1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
22 package org.onap.aaf.authz.service.mapper;
24 import static org.junit.Assert.assertEquals;
25 import static org.junit.Assert.assertNull;
26 import static org.junit.Assert.assertTrue;
27 import static org.junit.Assert.fail;
28 import static org.mockito.BDDMockito.given;
29 import static org.mockito.Matchers.any;
30 import static org.mockito.Matchers.anyString;
31 import static org.mockito.Matchers.eq;
32 import static org.mockito.Mockito.verify;
34 import aaf.v2_0.NsRequest;
36 import aaf.v2_0.Nss.Ns;
38 import aaf.v2_0.Perms;
39 import aaf.v2_0.Request;
40 import com.google.common.collect.ImmutableMap;
41 import com.google.common.collect.Iterables;
42 import com.google.common.collect.Lists;
43 import com.google.common.collect.Sets;
44 import java.io.IOException;
45 import java.util.List;
48 import org.junit.Assert;
49 import org.junit.Before;
50 import org.junit.Test;
51 import org.junit.runner.RunWith;
52 import org.mockito.Mock;
53 import org.mockito.runners.MockitoJUnitRunner;
54 import org.onap.aaf.auth.dao.cass.Namespace;
55 import org.onap.aaf.auth.dao.cass.NsDAO;
56 import org.onap.aaf.auth.dao.cass.NsSplit;
57 import org.onap.aaf.auth.dao.cass.NsType;
58 import org.onap.aaf.auth.dao.cass.PermDAO;
59 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
60 import org.onap.aaf.auth.dao.hl.Question;
61 import org.onap.aaf.auth.dao.hl.Question.Access;
62 import org.onap.aaf.auth.env.AuthzTrans;
63 import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
64 import org.onap.aaf.auth.layer.Result;
65 import org.onap.aaf.auth.rserv.Pair;
66 import org.onap.aaf.auth.service.mapper.Mapper.API;
67 import org.onap.aaf.auth.service.mapper.Mapper_2_0;
68 import org.onap.aaf.cadi.CadiException;
69 import org.onap.aaf.misc.env.APIException;
70 import org.onap.aaf.misc.env.Env;
71 import org.onap.aaf.misc.env.TimeTaken;
73 @RunWith(MockitoJUnitRunner.class)
74 public class JU_Mapper_2_0 {
76 private static final String USER = "John";
78 private Mapper_2_0 mapper;
80 private Question question;
82 private AuthzTrans transaction;
88 public void setUp() throws APIException, IOException, CadiException {
89 given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt);
90 given(transaction.user()).willReturn(USER);
91 this.mapper = new Mapper_2_0(question);
94 @Test(expected = ClassCastException.class)
95 public void ns_willThrowException_whenInvalidRequestType() {
97 Request rq = new Request();
100 mapper.ns(transaction, rq);
103 fail("Expected ClassCastException");
107 public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() {
109 String namespaceName = "org.companyA.app1";
110 String namespaceType = "APP";
111 NsType expectedNsType = NsType.APP;
112 NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType);
115 Result<Namespace> result = mapper.ns(transaction,nsRequest);
118 assertTrue(result.isOK());
119 assertNamespaceValues(result.value, expectedNsType, namespaceName);
120 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
124 public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() {
126 String namespaceName = "org.companyA.app1.service0";
127 String invalidNsType = "BLUE";
128 NsType expectedNsType = NsType.APP;
129 NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType);
132 Result<Namespace> result = mapper.ns(transaction,nsRequest);
135 assertTrue(result.isOK());
136 assertNamespaceValues(result.value, expectedNsType, namespaceName);
137 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
141 public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() {
143 String rootNsName = "org";
144 NsType expectedNsType = NsType.ROOT;
145 NsRequest nsRequest = createNsRequestForType(rootNsName, null);
148 Result<Namespace> result = mapper.ns(transaction,nsRequest);
151 assertTrue(result.isOK());
152 assertNamespaceValues(result.value, expectedNsType, rootNsName);
153 verify(transaction).checkpoint(rootNsName,Env.ALWAYS);
157 public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() {
159 String companyNsName = "org.companyA";
160 NsType expectedNsType = NsType.COMPANY;
161 NsRequest nsRequest = createNsRequestForType(companyNsName, null);
164 Result<Namespace> result = mapper.ns(transaction,nsRequest);
167 assertTrue(result.isOK());
168 assertNamespaceValues(result.value, expectedNsType, companyNsName);
169 verify(transaction).checkpoint(companyNsName,Env.ALWAYS);
172 private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) {
173 List<String> people = Lists.newArrayList("tk007@people.osaaf.org");
174 assertEquals(Integer.valueOf(nsType.type), value.type);
175 assertEquals(namespaceName, value.name);
176 assertEquals("some namespace description", value.description);
177 assertEquals(people, value.admin);
178 assertEquals(people, value.owner);
181 private NsRequest createNsRequestForType(String nsName, String nsType) {
182 NsRequest req = mapper.newInstance(API.NS_REQ);
185 req.setDescription("some namespace description");
186 req.getAdmin().add("tk007@people.osaaf.org");
187 req.getResponsible().add("tk007@people.osaaf.org");
192 public void nss_shouldConvertNamespaceToNss_withoutAttributes() {
194 Nss nss = mapper.newInstance(API.NSS);
195 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
198 Result<Nss> result = mapper.nss(transaction, ns, nss);
201 assertTrue(result.isOK());
202 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
203 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
204 assertEquals(ns.admin, addedNs.getAdmin());
205 assertEquals(ns.name, addedNs.getName());
206 assertEquals(ns.owner, addedNs.getResponsible());
207 assertEquals(ns.description, addedNs.getDescription());
208 assertTrue(addedNs.getAttrib().isEmpty());
212 public void nss_shouldConvertNamespaceToNss_withAttributes() {
214 Nss nss = mapper.newInstance(API.NSS);
215 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
216 ns.attrib = Lists.newArrayList();
218 Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5");
219 attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val)));
222 Result<Nss> result = mapper.nss(transaction, ns, nss);
225 assertTrue(result.isOK());
226 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
227 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
228 assertEquals(attribNum, addedNs.getAttrib().size());
229 addedNs.getAttrib().forEach( attr -> {
230 assertEquals(attr.getValue(), attribs.get(attr.getKey()));
235 public void nss_shouldAddSeveralNamespacesToNss() {
237 Nss nss = mapper.newInstance(API.NSS);
238 Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value;
239 Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value;
242 Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss);
245 assertTrue(result.isOK());
246 assertEquals("Two namespaces should be added",2, result.value.getNs().size());
250 public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() {
252 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
253 .willReturn(Result.err(9, "error"));
254 Perms permsContainer = mapper.newInstance(API.PERMS);
255 List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data());
256 boolean filter = true;
259 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
262 assertTrue(result.isOK());
263 assertEquals("No perms added",0,result.value.getPerm().size());
267 public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() {
269 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
270 .willReturn(Result.ok(new NsDAO.Data()));
271 given(transaction.requested(REQD_TYPE.ns)).willReturn(true);
272 Perms permsContainer = mapper.newInstance(API.PERMS);
273 Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer"
274 ,"org.onap.portal.tester");
275 String namespace = "org.onap.portal";
276 String type = "access";
277 String fullType = namespace + "." +type;
278 String action = "read";
279 String description = "Portal Read Access";
280 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description));
281 boolean filter = true;
284 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
287 assertTrue(result.isOK());
288 assertEquals("Perm is added",1,result.value.getPerm().size());
289 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
290 assertEquals(namespace, perm.getNs());
291 assertEquals(fullType, perm.getType());
292 assertEquals(action, perm.getAction());
293 assertEquals("*", perm.getInstance());
294 assertEquals(description, perm.getDescription());
295 assertEquals(Lists.newArrayList(roles), perm.getRoles());
299 public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() {
301 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
302 .willReturn(Result.ok(new NsDAO.Data()));
303 given(transaction.requested(REQD_TYPE.ns)).willReturn(false);
304 Perms permsContainer = mapper.newInstance(API.PERMS);
305 String namespace = "org.onap.portal";
306 String type = "access";
307 String fullType = namespace + "." + type;
308 String action = "read";
309 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null));
310 boolean filter = true;
313 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
316 assertTrue(result.isOK());
317 assertEquals("Perm is added",1,result.value.getPerm().size());
318 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
319 assertNull(perm.getNs());
320 assertEquals(fullType, perm.getType());
321 assertEquals(action, perm.getAction());
325 public void perm_shouldAddPermsWithCorrectSortedOrder() {
327 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
328 .willReturn(Result.ok(new NsDAO.Data()));
329 Perms permsContainer = mapper.newInstance(API.PERMS);
330 PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null);
331 PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null);
332 PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null);
333 PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null);
334 PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null);
335 List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2);
336 List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5);
339 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true);
342 assertTrue(result.isOK());
343 assertEquals("Alls Perms added",5,result.value.getPerm().size());
344 List<Perm> mappedPerms = result.value.getPerm();
345 for(int i=0; i<5; i++) {
346 comparePerm(correctOrderPerms.get(i), mappedPerms.get(i));
350 private void comparePerm(Data data, Perm perm) {
351 assertEquals(data.ns + "." + data.type, perm.getType());
352 assertEquals(data.instance, perm.getInstance());
353 assertEquals(data.action, perm.getAction());
356 private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) {
357 NsSplit nss = new NsSplit(ns, name);
358 PermDAO.Data perm = new PermDAO.Data(nss, instance, action);
360 perm.description = description;
370 public void testApprovals(){
375 public void testCert(){
381 public void testCred(){
387 public void testDelegate(){
392 public void testErrorFromMessage(){
398 public void testFuture(){
403 public void testGetClass(){
408 public void testGetExpires(){
413 public void testGetMarshal(){
419 public void testHistory(){
424 public void testKeys(){
430 public void testNewInstance(){
435 public void testNs(){
440 public void testNss(){
445 public void testPerm(){
450 public void testPermFromRPRequest(){
455 public void testPermKey(){
460 public void testPerms(){
465 public void testRole(){
470 public void testRoleFromRPRequest(){
475 public void testRoles(){
480 public void testUserRole(){
485 public void testUserRoles(){
490 public void testUsers(){