authorization check for more Kafka operations

Issue-ID: DMAAP-1346 Change-Id: I7116411794cc2342390441398e214f86d394c644 Signed-off-by: su622b <su622b@att.com>
author: su622b <su622b@att.com> 2019-11-20 15:22:14 -0500
committer: sunil unnava <su622b@att.com> 2019-11-20 20:41:35 +0000
commit: 4b6939e390bcc7d1f80839ce2dacf4459f1327ce (patch)
tree: 714c99f4df705a64882629ee978711c0dc4e7070 /src/test
parent: bbaea416e64d2a4920c7377ec0a91b8ab36ded2b (diff)
4 files changed, 127 insertions, 15 deletions
diff --git a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java
index 4ac81f3..747e34e 100644
--- a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java
+++ b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java
@@ -22,9 +22,11 @@ package org.onap.dmaap.commonauth.kafka.base.authorization;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 @RunWith(PowerMockRunner.class)
+@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*"})
 public class AuthorizationProviderFactoryTest {
 
 	@Test
diff --git a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java
index 70631dc..743917d 100644
--- a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java
+++ b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java
@@ -22,6 +22,7 @@ package org.onap.dmaap.commonauth.kafka.base.authorization;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.mockito.Mockito.when;
 
@@ -40,7 +41,7 @@ import org.powermock.modules.junit4.PowerMockRunner;
 
 
 @RunWith(PowerMockRunner.class)
-@PowerMockIgnore("javax.net.ssl.*")
+@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*"})
 public class Cadi3AAFProviderTest {
 
 	public Cadi3AAFProvider cadi3AAFProvider;
@@ -60,36 +61,34 @@ public class Cadi3AAFProviderTest {
 	@Before
 	public void setUp() throws Exception {
 		MockitoAnnotations.initMocks(this);
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		cadi3AAFProvider = new Cadi3AAFProvider();
 	}
 
 	@Test
 	public void testHasPermission() {
-		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
-		cadi3AAFProvider = new Cadi3AAFProvider();
 		assertFalse(cadi3AAFProvider.hasPermission("userID", "permission", "instance", "action"));
 	}
 
 	@Test
 	public void testHasAdminPermission() {
-		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
-		cadi3AAFProvider = new Cadi3AAFProvider();
 		assertEquals(cadi3AAFProvider.hasPermission("admin", "permission", "instance", "action"), true);
 	}
 	
 	@Test(expected = NullPointerException.class)
 	public void tesAuthenticate() throws Exception {
-		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
-		cadi3AAFProvider = new Cadi3AAFProvider();
 		when(aafAuthn.validate("userId", "password")).thenReturn("valid");
 		assertEquals(cadi3AAFProvider.authenticate("userId", "password"), "valid");
 	}
 
 	@Test
-	public void tesAuthenticateadmin() throws Exception {
-		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
-		cadi3AAFProvider = new Cadi3AAFProvider();
-		when(aafAuthn.validate("admin", "password")).thenReturn("valid");
-		assertNull(cadi3AAFProvider.authenticate("admin", "password"));
+	public void tesAuthenticateAdmin() throws Exception {
+		assertNull(cadi3AAFProvider.authenticate("kafkaUsername", "apiKey"));
+	}
+	
+	@Test
+	public void tesAuthenticateAdminwtWrongCred() throws Exception {
+		assertNotNull(cadi3AAFProvider.authenticate("kafkaUsername", "api"));
 	}
 	
 }
diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java
index 4793acf..ae76534 100644
--- a/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java
+++ b/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java
@@ -20,8 +20,10 @@
  *******************************************************************************/
 package org.onap.dmaap.kafkaAuthorize;
 
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
+import org.apache.kafka.common.acl.AclOperation;
 import org.apache.kafka.common.security.auth.KafkaPrincipal;
 import org.junit.Before;
 import org.junit.Test;
@@ -41,7 +43,7 @@ import kafka.security.auth.Resource;
 import kafka.security.auth.ResourceType;
 
 @RunWith(PowerMockRunner.class)
-@PowerMockIgnore("javax.net.ssl.*")
+@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*"})
 @PrepareForTest({ AuthorizationProviderFactory.class })
 public class KafkaCustomAuthorizerTest {
 	@Mock
@@ -84,7 +86,7 @@ public class KafkaCustomAuthorizerTest {
 	@Test
 	public void testAuthorizerSuccess() {
 
-
+		
 		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
 				.thenReturn(true);
 		authorizer = new KafkaCustomAuthorizer();
@@ -95,6 +97,61 @@ public class KafkaCustomAuthorizerTest {
 	@Test
 	public void testAuthorizerFailure() {
 		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE);
+		System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
+		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
+				.thenReturn(false);
+		authorizer = new KafkaCustomAuthorizer();
+		try {
+			authorizer.authorize(arg0, arg1, arg2);
+		} catch (Exception e) {
+			assertTrue(true);
+		}
+
+	}
+	
+	@Test
+	public void testAuthorizerFailure1() {
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(resourceType.name()).thenReturn("Cluster");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE);
+		System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
+		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
+				.thenReturn(false);
+		authorizer = new KafkaCustomAuthorizer();
+		try {
+			authorizer.authorize(arg0, arg1, arg2);
+		} catch (Exception e) {
+			assertTrue(true);
+		}
+
+	}
+	
+	@Test
+	public void testAuthorizerFailure2() {
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(resourceType.name()).thenReturn("Topic");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.WRITE);
+		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
+				.thenReturn(false);
+		authorizer = new KafkaCustomAuthorizer();
+		try {
+			authorizer.authorize(arg0, arg1, arg2);
+		} catch (Exception e) {
+			assertTrue(true);
+		}
+
+	}
+	
+	@Test
+	public void testAuthorizerFailure3() {
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(resourceType.name()).thenReturn("Topic");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DESCRIBE);
 		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
 				.thenReturn(false);
 		authorizer = new KafkaCustomAuthorizer();
@@ -105,5 +162,57 @@ public class KafkaCustomAuthorizerTest {
 		}
 
 	}
+	@Test
+	public void testAuthorizerFailure4() {
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(resourceType.name()).thenReturn("Topic");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.READ);
+		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
+				.thenReturn(false);
+		authorizer = new KafkaCustomAuthorizer();
+		try {
+			authorizer.authorize(arg0, arg1, arg2);
+		} catch (Exception e) {
+			assertTrue(true);
+		}
+
+	}
+	
+	@Test
+	public void testAuthorizerFailure5() {
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(resourceType.name()).thenReturn("Cluster");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.IDEMPOTENT_WRITE);
+		System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
+		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
+				.thenReturn(false);
+		authorizer = new KafkaCustomAuthorizer();
+		try {
+			authorizer.authorize(arg0, arg1, arg2);
+		} catch (Exception e) {
+			assertTrue(true);
+		}
+
+	}
+	
+	@Test
+	public void testAuthorizerFailure6() {
+		System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+		PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
+		PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DELETE);
+		System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
+		PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
+				.thenReturn(false);
+		authorizer = new KafkaCustomAuthorizer();
+		try {
+			authorizer.authorize(arg0, arg1, arg2);
+		} catch (Exception e) {
+			assertTrue(true);
+		}
+
+	}
+	
 
 }
diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java
index 3e73062..c6d89f3 100644
--- a/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java
+++ b/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java
@@ -34,14 +34,16 @@ import org.mockito.MockitoAnnotations;
 import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider;
 import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory;
 import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 @RunWith(PowerMockRunner.class)
+@PowerMockIgnore("javax.security.auth.*")
 @PrepareForTest({ AuthorizationProviderFactory.class })
 public class PlainSaslServer1Test {
 
-	PlainSaslServer1 sslServer = new PlainSaslServer1(null);
+	PlainSaslServer1 sslServer = new PlainSaslServer1();
 	@Mock
 	JaasContext jaasContext;
 	@Mock
author	su622b <su622b@att.com>	2019-11-20 15:22:14 -0500
committer	sunil unnava <su622b@att.com>	2019-11-20 20:41:35 +0000
commit	4b6939e390bcc7d1f80839ce2dacf4459f1327ce (patch)
tree	714c99f4df705a64882629ee978711c0dc4e7070 /src/test
parent	bbaea416e64d2a4920c7377ec0a91b8ab36ded2b (diff)