJsonRequest(CsarTest.MULTIPLE_VNF_CSAR); assertThat(response.getStatus(), is(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode())); assertThat(response.getEntity().toString(), containsString("VNF catalog")); } @Test - public void testUninitializedService() throws IOException, URISyntaxException, AAIAuthException { - AAIMicroServiceAuth uninitializedAuth = Mockito.mock(AAIMicroServiceAuth.class); - Mockito.when(uninitializedAuth.validateRequest(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) - .thenThrow(new AAIAuthException("test")); - Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR, uninitializedAuth); - assertThat(response.getStatus(), is(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode())); - assertThat(response.getEntity().toString(), containsString("check the Babel service logs")); - } - - @Test - public void testUnauthorizedRequest() throws IOException, URISyntaxException, AAIAuthException { - AAIMicroServiceAuth uninitializedAuth = Mockito.mock(AAIMicroServiceAuth.class); - Mockito.when(uninitializedAuth.validateRequest(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) - .thenReturn(false); - Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR, uninitializedAuth); - assertThat(response.getStatus(), is(Response.Status.UNAUTHORIZED.getStatusCode())); - assertThat(response.getEntity().toString(), containsString("User not authorized")); - } - - @Test public void testInvalidCsarFile() throws URISyntaxException, IOException { BabelRequest request = new BabelRequest(); request.setArtifactName("hello"); @@ -262,9 +242,9 @@ public class TestGenerateArtifactsServiceImpl { * @throws IOException * if the resource cannot be loaded */ - private Response processJsonRequest(CsarTest csar, AAIMicroServiceAuth auth) + private Response processJsonRequest(CsarTest csar) throws URISyntaxException, IOException { - return invokeService(csar.getJsonRequest(), Optional.of("transaction-id"), auth); + return invokeService(csar.getJsonRequest(), Optional.of("transaction-id")); } /** @@ -277,7 +257,7 @@ public class TestGenerateArtifactsServiceImpl { * if the URI cannot be created */ private Response invokeService(String jsonRequest) throws URISyntaxException { - return invokeService(jsonRequest, Optional.of("transaction-id"), auth); + return invokeService(jsonRequest, Optional.of("transaction-id")); } /** @@ -293,7 +273,7 @@ public class TestGenerateArtifactsServiceImpl { * @throws URISyntaxException * if the URI cannot be created */ - private Response invokeService(String jsonString, Optional<String> transactionId, AAIMicroServiceAuth auth) + private Response invokeService(String jsonString, Optional<String> transactionId) throws URISyntaxException { UriInfo mockUriInfo = Mockito.mock(UriInfo.class); Mockito.when(mockUriInfo.getRequestUri()).thenReturn(new URI("/validate")); // NOSONAR (mocked) @@ -329,7 +309,7 @@ public class TestGenerateArtifactsServiceImpl { servletRequest.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[] {mockCertificate}); servletRequest.setAttribute("javax.servlet.request.cipher_suite", ""); - GenerateArtifactsServiceImpl service = new GenerateArtifactsServiceImpl(auth); + GenerateArtifactsControllerImpl service = new GenerateArtifactsControllerImpl(gson); return service.generateArtifacts(mockUriInfo, headers, servletRequest, jsonString); } diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index 2f24f8b..8c3bd59 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -1 +1 @@ -spring.sleuth.enabled=true
\ No newline at end of file +spring.sleuth.enabled=false diff --git a/version.properties b/version.properties index 798f495..ec1a1bc 100644 --- a/version.properties +++ b/version.properties @@ -4,7 +4,7 @@ major=1 minor=13 -patch=4 +patch=5 base_version=${major}.${minor}.${patch} |