diff options
5 files changed, 241 insertions, 136 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java index d4256f893..e792139bf 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java @@ -36,6 +36,7 @@ import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import java.util.*; +import java.util.function.Function; import java.util.stream.Collectors; @@ -50,16 +51,32 @@ public class RoleProvider { static final String READ_PERMISSION_STRING = "read"; private final ObjectMapper om = new ObjectMapper(); - @Autowired private AaiService aaiService; + private Function<HttpServletRequest, Integer> getUserIdFunction; + private Function<HttpServletRequest, Map> getRolesFunction; + + @Autowired + public RoleProvider(AaiService aaiService) { + this.aaiService=aaiService; + getUserIdFunction = UserUtils::getUserId; + getRolesFunction = UserUtils::getRoles; + } + + RoleProvider(AaiService aaiService, Function<HttpServletRequest, Integer> getUserIdFunction, Function<HttpServletRequest, Map> getRolesFunction) { + this.aaiService = aaiService; + this.getRolesFunction = getRolesFunction; + this.getUserIdFunction = getUserIdFunction; + } + public List<Role> getUserRoles(HttpServletRequest request) { - String logPrefix = "Role Provider (" + UserUtils.getUserId(request) + ") ==>"; + int userId= getUserIdFunction.apply(request); + String logPrefix = "Role Provider (" + userId + ") ==>"; - LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Entering to get user role for user " + UserUtils.getUserId(request)); + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Entering to get user role for user " + userId); List<Role> roleList = new ArrayList<>(); - Map roles = UserUtils.getRoles(request); + Map roles = getRolesFunction.apply(request); for (Object role : roles.keySet()) { org.onap.portalsdk.core.domain.Role sdkRol = (org.onap.portalsdk.core.domain.Role) roles.get(role); @@ -72,7 +89,7 @@ public class RoleProvider { } String[] roleParts = splitRole((sdkRol.getName()), logPrefix); roleList.add(createRoleFromStringArr(roleParts, logPrefix)); - String msg = String.format("%s User %s got permissions %s", logPrefix, UserUtils.getUserId(request), Arrays.toString(roleParts)); + String msg = String.format("%s User %s got permissions %s", logPrefix, userId, Arrays.toString(roleParts)); LOG.debug(EELFLoggerDelegate.debugLogger, msg); } catch (Exception e) { LOG.error(logPrefix + " Failed to parse permission"); diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java index 7486eba9c..6afac9881 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java @@ -18,8 +18,8 @@ public class RoleValidator { } public boolean isSubscriberPermitted(String subscriberName) { - if(this.disableRoles) return true; - + if (this.disableRoles) return true; + for (Role role : userRoles) { if (role.getSubscribeName().equals(subscriberName)) return true; @@ -28,8 +28,8 @@ public class RoleValidator { } public boolean isServicePermitted(String subscriberName, String serviceType) { - if(this.disableRoles) return true; - + if (this.disableRoles) return true; + for (Role role : userRoles) { if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) return true; @@ -38,8 +38,8 @@ public class RoleValidator { } public boolean isMsoRequestValid(RequestDetails mso_request) { - if(this.disableRoles) return true; - + if (this.disableRoles) return true; + try { String globalSubscriberIdRequested = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); String serviceType = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("requestParameters")).get("subscriptionServiceType"); @@ -48,12 +48,11 @@ public class RoleValidator { //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso return true; } -// return false; } public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { - if(this.disableRoles) return true; - + if (this.disableRoles) return true; + for (Role role : userRoles) { if (role.getSubscribeName().equals(globalCustomerId) && role.getServiceType().equals(serviceType) @@ -63,4 +62,8 @@ public class RoleValidator { } return false; } + + void enableRoles() { + this.disableRoles = false; + } } diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java index 6fdc21f78..3c22ea718 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java @@ -1,36 +1,144 @@ package org.onap.vid.roles; -import org.junit.Test; +import com.google.common.collect.ImmutableMap; +import io.joshworks.restclient.http.HttpResponse; +import org.assertj.core.util.Lists; +import org.mockito.Mock; +import org.onap.vid.aai.exceptions.RoleParsingException; +import org.onap.vid.model.Subscriber; +import org.onap.vid.model.SubscriberList; +import org.onap.vid.services.AaiService; +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.Test; + +import javax.servlet.http.HttpServletRequest; +import java.util.List; +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; public class RoleProviderTest { - private RoleProvider createTestSubject() { - return new RoleProvider(); - } - - -// @Test -// public void testGetUserRoles() throws Exception { -// RoleProvider testSubject; -// HttpServletRequest request = null; -// List<Role> result; -// -// // default test -// testSubject = createTestSubject(); -// result = testSubject.getUserRoles(request); -// } - - - @Test - public void testSplitRole() throws Exception { - RoleProvider testSubject; - String roleAsString = ""; - String[] result; - - // default test - testSubject = createTestSubject(); - //TODO:fix result = testSubject.splitRole(roleAsString); - } + private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber"; + private static final String SAMPLE_CUSTOMER_ID = "sampleCustomerId"; + private static final String SERVICE_TYPE_LOGS = "LOGS"; + private static final String TENANT_PERMITTED = "PERMITTED"; + private static final String SAMPLE_SERVICE = "sampleService"; + private static final String SAMPLE_TENANT = "sampleTenant"; + private static final String SAMPLE_ROLE_PREFIX = "prefix"; + + @Mock + private AaiService aaiService; + + @Mock + private HttpServletRequest request; + + @Mock + private HttpResponse<SubscriberList> subscriberListHttpResponse; + + + private RoleProvider roleProvider; + + + @BeforeMethod + public void setUp() { + initMocks(this); + roleProvider = new RoleProvider(aaiService, httpServletRequest -> 5, httpServletRequest -> createRoles()); + } + + @Test + public void shouldSplitRolesWhenDelimiterIsPresent() { + String roles = "role_a___role_b"; + + assertThat(roleProvider.splitRole(roles, "")).isEqualTo(new String[]{"role_a", "role_b"}); + } + + + @Test + public void shouldProperlyCreateRoleFromCorrectArray() throws RoleParsingException { + setSubscribers(); + String[] roleParts = {SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT}; + + Role role = roleProvider.createRoleFromStringArr(roleParts, SAMPLE_ROLE_PREFIX); + + assertThat(role.getEcompRole()).isEqualTo(EcompRole.READ); + assertThat(role.getSubscribeName()).isEqualTo(SAMPLE_CUSTOMER_ID); + assertThat(role.getTenant()).isEqualTo(SAMPLE_TENANT); + assertThat(role.getServiceType()).isEqualTo(SAMPLE_SERVICE); + } + + @Test + public void shouldProperlyCreateRoleWhenTenantIsNotProvided() throws RoleParsingException { + setSubscribers(); + + String[] roleParts = {SAMPLE_SUBSCRIBER, SAMPLE_SERVICE}; + + Role role = roleProvider.createRoleFromStringArr(roleParts, SAMPLE_ROLE_PREFIX); + + assertThat(role.getEcompRole()).isEqualTo(EcompRole.READ); + assertThat(role.getSubscribeName()).isEqualTo(SAMPLE_CUSTOMER_ID); + assertThat(role.getServiceType()).isEqualTo(SAMPLE_SERVICE); + assertThat(role.getTenant()).isNullOrEmpty(); + } + + @Test(expectedExceptions = RoleParsingException.class) + public void shouldRaiseExceptionWhenRolePartsAreIncomplete() throws RoleParsingException { + setSubscribers(); + + roleProvider.createRoleFromStringArr(new String[]{SAMPLE_SUBSCRIBER}, SAMPLE_ROLE_PREFIX); + } + + @Test + public void shouldProperlyRetrieveUserRolesWhenPermissionIsDifferentThanRead() { + Role expectedRole = new Role(EcompRole.READ, SAMPLE_CUSTOMER_ID, SAMPLE_SERVICE, SAMPLE_TENANT); + setSubscribers(); + + List<Role> userRoles = roleProvider.getUserRoles(request); + + + assertThat(userRoles.size()).isEqualTo(1); + Role actualRole = userRoles.get(0); + + assertThat(actualRole.getTenant()).isEqualTo(expectedRole.getTenant()); + assertThat(actualRole.getSubscribeName()).isEqualTo(expectedRole.getSubscribeName()); + assertThat(actualRole.getServiceType()).isEqualTo(expectedRole.getServiceType()); + } + + @Test + public void shouldReturnReadOnlyPermissionWhenRolesAreEmpty() { + assertThat(roleProvider.userPermissionIsReadOnly(Lists.emptyList())).isTrue(); + } + + @Test + public void shouldReturnNotReadOnlyPermissionWhenRolesArePresent() { + assertThat(roleProvider.userPermissionIsReadOnly(Lists.list(new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT)))).isFalse(); + } + + @Test + public void userShouldHavePermissionToReadLogsWhenServiceAndTenantAreCorrect() { + Role withoutPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT); + Role withPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SERVICE_TYPE_LOGS, TENANT_PERMITTED); + + assertThat(roleProvider.userPermissionIsReadLogs(Lists.list(withoutPermission, withPermission))).isTrue(); + } + + private void setSubscribers() { + Subscriber subscriber = new Subscriber(); + subscriber.subscriberName = SAMPLE_SUBSCRIBER; + subscriber.globalCustomerId = SAMPLE_CUSTOMER_ID; + SubscriberList subscriberList = new SubscriberList(Lists.list(subscriber)); + when(aaiService.getFullSubscriberList()).thenReturn(subscriberListHttpResponse); + when(subscriberListHttpResponse.getBody()).thenReturn(subscriberList); + } + private Map<Long, org.onap.portalsdk.core.domain.Role> createRoles() { + org.onap.portalsdk.core.domain.Role role1 = new org.onap.portalsdk.core.domain.Role(); + role1.setName("read___role2"); + org.onap.portalsdk.core.domain.Role role2 = new org.onap.portalsdk.core.domain.Role(); + role2.setName("sampleSubscriber___sampleService___sampleTenant"); + return ImmutableMap.of(1L, role1, 2L, role2); + } }
\ No newline at end of file diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleTest.java deleted file mode 100644 index 463b29f57..000000000 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleTest.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.onap.vid.roles; - -import org.junit.Test; - -public class RoleTest { - - private Role createTestSubject() { - return new Role(EcompRole.READ, "", "", ""); - } - - @Test - public void testGetEcompRole() throws Exception { - Role testSubject; - EcompRole result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getEcompRole(); - } - - @Test - public void testGetSubscribeName() throws Exception { - Role testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getSubscribeName(); - } - - @Test - public void testSetSubscribeName() throws Exception { - Role testSubject; - String subscribeName = ""; - - // default test - testSubject = createTestSubject(); - testSubject.setSubscribeName(subscribeName); - } - - @Test - public void testGetServiceType() throws Exception { - Role testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getServiceType(); - } - - @Test - public void testGetTenant() throws Exception { - Role testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getTenant(); - } -}
\ No newline at end of file diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorTest.java index b303b257c..adb257b01 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorTest.java @@ -1,59 +1,96 @@ package org.onap.vid.roles; -import org.junit.Test; + +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; import org.onap.vid.mso.rest.RequestDetails; +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.Test; + +import java.util.List; +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; public class RoleValidatorTest { - private RoleValidator createTestSubject() { - return new RoleValidator(null); + private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber"; + private static final String NOT_MATCHING_SUBSCRIBER = "notMatchingSubscriber"; + private static final String SAMPLE_SERVICE_TYPE = "sampleServiceType"; + private static final String NOT_MATCHING_TENANT = "notMatchingTenant"; + private static final String SAMPLE_TENANT = "sampleTenant"; + + private static final Role SAMPLE_ROLE = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT); + + private List<Role> roles = ImmutableList.of(SAMPLE_ROLE); + private Map<String, Object> subscriberInfo = ImmutableMap.of("globalSubscriberId", SAMPLE_SUBSCRIBER); + private Map<String, Object> requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE); + private Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); + private RequestDetails requestDetails; + private RoleValidator roleValidator; + + @BeforeMethod + public void setUp() { + roleValidator = new RoleValidator(roles); + roleValidator.enableRoles(); + requestDetails = new RequestDetails(); } @Test - public void testIsMsoRequestValid() throws Exception { - RoleValidator testSubject; - RequestDetails mso_request = null; - boolean result; + public void shouldPermitSubscriberWhenNameMatchesAndRolesAreEnabled() { + assertThat(roleValidator.isSubscriberPermitted(SAMPLE_SUBSCRIBER)).isTrue(); + } - // default test - testSubject = createTestSubject(); - result = testSubject.isMsoRequestValid(mso_request); + @Test + public void shouldNotPermitSubscriberWhenNameNotMatches() { + assertThat(roleValidator.isSubscriberPermitted(NOT_MATCHING_SUBSCRIBER)).isFalse(); } @Test - public void testIsServicePermitted() throws Exception { - RoleValidator testSubject; - String subscriberName = ""; - String serviceType = ""; - boolean result; + public void shouldPermitServiceWhenNamesMatches() { + assertThat(roleValidator.isServicePermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isTrue(); + } - // default test - testSubject = createTestSubject(); - result = testSubject.isServicePermitted(subscriberName, serviceType); + + @Test + public void shouldNotPermitServiceWhenSubscriberNameNotMatches() { + assertThat(roleValidator.isServicePermitted(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isFalse(); } @Test - public void testIsSubscriberPermitted() throws Exception { - RoleValidator testSubject; - String subscriberName = ""; - boolean result; + public void shouldNotPermitServiceWhenServiceTypeNotMatches() { + assertThat(roleValidator.isServicePermitted(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER)).isFalse(); + } - // default test - testSubject = createTestSubject(); - result = testSubject.isSubscriberPermitted(subscriberName); + @Test + public void shouldPermitTenantWhenNameMatches() { + assertThat(roleValidator.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT)).isTrue(); + } + + + @Test + public void shouldNotPermitTenantWhenNameNotMatches() { + assertThat(roleValidator.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, NOT_MATCHING_TENANT)).isFalse(); } @Test - public void testIsTenantPermitted() throws Exception { - RoleValidator testSubject; - String globalCustomerId = ""; - String serviceType = ""; - String tenantName = ""; - boolean result; + public void shouldValidateProperlySORequest() { + requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties); - // default test - testSubject = createTestSubject(); - result = testSubject.isTenantPermitted(globalCustomerId, serviceType, tenantName); + assertThat(roleValidator.isMsoRequestValid(requestDetails)).isTrue(); } + @Test + public void shouldValidateUnknownSORequest() { + assertThat(roleValidator.isMsoRequestValid(new RequestDetails())).isTrue(); + } + + @Test + public void shouldRejectSORequestWhenSubscriberNotMatches() { + Map<String, Object> subscriberInfo = ImmutableMap.of("globalSubscriberId", "sample"); + Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); + requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties); + + assertThat(roleValidator.isMsoRequestValid(requestDetails)).isFalse(); + } }
\ No newline at end of file |