aboutsummaryrefslogtreecommitdiffstats
path: root/app/src/test
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/test')
-rw-r--r--app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java163
-rw-r--r--app/src/test/java/org/onap/portal/prefs/TokenGenerator.java130
-rw-r--r--app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java48
-rw-r--r--app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java198
-rw-r--r--app/src/test/resources/application.yml35
-rw-r--r--app/src/test/resources/logback-spring.xml13
6 files changed, 587 insertions, 0 deletions
diff --git a/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java
new file mode 100644
index 0000000..7852c41
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java
@@ -0,0 +1,163 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.tomakehurst.wiremock.client.WireMock;
+import com.nimbusds.jose.jwk.JWKSet;
+import org.onap.portal.prefs.util.IdTokenExchange;
+import org.onap.portal.prefs.configuration.PortalPrefsConfig;
+import io.restassured.RestAssured;
+import io.restassured.filter.log.RequestLoggingFilter;
+import io.restassured.filter.log.ResponseLoggingFilter;
+import io.restassured.specification.RequestSpecification;
+import io.vavr.collection.List;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock;
+import org.springframework.http.MediaType;
+
+import java.util.UUID;
+
+/** Base class for all tests that has the common config including port, realm, logging and auth. */
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWireMock(port = 0)
+public abstract class BaseIntegrationTest {
+
+// @TestConfiguration
+// public static class Config {
+// @Bean
+// WireMockConfigurationCustomizer optionsCustomizer() {
+// return options -> options.extensions(new ResponseTemplateTransformer(true));
+// }
+// }
+
+ @LocalServerPort protected int port;
+ @Value("${portal-prefs.realm}")
+ protected String realm;
+
+ @Autowired protected ObjectMapper objectMapper;
+ @Autowired private TokenGenerator tokenGenerator;
+ @Autowired protected PortalPrefsConfig portalPrefsConfig;
+
+ @BeforeAll
+ public static void setup() {
+ RestAssured.filters(new RequestLoggingFilter(), new ResponseLoggingFilter());
+ }
+
+ /** Mocks the OIDC auth flow. */
+ @BeforeEach
+ public void mockAuth() {
+ WireMock.reset();
+
+ WireMock.stubFor(
+ WireMock.get(
+ WireMock.urlMatching(
+ String.format("/auth/realms/%s/protocol/openid-connect/certs", realm)))
+ .willReturn(
+ WireMock.aResponse()
+ .withHeader("Content-Type", JWKSet.MIME_TYPE)
+ .withBody(tokenGenerator.getJwkSet().toString())));
+
+ final TokenGenerator.TokenGeneratorConfig config =
+ TokenGenerator.TokenGeneratorConfig.builder().port(port).realm(realm).sub("test-user").build();
+
+ WireMock.stubFor(
+ WireMock.post(
+ WireMock.urlMatching(
+ String.format("/auth/realms/%s/protocol/openid-connect/token", realm)))
+ .withBasicAuth("test", "test")
+ .withRequestBody(WireMock.containing("grant_type=client_credentials"))
+ .willReturn(
+ WireMock.aResponse()
+ .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
+ .withBody(
+ objectMapper
+ .createObjectNode()
+ .put("token_type", "bearer")
+ .put("access_token", tokenGenerator.generateToken(config))
+ .put("expires_in", config.getExpireIn().getSeconds())
+ .put("refresh_token", tokenGenerator.generateToken(config))
+ .put("refresh_expires_in", config.getExpireIn().getSeconds())
+ .put("not-before-policy", 0)
+ .put("session_state", UUID.randomUUID().toString())
+ .put("scope", "email profile")
+ .toString())));
+ }
+
+ /**
+ * Builds an OAuth2 configuration including the roles, port and realm. This config can be used to
+ * generate OAuth2 access tokens.
+ *
+ * @param sub the userId
+ * @param roles the roles used for RBAC
+ * @return the OAuth2 configuration
+ */
+ protected TokenGenerator.TokenGeneratorConfig getTokenGeneratorConfig(String sub, List<String> roles) {
+ return TokenGenerator.TokenGeneratorConfig.builder()
+ .port(port)
+ .sub(sub)
+ .realm(realm)
+ .roles(roles)
+ .build();
+ }
+
+ /** Get a RequestSpecification that does not have an Identity header. */
+ protected RequestSpecification unauthenticatedRequestSpecification() {
+ return RestAssured.given().port(port);
+ }
+
+ /**
+ * Object to store common attributes of requests that are going to be made. Adds an Identity
+ * header for the <code>onap_admin</code> role to the request.
+ * @return the definition of the incoming request (northbound)
+ */
+ protected RequestSpecification requestSpecification() {
+ final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("test-user", List.of("foo")));
+
+ return unauthenticatedRequestSpecification()
+ .auth()
+ .preemptive()
+ .oauth2(idToken)
+ .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken);
+ }
+
+ /**
+ * Object to store common attributes of requests that are going to be made. Adds an Identity
+ * header for the <code>onap_admin</code> role to the request.
+ * @param userId the userId that should be contained in the incoming request
+ * @return the definition of the incoming request (northbound)
+ */
+ protected RequestSpecification requestSpecification(String userId) {
+ final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig(userId, List.of("foo")));
+
+ return unauthenticatedRequestSpecification()
+ .auth()
+ .preemptive()
+ .oauth2(idToken)
+ .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken);
+ }
+}
diff --git a/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java
new file mode 100644
index 0000000..6883064
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java
@@ -0,0 +1,130 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs;
+
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+import java.util.UUID;
+
+import com.nimbusds.jose.JOSEObjectType;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import io.vavr.collection.List;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NonNull;
+
+@Component
+public class TokenGenerator {
+
+ private static final String ROLES_CLAIM = "roles";
+ private static final String USERID_CLAIM = "sub";
+
+ private final Clock clock;
+ private final RSAKey jwk;
+ private final JWKSet jwkSet;
+ private final JWSSigner signer;
+
+ @Autowired
+ public TokenGenerator(Clock clock) {
+ try {
+ this.clock = clock;
+ jwk =
+ new RSAKeyGenerator(2048)
+ .keyUse(KeyUse.SIGNATURE)
+ .keyID(UUID.randomUUID().toString())
+ .generate();
+ jwkSet = new JWKSet(jwk);
+ signer = new RSASSASigner(jwk);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public JWKSet getJwkSet() {
+ return jwkSet;
+ }
+
+ public String generateToken(TokenGeneratorConfig config) {
+ final Instant iat = clock.instant();
+ final Instant exp = iat.plus(config.expireIn);
+
+ final JWTClaimsSet claims =
+ new JWTClaimsSet.Builder()
+ .jwtID(UUID.randomUUID().toString())
+ .subject(UUID.randomUUID().toString())
+ .issuer(config.issuer())
+ .issueTime(Date.from(iat))
+ .expirationTime(Date.from(exp))
+ .claim(ROLES_CLAIM, config.getRoles())
+ .claim(USERID_CLAIM, config.getSub())
+ .build();
+
+ final SignedJWT jwt =
+ new SignedJWT(
+ new JWSHeader.Builder(JWSAlgorithm.RS256)
+ .keyID(jwk.getKeyID())
+ .type(JOSEObjectType.JWT)
+ .build(),
+ claims);
+
+ try {
+ jwt.sign(signer);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+
+ return jwt.serialize();
+ }
+
+ @Getter
+ @Builder
+ public static class TokenGeneratorConfig {
+ private final int port;
+
+ @NonNull private final String sub;
+
+ @NonNull private final String realm;
+
+ @NonNull @Builder.Default private final Duration expireIn = Duration.ofMinutes(5);
+
+ @Builder.Default private final List<String> roles = List.empty();
+
+ public String issuer() {
+ return String.format("http://localhost:%d/auth/realms/%s", port, realm);
+ }
+ }
+}
diff --git a/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java
new file mode 100644
index 0000000..95e9b2a
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java
@@ -0,0 +1,48 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.actuator;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.onap.portal.prefs.BaseIntegrationTest;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.availability.ApplicationAvailability;
+import org.springframework.boot.availability.LivenessState;
+import org.springframework.boot.availability.ReadinessState;
+
+class ActuatorIntegrationTest extends BaseIntegrationTest {
+
+ @Autowired private ApplicationAvailability applicationAvailability;
+
+ @Test
+ void livenessProbeIsAvailable() {
+ assertThat(applicationAvailability.getLivenessState()).isEqualTo(LivenessState.CORRECT);
+ }
+
+ @Test
+ void readinessProbeIsAvailable() {
+
+ assertThat(applicationAvailability.getReadinessState())
+ .isEqualTo(ReadinessState.ACCEPTING_TRAFFIC);
+ }
+}
diff --git a/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java
new file mode 100644
index 0000000..b5f4cf1
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java
@@ -0,0 +1,198 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.preferences;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.api.Test;
+import org.onap.portal.prefs.BaseIntegrationTest;
+import org.onap.portal.prefs.openapi.model.Preferences;
+import org.onap.portal.prefs.services.PreferencesService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+
+import io.restassured.http.ContentType;
+import io.restassured.http.Header;
+
+class PreferencesControllerIntegrationTest extends BaseIntegrationTest {
+
+ protected static final String X_REQUEST_ID = "addf6005-3075-4c80-b7bc-2c70b7d42b57";
+
+ @Autowired
+ PreferencesService preferencesService;
+
+ @Test
+ void thatUserPreferencesCanBeRetrieved() {
+ // First save a user preference before a GET can run
+ Preferences expectedResponse = new Preferences()
+ .properties("{\n" +
+ " \"properties\": { \"appStarter\": \"value1\",\n" +
+ " \"dashboard\": {\"key1:\" : \"value2\"}\n" +
+ " } \n" +
+ "}");
+ preferencesService
+ .savePreferences(X_REQUEST_ID,"test-user", expectedResponse)
+ .block();
+
+ Preferences actualResponse = requestSpecification("test-user")
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .header(new Header("X-Request-Id", X_REQUEST_ID))
+ .when()
+ .get("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.OK.value())
+ .extract()
+ .body()
+ .as(Preferences.class);
+
+ assertThat(actualResponse).isNotNull();
+ assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties());
+ }
+
+ @Test
+ void thatUserPreferencesCanNotBeRetrieved() {
+ unauthenticatedRequestSpecification()
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .contentType(ContentType.JSON)
+ .header(new Header("X-Request-Id", X_REQUEST_ID))
+ .when()
+ .get("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.UNAUTHORIZED.value());
+ }
+
+ @Test
+ void thatUserPreferencesCanBeSaved() {
+ Preferences expectedResponse = new Preferences()
+ .properties("{\n" +
+ " \"properties\": { \"appStarter\": \"value1\",\n" +
+ " \"dashboard\": {\"key1:\" : \"value2\"}\n" +
+ " } \n" +
+ "}");
+ Preferences actualResponse = requestSpecification()
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .contentType(ContentType.JSON)
+ .header(new Header("X-Request-Id", X_REQUEST_ID))
+ .body(expectedResponse)
+ .when()
+ .post("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.OK.value())
+ .extract()
+ .body()
+ .as(Preferences.class);
+
+ assertThat(actualResponse).isNotNull();
+ assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties());
+ }
+
+ @Test
+ void thatUserPreferencesCanBeUpdated() {
+ // First save a user preference before a GET can run
+ Preferences initialPreferences = new Preferences()
+ .properties("{\n" +
+ " \"properties\": { \"appStarter\": \"value1\",\n" +
+ " \"dashboard\": {\"key1:\" : \"value2\"}\n" +
+ " } \n" +
+ "}");
+ preferencesService
+ .savePreferences(X_REQUEST_ID,"test-user", initialPreferences)
+ .block();
+
+ Preferences expectedResponse = new Preferences()
+ .properties("{\n" +
+ " \"properties\": { \"appStarter\": \"value3\",\n" +
+ " \"dashboard\": {\"key2:\" : \"value4\"}\n" +
+ " } \n" +
+ "}");
+ Preferences actualResponse = requestSpecification("test-user")
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .contentType(ContentType.JSON)
+ .header(new Header("X-Request-Id", X_REQUEST_ID))
+ .body(expectedResponse)
+ .when()
+ .put("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.OK.value())
+ .extract()
+ .body()
+ .as(Preferences.class);
+
+ assertThat(actualResponse).isNotNull();
+ assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties());
+ }
+
+ @Test
+ void thatUserPreferencesCanNotBeFound() {
+
+ Preferences actualResponse = requestSpecification("test-canNotBeFound")
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .header(new Header("X-Request-Id", X_REQUEST_ID))
+ .when()
+ .get("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.OK.value())
+ .extract()
+ .body()
+ .as(Preferences.class);
+
+ assertThat(actualResponse).isNotNull();
+ assertThat(actualResponse.getProperties()).isEqualTo("");
+ }
+
+ @Test
+ void thatUserPreferencesHasXRequestIdHeader() {
+
+ String actualResponse = requestSpecification("test-user")
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .header(new Header("X-Request-Id", X_REQUEST_ID))
+ .when()
+ .get("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.OK.value())
+ .extract()
+ .header("X-Request-Id");
+
+ assertThat(actualResponse).isNotNull().isEqualTo(X_REQUEST_ID);
+ }
+
+ @Test
+ void thatUserPreferencesHasNoXRequestIdHeader() {
+
+ requestSpecification("test-user")
+ .given()
+ .accept(MediaType.APPLICATION_JSON_VALUE)
+ .when()
+ .get("/v1/preferences")
+ .then()
+ .statusCode(HttpStatus.BAD_REQUEST.value());
+
+
+ }
+}
diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml
new file mode 100644
index 0000000..3316c0d
--- /dev/null
+++ b/app/src/test/resources/application.yml
@@ -0,0 +1,35 @@
+server:
+ port: 9001
+ address: 0.0.0.0
+
+spring:
+ mongodb:
+ embedded:
+ version: 3.2.8
+ jackson:
+ serialization:
+ # needed for serializing objects of type object
+ FAIL_ON_EMPTY_BEANS: false
+ security:
+ oauth2:
+ resourceserver:
+ jwt:
+ jwk-set-uri: http://localhost:${wiremock.server.port}/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint
+
+portal-prefs:
+ realm: ONAP
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: "*"
+ info:
+ build:
+ enabled: true
+ env:
+ enabled: true
+ git:
+ enabled: true
+ java:
+ enabled: true
diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml
new file mode 100644
index 0000000..05503bc
--- /dev/null
+++ b/app/src/test/resources/logback-spring.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration scan="true">
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>${LOGBACK_LEVEL:-info}</level>
+ </filter>
+ <encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
+ </appender>
+
+ <root level="all">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>