diff options
4 files changed, 193 insertions, 31 deletions
diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java index 4a35f4583..2e43495b7 100644 --- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java +++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java @@ -30,7 +30,7 @@ import com.att.eelf.configuration.EELFManager; import java.util.Date; -import javax.ws.rs.NotAuthorizedException; +import org.onap.clamp.clds.exception.NotAuthorizedException; import org.apache.camel.Exchange; import org.onap.clamp.clds.config.ClampProperties; @@ -57,7 +57,7 @@ public class AuthorizationController { @Autowired private ClampProperties refProp; - private static final String PERM_PREFIX = "security.permission.type."; + public static final String PERM_PREFIX = "security.permission.type."; private static final String PERM_INSTANCE = "security.permission.instance"; /** diff --git a/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java b/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java index 58d946857..ab4421fca 100644 --- a/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java @@ -5,6 +5,8 @@ * Copyright (C) 2019 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -25,26 +27,26 @@ package org.onap.clamp.clds.it; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.io.IOException; -import java.util.LinkedList; import java.util.List; +import org.apache.camel.Exchange; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.mockito.InjectMocks; import org.mockito.Mockito; +import org.mockito.Spy; import org.onap.clamp.authorization.AuthorizationController; +import org.onap.clamp.clds.config.ClampProperties; +import org.onap.clamp.clds.exception.NotAuthorizedException; import org.onap.clamp.clds.service.SecureServicePermission; import org.onap.clamp.util.PrincipalUtils; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.mock.env.MockEnvironment; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.userdetails.User; import org.springframework.test.context.junit4.SpringRunner; @@ -57,39 +59,59 @@ import org.springframework.test.context.junit4.SpringRunner; @SpringBootTest public class AuthorizationControllerItCase { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(AuthorizationControllerItCase.class); - private Authentication authentication; - private List<GrantedAuthority> authList = new LinkedList<GrantedAuthority>(); + private PermissionTestDefaultHelper permissionTestHelper = new PermissionTestDefaultHelper(); + + @Spy + MockEnvironment env; + + @Spy + @InjectMocks + private ClampProperties clampProp = new ClampProperties(); + + @InjectMocks + private AuthorizationController auth; /** * Setup the variable before the tests execution. - * - * @throws IOException - * In case of issues when opening the files */ @Before - public void setupBefore() throws IOException { - authList.add(new SimpleGrantedAuthority("permission-type-cl-manage|dev|*")); - authList.add(new SimpleGrantedAuthority("permission-type-cl|dev|read")); - authList.add(new SimpleGrantedAuthority("permission-type-cl|dev|update")); - authList.add(new SimpleGrantedAuthority("permission-type-template|dev|read")); - authList.add(new SimpleGrantedAuthority("permission-type-template|dev|update")); - authList.add(new SimpleGrantedAuthority("permission-type-filter-vf|dev|*")); - authList.add(new SimpleGrantedAuthority("permission-type-cl-event|dev|*")); - - authentication = new UsernamePasswordAuthenticationToken(new User("admin", "", authList), "", authList); - } + public void setupBefore() { + permissionTestHelper.setupMockEnv(env); + List<GrantedAuthority> authList = permissionTestHelper.getAuthList(); - @Test - public void testIsUserPermittedNoException() { SecurityContext securityContext = Mockito.mock(SecurityContext.class); - Mockito.when(securityContext.getAuthentication()).thenReturn(authentication); + Mockito.when(securityContext.getAuthentication()).thenReturn( + new UsernamePasswordAuthenticationToken(new User("admin", "", authList), + "", authList) + ); PrincipalUtils.setSecurityContext(securityContext); + } - AuthorizationController auth = new AuthorizationController(); + @Test + public void testIsUserPermitted() { assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","dev","read"))); assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl-manage","dev","DEPLOY"))); - assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-filter-vf","dev","12345-55555-55555-5555"))); + assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-filter-vf","dev", + "12345-55555-55555-5555"))); assertFalse(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","test","read"))); } + + @Test + public void testIfUserAuthorize() { + Exchange ex = Mockito.mock(Exchange.class); + try { + permissionTestHelper.doActionOnAllPermissions(((type, instance, action) -> + auth.authorize(ex, type, instance, action) + ) + ); + } catch (NotAuthorizedException e) { + fail(e.getMessage()); + } + } + + @Test(expected = NotAuthorizedException.class) + public void testIfAuthorizeThrowException() { + Exchange ex = Mockito.mock(Exchange.class); + auth.authorize(ex,"permission-type-cl","test","read"); + } } diff --git a/src/test/java/org/onap/clamp/clds/it/PermissionTestDefaultHelper.java b/src/test/java/org/onap/clamp/clds/it/PermissionTestDefaultHelper.java new file mode 100644 index 000000000..fa22b02b7 --- /dev/null +++ b/src/test/java/org/onap/clamp/clds/it/PermissionTestDefaultHelper.java @@ -0,0 +1,61 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2019 Samsung. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.clds.it; + +import com.google.common.collect.ImmutableMap; + +import java.util.Map; + +public class PermissionTestDefaultHelper extends PermissionTestHelper { + + private static final String[] ALL_ACTION = new String[] {"*"}; + private static final String[] READ_UPDATE_ACTION = new String[] {"read", "update"}; + + private static final String DEV_INSTANCE = "dev"; + private static final String TEST_INSTANCE = "test"; + + private static final Map<String, Map> defaultPermission = ImmutableMap.of( + "permission-type-cl", ImmutableMap.of( + DEV_INSTANCE, ALL_ACTION), + "permission-type-cl-event", ImmutableMap.of( + DEV_INSTANCE, ALL_ACTION, + TEST_INSTANCE, READ_UPDATE_ACTION), + "permission-type-cl-manage", ImmutableMap.of( + DEV_INSTANCE, ALL_ACTION, + TEST_INSTANCE, READ_UPDATE_ACTION), + "permission-type-filter-vf", ImmutableMap.of( + DEV_INSTANCE, ALL_ACTION, + TEST_INSTANCE, READ_UPDATE_ACTION), + "permission-type-template", ImmutableMap.of( + DEV_INSTANCE, ALL_ACTION, + TEST_INSTANCE, READ_UPDATE_ACTION) + ); + + /** + * Permission test default helper constructor. + * This class setup the default permission in the parent PermissionTestHelper class. + */ + public PermissionTestDefaultHelper() { + super(defaultPermission); + } +} diff --git a/src/test/java/org/onap/clamp/clds/it/PermissionTestHelper.java b/src/test/java/org/onap/clamp/clds/it/PermissionTestHelper.java new file mode 100644 index 000000000..ee073b015 --- /dev/null +++ b/src/test/java/org/onap/clamp/clds/it/PermissionTestHelper.java @@ -0,0 +1,79 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2019 Samsung. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.clds.it; + +import static org.onap.clamp.authorization.AuthorizationController.PERM_PREFIX; +import static org.onap.clamp.clds.config.ClampProperties.CONFIG_PREFIX; + +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.springframework.mock.env.MockEnvironment; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +public class PermissionTestHelper { + + private static final String securityPrefix = CONFIG_PREFIX + PERM_PREFIX; + private final Map<String, Map> permission; + private static final List<GrantedAuthority> authList = new LinkedList<>(); + + /** + * Permission Test Helper constructor + * Generate authList base on general permission collection + */ + public PermissionTestHelper(Map<String, Map> permission) { + this.permission = permission; + this.createAuthList(); + } + + private void createAuthList() { + permission.forEach((type, instanceMap) -> instanceMap.forEach((instance, actionList) -> { + for (String action : (String[]) actionList) { + authList.add(new SimpleGrantedAuthority(type + "|" + instance + "|" + action)); + } + })); + } + + List<GrantedAuthority> getAuthList() { + return authList; + } + + void setupMockEnv(MockEnvironment env) { + permission.forEach((type, instanceMap) -> env.withProperty(securityPrefix + type, type)); + } + + void doActionOnAllPermissions(PermissionAction action) { + permission.forEach((type, instanceMap) -> instanceMap.forEach((instance, actionList) -> { + for (String actionName : (String[]) actionList) { + action.doAction(type, (String) instance, actionName); + } + })); + } + + @FunctionalInterface + public interface PermissionAction { + void doAction(String type, String instance, String action); + } +} |