Add option to bypass user authorization

the es.auth.authorization.enabled property, if set to false, will bypass
user authorization
Issue-ID: AAI-2007

Change-Id: I46e3e087ee13eacdf977bbdc9c439045b0072a33
Signed-off-by: Serban Popescu <serban.popescu@amdocs.com>

4 files changed, 98 insertions, 3 deletions

diff --git a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
index 5247baa..d62bfd6 100644
--- a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
+++ b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
@@ -185,6 +185,12 @@ public class SearchServiceApi {
 
     protected boolean validateRequest(HttpHeaders headers, HttpServletRequest req, Action action,
             String authPolicyFunctionName) {
+
+        boolean isUserAuthEnabled = ((ElasticSearchHttpController)documentStore).getElasticSearchConfig().useAuthorizationUser();
+        if(! isUserAuthEnabled) {
+            return true;
+        }
+        
         SearchDbServiceAuth serviceAuth = new SearchDbServiceAuth();
 
         String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
index 0d116f8..87d0378 100644
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
@@ -40,6 +40,7 @@ public class ElasticSearchConfig {
     private String httpPort;
     private String javaApiPort;
     private String clusterName;
+    private String authorizationEnabled;
 
     public static final String ES_CLUSTER_NAME = "es.cluster-name";
     public static final String ES_IP_ADDRESS = "es.ip-address";
@@ -51,6 +52,7 @@ public class ElasticSearchConfig {
     public static final String ES_KEY_STORE_ENC = "es.key-store-password";
     public static final String ES_AUTH_USER = "es.auth-user";
     public static final String ES_AUTH_ENC = "es.auth-password";
+    public static final String ES_AUTH_ENABLED = "es.auth.authorization.enabled";
 
     private static final String DEFAULT_URI_SCHEME = "http";
     private static final String JAVA_API_PORT_DEFAULT = "9300";
@@ -66,6 +68,7 @@ public class ElasticSearchConfig {
         setHttpPort(props.getProperty(ES_HTTP_PORT));
         setJavaApiPort(JAVA_API_PORT_DEFAULT);
         initializeAuthValues(props);
+        setAuthorizationEnabled(props.getProperty(ES_AUTH_ENABLED));
     }
 
 
@@ -161,12 +164,24 @@ public class ElasticSearchConfig {
         return authValue;
     }
 
+    public String getAuthorizationEnabled() {
+        return authorizationEnabled;
+    }
+
+    public void setAuthorizationEnabled(String authorizationEnabled) {
+        this.authorizationEnabled = authorizationEnabled;
+    }
+
+    public boolean useAuthorizationUser() {
+        return getAuthorizationEnabled()== null? true : Boolean.parseBoolean(getAuthorizationEnabled());
+    }
+
     @Override
     public String toString() {
         return String.format(
-                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)",
+                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)%nauthorizationUser=%s",
                 uriScheme, ipAddress, httpPort, clusterName, javaApiPort, useAuth(), trustStore,
-                trustStorePassword != null, keyStore, keyStorePassword != null);
+                trustStorePassword != null, keyStore, keyStorePassword != null, useAuthorizationUser());
     }
 
     private void initializeAuthValues(Properties props) {
diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
index 759c997..c4a52b4 100644
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
@@ -176,6 +176,10 @@ public class ElasticSearchHttpController implements DocumentStoreInterface {
         return analysisConfig;
     }
 
+    public ElasticSearchConfig getElasticSearchConfig() {
+        return config;
+    }
+
     @Override
     public OperationResult createIndex(String index, DocumentSchema documentSchema) {
         try {
diff --git a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
index d16fe87..e780e3b 100644
--- a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
+++ b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
@@ -33,8 +33,12 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;

 import org.mockito.Mockito;

 import org.mockito.MockitoAnnotations;

+import org.mockito.invocation.InvocationOnMock;

+import org.mockito.stubbing.Answer;

+import org.onap.aai.sa.searchdbabstraction.elasticsearch.config.ElasticSearchConfig;

 import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreDataEntity;

 import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreInterface;

+import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.ElasticSearchHttpController;

 import org.onap.aai.sa.searchdbabstraction.elasticsearch.exception.DocumentStoreOperationException;

 import org.onap.aai.sa.searchdbabstraction.entity.DocumentOperationResult;

 import org.onap.aai.sa.searchdbabstraction.entity.ErrorResult;

@@ -43,6 +47,7 @@ import org.onap.aai.sa.searchdbabstraction.entity.SearchOperationResult;
 import org.springframework.http.HttpHeaders;

 import org.springframework.http.HttpStatus;

 import org.springframework.http.ResponseEntity;

+import java.util.Properties;

 

 

 public class DocumentTest {

@@ -70,6 +75,9 @@ public class DocumentTest {
 

     DocumentApi documentApi;

 

+    @Mock

+    ElasticSearchHttpController httpController;

+

     @Before

     public void setUp() {

         MockitoAnnotations.initMocks(this);

@@ -654,4 +662,66 @@ public class DocumentTest {
         Assert.assertNotNull(response);

         Assert.assertTrue(HttpStatus.INTERNAL_SERVER_ERROR.value() == response.getStatusCodeValue());

     }

-}

+

+    @Test

+    public void testUserAuthorization() throws Exception {

+        String transactionId = "transactionId-1";

+        String remoteAddr = "http://127.0.0.1";

+        String content = "content";

+        // Mockito.when(headers.getRequestHeaders()).thenReturn(multivaluedMap);;

+        Mockito.when(multivaluedMap.getFirst(Mockito.anyString())).thenReturn(transactionId);

+        Mockito.when(request.getRemoteAddr()).thenReturn(remoteAddr);

+        Mockito.when(request.getMethod()).thenReturn("testMethod");

+        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://127.0.0.1"));

+        Mockito.when(request.getRemoteHost()).thenReturn("localhost");

+        Mockito.when(searchServiceApi.validateRequest(Mockito.any(HttpHeaders.class),

+                Mockito.any(HttpServletRequest.class), Mockito.any(ApiUtils.Action.class), Mockito.anyString()))

+                .thenCallRealMethod();

+

+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {

+            public ElasticSearchConfig answer(InvocationOnMock invocation) {

+                Properties properties = new Properties();

+                return new ElasticSearchConfig(properties);

+            }

+        }).when(httpController).getElasticSearchConfig();

+

+        searchServiceApi.documentStore = httpController;

+

+        ResponseEntity<String> response =

+                documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);

+        Assert.assertNotNull(response);

+        Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());

+

+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {

+            public ElasticSearchConfig answer(InvocationOnMock invocation) {

+                Properties properties = new Properties();

+                properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "true");

+                return new ElasticSearchConfig(properties);

+            }

+        }).when(httpController).getElasticSearchConfig();

+

+

+        response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);

+        Assert.assertNotNull(response);

+        Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());

+

+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {

+            public ElasticSearchConfig answer(InvocationOnMock invocation) {

+                Properties properties = new Properties();

+                properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "false");

+                return new ElasticSearchConfig(properties);

+            }

+        }).when(httpController).getElasticSearchConfig();

+

+        DocumentOperationResult result = new DocumentOperationResult();

+        result.setResultCode(302);

+        result.setError(new ErrorResult("type-1", "reason-1"));

+        result.setFailureCause("test-failure");

+        Mockito.when(documentStore.createDocument(Mockito.anyString(), Mockito.any(DocumentStoreDataEntity.class),

+                Mockito.anyBoolean())).thenReturn(result);

+        response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);

+        Assert.assertNotNull(response);

+        Assert.assertTrue(HttpStatus.FOUND.value() == response.getStatusCodeValue());

+

+    }

+}
\ No newline at end of file