aboutsummaryrefslogtreecommitdiffstats
path: root/sdnr/wt/oauth-provider/provider-jar/src/test
diff options
context:
space:
mode:
authorRavi Pendurty <ravi.pendurty@highstreet-technologies.com>2021-08-03 15:13:28 +0530
committerKAPIL SINGAL <ks220y@att.com>2021-08-06 12:44:28 +0000
commitea50c8f5ac2e2cfa30512acd4ab1e72c2a36b278 (patch)
tree757a476b9f91449b708fa71ef15287bd2c21377b /sdnr/wt/oauth-provider/provider-jar/src/test
parent3ba5eb125ac8890968e4437b098e39195d699434 (diff)
Support for external identity providers
oauth-provider now supports keycloak and gitlab as identity providers Issue-ID: CCSDK-3411 Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com> Change-Id: I78d678136e26f402b25723f4e10d76b646d76589 Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Diffstat (limited to 'sdnr/wt/oauth-provider/provider-jar/src/test')
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java24
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java18
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml258
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json3
4 files changed, 280 insertions, 23 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
index fb938000e..6c46ed25f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
@@ -60,8 +60,8 @@ public class TestGitlabAuthService {
public static void init() {
TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer");
- OAuthProviderConfig config =
- new OAuthProviderConfig("git", GITURL, "odlux.app", OAUTH_SECRET, "openid", "gitlab test");
+ OAuthProviderConfig config = new OAuthProviderConfig("git", GITURL, null, "odlux.app", OAUTH_SECRET, "openid",
+ "gitlab test", "", false);
oauthService = new GitlabProviderServiceToTest(config, REDIRECT_URI, tokenCreator);
try {
initGitlabTestWebserver(PORT, "/");
@@ -142,13 +142,17 @@ public class TestGitlabAuthService {
}
return null;
}
+
public static class MyHandler implements HttpHandler {
private static final String GITLAB_TOKEN_ENDPOINT = "/oauth/token";
private static final String GITLAB_USER_ENDPOINT = "/api/v4/user";
private static final String GITLAB_GROUP_ENDPOINT = "/api/v4/groups?min_access_level=10";
- private static final String GITLAB_TOKEN_RESPONSE = loadResourceFileContent("src/test/resources/oauth/gitlab-token-response.json");
- private static final String GITLAB_USER_RESPONSE =loadResourceFileContent("src/test/resources/oauth/gitlab-user-response.json");
- private static final String GITLAB_GROUP_RESPONSE =loadResourceFileContent("src/test/resources/oauth/gitlab-groups-response.json");
+ private static final String GITLAB_TOKEN_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/gitlab-token-response.json");
+ private static final String GITLAB_USER_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/gitlab-user-response.json");
+ private static final String GITLAB_GROUP_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/gitlab-groups-response.json");
@Override
public void handle(HttpExchange t) throws IOException {
@@ -159,23 +163,21 @@ public class TestGitlabAuthService {
String response = "";
try {
if (method.equals("GET")) {
- if(uri.equals(GITLAB_USER_ENDPOINT)) {
+ if (uri.equals(GITLAB_USER_ENDPOINT)) {
t.sendResponseHeaders(200, GITLAB_USER_RESPONSE.length());
os = t.getResponseBody();
os.write(GITLAB_USER_RESPONSE.getBytes());
- }
- else if(uri.equals(GITLAB_GROUP_ENDPOINT)) {
+ } else if (uri.equals(GITLAB_GROUP_ENDPOINT)) {
t.sendResponseHeaders(200, GITLAB_GROUP_RESPONSE.length());
os = t.getResponseBody();
os.write(GITLAB_GROUP_RESPONSE.getBytes());
}
} else if (method.equals("POST")) {
- if(uri.equals(GITLAB_TOKEN_ENDPOINT)){
+ if (uri.equals(GITLAB_TOKEN_ENDPOINT)) {
t.sendResponseHeaders(200, GITLAB_TOKEN_RESPONSE.length());
os = t.getResponseBody();
os.write(GITLAB_TOKEN_RESPONSE.getBytes());
- }
- else {
+ } else {
t.sendResponseHeaders(404, 0);
}
} else {
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
index 945ad7ff5..30b24af03 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
@@ -60,8 +60,8 @@ public class TestKeycloakAuthService {
public static void init() {
TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer");
- OAuthProviderConfig config =
- new OAuthProviderConfig("kc", KEYCLOAKURL, "odlux.app", OAUTH_SECRET, "openid", "keycloak test");
+ OAuthProviderConfig config = new OAuthProviderConfig("kc", KEYCLOAKURL, null, "odlux.app", OAUTH_SECRET,
+ "openid", "keycloak test", "onap", false);
oauthService = new KeycloakProviderServiceToTest(config, REDIRECT_URI, tokenCreator);
try {
initKeycloakTestWebserver(PORT, "/");
@@ -100,7 +100,8 @@ public class TestKeycloakAuthService {
public static class KeycloakProviderServiceToTest extends KeycloakProviderService {
- public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) {
+ public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri,
+ TokenCreator tokenCreator) {
super(config, redirectUri, tokenCreator);
}
}
@@ -137,9 +138,11 @@ public class TestKeycloakAuthService {
}
return null;
}
+
public static class MyHandler implements HttpHandler {
private static final String KEYCLOAK_TOKEN_ENDPOINT = "/auth/realms/onap/protocol/openid-connect/token";
- private static final String KEYCLOAK_TOKEN_RESPONSE = loadResourceFileContent("src/test/resources/oauth/keycloak-token-response.json");
+ private static final String KEYCLOAK_TOKEN_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/keycloak-token-response.json");
@Override
public void handle(HttpExchange t) throws IOException {
@@ -148,13 +151,12 @@ public class TestKeycloakAuthService {
System.out.println(String.format("req received: %s %s", method, t.getRequestURI()));
OutputStream os = null;
try {
- if (method.equals("POST")) {
- if(uri.equals(KEYCLOAK_TOKEN_ENDPOINT)){
+ if (method.equals("POST")) {
+ if (uri.equals(KEYCLOAK_TOKEN_ENDPOINT)) {
t.sendResponseHeaders(200, KEYCLOAK_TOKEN_RESPONSE.length());
os = t.getResponseBody();
os.write(KEYCLOAK_TOKEN_RESPONSE.getBytes());
- }
- else {
+ } else {
t.sendResponseHeaders(404, 0);
}
} else {
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
index 682fa3728..1929fde8e 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
+++ b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
@@ -6,7 +6,6 @@
terms of the Eclipse Public License v1.0 which accompanies this distribution,
and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License,
Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0
-
SPDX-License-Identifier: EPL-1.0 OR Apache-2.0
-->
@@ -17,15 +16,243 @@
///////////////////////////////////////////////////////////////////////////////////////
-->
-
<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+ <!--
+ ///////////////////////////////////////////////////////////////////////////////////
+ // shiro-configuration is the model based container that contains all shiro //
+ // related information used in ODL AAA configuration. It is the sole pain of //
+ // glass for shiro related configuration, and is how to configure shiro concepts //
+ // such as: //
+ // * realms //
+ // * urls //
+ // * security manager settings //
+ // //
+ // In general, you really shouldn't muck with the settings in this file. The //
+ // way an operator should configure AAA shiro settings is through one of ODL's //
+ // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the //
+ // defaults if no values are specified in MD-SAL. The reason this file is so //
+ // verbose is for two reasons: //
+ // 1) to demonstrate payload examples for plausible configuration scenarios //
+ // 2) to allow bootstrap of the controller (first time start) since otherwise //
+ // configuration becomes a chicken and the egg problem. //
+ // //
+ ///////////////////////////////////////////////////////////////////////////////////
+ -->
+
+ <!--
+ ===================================================================================
+ = =
+ = =
+ = MAIN =
+ = =
+ = =
+ ===================================================================================
+ -->
+
+ <!--
+ ===================================================================================
+ ============================ ODLJndiLdapRealmAuthNOnly ============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external LDAP =
+ = server for authentication only. For authorization support, refer =
+ = to ODLJndiLdapRealm. =
+ ===================================================================================
+ -->
+ <!-- Start ldapRealm commented out
+ <main>
+ <pair-key>ldapRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.userDnTemplate</pair-key>
+ <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.contextFactory.url</pair-key>
+ <pair-value>ldap://&lt;URL&gt;:389</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.searchBase</pair-key>
+ <pair-value>dc=DOMAIN,dc=TLD</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.groupRolesMap</pair-key>
+ <pair-value>&quot;person&quot;:&quot;admin&quot;, &quot;organizationalPerson&quot;:&quot;user&quot;</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.ldapAttributeForComparison</pair-key>
+ <pair-value>objectClass</pair-value>
+ </main>
+ End ldapRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ============================= ODLActiveDirectoryRealm =============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external AD =
+ = IDP server. =
+ ===================================================================================
+ -->
+ <!-- Start adRealm commented out
+ <main>
+ <pair-key>adRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.searchBase</pair-key>
+ <pair-value>&quot;CN=Users,DC=example,DC=com&quot;</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.systemUsername</pair-key>
+ <pair-value>aduser@example.com</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.systemPassword</pair-key>
+ <pair-value>adpassword</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.url</pair-key>
+ <pair-value>ldaps://adserver:636</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.groupRolesMap</pair-key>
+ <pair-value>&quot;CN=sysadmin,CN=Users,DC=example,DC=com&quot;:&quot;admin&quot;, &quot;CN=unprivileged,CN=Users,DC=example,DC=com&quot;:&quot;user&quot;</pair-value>
+ </main>
+ End adRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================== ODLJdbcRealm ===================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external JDBC =
+ = DBMS. =
+ ===================================================================================
+ -->
+ <!-- Start jdbcRealm commented out
+ <main>
+ <pair-key>ds</pair-key>
+ <pair-value>com.mysql.jdbc.Driver</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.serverName</pair-key>
+ <pair-value>localhost</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.user</pair-key>
+ <pair-value>user</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.password</pair-key>
+ <pair-value>password</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.databaseName</pair-key>
+ <pair-value>db_name</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm</pair-key>
+ <pair-value>ODLJdbcRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.dataSource</pair-key>
+ <pair-value>$ds</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.authenticationQuery</pair-key>
+ <pair-value>&quot;SELECT password FROM users WHERE user_name = ?&quot;</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.userRolesQuery</pair-key>
+ <pair-value>&quot;SELECT role_name FROM user_rolesWHERE user_name = ?&quot;</pair-value>
+ </main>
+ End jdbcRealm commented out-->
+ <!--
+ ===================================================================================
+ ================================= TokenAuthRealm ==================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation utilizing a per node H2 database store. =
+ ===================================================================================
+ -->
+<!-- <main> -->
+<!-- <pair-key>tokenAuthRealm</pair-key> -->
+<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
+<!-- </main> -->
<main>
<pair-key>tokenAuthRealm</pair-key>
<pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
</main>
+ <!--
+ ===================================================================================
+ =================================== MdsalRealm ====================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation utilizing the aaa.yang model. =
+ ===================================================================================
+ -->
+ <!-- Start mdsalRealm commented out
+ <main>
+ <pair-key>mdsalRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value>
+ </main>
+ End mdsalRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= MoonAuthRealm ===================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with OPNFV Moon. =
+ ===================================================================================
+ -->
+ <!-- Start moonAuthRealm commented out
+ <main>
+ <pair-key>moonAuthRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>moonAuthRealm.moonServerURL</pair-key>
+ <pair-value>http://&lt;host&gt;:&lt;port&gt;</pair-value>
+ </main>
+ End moonAuthRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= KeystoneAuthRealm == ============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an OpenStack =
+ = Keystone. =
+ ===================================================================================
+ -->
+ <!-- Start keystoneAuthRealm commented out
+ <main>
+ <pair-key>keystoneAuthRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.url</pair-key>
+ <pair-value>https://&lt;host&gt;:&lt;port&gt;</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.sslVerification</pair-key>
+ <pair-value>true</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.defaultDomain</pair-key>
+ <pair-value>Default</pair-value>
+ </main>
+ -->
+
+ <!--
+ Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm.
+ -->
<main>
<pair-key>securityManager.realms</pair-key>
<pair-value>$tokenAuthRealm</pair-value>
@@ -43,6 +270,13 @@
<pair-key>authcBearer</pair-key>
<pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
</main>
+
+ <!-- Start moonAuthRealm commented out
+ <main>
+ <pair-key>rest</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value>
+ </main>
+ End moonAuthRealm commented out-->
<!-- in order to track AAA challenge attempts -->
<main>
@@ -59,8 +293,26 @@
<pair-key>dynamicAuthorization</pair-key>
<pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
</main>
+<!-- <main> -->
+<!-- <pair-key>securityManager.sessionManager.sessionIdCookieEnabled</pair-key> -->
+<!-- <pair-value>false</pair-value> -->
+<!-- </main> -->
-
+ <!--
+ ===================================================================================
+ = =
+ = =
+ = URLS =
+ = =
+ = =
+ ===================================================================================
+ -->
+ <!-- Start moonAuthRealm commented out
+ <urls>
+ <pair-key>/token</pair-key>
+ <pair-value>rest</pair-value>
+ </urls>
+ End moonAuthRealm commented out-->
<urls>
<pair-key>/**/operations/cluster-admin**</pair-key>
<pair-value>dynamicAuthorization</pair-value>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json
index 157ddb71a..260b77da7 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json
+++ b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json
@@ -12,7 +12,8 @@
"clientId": "odlux.app",
"secret": "5da4ea3d-8cc9-4669-bd7e-3ecb91d120cd",
"scope": "openid",
- "title": "OSNL Keycloak Provider"
+ "title": "OSNL Keycloak Provider",
+ "realmName":"onap"
}
]
} \ No newline at end of file