diff options
-rw-r--r-- | osdf/adapters/aaf/aaf_authentication.py | 2 | ||||
-rwxr-xr-x | test/config/onap_logging_common_v1.config | 58 | ||||
-rwxr-xr-x | test/config/osdf_config.yaml | 6 | ||||
-rw-r--r-- | test/test_aaf_authentication.py | 104 |
4 files changed, 169 insertions, 1 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py index 26a3992..26eac29 100644 --- a/osdf/adapters/aaf/aaf_authentication.py +++ b/osdf/adapters/aaf/aaf_authentication.py @@ -95,5 +95,5 @@ def remote_api(passwd, uid): "Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"} url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid) rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug, - req_id='aaf_user_id', service='aaf_authentication_service') + req_id='aaf_user_id') return rc.request(method='GET', asjson=True) diff --git a/test/config/onap_logging_common_v1.config b/test/config/onap_logging_common_v1.config new file mode 100755 index 0000000..56f58d3 --- /dev/null +++ b/test/config/onap_logging_common_v1.config @@ -0,0 +1,58 @@ +# ------------------------------------------------------------------------- +# Copyright (c) 2015-2017 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- +# + +# You may change this file while your program is running and CommonLogger will automatically reconfigure accordingly. +# Changing these parameters may leave old log files lying around. + + +#--- Parameters that apply to all logs +# +# rotateMethod: time, size, stdout, stderr, none +#... Note: the following two parameters apply only when rotateMethod=time +# timeRotateIntervalType: S, M, H, D, W0 - W6, or midnight (seconds, minutes, hours, days, weekday (0=Monday), or midnight UTC) +# timeRotateInterval: >= 1 (1 means every timeRotateIntervalType, 2 every other, 3 every third, etc.) +#... Note: the following parameter applies only when rotateMethod=size +# sizeMaxBytes: >= 0 (0 means no limit, else maximum filesize in Bytes) +# backupCount: >= 0 (Number of rotated backup files to retain. If rotateMethod=time, 0 retains *all* backups. If rotateMethod=size, 0 retains *no* backups.) +# +rotateMethod = time +timeRotateIntervalType = midnight +timeRotateInterval = 1 +sizeMaxBytes = 0 +backupCount = 6 + + +#--- Parameters that define log filenames and their initial LogLevel threshold +#... Note: CommonLogger will exit if your process does not have permission to write to the file. +# + +error = logs/error.log +errorLogLevel = WARN +errorStyle = error + +metrics = logs/metrics.log +metricsLogLevel = INFO +metricsStyle = metrics + +audit = logs/audit.log +auditLogLevel = INFO +auditStyle = audit + +debug = logs/debug.log +debugLogLevel = DEBUG +debugStyle = debug diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml index 69ebdf0..495feb1 100755 --- a/test/config/osdf_config.yaml +++ b/test/config/osdf_config.yaml @@ -32,3 +32,9 @@ sdcONAPInstanceID: ONAP-OSDF osdfPlacementUrl: "http://127.0.0.1:24699/osdf/api/v2/placement" osdfPlacementUsername: "test" osdfPlacementPassword: "testpwd" + +is_aaf_enabled: False +aaf_cache_expiry_hrs: 3 +aaf_url: https://aaftest.simpledemo.onap.org:8095 +aaf_user_roles: + - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
\ No newline at end of file diff --git a/test/test_aaf_authentication.py b/test/test_aaf_authentication.py new file mode 100644 index 0000000..7f5207e --- /dev/null +++ b/test/test_aaf_authentication.py @@ -0,0 +1,104 @@ +import os +from flask import Flask +from mock import mock + +from osdf.adapters.aaf import aaf_authentication as auth +from osdf.utils.interfaces import RestClient + +BASE_DIR = os.path.dirname(__file__) + + +class TestAafAuthentication(): + + def test_authenticate(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response(*args, **kwargs): + return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"}, + {"instance": "*", "action": "*", "type": "org.onap.osdf.access"}, + {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"}, + {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"}, + {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"}, + {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]} + + with app.test_request_context(path='/api/oof/v1/placement'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response): + assert auth.authenticate('user', 'password') + + def test_auth_cache(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response(*args, **kwargs): + return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"}, + {"instance": "*", "action": "*", "type": "org.onap.osdf.access"}, + {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"}, + {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"}, + {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"}, + {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]} + + with app.test_request_context(path='/api/oof/v1/placement'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response): + assert auth.authenticate('user', 'password') + assert auth.authenticate('user', 'password') + + def test_authenticate_fail(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response(*args, **kwargs): + return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"}]} + + with app.test_request_context(path='/api/oof/v1/placement'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response): + assert not auth.authenticate('user1', 'password1') + + def test_authenticate_uri_mismatch(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response(*args, **kwargs): + return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"}, + {"instance": "*", "action": "*", "type": "org.onap.osdf.access"}, + {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"}, + {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"}, + {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"}, + {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]} + + with app.test_request_context(path='/sniro/wrong/uri'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response): + assert not auth.authenticate('user', 'password') + + def test_authenticate_fail1(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response(*args, **kwargs): + return {} + + with app.test_request_context(path='/api/oof/v1/placement'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response): + assert not auth.authenticate('user2', 'password2') + + def test_authenticate_fail3(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response2(*args, **kwargs): + return {} + + with app.test_request_context(path='/api/oof/v1/placement'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response2): + assert not auth.authenticate('user3', 'password3') + + def test_authenticate_except(self): + app = Flask(__name__) + auth.clear_cache() + + def mock_aaf_response2(*args, **kwargs): + raise Exception('This is the exception you expect to handle') + + with app.test_request_context(path='/api/oof/v1/placement'): + with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response2): + assert not auth.authenticate('user3', 'password3') |