diff options
| author |   Eric Santos <eric.santos@yoppworks.com> | 2021-05-06 14:19:25 -0400 |
|---|---|---|
| committer |   M.Hosnidokht <mohammad.hosnidokht@yoppworks.com> | 2021-05-28 09:43:46 -0400 |
| commit | fd3ec07e00ff409d92fea0a3ae11260669a9197a (patch) | |
| tree | f0ebcd61796a2f373e42037b44ad95d969b6292b /aai-traversal/src/it/java | |
| parent | 6180838e24698c885091d65603c6ce19c54853f4 (diff) | |
Add multi-tenancy integration tests
- Created a separate directory under 'src' for integration tests
- Moved all multi-tenancy related integration test classes and files into 'it' directory
- Depends on https://gerrit.onap.org/r/c/ci-management/+/121244
Issue-ID: AAI-3325
Signed-off-by: Santos, Eric <eric.santos@yoppworks.com>
Change-Id: I7d43fc0a72874c2b25dfc40ea5331783bd496d15
Diffstat (limited to 'aai-traversal/src/it/java')
4 files changed, 362 insertions, 0 deletions
diff --git a/aai-traversal/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java b/aai-traversal/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java new file mode 100644 index 0000000..01f335a --- /dev/null +++ b/aai-traversal/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java @@ -0,0 +1,73 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.multitenancy; + +import com.github.dockerjava.api.model.ExposedPort; +import com.github.dockerjava.api.model.HostConfig; +import com.github.dockerjava.api.model.PortBinding; +import com.github.dockerjava.api.model.Ports; +import dasniko.testcontainers.keycloak.KeycloakContainer; +import org.keycloak.adapters.springboot.KeycloakSpringBootProperties; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.KeycloakBuilder; +import org.keycloak.representations.adapters.config.AdapterConfig; +import org.springframework.boot.test.context.TestConfiguration; +import org.springframework.context.annotation.Bean; + +@TestConfiguration +class KeycloakTestConfiguration { + + @Bean + public AdapterConfig adapterConfig() { + return new KeycloakSpringBootProperties(); + } + + @Bean + KeycloakContainer keycloakContainer(KeycloakTestProperties properties) { + KeycloakContainer keycloak = new KeycloakContainer("jboss/keycloak:12.0.4") + .withRealmImportFile(properties.realmJson) + .withCreateContainerCmdModifier(cmd -> cmd.withHostConfig( + new HostConfig().withPortBindings(new PortBinding(Ports.Binding.bindPort(Integer.parseInt(properties.port)), new ExposedPort(8080))) + )); + keycloak.start(); + return keycloak; + } + + @Bean + Keycloak keycloakAdminClient(KeycloakContainer keycloak, KeycloakTestProperties properties) { + return KeycloakBuilder.builder() + .serverUrl(keycloak.getAuthServerUrl()) + .realm(properties.realm) + .clientId(properties.adminCli) + .username(keycloak.getAdminUsername()) + .password(keycloak.getAdminPassword()) + .build(); + } + + @Bean + RoleHandler roleHandler(Keycloak adminClient, KeycloakTestProperties properties) { + return new RoleHandler(adminClient, properties); + } + + @Bean + KeycloakTestProperties properties() { + return new KeycloakTestProperties(); + } +} diff --git a/aai-traversal/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java b/aai-traversal/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java new file mode 100644 index 0000000..de62d2d --- /dev/null +++ b/aai-traversal/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java @@ -0,0 +1,44 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.multitenancy; + +import org.springframework.beans.factory.annotation.Value; + +class KeycloakTestProperties { + + @Value("${test.keycloak.realm.json}") + public String realmJson; + + @Value("${keycloak.realm}") + public String realm; + + @Value("${keycloak.resource}") + public String clientId; + + @Value("${test.keycloak.client.secret}") + public String clientSecret; + + @Value("${test.keycloak.admin.cli}") + public String adminCli; + + @Value("${test.keycloak.auth-server-port}") + public String port; + +} diff --git a/aai-traversal/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java b/aai-traversal/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java new file mode 100644 index 0000000..e34ac2b --- /dev/null +++ b/aai-traversal/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java @@ -0,0 +1,189 @@ +/** + * ============LICENSE_START================================================== + * org.onap.aai + * =========================================================================== + * Copyright © 2017-2020 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + */ +package org.onap.aai.multitenancy; + +import com.jayway.jsonpath.JsonPath; +import dasniko.testcontainers.keycloak.KeycloakContainer; +import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource; +import org.janusgraph.core.JanusGraphTransaction; +import org.junit.Test; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.KeycloakBuilder; +import org.keycloak.representations.AccessTokenResponse; +import org.onap.aai.PayloadUtil; +import org.onap.aai.dbmap.AAIGraph; +import org.onap.aai.rest.AbstractSpringRestTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Import; +import org.springframework.http.*; +import org.springframework.test.context.TestPropertySource; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static org.junit.Assert.*; + +@Import(KeycloakTestConfiguration.class) +@TestPropertySource(locations = "classpath:application-keycloak-test.properties") +public class MultiTenancyIT extends AbstractSpringRestTest { + + @Autowired + private KeycloakContainer keycloakContainer; + @Autowired + private RoleHandler roleHandler; + @Autowired + private KeycloakTestProperties properties; + + @Override + public void createTestGraph() { + JanusGraphTransaction transaction = AAIGraph.getInstance().getGraph().newTransaction(); + boolean success = true; + + try { + GraphTraversalSource g = transaction.traversal(); + + g.addV().property("aai-node-type", "pnf") + .property("pnf-name", "test-pnf-name-01") + .property("prov-status", "in_service") + .property("data-owner", "operator") + .property("in-maint", false) + .property("source-of-truth", "JUNIT") + .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-01").next(); + + g.addV().property("aai-node-type", "pnf") + .property("pnf-name", "test-pnf-name-02") + .property("prov-status", "in_service") + .property("in-maint", false) + .property("source-of-truth", "JUNIT") + .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-02").next(); + + g.addV().property("aai-node-type", "pnf") + .property("pnf-name", "test-pnf-name-03") + .property("prov-status", "in_service") + .property("data-owner", "selector") + .property("in-maint", false) + .property("source-of-truth", "JUNIT") + .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-03").next(); + + g.addV().property("aai-node-type", "pnf") + .property("pnf-name", "test-pnf-name-04") + .property("prov-status", "in_service") + .property("data-owner", "selector") + .property("in-maint", false) + .property("source-of-truth", "JUNIT") + .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-04").next(); + + g.addV().property("aai-node-type", "pnf") + .property("pnf-name", "test-pnf-name-05") + .property("prov-status", "in_service") + .property("data-owner", "selector") + .property("in-maint", false) + .property("source-of-truth", "JUNIT") + .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-05").next(); + } catch (Exception ex) { + success = false; + } finally { + if (success) { + transaction.commit(); + } else { + transaction.rollback(); + fail("Unable to setup the graph"); + } + } + } + + @Test + public void testDslQueryWithDataOwner() throws Exception { + baseUrl = "http://localhost:" + randomPort; + String endpoint = baseUrl + "/aai/v23/dsl?format=console"; + List<Object> queryResults = null; + ResponseEntity responseEntity = null; + + Map<String, String> dslQueryMap = new HashMap<>(); + dslQueryMap.put("dsl-query", "pnf*('prov-status','in_service') "); + String payload = PayloadUtil.getTemplatePayload("dsl-query.json", dslQueryMap); + + // get pnf with ran (operator) + String username = "ran", password = "ran"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity(payload, headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); + queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + assertEquals(queryResults.size(), 2); + + // get pnf with bob (operator_readOnly) + username = "bob"; password = "bob"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity(payload, headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); + queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + assertEquals(queryResults.size(), 2); + + // get pnf with ted (selector) + username = "ted"; password = "ted"; + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity(payload, headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); + queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + assertEquals(queryResults.size(), 4); + + // add role to ted and try to get pnf again + roleHandler.addToUser(RoleHandler.OPERATOR, username); + headers = this.getHeaders(username, password); + httpEntity = new HttpEntity(payload, headers); + responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); + queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + assertEquals(queryResults.size(), 5); + } + + private HttpHeaders getHeaders(String username, String password) { + HttpHeaders headers = new HttpHeaders(); + + headers.setContentType(MediaType.APPLICATION_JSON); + headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); + headers.add("Real-Time", "true"); + headers.add("X-FromAppId", "JUNIT"); + headers.add("X-TransactionId", "JUNIT"); + headers.add("Authorization", "Bearer " + getStringToken(username, password)); + + return headers; + } + + private String getStringToken(String username, String password) { + Keycloak keycloakClient = KeycloakBuilder.builder() + .serverUrl(keycloakContainer.getAuthServerUrl()) + .realm(properties.realm) + .clientId(properties.clientId) + .clientSecret(properties.clientSecret) + .username(username) + .password(password) + .build(); + + AccessTokenResponse tokenResponse = keycloakClient.tokenManager().getAccessToken(); + assertNotNull(tokenResponse); + return tokenResponse.getToken(); + } +} diff --git a/aai-traversal/src/it/java/org/onap/aai/multitenancy/RoleHandler.java b/aai-traversal/src/it/java/org/onap/aai/multitenancy/RoleHandler.java new file mode 100644 index 0000000..4224c2f --- /dev/null +++ b/aai-traversal/src/it/java/org/onap/aai/multitenancy/RoleHandler.java @@ -0,0 +1,56 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.multitenancy; + +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.RealmResource; + +import java.util.Collections; + +class RoleHandler { + + /** + Following roles should be the same as given roles in multi-tenancy-realm json file + */ + final static String OPERATOR = "operator"; + private final Keycloak adminClient; + private final KeycloakTestProperties properties; + + RoleHandler(Keycloak adminClient, KeycloakTestProperties properties) { + this.adminClient = adminClient; + this.properties = properties; + } + + void addToUser(String role, String username) { + RealmResource realm = adminClient.realm(properties.realm); + realm.users().get(username) + .roles() + .realmLevel() + .add(Collections.singletonList(realm.roles().get(role).toRepresentation())); + } + + void removeFromUser(String role, String username) { + RealmResource realm = adminClient.realm(properties.realm); + realm.users().get(username) + .roles() + .realmLevel() + .remove(Collections.singletonList(realm.roles().get(role).toRepresentation())); + } +} |