From 0255242087453befa24f1b7cde905c8869267a20 Mon Sep 17 00:00:00 2001
From: "Varma, Vikas" <vv8305@att.com>
Date: Fri, 14 Sep 2018 17:56:41 -0400
Subject: Add unit test cases for aaf auth api

Change-Id: I611f3fc8dcfe9570d3202bb1473f163168d22d7c
Signed-off-by: Varma, Vikas <vv8305@att.com>
Issue-ID: OPTFRA-339
---
 osdf/adapters/aaf/aaf_authentication.py   |   2 +-
 test/config/onap_logging_common_v1.config |  58 +++++++++++++++++
 test/config/osdf_config.yaml              |   6 ++
 test/test_aaf_authentication.py           | 104 ++++++++++++++++++++++++++++++
 4 files changed, 169 insertions(+), 1 deletion(-)
 create mode 100755 test/config/onap_logging_common_v1.config
 create mode 100644 test/test_aaf_authentication.py

diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py
index 26a3992..26eac29 100644
--- a/osdf/adapters/aaf/aaf_authentication.py
+++ b/osdf/adapters/aaf/aaf_authentication.py
@@ -95,5 +95,5 @@ def remote_api(passwd, uid):
                "Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"}
     url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid)
     rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug,
-                    req_id='aaf_user_id', service='aaf_authentication_service')
+                    req_id='aaf_user_id')
     return rc.request(method='GET', asjson=True)
diff --git a/test/config/onap_logging_common_v1.config b/test/config/onap_logging_common_v1.config
new file mode 100755
index 0000000..56f58d3
--- /dev/null
+++ b/test/config/onap_logging_common_v1.config
@@ -0,0 +1,58 @@
+# -------------------------------------------------------------------------
+#   Copyright (c) 2015-2017 AT&T Intellectual Property
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# -------------------------------------------------------------------------
+#
+
+# You may change this file while your program is running and CommonLogger will automatically reconfigure accordingly.
+# Changing these parameters may leave old log files lying around.
+
+
+#--- Parameters that apply to all logs
+#
+# rotateMethod:  time, size, stdout, stderr, none
+#... Note:  the following two parameters apply only when rotateMethod=time
+# timeRotateIntervalType:  S, M, H, D, W0 - W6, or midnight  (seconds, minutes, hours, days, weekday (0=Monday), or midnight UTC)
+# timeRotateInterval:  >= 1  (1 means every timeRotateIntervalType, 2 every other, 3 every third, etc.)
+#... Note:  the following parameter applies only when rotateMethod=size
+# sizeMaxBytes:  >= 0  (0 means no limit, else maximum filesize in Bytes)
+# backupCount:  >= 0  (Number of rotated backup files to retain.  If rotateMethod=time, 0 retains *all* backups.  If rotateMethod=size, 0 retains *no* backups.)
+#
+rotateMethod           = time
+timeRotateIntervalType = midnight
+timeRotateInterval     = 1
+sizeMaxBytes           = 0
+backupCount            = 6
+
+
+#--- Parameters that define log filenames and their initial LogLevel threshold
+#... Note:  CommonLogger will exit if your process does not have permission to write to the file.
+#
+
+error           = logs/error.log
+errorLogLevel   = WARN
+errorStyle      = error
+
+metrics         = logs/metrics.log
+metricsLogLevel = INFO
+metricsStyle    = metrics
+
+audit           = logs/audit.log
+auditLogLevel   = INFO
+auditStyle      = audit
+
+debug           = logs/debug.log
+debugLogLevel   = DEBUG
+debugStyle      = debug
diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml
index 69ebdf0..495feb1 100755
--- a/test/config/osdf_config.yaml
+++ b/test/config/osdf_config.yaml
@@ -32,3 +32,9 @@ sdcONAPInstanceID: ONAP-OSDF
 osdfPlacementUrl: "http://127.0.0.1:24699/osdf/api/v2/placement"
 osdfPlacementUsername: "test"
 osdfPlacementPassword: "testpwd"
+
+is_aaf_enabled: False
+aaf_cache_expiry_hrs: 3
+aaf_url: https://aaftest.simpledemo.onap.org:8095
+aaf_user_roles:
+    - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
\ No newline at end of file
diff --git a/test/test_aaf_authentication.py b/test/test_aaf_authentication.py
new file mode 100644
index 0000000..7f5207e
--- /dev/null
+++ b/test/test_aaf_authentication.py
@@ -0,0 +1,104 @@
+import os
+from flask import Flask
+from mock import mock
+
+from osdf.adapters.aaf import aaf_authentication as auth
+from osdf.utils.interfaces import RestClient
+
+BASE_DIR = os.path.dirname(__file__)
+
+
+class TestAafAuthentication():
+
+    def test_authenticate(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response(*args, **kwargs):
+            return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
+                             {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+                             {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
+                             {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
+                             {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
+                             {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]}
+
+        with app.test_request_context(path='/api/oof/v1/placement'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+                assert auth.authenticate('user', 'password')
+
+    def test_auth_cache(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response(*args, **kwargs):
+            return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
+                             {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+                             {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
+                             {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
+                             {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
+                             {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]}
+
+        with app.test_request_context(path='/api/oof/v1/placement'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+                assert auth.authenticate('user', 'password')
+                assert auth.authenticate('user', 'password')
+
+    def test_authenticate_fail(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response(*args, **kwargs):
+            return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"}]}
+
+        with app.test_request_context(path='/api/oof/v1/placement'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+                assert not auth.authenticate('user1', 'password1')
+
+    def test_authenticate_uri_mismatch(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response(*args, **kwargs):
+            return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
+                             {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+                             {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
+                             {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
+                             {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
+                             {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.ist.k8"}]}
+
+        with app.test_request_context(path='/sniro/wrong/uri'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+                assert not auth.authenticate('user', 'password')
+
+    def test_authenticate_fail1(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response(*args, **kwargs):
+            return {}
+
+        with app.test_request_context(path='/api/oof/v1/placement'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response):
+                assert not auth.authenticate('user2', 'password2')
+
+    def test_authenticate_fail3(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response2(*args, **kwargs):
+            return {}
+
+        with app.test_request_context(path='/api/oof/v1/placement'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response2):
+                assert not auth.authenticate('user3', 'password3')
+
+    def test_authenticate_except(self):
+        app = Flask(__name__)
+        auth.clear_cache()
+
+        def mock_aaf_response2(*args, **kwargs):
+            raise Exception('This is the exception you expect to handle')
+
+        with app.test_request_context(path='/api/oof/v1/placement'):
+            with mock.patch.object(RestClient, 'request', side_effect=mock_aaf_response2):
+                assert not auth.authenticate('user3', 'password3')
-- 
cgit 1.2.3-korg