From 09da64aa760f0025900abff02687fea4e9f40ccf Mon Sep 17 00:00:00 2001 From: JulienBe Date: Thu, 14 May 2020 17:40:52 +0200 Subject: add robotframework to integration tests Issue-ID: CLAMP-844 Signed-off-by: JulienBe Change-Id: Ie5c40477f42fcf26f5fef6c1742e34a2eee7f73d --- src/test/resources/robotframework/Dockerfile | 9 ++ src/test/resources/robotframework/requirements.txt | 6 + .../robotframework/robotframework-test.properties | 173 +++++++++++++++++++++ .../robotframework/tests/01_healthcheck.robot | 19 +++ 4 files changed, 207 insertions(+) create mode 100644 src/test/resources/robotframework/Dockerfile create mode 100644 src/test/resources/robotframework/requirements.txt create mode 100644 src/test/resources/robotframework/robotframework-test.properties create mode 100644 src/test/resources/robotframework/tests/01_healthcheck.robot (limited to 'src/test/resources/robotframework') diff --git a/src/test/resources/robotframework/Dockerfile b/src/test/resources/robotframework/Dockerfile new file mode 100644 index 000000000..4ae08208e --- /dev/null +++ b/src/test/resources/robotframework/Dockerfile @@ -0,0 +1,9 @@ +#FROM robotframework/rfdocker +# +#### Uncomment following two lines if having external test libraries: +##COPY --chown=robot:robot requirements.txt . +#RUN pip3 install --no-cache-dir -r requirements.txt +#COPY *.robot /home/robot/atest +FROM ppodgorsek/robot-framework:3.0.3 +COPY requirements.txt . +RUN pip install -r requirements.txt \ No newline at end of file diff --git a/src/test/resources/robotframework/requirements.txt b/src/test/resources/robotframework/requirements.txt new file mode 100644 index 000000000..2ae8f4500 --- /dev/null +++ b/src/test/resources/robotframework/requirements.txt @@ -0,0 +1,6 @@ +certifi +chardet +idna +requests +urllib3 +robotframework-extendedrequestslibrary diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties new file mode 100644 index 000000000..4ec657355 --- /dev/null +++ b/src/test/resources/robotframework/robotframework-test.properties @@ -0,0 +1,173 @@ +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### + +### Set the port for HTTP or HTTPS protocol (Controlled by Spring framework, only one at a time). +### (See below for the parameter 'server.http.port' if you want to have both enabled) +### To have only HTTP, keep the lines server.ssl.* commented +### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location +server.port=${clamp.it.tests.robotframework.http} +### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port') +#server.ssl.key-store=file:/tmp/mykey.jks +#server.ssl.key-store-password=pass +#server.ssl.key-password=pass + +### In order to be user friendly when HTTPS is enabled, +### you can add another HTTP port that will be automatically redirected to HTTPS +### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) +#server.http-to-https-redirection.port=8090 + +### HTTP Example: +###-------------- +### server.port=8080 + +### HTTPS Example: +### -------------- +### server.port=8443 +### server.ssl.key-store=file:/tmp/mykey.jks +### server.ssl.key-store-password=mypass +### server.ssl.key-password=mypass + +### HTTP (Redirected to HTTPS) and HTTPS Example: +### -------------------------------------------- +### server.port=8443 <-- The HTTPS port +### server.ssl.key-store=file:/tmp/mykey.jks +### server.ssl.key-store-password=mypass +### server.ssl.key-password=mypass +### server.http-to-https-redirection.port=8090 <-- The HTTP port + +server.servlet.context-path=/ +#Modified engine-rest applicationpath +spring.profiles.active=clamp-default,clamp-default-user +spring.http.converters.preferred-json-mapper=gson + +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +#Servlet context parameters +server.context_parameters.p-name=value #context parameter with p-name as key and value as value. + +camel.springboot.consumer-template-cache-size=1000 +camel.springboot.producer-template-cache-size=1000 +# JMX enabled to have Camel Swagger runtime working +camel.springboot.jmx-enabled=true +camel.defaultthreadpool.poolsize=10 +camel.defaultthreadpool.maxpoolsize=20 +camel.defaultthreadpool.maxqueuesize=1000 +camel.defaultthreadpool.keepaliveTime=60 +camel.defaultthreadpool.rejectpolicy=CallerRuns +#camel.springboot.xmlRoutes = false +camel.springboot.xmlRoutes=classpath:/clds/camel/routes/*.xml +camel.springboot.xmlRests=classpath:/clds/camel/rest/*.xml +#camel.springboot.typeConversion = false + +#clds datasource connection details +spring.datasource.driverClassName=org.mariadb.jdbc.Driver +spring.datasource.url=jdbc:mariadb:sequential://localhost:3306,localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.datasource.username=clds +spring.datasource.password=sidnnd83K +spring.datasource.validationQuery=SELECT 1 +spring.datasource.validationQueryTimeout=20000 +spring.datasource.validationInterval=30000 +spring.datasource.testWhileIdle = true +spring.datasource.minIdle = 0 +spring.datasource.initialSize=0 +# Automatically test whether a connection provided is good or not +spring.datasource.testOnBorrow=true +spring.datasource.ignoreExceptionOnPreLoad=true + +spring.jpa.properties.javax.persistence.schema-generation.database.action=none +#spring.jpa.properties.javax.persistence.schema-generation.create-source=metadata +#spring.jpa.properties.javax.persistence.schema-generation.scripts.action=create +#spring.jpa.properties.javax.persistence.schema-generation.scripts.create-target=create.sql +# disable Hibernate DDL generation because the schema will be generated from a sql script +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect +spring.jpa.properties.hibernate.ddl-auto=validate +spring.jpa.properties.hibernate.hbm2ddl.delimiter=; +spring.jpa.properties.hibernate.format_sql=true +spring.jpa.properties.hibernate.use-new-id-generator-mappings=true + +# Whether to enable logging of SQL statements. +#spring.jpa.show-sql=true + +#Async Executor default Parameters +async.core.pool.size=10 +async.max.pool.size=20 +async.queue.capacity=500 + +#For EELF logback file +#com.att.eelf.logging.path= +clamp.config.logback.filename=logback-default.xml +#The log folder that will be used in logback.xml file +clamp.config.log.path=log +clamp.config.files.systemProperties=classpath:/system.properties +clamp.config.files.cldsUsers=classpath:/clds/clds-users.json +clamp.config.files.globalProperties=classpath:/clds/templates/globalProperties.json +clamp.config.files.sdcController=classpath:/clds/sdc-controllers-config.json + +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.api.url=http4://localhost:${docker.http-cache.port.host} +clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.password=zb!XztG34 +clamp.config.policy.pap.url=http4://localhost:${docker.http-cache.port.host} +clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.password=zb!XztG34 + +# Sdc service properties +# +clamp.config.sdc.csarFolder = ${project.build.directory}/sdc-tests + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=http4://localhost:${docker.http-cache.port.host} +clamp.config.dcae.intentory.retry.interval=100 +clamp.config.dcae.intentory.retry.limit=1 + +#DCAE Deployment Url Properties +clamp.config.dcae.deployment.url=http4://localhost:${docker.http-cache.port.host} +clamp.config.dcae.deployment.userName=test +clamp.config.dcae.deployment.password=test + +#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case ! +clamp.config.security.permission.type.cl=permission-type-cl +clamp.config.security.permission.type.cl.manage=permission-type-cl-manage +clamp.config.security.permission.type.cl.event=permission-type-cl-event +clamp.config.security.permission.type.filter.vf=permission-type-filter-vf +clamp.config.security.permission.type.template=permission-type-template +clamp.config.security.permission.type.tosca=permission-type-tosca +#This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties +clamp.config.security.permission.instance=dev +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal + +# Configuration settings for CDS +clamp.config.cds.url=http4://localhost:${docker.http-cache.port.host} +clamp.config.cds.userName=ccsdkapps +clamp.config.cds.password=ccsdkapps + +## Tosca converter +clamp.config.tosca.converter.json.schema.templates=classpath:/clds/tosca-converter/templates.json +clamp.config.tosca.converter.default.datatypes=classpath:/clds/tosca-converter/default-tosca-types.yaml +clamp.config.tosca.converter.dictionary.support.enabled=true \ No newline at end of file diff --git a/src/test/resources/robotframework/tests/01_healthcheck.robot b/src/test/resources/robotframework/tests/01_healthcheck.robot new file mode 100644 index 000000000..f19266781 --- /dev/null +++ b/src/test/resources/robotframework/tests/01_healthcheck.robot @@ -0,0 +1,19 @@ +*** Settings *** +Library Collections +Library RequestsLibrary +Library OperatingSystem +Library json +Library OperatingSystem +*** Variables *** +${login} admin +${passw} password +*** Keywords *** +Create the sessions +*** Test Cases *** +Get Requests health check ok + ${port} = Get Environment Variable CLAMP_PORT + ${auth}= Create List ${login} ${passw} + Create Session clamp http://localhost:${port} auth=${auth} disable_warnings=1 + Set Global Variable ${clamp_session} clamp + ${resp}= Get Request ${clamp_session} /restservices/clds/v1/healthcheck + Should Be Equal As Strings ${resp.status_code} 200 \ No newline at end of file -- cgit 1.2.3-korg From bf8f0ab08a7b2d60e2f6fd8c8f1e2203c3df97ea Mon Sep 17 00:00:00 2001 From: sebdet Date: Thu, 15 Oct 2020 11:40:17 +0200 Subject: Fix creds issue with AAF Fix the permissions not returned by AAF due to wrong code the clamp servlet. Issue-ID: CLAMP-956 Signed-off-by: sebdet Change-Id: I06fac82fb04421f154b67b625e910853ade8583f Signed-off-by: sebdet --- src/main/docker/backend/Dockerfile | 2 +- src/main/java/org/onap/clamp/clds/ClampServlet.java | 20 +++++++++----------- src/main/resources/application-noaaf.properties | 2 +- src/main/resources/application.properties | 4 ++-- src/test/resources/application.properties | 3 +-- src/test/resources/https/https-test.properties | 2 +- .../robotframework/robotframework-test.properties | 2 +- 7 files changed, 16 insertions(+), 19 deletions(-) (limited to 'src/test/resources/robotframework') diff --git a/src/main/docker/backend/Dockerfile b/src/main/docker/backend/Dockerfile index ebc1d57f2..8712f1934 100644 --- a/src/main/docker/backend/Dockerfile +++ b/src/main/docker/backend/Dockerfile @@ -42,4 +42,4 @@ COPY --chown=onap:onap onap-clamp-backend/clamp.jar /opt/clamp/app.jar USER onap WORKDIR /opt/clamp/ -ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom", "-jar" ,"./app.jar"] \ No newline at end of file +ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75","-jar" ,"./app.jar"] \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 5908201fd..c19972791 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -28,9 +28,11 @@ package org.onap.clamp.clds; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import fj.data.Array; import java.io.IOException; import java.security.Principal; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import javax.servlet.ServletException; @@ -69,16 +71,11 @@ public class ClampServlet extends CamelHttpTransportServlet { private static List permissionList; - private synchronized Class loadDynamicAuthenticationClass() { - try { - String authenticationObject = WebApplicationContextUtils.getWebApplicationContext(getServletContext()) - .getEnvironment().getProperty(AUTHENTICATION_CLASS); - return Class.forName(authenticationObject); - } catch (ClassNotFoundException e) { - logger.error( - "Exception caught when attempting to create associated class of config:" + AUTHENTICATION_CLASS, e); - return Object.class; - } + private synchronized String[] loadDynamicAuthenticationClasses() { + String[] authenticationObjects = WebApplicationContextUtils.getWebApplicationContext(getServletContext()) + .getEnvironment().getProperty(AUTHENTICATION_CLASS).split(","); + Arrays.stream(authenticationObjects).forEach(className -> className.trim()); + return authenticationObjects; } private synchronized List getPermissionList() { @@ -115,7 +112,8 @@ public class ClampServlet extends CamelHttpTransportServlet { @Override protected void doService(HttpServletRequest request, HttpServletResponse response) { Principal principal = request.getUserPrincipal(); - if (loadDynamicAuthenticationClass().isInstance(principal)) { + if (principal != null && Arrays.stream(loadDynamicAuthenticationClasses()) + .anyMatch(className -> className.equals(principal.getName()))) { // When AAF is enabled, there is a need to provision the permissions to Spring // system List grantedAuths = new ArrayList<>(); diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties index 423c73e93..6b28cf7ef 100644 --- a/src/main/resources/application-noaaf.properties +++ b/src/main/resources/application-noaaf.properties @@ -173,7 +173,7 @@ clamp.config.security.permission.type.template=org.onap.clamp.clds.template clamp.config.security.permission.type.tosca=org.onap.clamp.clds.tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties clamp.config.security.permission.instance=dev -clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal, org.onap.aaf.cadi.principal.CachedBasicPrincipal ## Tosca converter clamp.config.tosca.converter.json.schema.templates=classpath:/clds/tosca-converter/templates.json diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index de32098fa..1b5a26d0a 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -176,13 +176,13 @@ clamp.config.security.permission.type.template=org.onap.clamp.clds.template clamp.config.security.permission.type.tosca=org.onap.clamp.clds.tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties clamp.config.security.permission.instance=dev -clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal, org.onap.aaf.cadi.principal.CachedBasicPrincipal #AAF related parameters clamp.config.cadi.cadiLoglevel=DEBUG clamp.config.cadi.cadiLatitude=10 clamp.config.cadi.cadiLongitude=10 -clamp.config.cadi.aafLocateUrl=https://aaf-locate:8095 +clamp.config.cadi.aafLocateUrl=https://aaf-locate:30251 clamp.config.cadi.oauthTokenUrl= https://AAF_LOCATE_URL/locate/onap.org.osaaf.aaf.token:2.1/token clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/locate/onap.org.osaaf.aaf.introspect:2.1/introspect clamp.config.cadi.aafEnv=DEV diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index a8ec7add1..5a668dcf4 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -160,8 +160,7 @@ clamp.config.security.permission.type.template=permission-type-template clamp.config.security.permission.type.tosca=permission-type-tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties clamp.config.security.permission.instance=dev -clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal - +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal, org.onap.aaf.cadi.principal.CachedBasicPrincipal # Configuration settings for CDS clamp.config.cds.url=http4://localhost:${docker.http-cache.port.host} clamp.config.cds.userName=ccsdkapps diff --git a/src/test/resources/https/https-test.properties b/src/test/resources/https/https-test.properties index 6f3a405fc..86e444efe 100644 --- a/src/test/resources/https/https-test.properties +++ b/src/test/resources/https/https-test.properties @@ -116,7 +116,7 @@ clamp.config.security.permission.type.template=org.onap.clamp.clds.template clamp.config.security.permission.type.tosca=org.onap.clamp.clds.tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties clamp.config.security.permission.instance=dev -clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal, org.onap.aaf.cadi.principal.CachedBasicPrincipal #AAF related parameters clamp.config.cadi.cadiLoglevel=DEBUG diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties index 4ec657355..665842b84 100644 --- a/src/test/resources/robotframework/robotframework-test.properties +++ b/src/test/resources/robotframework/robotframework-test.properties @@ -160,7 +160,7 @@ clamp.config.security.permission.type.template=permission-type-template clamp.config.security.permission.type.tosca=permission-type-tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties clamp.config.security.permission.instance=dev -clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal, org.onap.aaf.cadi.principal.CachedBasicPrincipal # Configuration settings for CDS clamp.config.cds.url=http4://localhost:${docker.http-cache.port.host} -- cgit 1.2.3-korg