X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-service%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Faaf%2Fauthz%2Fservice%2Fmapper%2FJU_Mapper_2_0.java;h=12b343d5caa43ce15c431f678fb4c378d7d80bd3;hb=refs%2Fchanges%2F75%2F65275%2F1;hp=a7df421b500b1e16b8a2a588686a9956481c31de;hpb=824dc7b5fc0e1ccdf7f460479aff344727f0f01e;p=aaf%2Fauthz.git diff --git a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java index a7df421b..12b343d5 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java @@ -102,195 +102,195 @@ public class JU_Mapper_2_0 { private static final String USER = "John"; - private Mapper_2_0 mapper; - @Mock - private Question question; - @Mock - private AuthzTrans transaction; - @Mock + private Mapper_2_0 mapper; + @Mock + private Question question; + @Mock + private AuthzTrans transaction; + @Mock private TimeTaken tt; - @Before - public void setUp() throws APIException, IOException, CadiException { - given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt); - given(transaction.user()).willReturn(USER); - this.mapper = new Mapper_2_0(question); - } - - @Test(expected = ClassCastException.class) - public void ns_willThrowException_whenInvalidRequestType() { - //given - Request rq = new Request(); - - //when - mapper.ns(transaction, rq); - - //then - fail("Expected ClassCastException"); - } - - @Test - public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() { - //given - String namespaceName = "org.companyA.app1"; - String namespaceType = "APP"; - NsType expectedNsType = NsType.APP; - NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType); - - //when - Result result = mapper.ns(transaction,nsRequest); - - //then - assertTrue(result.isOK()); - assertNamespaceValues(result.value, expectedNsType, namespaceName); - verify(transaction).checkpoint(namespaceName,Env.ALWAYS); - } - - @Test - public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() { - //given - String namespaceName = "org.companyA.app1.service0"; - String invalidNsType = "BLUE"; - NsType expectedNsType = NsType.APP; - NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType); - - //when - Result result = mapper.ns(transaction,nsRequest); - - //then - assertTrue(result.isOK()); - assertNamespaceValues(result.value, expectedNsType, namespaceName); - verify(transaction).checkpoint(namespaceName,Env.ALWAYS); - } - - @Test - public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() { - //given - String rootNsName = "org"; - NsType expectedNsType = NsType.ROOT; - NsRequest nsRequest = createNsRequestForType(rootNsName, null); - - //when - Result result = mapper.ns(transaction,nsRequest); - - //then - assertTrue(result.isOK()); - assertNamespaceValues(result.value, expectedNsType, rootNsName); - verify(transaction).checkpoint(rootNsName,Env.ALWAYS); - } - - @Test - public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() { - //given - String companyNsName = "org.companyA"; - NsType expectedNsType = NsType.COMPANY; - NsRequest nsRequest = createNsRequestForType(companyNsName, null); - - //when - Result result = mapper.ns(transaction,nsRequest); - - //then - assertTrue(result.isOK()); - assertNamespaceValues(result.value, expectedNsType, companyNsName); - verify(transaction).checkpoint(companyNsName,Env.ALWAYS); - } - - private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) { - List people = Lists.newArrayList("tk007@people.osaaf.org"); - assertEquals(Integer.valueOf(nsType.type), value.type); - assertEquals(namespaceName, value.name); - assertEquals("some namespace description", value.description); - assertEquals(people, value.admin); - assertEquals(people, value.owner); - } - - private NsRequest createNsRequestForType(String nsName, String nsType) { - NsRequest req = mapper.newInstance(API.NS_REQ); - req.setType(nsType); - req.setName(nsName); - req.setDescription("some namespace description"); - req.getAdmin().add("tk007@people.osaaf.org"); - req.getResponsible().add("tk007@people.osaaf.org"); - return req; - } - - @Test - public void nss_shouldConvertNamespaceToNss_withoutAttributes() { - //given - Nss nss = mapper.newInstance(API.NSS); - Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value; - - //when - Result result = mapper.nss(transaction, ns, nss); - - //then - assertTrue(result.isOK()); - assertEquals("Only one Ns should be added",1, result.value.getNs().size()); - Ns addedNs = Iterables.getOnlyElement(result.value.getNs()); - assertEquals(ns.admin, addedNs.getAdmin()); - assertEquals(ns.name, addedNs.getName()); - assertEquals(ns.owner, addedNs.getResponsible()); - assertEquals(ns.description, addedNs.getDescription()); - assertTrue(addedNs.getAttrib().isEmpty()); - } - - @Test - public void nss_shouldConvertNamespaceToNss_withAttributes() { - //given - Nss nss = mapper.newInstance(API.NSS); - Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value; - ns.attrib = Lists.newArrayList(); - int attribNum = 5; - Map attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5"); - attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val))); - - //when - Result result = mapper.nss(transaction, ns, nss); - - //then - assertTrue(result.isOK()); - assertEquals("Only one Ns should be added",1, result.value.getNs().size()); - Ns addedNs = Iterables.getOnlyElement(result.value.getNs()); - assertEquals(attribNum, addedNs.getAttrib().size()); - addedNs.getAttrib().forEach( attr -> { - assertEquals(attr.getValue(), attribs.get(attr.getKey())); - }); - } - - @Test - public void nss_shouldAddSeveralNamespacesToNss() { - //given - Nss nss = mapper.newInstance(API.NSS); - Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value; - Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value; - - //when - Result result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss); - - //then - assertTrue(result.isOK()); - assertEquals("Two namespaces should be added",2, result.value.getNs().size()); - } - - @Test - public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() { - //given + @Before + public void setUp() throws APIException, IOException, CadiException { + given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt); + given(transaction.user()).willReturn(USER); + this.mapper = new Mapper_2_0(question); + } + + @Test(expected = ClassCastException.class) + public void ns_willThrowException_whenInvalidRequestType() { + //given + Request rq = new Request(); + + //when + mapper.ns(transaction, rq); + + //then + fail("Expected ClassCastException"); + } + + @Test + public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() { + //given + String namespaceName = "org.companyA.app1"; + String namespaceType = "APP"; + NsType expectedNsType = NsType.APP; + NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType); + + //when + Result result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, namespaceName); + verify(transaction).checkpoint(namespaceName,Env.ALWAYS); + } + + @Test + public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() { + //given + String namespaceName = "org.companyA.app1.service0"; + String invalidNsType = "BLUE"; + NsType expectedNsType = NsType.APP; + NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType); + + //when + Result result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, namespaceName); + verify(transaction).checkpoint(namespaceName,Env.ALWAYS); + } + + @Test + public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() { + //given + String rootNsName = "org"; + NsType expectedNsType = NsType.ROOT; + NsRequest nsRequest = createNsRequestForType(rootNsName, null); + + //when + Result result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, rootNsName); + verify(transaction).checkpoint(rootNsName,Env.ALWAYS); + } + + @Test + public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() { + //given + String companyNsName = "org.companyA"; + NsType expectedNsType = NsType.COMPANY; + NsRequest nsRequest = createNsRequestForType(companyNsName, null); + + //when + Result result = mapper.ns(transaction,nsRequest); + + //then + assertTrue(result.isOK()); + assertNamespaceValues(result.value, expectedNsType, companyNsName); + verify(transaction).checkpoint(companyNsName,Env.ALWAYS); + } + + private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) { + List people = Lists.newArrayList("tk007@people.osaaf.org"); + assertEquals(Integer.valueOf(nsType.type), value.type); + assertEquals(namespaceName, value.name); + assertEquals("some namespace description", value.description); + assertEquals(people, value.admin); + assertEquals(people, value.owner); + } + + private NsRequest createNsRequestForType(String nsName, String nsType) { + NsRequest req = mapper.newInstance(API.NS_REQ); + req.setType(nsType); + req.setName(nsName); + req.setDescription("some namespace description"); + req.getAdmin().add("tk007@people.osaaf.org"); + req.getResponsible().add("tk007@people.osaaf.org"); + return req; + } + + @Test + public void nss_shouldConvertNamespaceToNss_withoutAttributes() { + //given + Nss nss = mapper.newInstance(API.NSS); + Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value; + + //when + Result result = mapper.nss(transaction, ns, nss); + + //then + assertTrue(result.isOK()); + assertEquals("Only one Ns should be added",1, result.value.getNs().size()); + Ns addedNs = Iterables.getOnlyElement(result.value.getNs()); + assertEquals(ns.admin, addedNs.getAdmin()); + assertEquals(ns.name, addedNs.getName()); + assertEquals(ns.owner, addedNs.getResponsible()); + assertEquals(ns.description, addedNs.getDescription()); + assertTrue(addedNs.getAttrib().isEmpty()); + } + + @Test + public void nss_shouldConvertNamespaceToNss_withAttributes() { + //given + Nss nss = mapper.newInstance(API.NSS); + Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value; + ns.attrib = Lists.newArrayList(); + int attribNum = 5; + Map attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5"); + attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val))); + + //when + Result result = mapper.nss(transaction, ns, nss); + + //then + assertTrue(result.isOK()); + assertEquals("Only one Ns should be added",1, result.value.getNs().size()); + Ns addedNs = Iterables.getOnlyElement(result.value.getNs()); + assertEquals(attribNum, addedNs.getAttrib().size()); + addedNs.getAttrib().forEach( attr -> { + assertEquals(attr.getValue(), attribs.get(attr.getKey())); + }); + } + + @Test + public void nss_shouldAddSeveralNamespacesToNss() { + //given + Nss nss = mapper.newInstance(API.NSS); + Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value; + Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value; + + //when + Result result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss); + + //then + assertTrue(result.isOK()); + assertEquals("Two namespaces should be added",2, result.value.getNs().size()); + } + + @Test + public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() { + //given given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) .willReturn(Result.err(9, "error")); Perms permsContainer = mapper.newInstance(API.PERMS); List permsData = Lists.newArrayList(new PermDAO.Data()); boolean filter = true; - //when + //when Result result = mapper.perms(transaction, permsData, permsContainer, filter); - //then + //then assertTrue(result.isOK()); assertEquals("No perms added",0,result.value.getPerm().size()); - } + } - @Test + @Test public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() { //given given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) @@ -298,13 +298,13 @@ public class JU_Mapper_2_0 { given(transaction.requested(REQD_TYPE.ns)).willReturn(true); Perms permsContainer = mapper.newInstance(API.PERMS); Set roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer" - ,"org.onap.portal.tester"); + ,"org.onap.portal.tester"); String namespace = "org.onap.portal"; String type = "access"; String fullType = namespace + "." +type; String action = "read"; String description = "Portal Read Access"; - List permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description)); + List permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description)); boolean filter = true; //when @@ -322,66 +322,66 @@ public class JU_Mapper_2_0 { assertEquals(Lists.newArrayList(roles), perm.getRoles()); } - @Test - public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() { - //given - given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) - .willReturn(Result.ok(new NsDAO.Data())); - given(transaction.requested(REQD_TYPE.ns)).willReturn(false); - Perms permsContainer = mapper.newInstance(API.PERMS); - String namespace = "org.onap.portal"; - String type = "access"; - String fullType = namespace + "." + type; - String action = "read"; - List permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null)); - boolean filter = true; - - //when - Result result = mapper.perms(transaction, permsData, permsContainer, filter); - - //then - assertTrue(result.isOK()); - assertEquals("Perm is added",1,result.value.getPerm().size()); - Perm perm = Iterables.getOnlyElement(result.value.getPerm()); - assertNull(perm.getNs()); - assertEquals(fullType, perm.getType()); - assertEquals(action, perm.getAction()); - } - - @Test - public void perm_shouldAddPermsWithCorrectSortedOrder() { - //given - given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) - .willReturn(Result.ok(new NsDAO.Data())); - Perms permsContainer = mapper.newInstance(API.PERMS); - PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null); - PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null); - PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null); - PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null); - PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null); - List permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2); - List correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5); - - //when - Result result = mapper.perms(transaction, permsData, permsContainer, true); - - //then - assertTrue(result.isOK()); - assertEquals("Alls Perms added",5,result.value.getPerm().size()); - List mappedPerms = result.value.getPerm(); - for(int i=0; i<5; i++) { - comparePerm(correctOrderPerms.get(i), mappedPerms.get(i)); - } - } - - private void comparePerm(Data data, Perm perm) { - assertEquals(data.ns + "." + data.type, perm.getType()); - assertEquals(data.instance, perm.getInstance()); - assertEquals(data.action, perm.getAction()); - } - - private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set roles, String description) { - NsSplit nss = new NsSplit(ns, name); + @Test + public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(transaction.requested(REQD_TYPE.ns)).willReturn(false); + Perms permsContainer = mapper.newInstance(API.PERMS); + String namespace = "org.onap.portal"; + String type = "access"; + String fullType = namespace + "." + type; + String action = "read"; + List permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null)); + boolean filter = true; + + //when + Result result = mapper.perms(transaction, permsData, permsContainer, filter); + + //then + assertTrue(result.isOK()); + assertEquals("Perm is added",1,result.value.getPerm().size()); + Perm perm = Iterables.getOnlyElement(result.value.getPerm()); + assertNull(perm.getNs()); + assertEquals(fullType, perm.getType()); + assertEquals(action, perm.getAction()); + } + + @Test + public void perm_shouldAddPermsWithCorrectSortedOrder() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + Perms permsContainer = mapper.newInstance(API.PERMS); + PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null); + PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null); + PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null); + PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null); + PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null); + List permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2); + List correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5); + + //when + Result result = mapper.perms(transaction, permsData, permsContainer, true); + + //then + assertTrue(result.isOK()); + assertEquals("Alls Perms added",5,result.value.getPerm().size()); + List mappedPerms = result.value.getPerm(); + for(int i=0; i<5; i++) { + comparePerm(correctOrderPerms.get(i), mappedPerms.get(i)); + } + } + + private void comparePerm(Data data, Perm perm) { + assertEquals(data.ns + "." + data.type, perm.getType()); + assertEquals(data.instance, perm.getInstance()); + assertEquals(data.action, perm.getAction()); + } + + private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set roles, String description) { + NsSplit nss = new NsSplit(ns, name); PermDAO.Data perm = new PermDAO.Data(nss, instance, action); perm.roles = roles; perm.description = description; @@ -389,263 +389,263 @@ public class JU_Mapper_2_0 { } @Test - public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception { - //given - String roleName = "admin"; - RoleRequest request = createRoleRequest(roleName, "role description"); - given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException())); - - //when - Result result = mapper.role(transaction, request); - - //then - assertFalse(result.isOK()); - assertNull(result.value); - assertEquals(ERR_General, result.status); - } - - @Test - public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception { - //given - String roleName = "admin"; - String roleNs = "org.onap.roles"; - String roleFullName = roleNs + "." + roleName; - String description =" role description"; - RoleRequest request = createRoleRequest(roleFullName, description); - given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName))); - - //when - Result result = mapper.role(transaction, request); - - //then - assertTrue(result.isOK()); - assertEquals(roleName, result.value.name); - assertEquals(roleNs, result.value.ns); - assertEquals(description, result.value.description); - verify(transaction).checkpoint(roleFullName, Env.ALWAYS); - } - - private RoleRequest createRoleRequest(String name, String description) { - RoleRequest req = mapper.newInstance(API.ROLE_REQ); - req.setName(name); - req.setDescription(description); - return req; - } - - @Test - public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() { - //given - Roles initialRoles = new Roles(); - RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description"); - - //when - Result result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false); - - //then - assertTrue(result.isOK()); - assertEquals(initialRoles.getRole(), result.value.getRole()); - } - - @Test - public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() { - //given - Roles initialRoles = new Roles(); - RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description"); - given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) - .willReturn(Result.err(9, "error")); - - //when - Result result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true); - - //then - assertTrue(result.isOK()); - assertEquals(initialRoles.getRole(), result.value.getRole()); - } - - @Test - public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() { - test_roles_shouldAddRoles(false); - } - - @Test - public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() { - test_roles_shouldAddRoles(true); - } - - private void test_roles_shouldAddRoles(boolean namespaceRequested) { - //given - String namespace = "org.onap.app1"; - String description = "role description"; - Set roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer"); - List daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description)) - .collect(Collectors.toList()); - given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) - .willReturn(Result.ok(new NsDAO.Data())); - given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested); - - //when - Result result = mapper.roles(transaction, daoRoles, new Roles(), true); - - //then - assertTrue(result.isOK()); - assertEquals(2, result.value.getRole().size()); - result.value.getRole().stream().forEach( role -> { - assertTrue(role.getPerms().isEmpty()); - if(namespaceRequested) { - assertEquals(namespace, role.getNs()); - } else { - assertNull(role.getNs()); - } - assertTrue(roleNames.contains(role.getName())); - assertEquals(description, role.getDescription()); - }); - } - - @Test - public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() { - //given - given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) - .willReturn(Result.ok(new NsDAO.Data())); - RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description"); - role.perms = Sets.newHashSet("invalidPermFormat"); - - //when - Result result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true); - - //then - assertFalse(result.isOK()); - assertEquals(ERR_BadData, result.status); - } - - @Test - public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() { - //given - given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) - .willReturn(Result.ok(new NsDAO.Data())); - given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class))); - RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description"); - role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve"); - - //when - Result result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true); - - //then - assertTrue(result.isOK()); - Role mappedRole = Iterables.getOnlyElement(result.value.getRole()); - Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms()); - assertEquals("org.onap.app.access", pKey.getType()); - assertEquals("*", pKey.getInstance()); - assertEquals("read,approve", pKey.getAction()); - } - - private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) { - NsDAO.Data ns = new NsDAO.Data(); - ns.name = namespace; - RoleDAO.Data role = RoleDAO.Data.create(ns, rolename); - role.description = desc; - return role; - } - - @Test - public void userRoles_shouldMapUserRolesFromDAO() { - //given - String user = "john@people.osaaf.org"; - String role = "admin"; - String namespace = "org.osaaf.aaf"; - int year = 2020; - int month = 10; - int day = 31; - Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based - UserRoles targetRoles = new UserRoles(); - - //when - Result result = mapper.userRoles(transaction, Lists.newArrayList( - createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles); - - //then - assertTrue(result.isOK()); - UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole()); - assertEquals(user, targetRole.getUser()); - assertEquals(role, targetRole.getRole()); - assertEquals(year, targetRole.getExpires().getYear()); - assertEquals(month, targetRole.getExpires().getMonth()); - assertEquals(day, targetRole.getExpires().getDay()); - } - - @Test - public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() { - //given - PermRequest wrongRequestType = new PermRequest(); - - //when - Result result = mapper.userRole(transaction, wrongRequestType); - - //then - assertFalse(result.isOK()); - assertEquals(ERR_BadData, result.status); - verifyZeroInteractions(transaction); - } - - @Test - public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() { - //given - UserRoleRequest request = new UserRoleRequest(); - given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException())); - Organization org = mock(Organization.class); - given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar()); - given(transaction.org()).willReturn(org); - - //when - Result result = mapper.userRole(transaction, request); - - //then - assertTrue(result.isOK()); - assertNull(result.value.ns); - assertNull(result.value.rname); - assertNull(result.value.role); - assertNull(result.value.user); - assertNotNull(result.value.expires); - } - - @Test - public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() { - //given - String user = "johny@people.osaaf.org"; - String role = "org.onap.app1.deployer"; - String rName = "deployer"; - String namespace = "org.onap.app1"; - - given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName))); - Organization org = mock(Organization.class); - given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar()); - given(transaction.org()).willReturn(org); - - //when - Result result = mapper.userRole(transaction, createUserRoleRequest(role, user)); - - //then - assertTrue(result.isOK()); - assertEquals(user, result.value.user); - assertEquals(role, result.value.role); - assertEquals(rName, result.value.rname); - assertEquals(namespace, result.value.ns); - assertNotNull(result.value.expires); - } - - private UserRoleRequest createUserRoleRequest(String role, String user) { - UserRoleRequest request = new UserRoleRequest(); - request.setRole(role); - request.setUser(user); - return request; - } - - private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) { - UserRoleDAO.Data userRole = new UserRoleDAO.Data(); - userRole.user = userName; - userRole.expires = expires; - userRole.ns = namespace; - userRole.role = roleName; - return userRole; - } + public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception { + //given + String roleName = "admin"; + RoleRequest request = createRoleRequest(roleName, "role description"); + given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException())); + + //when + Result result = mapper.role(transaction, request); + + //then + assertFalse(result.isOK()); + assertNull(result.value); + assertEquals(ERR_General, result.status); + } + + @Test + public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception { + //given + String roleName = "admin"; + String roleNs = "org.onap.roles"; + String roleFullName = roleNs + "." + roleName; + String description =" role description"; + RoleRequest request = createRoleRequest(roleFullName, description); + given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName))); + + //when + Result result = mapper.role(transaction, request); + + //then + assertTrue(result.isOK()); + assertEquals(roleName, result.value.name); + assertEquals(roleNs, result.value.ns); + assertEquals(description, result.value.description); + verify(transaction).checkpoint(roleFullName, Env.ALWAYS); + } + + private RoleRequest createRoleRequest(String name, String description) { + RoleRequest req = mapper.newInstance(API.ROLE_REQ); + req.setName(name); + req.setDescription(description); + return req; + } + + @Test + public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() { + //given + Roles initialRoles = new Roles(); + RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description"); + + //when + Result result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false); + + //then + assertTrue(result.isOK()); + assertEquals(initialRoles.getRole(), result.value.getRole()); + } + + @Test + public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() { + //given + Roles initialRoles = new Roles(); + RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description"); + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.err(9, "error")); + + //when + Result result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true); + + //then + assertTrue(result.isOK()); + assertEquals(initialRoles.getRole(), result.value.getRole()); + } + + @Test + public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() { + test_roles_shouldAddRoles(false); + } + + @Test + public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() { + test_roles_shouldAddRoles(true); + } + + private void test_roles_shouldAddRoles(boolean namespaceRequested) { + //given + String namespace = "org.onap.app1"; + String description = "role description"; + Set roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer"); + List daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description)) + .collect(Collectors.toList()); + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested); + + //when + Result result = mapper.roles(transaction, daoRoles, new Roles(), true); + + //then + assertTrue(result.isOK()); + assertEquals(2, result.value.getRole().size()); + result.value.getRole().stream().forEach( role -> { + assertTrue(role.getPerms().isEmpty()); + if(namespaceRequested) { + assertEquals(namespace, role.getNs()); + } else { + assertNull(role.getNs()); + } + assertTrue(roleNames.contains(role.getName())); + assertEquals(description, role.getDescription()); + }); + } + + @Test + public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description"); + role.perms = Sets.newHashSet("invalidPermFormat"); + + //when + Result result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true); + + //then + assertFalse(result.isOK()); + assertEquals(ERR_BadData, result.status); + } + + @Test + public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() { + //given + given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read))) + .willReturn(Result.ok(new NsDAO.Data())); + given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class))); + RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description"); + role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve"); + + //when + Result result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true); + + //then + assertTrue(result.isOK()); + Role mappedRole = Iterables.getOnlyElement(result.value.getRole()); + Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms()); + assertEquals("org.onap.app.access", pKey.getType()); + assertEquals("*", pKey.getInstance()); + assertEquals("read,approve", pKey.getAction()); + } + + private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) { + NsDAO.Data ns = new NsDAO.Data(); + ns.name = namespace; + RoleDAO.Data role = RoleDAO.Data.create(ns, rolename); + role.description = desc; + return role; + } + + @Test + public void userRoles_shouldMapUserRolesFromDAO() { + //given + String user = "john@people.osaaf.org"; + String role = "admin"; + String namespace = "org.osaaf.aaf"; + int year = 2020; + int month = 10; + int day = 31; + Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based + UserRoles targetRoles = new UserRoles(); + + //when + Result result = mapper.userRoles(transaction, Lists.newArrayList( + createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles); + + //then + assertTrue(result.isOK()); + UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole()); + assertEquals(user, targetRole.getUser()); + assertEquals(role, targetRole.getRole()); + assertEquals(year, targetRole.getExpires().getYear()); + assertEquals(month, targetRole.getExpires().getMonth()); + assertEquals(day, targetRole.getExpires().getDay()); + } + + @Test + public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() { + //given + PermRequest wrongRequestType = new PermRequest(); + + //when + Result result = mapper.userRole(transaction, wrongRequestType); + + //then + assertFalse(result.isOK()); + assertEquals(ERR_BadData, result.status); + verifyZeroInteractions(transaction); + } + + @Test + public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() { + //given + UserRoleRequest request = new UserRoleRequest(); + given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException())); + Organization org = mock(Organization.class); + given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar()); + given(transaction.org()).willReturn(org); + + //when + Result result = mapper.userRole(transaction, request); + + //then + assertTrue(result.isOK()); + assertNull(result.value.ns); + assertNull(result.value.rname); + assertNull(result.value.role); + assertNull(result.value.user); + assertNotNull(result.value.expires); + } + + @Test + public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() { + //given + String user = "johny@people.osaaf.org"; + String role = "org.onap.app1.deployer"; + String rName = "deployer"; + String namespace = "org.onap.app1"; + + given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName))); + Organization org = mock(Organization.class); + given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar()); + given(transaction.org()).willReturn(org); + + //when + Result result = mapper.userRole(transaction, createUserRoleRequest(role, user)); + + //then + assertTrue(result.isOK()); + assertEquals(user, result.value.user); + assertEquals(role, result.value.role); + assertEquals(rName, result.value.rname); + assertEquals(namespace, result.value.ns); + assertNotNull(result.value.expires); + } + + private UserRoleRequest createUserRoleRequest(String role, String user) { + UserRoleRequest request = new UserRoleRequest(); + request.setRole(role); + request.setUser(user); + return request; + } + + private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) { + UserRoleDAO.Data userRole = new UserRoleDAO.Data(); + userRole.user = userName; + userRole.expires = expires; + userRole.ns = namespace; + userRole.role = roleName; + return userRole; + } }