AafPermissionService implementation

based on methods from MR_ClientService Change-Id: If90327b4ab0d4de1b58e5f15564d35cd2d43ec39 Issue-ID: DMAAP-1211 Signed-off-by: piotr.karas <piotr.karas@nokia.com>
author: pkaras <piotr.karas@nokia.com> 2019-05-30 11:11:54 +0200
committer: pkaras <piotr.karas@nokia.com> 2019-05-31 15:20:53 +0200
commit: 45ccf584c8574e9f96dd6fa3b8016accf24fc541 (patch)
tree: 6748b6e811dc5c29e66f4585c04a734dd9832858
parent: d3994fb85f92d429b626013a0bd9f2ff69418c95 (diff)
6 files changed, 449 insertions, 94 deletions
diff --git a/pom.xml b/pom.xml
index a555393..91af75a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -347,6 +347,12 @@
     		<groupId>org.glassfish.jersey.inject</groupId>
     		<artifactId>jersey-hk2</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
+		</dependency>
     <dependency>
       <groupId>pl.pragmatists</groupId>
       <artifactId>JUnitParams</artifactId>
@@ -388,6 +394,7 @@
 		<jettyVersion>9.4.12.RC2</jettyVersion> 
 		<eelf.version>1.0.0</eelf.version>
 		<artifact.version>1.0.28-SNAPSHOT</artifact.version>
+		<junit.version>4.12</junit.version>
 		<!-- SONAR -->
 		<jacoco.version>0.7.7.201606060606</jacoco.version>
 		<sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java
index 7b4f882..859ae13 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java
@@ -22,6 +22,8 @@ package org.onap.dmaap.dbcapi.aaf;
 
 import org.apache.log4j.Logger;
 
+import java.util.Objects;
+
 
 public class AafUserRole extends AafObject  {
 	static final Logger logger = Logger.getLogger(AafUserRole.class);
@@ -62,8 +64,20 @@ public class AafUserRole extends AafObject  {
 			
 		return postJSON;
 	}
-	
-	
-	
-	
+
+
+	@Override
+	public boolean equals(Object o) {
+		if (this == o) return true;
+		if (o == null || getClass() != o.getClass()) return false;
+		AafUserRole that = (AafUserRole) o;
+		return Objects.equals(identity, that.identity) &&
+				Objects.equals(role, that.role);
+	}
+
+	@Override
+	public int hashCode() {
+
+		return Objects.hash(identity, role);
+	}
 }
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java
index 90668be..bcee2a3 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,46 +22,61 @@ package org.onap.dmaap.dbcapi.aaf;
 
 import org.apache.log4j.Logger;
 
+import java.util.Objects;
+
 public class DmaapGrant extends AafObject {
-	static final Logger logger = Logger.getLogger(DmaapGrant.class);
-	
-	private DmaapPerm 	perm;
-	private	String	role;
-
-	public DmaapGrant(){
-		
-	}
-	
-	public DmaapGrant( DmaapPerm p, String r ) {
-		this.perm = p;
-		this.role = r;
-	}
-
-	public DmaapPerm getPerm() {
-		return perm;
-	}
-
-	public void setPerm(DmaapPerm perm) {
-		this.perm = perm;
-	}
-
-	public String getRole() {
-		return role;
-	}
-
-	public void setRole(String role) {
-		this.role = role;
-	}
-
-	public String toJSON() {
-
-		String postJSON = String.format(" { \"perm\":  %s, \"role\": \"%s\"}", 
-				this.perm.toJSON(), 
-				this.getRole() );
-		logger.info( "returning JSON: " + postJSON);
-			
-		return postJSON;
-	}
-	
-	
+    static final Logger logger = Logger.getLogger(DmaapGrant.class);
+
+    private DmaapPerm perm;
+    private String role;
+
+    public DmaapGrant() {
+
+    }
+
+    public DmaapGrant(DmaapPerm p, String r) {
+        this.perm = p;
+        this.role = r;
+    }
+
+    public DmaapPerm getPerm() {
+        return perm;
+    }
+
+    public void setPerm(DmaapPerm perm) {
+        this.perm = perm;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+
+    public String toJSON() {
+
+        String postJSON = String.format(" { \"perm\":  %s, \"role\": \"%s\"}",
+                this.perm.toJSON(),
+                this.getRole());
+        logger.info("returning JSON: " + postJSON);
+
+        return postJSON;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        DmaapGrant that = (DmaapGrant) o;
+        return Objects.equals(perm, that.perm) &&
+                Objects.equals(role, that.role);
+    }
+
+    @Override
+    public int hashCode() {
+
+        return Objects.hash(perm, role);
+    }
 }
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java
index 1893a71..1f57068 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,50 +22,71 @@ package org.onap.dmaap.dbcapi.aaf;
 
 import org.apache.log4j.Logger;
 
+import java.util.Objects;
 
-public class DmaapPerm extends AafObject  {
-	static final Logger logger = Logger.getLogger(DmaapPerm.class);
-	
-	private String 	permission;
-	private	String	ptype;
-	private	String	action;
-	
-	public DmaapPerm(String permission, String ptype, String action) {
-		super();
-		this.permission = permission;
-		this.ptype = ptype;
-		this.action = action;
-	}
-	public String getPermission() {
-		return permission;
-	}
-	public void setPermission(String permission) {
-		this.permission = permission;
-	}
-	public String getPtype() {
-		return ptype;
-	}
-	public void setPtype(String ptype) {
-		this.ptype = ptype;
-	}
-	public String getAction() {
-		return action;
-	}
-	public void setAction(String action) {
-		this.action = action;
-	}
-	public String toJSON() {
-
-		String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}", 
-				this.getPermission(), 
-				this.getPtype(),
-				this.getAction() );
-		logger.info( "returning JSON: " + postJSON);
-			
-		return postJSON;
-	}
-	
-	
-	
-	
+
+public class DmaapPerm extends AafObject {
+    static final Logger logger = Logger.getLogger(DmaapPerm.class);
+
+    private String permission;
+    private String ptype;
+    private String action;
+
+    public DmaapPerm(String permission, String ptype, String action) {
+        super();
+        this.permission = permission;
+        this.ptype = ptype;
+        this.action = action;
+    }
+
+    public String getPermission() {
+        return permission;
+    }
+
+    public void setPermission(String permission) {
+        this.permission = permission;
+    }
+
+    public String getPtype() {
+        return ptype;
+    }
+
+    public void setPtype(String ptype) {
+        this.ptype = ptype;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    public void setAction(String action) {
+        this.action = action;
+    }
+
+    public String toJSON() {
+
+        String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}",
+                this.getPermission(),
+                this.getPtype(),
+                this.getAction());
+        logger.info("returning JSON: " + postJSON);
+
+        return postJSON;
+    }
+
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        DmaapPerm dmaapPerm = (DmaapPerm) o;
+        return Objects.equals(permission, dmaapPerm.permission) &&
+                Objects.equals(ptype, dmaapPerm.ptype) &&
+                Objects.equals(action, dmaapPerm.action);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(permission, ptype, action);
+    }
 }
diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java
new file mode 100644
index 0000000..857b695
--- /dev/null
+++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java
@@ -0,0 +1,133 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.service;
+
+import org.onap.dmaap.dbcapi.aaf.AafService;
+import org.onap.dmaap.dbcapi.aaf.AafUserRole;
+import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
+import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+import org.onap.dmaap.dbcapi.model.ApiError;
+import org.onap.dmaap.dbcapi.model.DmaapObject.DmaapObject_Status;
+import org.onap.dmaap.dbcapi.model.MR_Client;
+
+public class AafPermissionService extends BaseLoggingClass {
+
+    private final AafService aafService;
+    private final DmaapService dmaapService;
+
+    public AafPermissionService() {
+        this(new AafService(AafService.ServiceType.AAF_TopicMgr), new DmaapService());
+    }
+
+    AafPermissionService(AafService aafService, DmaapService dmaapService) {
+        this.aafService = aafService;
+        this.dmaapService = dmaapService;
+    }
+
+    void assignIdentityToRole(MR_Client client, String role, ApiError err) {
+        okStatus(err);
+        AafUserRole ur = new AafUserRole(client.getClientIdentity(), role);
+        client.setStatus(DmaapObject_Status.VALID);
+        int rc = aafService.addUserRole(ur);
+        if (rc != 201 && rc != 409) {
+            client.setStatus(DmaapObject_Status.INVALID);
+            assignClientToRoleError(err, rc, client.getClientIdentity(), role);
+        }
+    }
+
+    void grantClientRolePerms(MR_Client client, ApiError err) {
+
+        okStatus(err);
+        String instance = ":topic." + client.getFqtn();
+        client.setStatus(DmaapObject_Status.VALID);
+
+        for (String action : client.getAction()) {
+            if (client.getClientRole() != null) {
+                int rc = grantPermForClientRole(client.getClientRole(), instance, action);
+                if (rc != 201 && rc != 409) {
+                    client.setStatus(DmaapObject_Status.INVALID);
+                    grantPermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole());
+                }
+
+            } else {
+                logger.warn("No Grant of " + permissionFullName(dmaapService.getTopicPerm(), instance, action) + " because role is null ");
+            }
+        }
+    }
+
+    void revokeClientPerms(MR_Client client, ApiError err) {
+        okStatus(err);
+        String instance = ":topic." + client.getFqtn();
+        client.setStatus(DmaapObject_Status.VALID);
+
+        for (String action : client.getAction()) {
+
+            int rc = revokePermForClientRole(client.getClientRole(), instance, action);
+
+            if (rc != 200 && rc != 404) {
+                client.setStatus(DmaapObject_Status.INVALID);
+                revokePermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole());
+            }
+        }
+
+    }
+
+    private int grantPermForClientRole(String clientRole, String instance, String action) {
+        DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action);
+        DmaapGrant g = new DmaapGrant(perm, clientRole);
+        return aafService.addGrant(g);
+    }
+
+    private int revokePermForClientRole(String clientRole, String instance, String action) {
+        DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action);
+        DmaapGrant g = new DmaapGrant(perm, clientRole);
+        return aafService.delGrant(g);
+    }
+
+    private void assignClientToRoleError(ApiError err, int code, String clientIdentity, String role) {
+        err.setCode(code);
+        err.setMessage("Failed to add user " + clientIdentity + "  to " + role);
+        logger.warn(err.getMessage());
+    }
+
+    private void grantPermsError(ApiError err, int code, String permission, String instance, String action, String role) {
+        err.setCode(code);
+        err.setMessage("Grant of " + permissionFullName(permission, instance, action) + " failed for " + role);
+        logger.warn(err.getMessage());
+    }
+
+    private void revokePermsError(ApiError err, int code, String permission, String instance, String action, String role) {
+        err.setCode(code);
+        err.setMessage("Revoke of " + permissionFullName(permission, instance, action) + " failed for " + role);
+        logger.warn(err.getMessage());
+    }
+
+    private String permissionFullName(String permission, String instance, String action) {
+        return permission + "|" + instance + "|" + action;
+    }
+
+    private void okStatus(ApiError err) {
+        err.setCode(200);
+        err.setMessage("OK");
+    }
+
+}
diff --git a/src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java b/src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java
new file mode 100644
index 0000000..1bba2bf
--- /dev/null
+++ b/src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java
@@ -0,0 +1,165 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.service;
+
+import junitparams.JUnitParamsRunner;
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.dmaap.dbcapi.aaf.AafService;
+import org.onap.dmaap.dbcapi.aaf.AafUserRole;
+import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
+import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
+import org.onap.dmaap.dbcapi.model.ApiError;
+import org.onap.dmaap.dbcapi.model.MR_Client;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.then;
+import static org.mockito.Mockito.verifyZeroInteractions;
+
+@RunWith(JUnitParamsRunner.class)
+public class AafPermissionServiceTest {
+
+    private static final String ROLE = "dmaap.mr.demoTopic.publisher";
+    private static final String IDENTITY = "dmaap-bc@dmaap-bc.onap.org";
+    private static final String TOPIC_PERM = "org.onap.dmaap.mr.topic";
+    private static final String FQTN = "org.onap.dmaap.mr.demoTopic";
+    private static final String PUB_ACTION = "pub";
+    private static final int INTERNAL_SERVER_ERROR = 500;
+    @Mock
+    private AafService aafService;
+    @Mock
+    private DmaapService dmaapService;
+    @Mock
+    private MR_Client mrClient;
+    private AafPermissionService aafPermissionService;
+
+    @Before
+    public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+        aafPermissionService = new AafPermissionService(aafService, dmaapService);
+        given(mrClient.getClientIdentity()).willReturn(IDENTITY);
+        given(mrClient.getFqtn()).willReturn(FQTN);
+        given(mrClient.getAction()).willReturn(new String[]{PUB_ACTION});
+        given(dmaapService.getTopicPerm()).willReturn(TOPIC_PERM);
+    }
+
+    @Test
+    @Parameters({"201", "409"})
+    public void shouldAssignClientToRole(int aafServiceReturnedCode) {
+        ApiError apiError = new ApiError();
+        AafUserRole userRole = new AafUserRole(IDENTITY, ROLE);
+        given(aafService.addUserRole(userRole)).willReturn(aafServiceReturnedCode);
+
+        aafPermissionService.assignIdentityToRole(mrClient, ROLE, apiError);
+
+        then(aafService).should().addUserRole(userRole);
+        assertOkStatus(apiError);
+    }
+
+    @Test
+    public void shouldReturnErrorStatusWhenClientWasNotAssignedToRole() {
+        ApiError apiError = new ApiError();
+        AafUserRole userRole = new AafUserRole(IDENTITY, ROLE);
+        given(aafService.addUserRole(userRole)).willReturn(INTERNAL_SERVER_ERROR);
+
+        aafPermissionService.assignIdentityToRole(mrClient, ROLE, apiError);
+
+        assertErrorStatus(apiError, INTERNAL_SERVER_ERROR);
+    }
+
+    @Test
+    @Parameters({"201", "409"})
+    public void shouldGrantActionPermissionForClientRole(int aafServiceReturnedCode) {
+        ApiError apiError = new ApiError();
+        DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE);
+        given(mrClient.getClientRole()).willReturn(ROLE);
+        given(aafService.addGrant(grant)).willReturn(aafServiceReturnedCode);
+
+        aafPermissionService.grantClientRolePerms(mrClient, apiError);
+
+        then(aafService).should().addGrant(grant);
+        assertOkStatus(apiError);
+    }
+
+    @Test
+    public void shouldReturnErrorStatusWhenPermissionWasNotGrantToRole() {
+        ApiError apiError = new ApiError();
+        DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE);
+        given(mrClient.getClientRole()).willReturn(ROLE);
+        given(aafService.addGrant(grant)).willReturn(INTERNAL_SERVER_ERROR);
+
+        aafPermissionService.grantClientRolePerms(mrClient, apiError);
+
+        assertErrorStatus(apiError, INTERNAL_SERVER_ERROR);
+    }
+
+    @Test
+    public void shouldReturnOkStatusWhenClientRoleIsNull() {
+        ApiError apiError = new ApiError();
+        given(mrClient.getClientRole()).willReturn(null);
+
+        aafPermissionService.grantClientRolePerms(mrClient, apiError);
+
+        verifyZeroInteractions(aafService);
+        assertOkStatus(apiError);
+    }
+
+    @Test
+    @Parameters({"200", "404"})
+    public void shouldRevokeActionPermissionForClientRole(int aafServiceReturnedCode) {
+        ApiError apiError = new ApiError();
+        DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE);
+        given(mrClient.getClientRole()).willReturn(ROLE);
+        given(aafService.delGrant(grant)).willReturn(aafServiceReturnedCode);
+
+        aafPermissionService.revokeClientPerms(mrClient, apiError);
+
+        then(aafService).should().delGrant(grant);
+        assertOkStatus(apiError);
+    }
+
+    @Test
+    public void shouldReturnErrorStatusWhenPermissionWasNotRevokedFromRole() {
+        ApiError apiError = new ApiError();
+        DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE);
+        given(mrClient.getClientRole()).willReturn(ROLE);
+        given(aafService.delGrant(grant)).willReturn(INTERNAL_SERVER_ERROR);
+
+        aafPermissionService.revokeClientPerms(mrClient, apiError);
+
+        assertErrorStatus(apiError, INTERNAL_SERVER_ERROR);
+    }
+
+    private void assertErrorStatus(ApiError apiError, int code) {
+        assertEquals(code, apiError.getCode());
+    }
+
+    private void assertOkStatus(ApiError apiError) {
+        assertTrue(apiError.is2xx());
+        assertEquals("OK", apiError.getMessage());
+    }
+}
+\ No newline at end of file
author	pkaras <piotr.karas@nokia.com>	2019-05-30 11:11:54 +0200
committer	pkaras <piotr.karas@nokia.com>	2019-05-31 15:20:53 +0200
commit	45ccf584c8574e9f96dd6fa3b8016accf24fc541 (patch)
tree	6748b6e811dc5c29e66f4585c04a734dd9832858
parent	d3994fb85f92d429b626013a0bd9f2ff69418c95 (diff)