From d5732759bf7e90076c8fba189ae12a2a46fbb32e Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Tue, 29 Aug 2023 10:30:45 +0200 Subject: Change role prefix from onap_ to portal_ [bff] - change the expected role prefix that is used for RBAC from onap_ to portal_ - fix docker-compose file Issue-ID: PORTALNG-32 Change-Id: Ie3d93d5659ce0573c99278afce5e08fc57d442fd Signed-off-by: Fiete Ostkamp --- .../main/resources/application-access-control.yml | 36 +++++++++++----------- .../org/onap/portalng/bff/BaseIntegrationTest.java | 4 +-- .../bff/users/CreateUserIntegrationTest.java | 10 +++--- .../bff/users/GetUserDetailIntegrationTest.java | 2 +- .../bff/users/ListUsersIntegrationTest.java | 4 +-- .../test/resources/application-access-control.yml | 36 +++++++++++----------- 6 files changed, 46 insertions(+), 46 deletions(-) (limited to 'app/src') diff --git a/app/src/main/resources/application-access-control.yml b/app/src/main/resources/application-access-control.yml index ac83409..4da29f1 100644 --- a/app/src/main/resources/application-access-control.yml +++ b/app/src/main/resources/application-access-control.yml @@ -1,21 +1,21 @@ bff.access-control: - ACTIONS_CREATE: [ onap_admin, onap_designer, onap_operator ] - ACTIONS_GET: [ onap_admin, onap_designer, onap_operator ] - ACTIONS_LIST: [ onap_admin, onap_designer, onap_operator ] - ACTIVE_ALARM_LIST: [onap_admin, onap_designer, onap_operator] - KEY_ENCRYPT_BY_USER: [onap_admin, onap_designer, onap_operator] - KEY_ENCRYPT_BY_VALUE: [onap_admin, onap_designer, onap_operator] - PREFERENCES_CREATE: [onap_admin, onap_designer, onap_operator] - PREFERENCES_GET: [onap_admin, onap_designer, onap_operator] - PREFERENCES_UPDATE: [onap_admin, onap_designer, onap_operator] + ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ] + ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ] + ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ] + ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator] + KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator] + KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator] + PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator] + PREFERENCES_GET: [portal_admin, portal_designer, portal_operator] + PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator] ROLE_LIST: ["*"] - USER_CREATE: [onap_admin, onap_designer, onap_operator] - USER_DELETE: [onap_admin, onap_designer, onap_operator] - USER_GET: [onap_admin, onap_designer, onap_operator] - USER_LIST_AVAILABLE_ROLES: [onap_admin, onap_designer, onap_operator] - USER_LIST_ROLES: [onap_admin, onap_designer, onap_operator] - USER_LIST: [onap_admin, onap_designer, onap_operator] - USER_UPDATE_PASSWORD: [onap_admin, onap_designer, onap_operator] - USER_UPDATE_ROLES: [onap_admin, onap_designer, onap_operator] - USER_UPDATE: [onap_admin, onap_designer, onap_operator] + USER_CREATE: [portal_admin, portal_designer, portal_operator] + USER_DELETE: [portal_admin, portal_designer, portal_operator] + USER_GET: [portal_admin, portal_designer, portal_operator] + USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator] + USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator] + USER_LIST: [portal_admin, portal_designer, portal_operator] + USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator] + USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator] + USER_UPDATE: [portal_admin, portal_designer, portal_operator] diff --git a/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java b/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java index 8821b76..d90034c 100644 --- a/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java +++ b/app/src/test/java/org/onap/portalng/bff/BaseIntegrationTest.java @@ -121,10 +121,10 @@ public abstract class BaseIntegrationTest { /** * Object to store common attributes of requests that are going to be made. Adds an Identity - * header for the onap_admin role to the request. + * header for the portal_admin role to the request. */ protected RequestSpecification requestSpecification() { - final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("onap_admin")); + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("portal_admin")); return unauthenticatedRequestSpecification() .auth() diff --git a/app/src/test/java/org/onap/portalng/bff/users/CreateUserIntegrationTest.java b/app/src/test/java/org/onap/portalng/bff/users/CreateUserIntegrationTest.java index 5aab69d..c22f937 100644 --- a/app/src/test/java/org/onap/portalng/bff/users/CreateUserIntegrationTest.java +++ b/app/src/test/java/org/onap/portalng/bff/users/CreateUserIntegrationTest.java @@ -67,7 +67,7 @@ class CreateUserIntegrationTest extends BaseIntegrationTest { .enabled(keycloakRequest.getEnabled()); mockGetUser(userId, keycloakResponse); - final RoleKeycloakDto onapAdmin = new RoleKeycloakDto().id(randomUUID()).name("onap_admin"); + final RoleKeycloakDto onapAdmin = new RoleKeycloakDto().id(randomUUID()).name("portal_admin"); mockAddRoles(userId, List.of(onapAdmin)); mockAssignedRoles(userId, List.of(onapAdmin)); mockListRealmRoles(List.of(onapAdmin)); @@ -92,7 +92,7 @@ class CreateUserIntegrationTest extends BaseIntegrationTest { .firstName(null) .lastName(null) .enabled(true) - .addRolesItem(new RoleApiDto().id(onapAdmin.getId()).name("onap_admin")); + .addRolesItem(new RoleApiDto().id(onapAdmin.getId()).name("portal_admin")); final UserResponseApiDto response = requestSpecification() @@ -116,7 +116,7 @@ class CreateUserIntegrationTest extends BaseIntegrationTest { assertThat(response.getFirstName()).isEqualTo(request.getFirstName()); assertThat(response.getLastName()).isEqualTo(request.getLastName()); assertThat(response.getEnabled()).isEqualTo(request.getEnabled()); - assertThat(response.getRealmRoles()).containsExactly("onap_admin"); + assertThat(response.getRealmRoles()).containsExactly("portal_admin"); } @Test @@ -140,7 +140,7 @@ class CreateUserIntegrationTest extends BaseIntegrationTest { .enabled(keycloakRequest.getEnabled()); mockGetUser(userId, keycloakResponse); - final RoleKeycloakDto onapAdmin = new RoleKeycloakDto().id(randomUUID()).name("onap_admin"); + final RoleKeycloakDto onapAdmin = new RoleKeycloakDto().id(randomUUID()).name("portal_admin"); mockAddRoles(userId, List.of(onapAdmin)); mockListRealmRoles(List.of(onapAdmin)); @@ -157,7 +157,7 @@ class CreateUserIntegrationTest extends BaseIntegrationTest { .firstName(null) .lastName(null) .enabled(true) - .addRolesItem(new RoleApiDto().id(onapAdmin.getId()).name("onap_admin")); + .addRolesItem(new RoleApiDto().id(onapAdmin.getId()).name("portal_admin")); final ProblemApiDto response = requestSpecification() diff --git a/app/src/test/java/org/onap/portalng/bff/users/GetUserDetailIntegrationTest.java b/app/src/test/java/org/onap/portalng/bff/users/GetUserDetailIntegrationTest.java index e334953..9c620bb 100644 --- a/app/src/test/java/org/onap/portalng/bff/users/GetUserDetailIntegrationTest.java +++ b/app/src/test/java/org/onap/portalng/bff/users/GetUserDetailIntegrationTest.java @@ -52,7 +52,7 @@ class GetUserDetailIntegrationTest extends BaseIntegrationTest { .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) .withBody(objectMapper.writeValueAsString(keycloakUser)))); - final RoleKeycloakDto keycloackRole = new RoleKeycloakDto().id(randomUUID()).name("onap_admin"); + final RoleKeycloakDto keycloackRole = new RoleKeycloakDto().id(randomUUID()).name("portal_admin"); mockAssignedRoles(keycloakUser.getId(), List.of(keycloackRole)); final UserResponseApiDto response = diff --git a/app/src/test/java/org/onap/portalng/bff/users/ListUsersIntegrationTest.java b/app/src/test/java/org/onap/portalng/bff/users/ListUsersIntegrationTest.java index 8e675ca..cad6697 100644 --- a/app/src/test/java/org/onap/portalng/bff/users/ListUsersIntegrationTest.java +++ b/app/src/test/java/org/onap/portalng/bff/users/ListUsersIntegrationTest.java @@ -41,7 +41,7 @@ import org.springframework.http.MediaType; class ListUsersIntegrationTest extends BaseIntegrationTest { private final RoleKeycloakDto ONAP_ADMIN = - new RoleKeycloakDto().id(randomUUID()).name("onap_admin"); + new RoleKeycloakDto().id(randomUUID()).name("portal_admin"); private final RoleKeycloakDto OFFLINE_ACCESS = new RoleKeycloakDto().id(randomUUID()).name("offline_access"); @@ -79,7 +79,7 @@ class ListUsersIntegrationTest extends BaseIntegrationTest { .firstName("FirstName4t-admin") .lastName("LastName4t-admin") .enabled(true) - .addRealmRolesItem("onap_admin") + .addRealmRolesItem("portal_admin") .addRealmRolesItem("offline_access"); final UserResponseApiDto expectedTDesigner = new UserResponseApiDto() diff --git a/app/src/test/resources/application-access-control.yml b/app/src/test/resources/application-access-control.yml index 0506066..ad470ce 100644 --- a/app/src/test/resources/application-access-control.yml +++ b/app/src/test/resources/application-access-control.yml @@ -1,20 +1,20 @@ bff.access-control: - ACTIONS_CREATE: [ onap_admin, onap_designer, onap_operator ] - ACTIONS_GET: [ onap_admin, onap_designer, onap_operator ] - ACTIONS_LIST: [ onap_admin, onap_designer, onap_operator ] - ACTIVE_ALARM_LIST: [onap_admin, onap_designer, onap_operator] - KEY_ENCRYPT_BY_USER: [onap_admin, onap_designer, onap_operator] - KEY_ENCRYPT_BY_VALUE: [onap_admin, onap_designer, onap_operator] - PREFERENCES_CREATE: [onap_admin, onap_designer, onap_operator] - PREFERENCES_GET: [onap_admin, onap_designer, onap_operator] - PREFERENCES_UPDATE: [onap_admin, onap_designer, onap_operator] + ACTIONS_CREATE: [ portal_admin, portal_designer, portal_operator ] + ACTIONS_GET: [ portal_admin, portal_designer, portal_operator ] + ACTIONS_LIST: [ portal_admin, portal_designer, portal_operator ] + ACTIVE_ALARM_LIST: [portal_admin, portal_designer, portal_operator] + KEY_ENCRYPT_BY_USER: [portal_admin, portal_designer, portal_operator] + KEY_ENCRYPT_BY_VALUE: [portal_admin, portal_designer, portal_operator] + PREFERENCES_CREATE: [portal_admin, portal_designer, portal_operator] + PREFERENCES_GET: [portal_admin, portal_designer, portal_operator] + PREFERENCES_UPDATE: [portal_admin, portal_designer, portal_operator] ROLE_LIST: ["*"] - USER_CREATE: [onap_admin, onap_designer, onap_operator] - USER_DELETE: [onap_admin, onap_designer, onap_operator] - USER_GET: [onap_admin, onap_designer, onap_operator] - USER_LIST_AVAILABLE_ROLES: [onap_admin, onap_designer, onap_operator] - USER_LIST_ROLES: [onap_admin, onap_designer, onap_operator] - USER_LIST: [onap_admin, onap_designer, onap_operator] - USER_UPDATE_PASSWORD: [onap_admin, onap_designer, onap_operator] - USER_UPDATE_ROLES: [onap_admin, onap_designer, onap_operator] - USER_UPDATE: [onap_admin, onap_designer, onap_operator] + USER_CREATE: [portal_admin, portal_designer, portal_operator] + USER_DELETE: [portal_admin, portal_designer, portal_operator] + USER_GET: [portal_admin, portal_designer, portal_operator] + USER_LIST_AVAILABLE_ROLES: [portal_admin, portal_designer, portal_operator] + USER_LIST_ROLES: [portal_admin, portal_designer, portal_operator] + USER_LIST: [portal_admin, portal_designer, portal_operator] + USER_UPDATE_PASSWORD: [portal_admin, portal_designer, portal_operator] + USER_UPDATE_ROLES: [portal_admin, portal_designer, portal_operator] + USER_UPDATE: [portal_admin, portal_designer, portal_operator] -- cgit 1.2.3-korg