From 7239330fc0fc4a09a363e0ad765fcb1798292fe5 Mon Sep 17 00:00:00 2001 From: Einat Vinouze Date: Sun, 26 Jan 2020 14:56:22 +0200 Subject: Rename RoleValidatorByRoles to RoleValidatorBySubscriberAndServiceType Issue-ID: VID-758 Signed-off-by: Einat Vinouze Change-Id: I61fbfc902afee62e1099e491494065abae523b2e --- .../java/org/onap/vid/roles/RoleValidator.java | 2 +- .../org/onap/vid/roles/RoleValidatorByRoles.java | 80 -------------- .../RoleValidatorBySubscriberAndServiceType.java | 80 ++++++++++++++ .../org/onap/vid/controller/AaiControllerTest.java | 6 +- .../onap/vid/roles/RoleValidatorByRolesTest.java | 114 -------------------- ...oleValidatorBySubscriberAndServiceTypeTest.java | 117 +++++++++++++++++++++ 6 files changed, 201 insertions(+), 198 deletions(-) delete mode 100644 vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java create mode 100644 vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java delete mode 100644 vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByRolesTest.java create mode 100644 vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java index 830c0f50c..f0ee26b0b 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java @@ -35,7 +35,7 @@ public interface RoleValidator { static RoleValidator by(List roles, boolean disableRoles) { return disableRoles ? new AlwaysValidRoleValidator() - : new RoleValidatorByRoles(roles); + : new RoleValidatorBySubscriberAndServiceType(roles); } boolean isSubscriberPermitted(String subscriberName); diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java deleted file mode 100644 index ad5b519c4..000000000 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java +++ /dev/null @@ -1,80 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * VID - * ================================================================================ - * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.vid.roles; - -import java.util.List; -import java.util.Map; -import org.onap.vid.mso.rest.RequestDetails; - -public class RoleValidatorByRoles implements RoleValidator { - - private final List userRoles; - - RoleValidatorByRoles(List roles) { - this.userRoles = roles; - } - - @Override - public boolean isSubscriberPermitted(String subscriberName) { - for (Role role : userRoles) { - if (role.getSubscribeName().equals(subscriberName)) { - return true; - } - } - return false; - } - - @Override - public boolean isServicePermitted(String subscriberName, String serviceType) { - for (Role role : userRoles) { - if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) { - return true; - } - } - return false; - } - - @Override - public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { - for (Role role : userRoles) { - if (role.getSubscribeName().equals(globalCustomerId) - && role.getServiceType().equals(serviceType) - && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { - return true; - } - } - return false; - } - - boolean isMsoRequestValid(RequestDetails msoRequest) { - try { - String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties() - .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); - String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails")) - .get("requestParameters")).get("subscriptionServiceType"); - return isServicePermitted(globalSubscriberIdRequested, serviceType); - } catch (Exception e) { - //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso - return true; - } - } - -} diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java new file mode 100644 index 000000000..244610c89 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java @@ -0,0 +1,80 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.roles; + +import java.util.List; +import java.util.Map; +import org.onap.vid.mso.rest.RequestDetails; + +public class RoleValidatorBySubscriberAndServiceType implements RoleValidator { + + private final List userRoles; + + RoleValidatorBySubscriberAndServiceType(List roles) { + this.userRoles = roles; + } + + @Override + public boolean isSubscriberPermitted(String subscriberName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName)) { + return true; + } + } + return false; + } + + @Override + public boolean isServicePermitted(String subscriberName, String serviceType) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) { + return true; + } + } + return false; + } + + @Override + public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(globalCustomerId) + && role.getServiceType().equals(serviceType) + && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { + return true; + } + } + return false; + } + + boolean isMsoRequestValid(RequestDetails msoRequest) { + try { + String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties() + .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); + String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails")) + .get("requestParameters")).get("subscriptionServiceType"); + return isServicePermitted(globalSubscriberIdRequested, serviceType); + } catch (Exception e) { + //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso + return true; + } + } + +} diff --git a/vid-app-common/src/test/java/org/onap/vid/controller/AaiControllerTest.java b/vid-app-common/src/test/java/org/onap/vid/controller/AaiControllerTest.java index 521102383..400926fbd 100644 --- a/vid-app-common/src/test/java/org/onap/vid/controller/AaiControllerTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/controller/AaiControllerTest.java @@ -69,7 +69,7 @@ import org.onap.vid.aai.util.AAIRestInterface; import org.onap.vid.model.VersionByInvariantIdsRequest; import org.onap.vid.properties.Features; import org.onap.vid.roles.RoleProvider; -import org.onap.vid.roles.RoleValidatorByRoles; +import org.onap.vid.roles.RoleValidatorBySubscriberAndServiceType; import org.onap.vid.services.AaiService; import org.onap.vid.utils.SystemPropertiesWrapper; import org.onap.vid.utils.Unchecked; @@ -408,7 +408,7 @@ public class AaiControllerTest { String okResponseBody = "OK_RESPONSE"; AaiResponse aaiResponse = new AaiResponse<>(okResponseBody, "", HttpStatus.OK.value()); given(featureManager.isActive(Features.FLAG_1906_AAI_SUB_DETAILS_REDUCE_DEPTH)).willReturn(isFeatureActive); - given(aaiService.getSubscriberData(eq(subscriberId), isA(RoleValidatorByRoles.class), + given(aaiService.getSubscriberData(eq(subscriberId), isA(RoleValidatorBySubscriberAndServiceType.class), eq(isFeatureActive && omitServiceInstances))) .willReturn(aaiResponse); @@ -479,7 +479,7 @@ public class AaiControllerTest { String okResponseBody = "OK_RESPONSE"; AaiResponse aaiResponse = new AaiResponse<>(okResponseBody, "", HttpStatus.OK.value()); given(featureManager.isActive(Features.FLAG_1906_AAI_SUB_DETAILS_REDUCE_DEPTH)).willReturn(isFeatureActive); - given(aaiService.getSubscriberData(eq(subscriberId), isA(RoleValidatorByRoles.class), + given(aaiService.getSubscriberData(eq(subscriberId), isA(RoleValidatorBySubscriberAndServiceType.class), eq(isFeatureActive && omitServiceInstances))) .willReturn(aaiResponse); diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByRolesTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByRolesTest.java deleted file mode 100644 index 9362ec9d7..000000000 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByRolesTest.java +++ /dev/null @@ -1,114 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * VID - * ================================================================================ - * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.vid.roles; - - -import static org.assertj.core.api.Assertions.assertThat; - -import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableMap; -import java.util.List; -import java.util.Map; -import org.onap.vid.mso.rest.RequestDetails; -import org.testng.annotations.BeforeMethod; -import org.testng.annotations.Test; - -public class RoleValidatorByRolesTest { - - private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber"; - private static final String NOT_MATCHING_SUBSCRIBER = "notMatchingSubscriber"; - private static final String SAMPLE_SERVICE_TYPE = "sampleServiceType"; - private static final String NOT_MATCHING_TENANT = "notMatchingTenant"; - private static final String SAMPLE_TENANT = "sampleTenant"; - - private static final Role SAMPLE_ROLE = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT); - - private List roles = ImmutableList.of(SAMPLE_ROLE); - private Map subscriberInfo = ImmutableMap.of("globalSubscriberId", SAMPLE_SUBSCRIBER); - private Map requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE); - private Map requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); - private RequestDetails requestDetails; - private RoleValidatorByRoles roleValidator; - - @BeforeMethod - public void setUp() { - roleValidator = new RoleValidatorByRoles(roles); - requestDetails = new RequestDetails(); - } - - @Test - public void shouldPermitSubscriberWhenNameMatchesAndRolesAreEnabled() { - assertThat(roleValidator.isSubscriberPermitted(SAMPLE_SUBSCRIBER)).isTrue(); - } - - @Test - public void shouldNotPermitSubscriberWhenNameNotMatches() { - assertThat(roleValidator.isSubscriberPermitted(NOT_MATCHING_SUBSCRIBER)).isFalse(); - } - - @Test - public void shouldPermitServiceWhenNamesMatches() { - assertThat(roleValidator.isServicePermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isTrue(); - } - - - @Test - public void shouldNotPermitServiceWhenSubscriberNameNotMatches() { - assertThat(roleValidator.isServicePermitted(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isFalse(); - } - - @Test - public void shouldNotPermitServiceWhenServiceTypeNotMatches() { - assertThat(roleValidator.isServicePermitted(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER)).isFalse(); - } - - @Test - public void shouldPermitTenantWhenNameMatches() { - assertThat(roleValidator.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT)).isTrue(); - } - - - @Test - public void shouldNotPermitTenantWhenNameNotMatches() { - assertThat(roleValidator.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, NOT_MATCHING_TENANT)).isFalse(); - } - - @Test - public void shouldValidateProperlySORequest() { - requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties); - - assertThat(roleValidator.isMsoRequestValid(requestDetails)).isTrue(); - } - - @Test - public void shouldValidateUnknownSORequest() { - assertThat(roleValidator.isMsoRequestValid(new RequestDetails())).isTrue(); - } - - @Test - public void shouldRejectSORequestWhenSubscriberNotMatches() { - Map subscriberInfo = ImmutableMap.of("globalSubscriberId", "sample"); - Map requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); - requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties); - - assertThat(roleValidator.isMsoRequestValid(requestDetails)).isFalse(); - } -} diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java new file mode 100644 index 000000000..77e5088e5 --- /dev/null +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.roles; + + +import static org.assertj.core.api.Assertions.assertThat; + +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import java.util.List; +import java.util.Map; +import org.onap.vid.mso.rest.RequestDetails; +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.Test; + +public class RoleValidatorBySubscriberAndServiceTypeTest { + + private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber"; + private static final String NOT_MATCHING_SUBSCRIBER = "notMatchingSubscriber"; + private static final String SAMPLE_SERVICE_TYPE = "sampleServiceType"; + private static final String NOT_MATCHING_TENANT = "notMatchingTenant"; + private static final String SAMPLE_TENANT = "sampleTenant"; + + private static final Role SAMPLE_ROLE = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT); + + private List roles = ImmutableList.of(SAMPLE_ROLE); + private Map subscriberInfo = ImmutableMap.of("globalSubscriberId", SAMPLE_SUBSCRIBER); + private Map requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE); + private Map requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); + private RequestDetails requestDetails; + private RoleValidatorBySubscriberAndServiceType roleValidatorBySubscriberAndServiceType; + + @BeforeMethod + public void setUp() { + roleValidatorBySubscriberAndServiceType = new RoleValidatorBySubscriberAndServiceType(roles); + requestDetails = new RequestDetails(); + } + + @Test + public void shouldPermitSubscriberWhenNameMatchesAndRolesAreEnabled() { + assertThat(roleValidatorBySubscriberAndServiceType.isSubscriberPermitted(SAMPLE_SUBSCRIBER)).isTrue(); + } + + @Test + public void shouldNotPermitSubscriberWhenNameNotMatches() { + assertThat(roleValidatorBySubscriberAndServiceType.isSubscriberPermitted(NOT_MATCHING_SUBSCRIBER)).isFalse(); + } + + @Test + public void shouldPermitServiceWhenNamesMatches() { + assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isTrue(); + } + + + @Test + public void shouldNotPermitServiceWhenSubscriberNameNotMatches() { + assertThat( + roleValidatorBySubscriberAndServiceType.isServicePermitted(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isFalse(); + } + + @Test + public void shouldNotPermitServiceWhenServiceTypeNotMatches() { + assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER)).isFalse(); + } + + @Test + public void shouldPermitTenantWhenNameMatches() { + assertThat(roleValidatorBySubscriberAndServiceType + .isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT)).isTrue(); + } + + + @Test + public void shouldNotPermitTenantWhenNameNotMatches() { + assertThat(roleValidatorBySubscriberAndServiceType + .isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, NOT_MATCHING_TENANT)).isFalse(); + } + + @Test + public void shouldValidateProperlySORequest() { + requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties); + + assertThat(roleValidatorBySubscriberAndServiceType.isMsoRequestValid(requestDetails)).isTrue(); + } + + @Test + public void shouldValidateUnknownSORequest() { + assertThat(roleValidatorBySubscriberAndServiceType.isMsoRequestValid(new RequestDetails())).isTrue(); + } + + @Test + public void shouldRejectSORequestWhenSubscriberNotMatches() { + Map subscriberInfo = ImmutableMap.of("globalSubscriberId", "sample"); + Map requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); + requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties); + + assertThat(roleValidatorBySubscriberAndServiceType.isMsoRequestValid(requestDetails)).isFalse(); + } +} -- cgit 1.2.3-korg