2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2024 Nordix Foundation
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the 'License');
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an 'AS IS' BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.cps.integration.functional
23 import java.time.Duration
24 import org.onap.cps.integration.base.CpsIntegrationSpecBase
25 import org.springframework.http.HttpHeaders
26 import org.springframework.http.HttpStatus
27 import org.springframework.http.MediaType
28 import org.springframework.test.web.client.match.MockRestRequestMatchers
30 import static org.springframework.http.HttpMethod.GET
31 import static org.springframework.http.HttpMethod.DELETE
32 import static org.springframework.http.HttpMethod.PATCH
33 import static org.springframework.http.HttpMethod.POST
34 import static org.springframework.http.HttpMethod.PUT
35 import static org.springframework.test.web.client.match.MockRestRequestMatchers.method
36 import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo
37 import static org.springframework.test.web.client.response.MockRestResponseCreators.withStatus
38 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.request
39 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
41 class NcmpBearerTokenPassthroughSpec extends CpsIntegrationSpecBase {
43 static final NO_MODULE_SET_TAG = ''
44 static final MODULE_REFERENCES_RESPONSE = readResourceDataFile('mock-dmi-responses/bookStoreAWithModules_M1_M2_Response.json')
45 static final MODULE_RESOURCES_RESPONSE = readResourceDataFile('mock-dmi-responses/bookStoreAWithModules_M1_M2_ResourcesResponse.json')
48 registerCmHandle(DMI_URL, 'ch-1', NO_MODULE_SET_TAG, MODULE_REFERENCES_RESPONSE, MODULE_RESOURCES_RESPONSE)
52 deregisterCmHandle(DMI_URL, 'ch-1')
55 def 'Bearer token is passed from NCMP to DMI in pass-through data operations.'() {
56 given: 'DMI will expect to receive a request with a bearer token'
57 def targetDmiUrl = "$DMI_URL/dmi/v1/ch/ch-1/data/ds/ncmp-datastore:passthrough-running?resourceIdentifier=my-resource-id"
58 mockDmiServer.expect(requestTo(targetDmiUrl))
59 .andExpect(MockRestRequestMatchers.header(HttpHeaders.AUTHORIZATION, 'Bearer some-bearer-token'))
60 .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON))
62 when: 'a pass-through data request is sent to NCMP with a bearer token'
63 mvc.perform(request(httpMethod, '/ncmp/v1/ch/ch-1/data/ds/ncmp-datastore:passthrough-running')
64 .queryParam('resourceIdentifier', 'my-resource-id')
65 .contentType(MediaType.APPLICATION_JSON)
66 .content('{ "some-json": "data" }')
67 .header(HttpHeaders.AUTHORIZATION, 'Bearer some-bearer-token'))
68 .andExpect(status().is2xxSuccessful())
70 then: 'DMI has received request with bearer token'
71 mockDmiServer.verify()
73 where: 'all HTTP operations are applied'
74 httpMethod << [GET, POST, PUT, PATCH, DELETE]
77 def 'Basic auth header is NOT passed from NCMP to DMI in pass-through data operations.'() {
78 given: 'DMI will expect to receive a request with no authorization header'
79 def targetDmiUrl = "$DMI_URL/dmi/v1/ch/ch-1/data/ds/ncmp-datastore:passthrough-running?resourceIdentifier=my-resource-id"
80 mockDmiServer.expect(requestTo(targetDmiUrl))
81 .andExpect(MockRestRequestMatchers.headerDoesNotExist(HttpHeaders.AUTHORIZATION))
82 .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON))
84 when: 'a pass-through data request is sent to NCMP with basic authentication'
85 mvc.perform(request(httpMethod, '/ncmp/v1/ch/ch-1/data/ds/ncmp-datastore:passthrough-running')
86 .queryParam('resourceIdentifier', 'my-resource-id')
87 .contentType(MediaType.APPLICATION_JSON)
88 .content('{ "some-json": "data" }')
89 .header(HttpHeaders.AUTHORIZATION, 'Basic Y3BzdXNlcjpjcHNyMGNrcyE='))
90 .andExpect(status().is2xxSuccessful())
92 then: 'DMI has received request with no authorization header'
93 mockDmiServer.verify()
95 where: 'all HTTP operations are applied'
96 httpMethod << [GET, POST, PUT, PATCH, DELETE]
99 def 'Bearer token is passed from NCMP to DMI in async batch pass-through data operation.'() {
100 given: 'DMI will expect to receive a request with a bearer token'
101 mockDmiServer.expect(method(POST))
102 .andExpect(MockRestRequestMatchers.header(HttpHeaders.AUTHORIZATION, 'Bearer some-bearer-token'))
103 .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON))
105 when: 'a pass-through async data request is sent to NCMP with a bearer token'
106 def requestBody = """{"operations": [{
108 "operationId": "operational-1",
109 "datastore": "ncmp-datastore:passthrough-running",
110 "resourceIdentifier": "my-resource-id",
111 "targetIds": ["ch-1"]
113 mvc.perform(request(POST, '/ncmp/v1/data')
114 .queryParam('topic', 'my-topic')
115 .contentType(MediaType.APPLICATION_JSON)
116 .content(requestBody)
117 .header(HttpHeaders.AUTHORIZATION, 'Bearer some-bearer-token'))
118 .andExpect(status().is2xxSuccessful())
120 then: 'DMI will receive the async request with bearer token'
121 mockDmiServer.verify(Duration.ofSeconds(1))