diff options
| author |   Popescu, Serban <serban.popescu@amdocs.com> | 2018-12-14 12:45:57 -0500 |
|---|---|---|
| committer |   Serban Popescu <sp5226@att.com> | 2018-12-14 12:50:04 -0500 |
| commit | 7ca6c2a19ee1971a402a6b7eaad4324d83fb236a (patch) | |
| tree | 9ee93586950241ba49091c05b9eed76021a76993 /src | |
| parent | 3f66d5f1ef60c60116589e73ec1207f9574840af (diff) | |
Add option to bypass user authorization
the es.auth.authorization.enabled property, if set to false, will bypass
user authorization
Issue-ID: AAI-2007
Change-Id: I46e3e087ee13eacdf977bbdc9c439045b0072a33
Signed-off-by: Serban Popescu <serban.popescu@amdocs.com>
Diffstat (limited to 'src')
4 files changed, 98 insertions, 3 deletions
diff --git a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java index 5247baa..d62bfd6 100644 --- a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java +++ b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java @@ -185,6 +185,12 @@ public class SearchServiceApi { protected boolean validateRequest(HttpHeaders headers, HttpServletRequest req, Action action, String authPolicyFunctionName) { + + boolean isUserAuthEnabled = ((ElasticSearchHttpController)documentStore).getElasticSearchConfig().useAuthorizationUser(); + if(! isUserAuthEnabled) { + return true; + } + SearchDbServiceAuth serviceAuth = new SearchDbServiceAuth(); String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite"); diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java index 0d116f8..87d0378 100644 --- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java +++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java @@ -40,6 +40,7 @@ public class ElasticSearchConfig { private String httpPort; private String javaApiPort; private String clusterName; + private String authorizationEnabled; public static final String ES_CLUSTER_NAME = "es.cluster-name"; public static final String ES_IP_ADDRESS = "es.ip-address"; @@ -51,6 +52,7 @@ public class ElasticSearchConfig { public static final String ES_KEY_STORE_ENC = "es.key-store-password"; public static final String ES_AUTH_USER = "es.auth-user"; public static final String ES_AUTH_ENC = "es.auth-password"; + public static final String ES_AUTH_ENABLED = "es.auth.authorization.enabled"; private static final String DEFAULT_URI_SCHEME = "http"; private static final String JAVA_API_PORT_DEFAULT = "9300"; @@ -66,6 +68,7 @@ public class ElasticSearchConfig { setHttpPort(props.getProperty(ES_HTTP_PORT)); setJavaApiPort(JAVA_API_PORT_DEFAULT); initializeAuthValues(props); + setAuthorizationEnabled(props.getProperty(ES_AUTH_ENABLED)); } @@ -161,12 +164,24 @@ public class ElasticSearchConfig { return authValue; } + public String getAuthorizationEnabled() { + return authorizationEnabled; + } + + public void setAuthorizationEnabled(String authorizationEnabled) { + this.authorizationEnabled = authorizationEnabled; + } + + public boolean useAuthorizationUser() { + return getAuthorizationEnabled()== null? true : Boolean.parseBoolean(getAuthorizationEnabled()); + } + @Override public String toString() { return String.format( - "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)", + "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)%nauthorizationUser=%s", uriScheme, ipAddress, httpPort, clusterName, javaApiPort, useAuth(), trustStore, - trustStorePassword != null, keyStore, keyStorePassword != null); + trustStorePassword != null, keyStore, keyStorePassword != null, useAuthorizationUser()); } private void initializeAuthValues(Properties props) { diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java index 759c997..c4a52b4 100644 --- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java +++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java @@ -176,6 +176,10 @@ public class ElasticSearchHttpController implements DocumentStoreInterface { return analysisConfig; } + public ElasticSearchConfig getElasticSearchConfig() { + return config; + } + @Override public OperationResult createIndex(String index, DocumentSchema documentSchema) { try { diff --git a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java index d16fe87..e780e3b 100644 --- a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java +++ b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java @@ -33,8 +33,12 @@ import org.mockito.InjectMocks; import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.onap.aai.sa.searchdbabstraction.elasticsearch.config.ElasticSearchConfig;
import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreDataEntity;
import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreInterface;
+import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.ElasticSearchHttpController;
import org.onap.aai.sa.searchdbabstraction.elasticsearch.exception.DocumentStoreOperationException;
import org.onap.aai.sa.searchdbabstraction.entity.DocumentOperationResult;
import org.onap.aai.sa.searchdbabstraction.entity.ErrorResult;
@@ -43,6 +47,7 @@ import org.onap.aai.sa.searchdbabstraction.entity.SearchOperationResult; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import java.util.Properties;
public class DocumentTest {
@@ -70,6 +75,9 @@ public class DocumentTest { DocumentApi documentApi;
+ @Mock
+ ElasticSearchHttpController httpController;
+
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
@@ -654,4 +662,66 @@ public class DocumentTest { Assert.assertNotNull(response);
Assert.assertTrue(HttpStatus.INTERNAL_SERVER_ERROR.value() == response.getStatusCodeValue());
}
-}
+
+ @Test
+ public void testUserAuthorization() throws Exception {
+ String transactionId = "transactionId-1";
+ String remoteAddr = "http://127.0.0.1";
+ String content = "content";
+ // Mockito.when(headers.getRequestHeaders()).thenReturn(multivaluedMap);;
+ Mockito.when(multivaluedMap.getFirst(Mockito.anyString())).thenReturn(transactionId);
+ Mockito.when(request.getRemoteAddr()).thenReturn(remoteAddr);
+ Mockito.when(request.getMethod()).thenReturn("testMethod");
+ Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://127.0.0.1"));
+ Mockito.when(request.getRemoteHost()).thenReturn("localhost");
+ Mockito.when(searchServiceApi.validateRequest(Mockito.any(HttpHeaders.class),
+ Mockito.any(HttpServletRequest.class), Mockito.any(ApiUtils.Action.class), Mockito.anyString()))
+ .thenCallRealMethod();
+
+ Mockito.doAnswer(new Answer<ElasticSearchConfig>() {
+ public ElasticSearchConfig answer(InvocationOnMock invocation) {
+ Properties properties = new Properties();
+ return new ElasticSearchConfig(properties);
+ }
+ }).when(httpController).getElasticSearchConfig();
+
+ searchServiceApi.documentStore = httpController;
+
+ ResponseEntity<String> response =
+ documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);
+ Assert.assertNotNull(response);
+ Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());
+
+ Mockito.doAnswer(new Answer<ElasticSearchConfig>() {
+ public ElasticSearchConfig answer(InvocationOnMock invocation) {
+ Properties properties = new Properties();
+ properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "true");
+ return new ElasticSearchConfig(properties);
+ }
+ }).when(httpController).getElasticSearchConfig();
+
+
+ response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);
+ Assert.assertNotNull(response);
+ Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());
+
+ Mockito.doAnswer(new Answer<ElasticSearchConfig>() {
+ public ElasticSearchConfig answer(InvocationOnMock invocation) {
+ Properties properties = new Properties();
+ properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "false");
+ return new ElasticSearchConfig(properties);
+ }
+ }).when(httpController).getElasticSearchConfig();
+
+ DocumentOperationResult result = new DocumentOperationResult();
+ result.setResultCode(302);
+ result.setError(new ErrorResult("type-1", "reason-1"));
+ result.setFailureCause("test-failure");
+ Mockito.when(documentStore.createDocument(Mockito.anyString(), Mockito.any(DocumentStoreDataEntity.class),
+ Mockito.anyBoolean())).thenReturn(result);
+ response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);
+ Assert.assertNotNull(response);
+ Assert.assertTrue(HttpStatus.FOUND.value() == response.getStatusCodeValue());
+
+ }
+}
\ No newline at end of file |