diff options
Diffstat (limited to 'aai-resources/src/it/java/org')
4 files changed, 293 insertions, 0 deletions
diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java new file mode 100644 index 0000000..01f335a --- /dev/null +++ b/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java @@ -0,0 +1,73 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.multitenancy; + +import com.github.dockerjava.api.model.ExposedPort; +import com.github.dockerjava.api.model.HostConfig; +import com.github.dockerjava.api.model.PortBinding; +import com.github.dockerjava.api.model.Ports; +import dasniko.testcontainers.keycloak.KeycloakContainer; +import org.keycloak.adapters.springboot.KeycloakSpringBootProperties; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.KeycloakBuilder; +import org.keycloak.representations.adapters.config.AdapterConfig; +import org.springframework.boot.test.context.TestConfiguration; +import org.springframework.context.annotation.Bean; + +@TestConfiguration +class KeycloakTestConfiguration { + + @Bean + public AdapterConfig adapterConfig() { + return new KeycloakSpringBootProperties(); + } + + @Bean + KeycloakContainer keycloakContainer(KeycloakTestProperties properties) { + KeycloakContainer keycloak = new KeycloakContainer("jboss/keycloak:12.0.4") + .withRealmImportFile(properties.realmJson) + .withCreateContainerCmdModifier(cmd -> cmd.withHostConfig( + new HostConfig().withPortBindings(new PortBinding(Ports.Binding.bindPort(Integer.parseInt(properties.port)), new ExposedPort(8080))) + )); + keycloak.start(); + return keycloak; + } + + @Bean + Keycloak keycloakAdminClient(KeycloakContainer keycloak, KeycloakTestProperties properties) { + return KeycloakBuilder.builder() + .serverUrl(keycloak.getAuthServerUrl()) + .realm(properties.realm) + .clientId(properties.adminCli) + .username(keycloak.getAdminUsername()) + .password(keycloak.getAdminPassword()) + .build(); + } + + @Bean + RoleHandler roleHandler(Keycloak adminClient, KeycloakTestProperties properties) { + return new RoleHandler(adminClient, properties); + } + + @Bean + KeycloakTestProperties properties() { + return new KeycloakTestProperties(); + } +} diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java new file mode 100644 index 0000000..de62d2d --- /dev/null +++ b/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java @@ -0,0 +1,44 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.multitenancy; + +import org.springframework.beans.factory.annotation.Value; + +class KeycloakTestProperties { + + @Value("${test.keycloak.realm.json}") + public String realmJson; + + @Value("${keycloak.realm}") + public String realm; + + @Value("${keycloak.resource}") + public String clientId; + + @Value("${test.keycloak.client.secret}") + public String clientSecret; + + @Value("${test.keycloak.admin.cli}") + public String adminCli; + + @Value("${test.keycloak.auth-server-port}") + public String port; + +} diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java new file mode 100644 index 0000000..2ad9616 --- /dev/null +++ b/aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java @@ -0,0 +1,119 @@ +/** + * ============LICENSE_START================================================== + * org.onap.aai + * =========================================================================== + * Copyright © 2017-2020 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + */ +package org.onap.aai.multitenancy; + +import dasniko.testcontainers.keycloak.KeycloakContainer; +import org.junit.Test; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.KeycloakBuilder; +import org.keycloak.representations.AccessTokenResponse; +import org.onap.aai.PayloadUtil; +import org.onap.aai.rest.AbstractSpringRestTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Import; +import org.springframework.http.*; +import org.springframework.test.context.TestPropertySource; + +import java.util.Collections; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +@Import(KeycloakTestConfiguration.class) +@TestPropertySource(locations = "classpath:application-keycloak-test.properties") +public class MultiTenancyIT extends AbstractSpringRestTest { + + @Autowired + private KeycloakContainer keycloakContainer; + @Autowired + private RoleHandler roleHandler; + @Autowired + private KeycloakTestProperties properties; + + @Test + public void testCreateAndGetPnf() throws Exception { + baseUrl = "http://localhost:" + randomPort; + String endpoint = baseUrl + "/aai/v23/network/pnfs/pnf/pnf-1"; + ResponseEntity responseEntity = null; + + // create pnf with ran (operator) + String username = "ran", password = "ran"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity(PayloadUtil.getResourcePayload("pnf.json"), headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); + assertEquals(HttpStatus.CREATED, responseEntity.getStatusCode()); + + // get pnf with bob (operator_readOnly) + username = "bob"; password = "bob"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity("", headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + + // get pnf with ted (selector) + username = "ted"; password = "ted"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity("", headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class); + assertEquals(HttpStatus.FORBIDDEN, responseEntity.getStatusCode()); + + // add role to ted and try to get pnf again + roleHandler.addToUser(RoleHandler.OPERATOR_READ_ONLY, username); + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity("", headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + + // get pnf with ran + username = "ran"; password = "ran"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity("", headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + } + + private HttpHeaders getHeaders(String username, String password) { + HttpHeaders headers = new HttpHeaders(); + + headers.setContentType(MediaType.APPLICATION_JSON); + headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); + headers.add("Real-Time", "true"); + headers.add("X-FromAppId", "JUNIT"); + headers.add("X-TransactionId", "JUNIT"); + headers.add("Authorization", "Bearer " + getStringToken(username, password)); + + return headers; + } + + private String getStringToken(String username, String password) { + Keycloak keycloakClient = KeycloakBuilder.builder() + .serverUrl(keycloakContainer.getAuthServerUrl()) + .realm(properties.realm) + .clientId(properties.clientId) + .clientSecret(properties.clientSecret) + .username(username) + .password(password) + .build(); + + AccessTokenResponse tokenResponse = keycloakClient.tokenManager().getAccessToken(); + assertNotNull(tokenResponse); + return tokenResponse.getToken(); + } +} diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java new file mode 100644 index 0000000..0769c15 --- /dev/null +++ b/aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java @@ -0,0 +1,57 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.multitenancy; + +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.RealmResource; + +import java.util.Collections; + +class RoleHandler { + + /** + Following roles should be the same as given roles in multi-tenancy-realm json file + */ + final static String OPERATOR = "operator"; + final static String OPERATOR_READ_ONLY = "operator_readOnly"; + private final Keycloak adminClient; + private final KeycloakTestProperties properties; + + RoleHandler(Keycloak adminClient, KeycloakTestProperties properties) { + this.adminClient = adminClient; + this.properties = properties; + } + + void addToUser(String role, String username) { + RealmResource realm = adminClient.realm(properties.realm); + realm.users().get(username) + .roles() + .realmLevel() + .add(Collections.singletonList(realm.roles().get(role).toRepresentation())); + } + + void removeFromUser(String role, String username) { + RealmResource realm = adminClient.realm(properties.realm); + realm.users().get(username) + .roles() + .realmLevel() + .remove(Collections.singletonList(realm.roles().get(role).toRepresentation())); + } +} |