X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Ftest%2Fjava%2Forg%2Fonap%2Faai%2Fbabel%2FMicroServiceAuthTest.java;h=ef9504b05e3f4ca0d329647b5cc284f7f65225b7;hb=13494d99a913817342da23ffc58029bdc4203814;hp=f24cbf1aef49856f6791cd98827a1e192199766c;hpb=1433a67a9e3dcad20d0dda8edcaad9403320f4f9;p=aai%2Fbabel.git diff --git a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java index f24cbf1..ef9504b 100644 --- a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java +++ b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java @@ -2,8 +2,8 @@ * ============LICENSE_START======================================================= * org.onap.aai * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * Copyright © 2017 European Software Marketing Ltd. + * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2017-2019 European Software Marketing Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,21 +17,21 @@ * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= - * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ + package org.onap.aai.babel; -import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertThat; import java.io.File; import java.io.FileWriter; import java.io.IOException; +import java.util.concurrent.TimeUnit; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import org.junit.Before; import org.junit.Test; import org.onap.aai.auth.AAIAuthException; import org.onap.aai.auth.AAIMicroServiceAuth; @@ -40,7 +40,7 @@ import org.onap.aai.babel.config.BabelAuthConfig; import org.springframework.mock.web.MockHttpServletRequest; /** - * Tests @{link AAIMicroServiceAuth} + * Tests @{link AAIMicroServiceAuth}. */ public class MicroServiceAuthTest { @@ -48,64 +48,154 @@ public class MicroServiceAuthTest { private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us"; private static final String authPolicyFile = "auth_policy.json"; - static { - System.setProperty("CONFIG_HOME", - System.getProperty("user.dir") + File.separator + "src/test/resources"); + @Before + public void setup() { + System.setProperty("CONFIG_HOME", "src/test/resources"); + } + + /** + * Test authorization of a request when authentication is disabled. + * + * @throws AAIAuthException + * if the test creates invalid Auth Policy roles + */ + @Test + public void testAuthenticationDisabled() throws AAIAuthException { + BabelAuthConfig babelAuthConfig = new BabelAuthConfig(); + babelAuthConfig.setAuthenticationDisable(true); + AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelAuthConfig); + assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "any/uri"), is(true)); } /** - * Temporarily invalidate the default policy file and then try to initialise the authorisation class using the name + * Temporarily invalidate the default policy file and then try to initialize the authorization class using the name * of a policy file that does not exist. - * + * * @throws AAIAuthException - * @throws IOException + * if the Auth policy file cannot be loaded */ @Test(expected = AAIAuthException.class) - public void missingPolicyFile() throws AAIAuthException, IOException { + public void missingPolicyFile() throws AAIAuthException { String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName(); try { AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file"); - BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig(); - gapServiceAuthConfig.setAuthPolicyFile("invalid.file.name"); - new AAIMicroServiceAuth(gapServiceAuthConfig); + BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig(); + babelServiceAuthConfig.setAuthPolicyFile("invalid.file.name"); + new AAIMicroServiceAuth(babelServiceAuthConfig); } finally { AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile); } } /** - * Test loading of a temporary file created with the specified roles - * + * Temporarily invalidate the default policy file and then try to initialize the authorization class using a null + * policy file name. + * + * @throws AAIAuthException + * if the Auth policy file cannot be loaded + */ + @Test(expected = AAIAuthException.class) + public void testNullPolicyFile() throws AAIAuthException { + String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName(); + try { + AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file"); + BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig(); + babelServiceAuthConfig.setAuthPolicyFile(null); + new AAIMicroServiceAuth(babelServiceAuthConfig); + } finally { + AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile); + } + } + + /** + * Test loading of a temporary file created with the specified roles. + * * @throws AAIAuthException + * if the test creates invalid Auth Policy roles * @throws IOException + * for I/O failures * @throws JSONException + * if this test creates an invalid JSON object */ @Test - public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException { + public void createLocalAuthFile() throws JSONException, AAIAuthException, IOException { JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func")); - AAIMicroServiceAuth auth = createAuthService(roles); - assertThat(auth.authorize("nosuchuser", "method:func"), is(false)); - assertThat(auth.authorize("user", "method:func"), is(true)); + createAuthService(roles); + assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false)); + assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true)); } /** - * Test that the default policy file is loaded when a non-existent file is passed to the authorisation clas. - * + * Test re-loading of users by changing the contents of a temporary file. + * + * @throws JSONException + * if this test creates an invalid JSON object * @throws AAIAuthException + * if the test creates invalid Auth Policy roles + * @throws IOException + * for I/O failures + * @throws InterruptedException + * if interrupted while sleeping + */ + @Test + public void createLocalAuthFileOnChange() + throws JSONException, AAIAuthException, IOException, InterruptedException { + JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func")); + File file = createTempPolicyFile(roles); + + BabelAuthConfig babelAuthConfig = new BabelAuthConfig(); + babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath()); + new AAIMicroServiceAuth(babelAuthConfig); + + // Make changes to the temp file + FileWriter fileWriter = new FileWriter(file); + fileWriter.write(""); + fileWriter.flush(); + fileWriter.close(); + + // Wait for the file to be reloaded + TimeUnit.SECONDS.sleep(3); + + AAIMicroServiceAuthCore.cleanup(); + } + + /** + * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class. + * + * @throws AAIAuthException + * if the Auth Policy cannot be loaded */ @Test public void createAuthFromDefaultFile() throws AAIAuthException { - BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig(); - gapServiceAuthConfig.setAuthPolicyFile("non-existent-file"); - AAIMicroServiceAuth auth = new AAIMicroServiceAuth(gapServiceAuthConfig); + BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig(); + babelServiceAuthConfig.setAuthPolicyFile("non-existent-file"); + AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelServiceAuthConfig); // The default policy will have been loaded assertAdminUserAuthorisation(auth, VALID_ADMIN_USER); } /** - * Test loading of the policy file relative to CONFIG_HOME - * + * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class and + * CONFIG_HOME is not set. + * + * @throws AAIAuthException + * if the Auth Policy cannot be loaded + */ + @Test + public void createAuthFromDefaultFileAppHome() throws AAIAuthException { + System.clearProperty("CONFIG_HOME"); + System.setProperty("APP_HOME", "src/test/resources"); + BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig(); + babelServiceAuthConfig.setAuthPolicyFile("non-existent-file"); + new AAIMicroServiceAuth(babelServiceAuthConfig); + // The default policy will have been loaded from APP_HOME/appconfig + } + + /** + * Test loading of the policy file relative to CONFIG_HOME. + * * @throws AAIAuthException + * if the Auth Policy cannot be loaded */ @Test public void createAuth() throws AAIAuthException { @@ -115,56 +205,75 @@ public class MicroServiceAuthTest { @Test public void testAuthUser() throws AAIAuthException { - AAIMicroServiceAuth auth = createStandardAuth(); - assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK"))); - assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101"))); + createStandardAuth(); + assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false)); } - - @Test public void testValidateRequest() throws AAIAuthException { AAIMicroServiceAuth auth = createStandardAuth(); - assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/gap"), is(false)); + assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/babel"), is(false)); } private AAIMicroServiceAuth createStandardAuth() throws AAIAuthException { - BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig(); - gapServiceAuthConfig.setAuthPolicyFile(authPolicyFile); - return new AAIMicroServiceAuth(gapServiceAuthConfig); + BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig(); + babelServiceAuthConfig.setAuthPolicyFile(authPolicyFile); + return new AAIMicroServiceAuth(babelServiceAuthConfig); } /** - * @param rolesJson - * @return + * Create a test Auth policy JSON file and pass this to the Auth Service. + * + * @param roles + * the Auth policy JSON content + * @return a new Auth Service configured with the supplied roles * @throws IOException + * for I/O failures * @throws AAIAuthException + * if the auth policy file cannot be loaded */ - private AAIMicroServiceAuth createAuthService(JSONObject roles) throws IOException, AAIAuthException { + private AAIMicroServiceAuth createAuthService(JSONObject roles) throws AAIAuthException, IOException { + File file = createTempPolicyFile(roles); BabelAuthConfig babelAuthConfig = new BabelAuthConfig(); + babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath()); + return new AAIMicroServiceAuth(babelAuthConfig); + } + + /** + * Create a temporary JSON file using the supplied roles. + * + * @param roles + * the roles to use to populate the new file + * @return the new temporary file + * @throws IOException + * for I/O errors + */ + private File createTempPolicyFile(JSONObject roles) throws IOException { File file = File.createTempFile("auth-policy", "json"); file.deleteOnExit(); FileWriter fileWriter = new FileWriter(file); fileWriter.write(roles.toString()); fileWriter.flush(); fileWriter.close(); - - babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath()); - return new AAIMicroServiceAuth(babelAuthConfig); + return file; } /** - * Assert authorisation results for an admin user based on the test policy file - * + * Assert authorisation results for an admin user based on the test policy file. + * * @param auth + * the Auth Service to test * @param adminUser + * admin username * @throws AAIAuthException + * if the Auth Service is not initialized */ private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException { - assertThat(auth.authorize(adminUser, "GET:actions"), is(true)); - assertThat(auth.authorize(adminUser, "POST:actions"), is(true)); - assertThat(auth.authorize(adminUser, "PUT:actions"), is(true)); - assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true)); } private JSONArray createFunctionObject(String functionName) throws JSONException { @@ -194,8 +303,6 @@ public class MicroServiceAuthTest { private JSONObject createRoleObject(String roleName, JSONArray usersArray, JSONArray functionsArray) throws JSONException { - JSONObject roles = new JSONObject(); - JSONObject role = new JSONObject(); role.put("name", roleName); role.put("functions", functionsArray); @@ -203,8 +310,9 @@ public class MicroServiceAuthTest { JSONArray rolesArray = new JSONArray(); rolesArray.put(role); - roles.put("roles", rolesArray); + JSONObject roles = new JSONObject(); + roles.put("roles", rolesArray); return roles; }