aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--osdf/adapters/aaf/aaf_authentication.py2
-rwxr-xr-xtest/config/onap_logging_common_v1.config58
-rwxr-xr-xtest/config/osdf_config.yaml6
-rw-r--r--test/test_aaf_authentication.py104
4 files changed, 169 insertions, 1 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py
index 26a3992..26eac29 100644
--- a/osdf/adapters/aaf/aaf_authentication.py
+++ b/osdf/adapters/aaf/aaf_authentication.py
@@ -95,5 +95,5 @@ def remote_api(passwd, uid):
"Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"}
url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid)
rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug,
- req_id='aaf_user_id', service='aaf_authentication_service')
+ req_id='aaf_user_id')
return rc.request(method='GET', asjson=True)
diff --git a/test/config/onap_logging_common_v1.config b/test/config/onap_logging_common_v1.config
new file mode 100755
index 0000000..56f58d3
--- /dev/null
+++ b/test/config/onap_logging_common_v1.config
@@ -0,0 +1,58 @@
+# -------------------------------------------------------------------------
+# Copyright (c) 2015-2017 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# -------------------------------------------------------------------------
+#
+
+# You may change this file while your program is running and CommonLogger will automatically reconfigure accordingly.
+# Changing these parameters may leave old log files lying around.
+
+
+#--- Parameters that apply to all logs
+#
+# rotateMethod: time, size, stdout, stderr, none
+#... Note: the following two parameters apply only when rotateMethod=time
+# timeRotateIntervalType: S, M, H, D, W0 - W6, or midnight (seconds, minutes, hours, days, weekday (0=Monday), or midnight UTC)
+# timeRotateInterval: >= 1 (1 means every timeRotateIntervalType, 2 every other, 3 every third, etc.)
+#... Note: the following parameter applies only when rotateMethod=size
+# sizeMaxBytes: >= 0 (0 means no limit, else maximum filesize in Bytes)
+# backupCount: >= 0 (Number of rotated backup files to retain. If rotateMethod=time, 0 retains *all* backups. If rotateMethod=size, 0 retains *no* backups.)
+#
+rotateMethod = time
+timeRotateIntervalType = midnight
+timeRotateInterval = 1
+sizeMaxBytes = 0
+backupCount = 6
+
+
+#--- Parameters that define log filenames and their initial LogLevel threshold
+#... Note: CommonLogger will exit if your process does not have permission to write to the file.
+#
+
+error = logs/error.log
+errorLogLevel = WARN
+errorStyle = error
+
+metrics = logs/metrics.log
+metricsLogLevel = INFO
+metricsStyle = metrics
+
+audit = logs/audit.log
+auditLogLevel = INFO
+auditStyle = audit
+
+debug = logs/debug.log
+debugLogLevel = DEBUG
+debugStyle = debug
diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml
index 69ebdf0..495feb1 100755
--- a/test/config/osdf_config.yaml
+++ b/test/config/osdf_config.yaml
@@ -32,3 +32,9 @@ sdcONAPInstanceID: ONAP-OSDF
osdfPlacementUrl: "http://127.0.0.1:24699/osdf/api/v2/placement"
osdfPlacementUsername: "test"
osdfPlacementPassword: "testpwd"
+
+is_aaf_enabled: False
+aaf_cache_expiry_hrs: 3
+aaf_url: https://aaftest.simpledemo.onap.org:8095
+aaf_user_roles:
+ - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL \ No newline at end of file
diff --git a/test/test_aaf_authentication.py b/test/test_aaf_authentication.py
new file mode 100644
index 0000000..7f5207e
--- /dev/null
+++ b/test/test_aaf_authentication.py
@@ -0,0 +1,104 @@
+import os
+from flask import Flask
+from mock import mock
+
+from osdf.adapters.aaf import aaf_authentication as auth
+from osdf.utils.interfaces import RestClient
+
+BASE_DIR = os.path.dirname(__file__)
+
+
+class TestAafAuthentication():
+
+ def test_authenticate(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response(*args, **kwargs):
+ return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
+ {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+ {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
+ {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
+ {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
+ {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]}
+
+ with app.test_request_context(path='/api/oof/v1/placement'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+ assert auth.authenticate('user', 'password')
+
+ def test_auth_cache(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response(*args, **kwargs):
+ return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
+ {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+ {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
+ {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
+ {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
+ {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]}
+
+ with app.test_request_context(path='/api/oof/v1/placement'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+ assert auth.authenticate('user', 'password')
+ assert auth.authenticate('user', 'password')
+
+ def test_authenticate_fail(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response(*args, **kwargs):
+ return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"}]}
+
+ with app.test_request_context(path='/api/oof/v1/placement'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+ assert not auth.authenticate('user1', 'password1')
+
+ def test_authenticate_uri_mismatch(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response(*args, **kwargs):
+ return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
+ {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+ {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
+ {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
+ {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
+ {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]}
+
+ with app.test_request_context(path='/sniro/wrong/uri'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+ assert not auth.authenticate('user', 'password')
+
+ def test_authenticate_fail1(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response(*args, **kwargs):
+ return {}
+
+ with app.test_request_context(path='/api/oof/v1/placement'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+ assert not auth.authenticate('user2', 'password2')
+
+ def test_authenticate_fail3(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response2(*args, **kwargs):
+ return {}
+
+ with app.test_request_context(path='/api/oof/v1/placement'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response2):
+ assert not auth.authenticate('user3', 'password3')
+
+ def test_authenticate_except(self):
+ app = Flask(__name__)
+ auth.clear_cache()
+
+ def mock_aaf_response2(*args, **kwargs):
+ raise Exception('This is the exception you expect to handle')
+
+ with app.test_request_context(path='/api/oof/v1/placement'):
+ with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response2):
+ assert not auth.authenticate('user3', 'password3')