sidecar/rproxy/src/test/java/org/onap/aaf/cadi/sidecar/rproxy/test/PermissionMatchingTest.java

   1 /**
   2  * ============LICENSE_START=======================================================
   3  * org.onap.aaf
   4  * ================================================================================
   5  * Copyright © 2018 European Software Marketing Ltd.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *       http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20 package org.onap.aaf.cadi.sidecar.rproxy.test;
  21
  22 import static org.hamcrest.Matchers.equalTo;
  23 import static org.springframework.test.web.client.match.MockRestRequestMatchers.header;
  24 import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
  25 import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
  26 import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
  27 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
  28 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
  29 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
  30
  31 import javax.annotation.Resource;
  32
  33 import org.eclipse.jetty.util.security.Password;
  34 import org.junit.Before;
  35 import org.junit.Test;
  36 import org.junit.runner.RunWith;
  37 import org.onap.aaf.cadi.sidecar.rproxy.config.ForwardProxyProperties;
  38 import org.onap.aaf.cadi.sidecar.rproxy.config.PrimaryServiceProperties;
  39 import org.springframework.beans.factory.annotation.Autowired;
  40 import org.springframework.beans.factory.annotation.Value;
  41 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
  42 import org.springframework.boot.test.context.SpringBootTest;
  43 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
  44 import org.springframework.http.HttpMethod;
  45 import org.springframework.http.MediaType;
  46 import org.springframework.test.context.ContextConfiguration;
  47 import org.springframework.test.context.TestPropertySource;
  48 import org.springframework.test.context.junit4.SpringRunner;
  49 import org.springframework.test.web.client.MockRestServiceServer;
  50 import org.springframework.test.web.servlet.MockMvc;
  51 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
  52 import org.springframework.web.client.RestTemplate;
  53
  54
  55 @RunWith(SpringRunner.class)
  56 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
  57 @AutoConfigureMockMvc
  58
  59 @TestPropertySource(locations = {"classpath:primary-service.properties", "classpath:forward-proxy.properties"})
  60
  61 @ContextConfiguration(classes = ReverseProxyTestConfig.class)
  62 public class PermissionMatchingTest {
  63
  64     static {
  65         System.setProperty("server.ssl.key-store-password",
  66                 Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
  67     }
  68
  69     @Value("${transactionid.header.name}")
  70     private String transactionIdHeaderName;
  71
  72     @Resource(name = "PrimaryServiceProperties")
  73     private PrimaryServiceProperties primaryServiceProps;
  74
  75     @Resource(name = "ForwardProxyProperties")
  76     private ForwardProxyProperties forwardProxyProps;
  77
  78     @Autowired
  79     private MockMvc mockMvc;
  80
  81     @Autowired
  82     private RestTemplate restTemplate;
  83
  84     private MockRestServiceServer mockServer;
  85
  86     private String primaryServiceBaseUrl;
  87
  88     @Before
  89     public void setUp() throws Exception {
  90         mockServer = MockRestServiceServer.createServer(restTemplate);
  91         primaryServiceBaseUrl = primaryServiceProps.getProtocol() + "://" + primaryServiceProps.getHost() + ":"
  92                 + primaryServiceProps.getPort();
  93     }
  94
  95         @Test
  96         public void testURIMismatch() throws Exception {
  97
  98         String testUrl = "/uri/does/not/exist";
  99         String testResponse = "Sorry, the request is not allowed";
 100
 101         mockMvc
 102                 .perform(get(testUrl))
 103                 .andExpect(status().isForbidden())
 104                 .andExpect(status().reason(testResponse));
 105
 106         }
 107
 108         @Test
 109         public void testURINoPermission() throws Exception {
 110
 111         String testUrl = "/not/allowed/at/all";
 112         String testResponse = "Sorry, the request is not allowed";
 113
 114         mockMvc
 115                 .perform(get(testUrl))
 116                 .andExpect(status().isForbidden())
 117                 .andExpect(status().reason(testResponse));
 118
 119         }
 120
 121         @Test
 122         public void testURIMatchSinglePermissionMatch() throws Exception {
 123
 124         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 125         String testUrl = "/single/permission/required";
 126         String testResponse = "Response from MockRestService";
 127
 128         mockServer
 129                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 130                 .andExpect(method(HttpMethod.GET))
 131                 .andExpect(header(transactionIdHeaderName, transactionId))
 132                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 133
 134         // Send request to mock server with transaction Id
 135         mockMvc
 136                 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
 137                 .andExpect(status().isOk())
 138             .andExpect(content().string(equalTo(testResponse)));
 139
 140         mockServer.verify();
 141
 142         }
 143
 144         @Test
 145         public void testURIPUTMatchSinglePermissionMatch() throws Exception {
 146
 147         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 148         String testUrl = "/single/permission/required";
 149         String testResponse = "Response from MockRestService";
 150
 151         mockServer
 152                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 153                 .andExpect(method(HttpMethod.PUT))
 154                 .andExpect(header(transactionIdHeaderName, transactionId))
 155                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 156
 157         // Send request to mock server with transaction Id
 158         mockMvc
 159                 .perform(MockMvcRequestBuilders.put(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
 160                 .andExpect(status().isOk())
 161             .andExpect(content().string(equalTo(testResponse)));
 162
 163         mockServer.verify();
 164
 165         }
 166
 167
 168         @Test
 169         public void testURIPATCHMatchSinglePermissionMatch() throws Exception {
 170
 171         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 172         String testUrl = "/single/permission/required";
 173         String testResponse = "Sorry, the request is not allowed";
 174
 175         // Send request to mock server with transaction Id
 176         mockMvc
 177                 .perform(MockMvcRequestBuilders.patch(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
 178                 .andExpect(status().isForbidden())
 179                 .andExpect(status().reason(testResponse));
 180
 181         mockServer.verify();
 182
 183         }
 184
 185         @Test
 186         public void testURIMatchMultiplePermissionMatch() throws Exception {
 187
 188         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 189         String testUrl = "/multiple/permissions/required";
 190         String testResponse = "Response from MockRestService";
 191
 192         mockServer
 193                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 194                 .andExpect(method(HttpMethod.GET))
 195                 .andExpect(header(transactionIdHeaderName, transactionId))
 196                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 197
 198         // Send request to mock server with transaction Id
 199         mockMvc
 200                 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
 201                 .andExpect(status().isOk())
 202             .andExpect(content().string(equalTo(testResponse)));
 203
 204         mockServer.verify();
 205
 206         }
 207
 208         @Test
 209         public void testURIMatchMultipleMissingOnePermissionMatch() throws Exception {
 210
 211         String testUrl = "/multiple/permissions/required/one/missing";
 212         String testResponse = "Sorry, the request is not allowed";
 213
 214         mockMvc
 215                 .perform(get(testUrl))
 216                 .andExpect(status().isForbidden())
 217                 .andExpect(status().reason(testResponse));
 218         }
 219
 220         @Test
 221         public void testURIInstanceActionWildCardPermissionMatch() throws Exception {
 222
 223         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 224         String testUrl = "/wildcard/permission/granted";
 225         String testResponse = "Response from MockRestService";
 226
 227         mockServer
 228                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 229                 .andExpect(method(HttpMethod.GET))
 230                 .andExpect(header(transactionIdHeaderName, transactionId))
 231                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 232
 233         // Send request to mock server with transaction Id
 234         mockMvc
 235                 .perform(MockMvcRequestBuilders
 236                                         .get(testUrl)
 237                                         .accept(MediaType.APPLICATION_JSON)
 238                                         .header(transactionIdHeaderName, transactionId)
 239                                         .header("PermissionsUser", "UserWithInstanceActionWildcardPermissionGranted")
 240                                 )
 241                 .andExpect(status().isOk())
 242             .andExpect(content().string(equalTo(testResponse)));
 243
 244         mockServer.verify();
 245
 246         }
 247
 248         @Test
 249         public void testURIInstanceWildCardPermissionMatch() throws Exception {
 250
 251         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 252         String testUrl = "/instance/wildcard/permission/granted";
 253         String testResponse = "Response from MockRestService";
 254
 255         mockServer
 256                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 257                 .andExpect(method(HttpMethod.GET))
 258                 .andExpect(header(transactionIdHeaderName, transactionId))
 259                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 260
 261         // Send request to mock server with transaction Id
 262         mockMvc
 263                 .perform(MockMvcRequestBuilders
 264                                         .get(testUrl)
 265                                         .accept(MediaType.APPLICATION_JSON)
 266                                         .header(transactionIdHeaderName, transactionId)
 267                                         .header("PermissionsUser", "UserWithInstanceWildcardPermissionGranted")
 268                                 )
 269                 .andExpect(status().isOk())
 270             .andExpect(content().string(equalTo(testResponse)));
 271
 272         mockServer.verify();
 273
 274         }
 275
 276         @Test
 277         public void testURIActionWildCardPermissionMatch() throws Exception {
 278
 279         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 280         String testUrl = "/action/wildcard/permission/granted";
 281         String testResponse = "Response from MockRestService";
 282
 283         mockServer
 284                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 285                 .andExpect(method(HttpMethod.GET))
 286                 .andExpect(header(transactionIdHeaderName, transactionId))
 287                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 288
 289         // Send request to mock server with transaction Id
 290         mockMvc
 291                 .perform(MockMvcRequestBuilders
 292                                         .get(testUrl)
 293                                         .accept(MediaType.APPLICATION_JSON)
 294                                         .header(transactionIdHeaderName, transactionId)
 295                                         .header("PermissionsUser", "UserWithActionWildcardPermissionGranted")
 296                                 )
 297                 .andExpect(status().isOk())
 298             .andExpect(content().string(equalTo(testResponse)));
 299
 300         mockServer.verify();
 301
 302         }
 303
 304 }