import java.util.Date;
-import javax.ws.rs.NotAuthorizedException;
+import org.onap.clamp.clds.exception.NotAuthorizedException;
import org.apache.camel.Exchange;
import org.onap.clamp.clds.config.ClampProperties;
@Autowired
private ClampProperties refProp;
- private static final String PERM_PREFIX = "security.permission.type.";
+ public static final String PERM_PREFIX = "security.permission.type.";
private static final String PERM_INSTANCE = "security.permission.instance";
/**
* Copyright (C) 2019 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
-import java.io.IOException;
-import java.util.LinkedList;
import java.util.List;
+import org.apache.camel.Exchange;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
import org.mockito.Mockito;
+import org.mockito.Spy;
import org.onap.clamp.authorization.AuthorizationController;
+import org.onap.clamp.clds.config.ClampProperties;
+import org.onap.clamp.clds.exception.NotAuthorizedException;
import org.onap.clamp.clds.service.SecureServicePermission;
import org.onap.clamp.util.PrincipalUtils;
import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.mock.env.MockEnvironment;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.User;
import org.springframework.test.context.junit4.SpringRunner;
@SpringBootTest
public class AuthorizationControllerItCase {
- protected static final EELFLogger logger = EELFManager.getInstance().getLogger(AuthorizationControllerItCase.class);
- private Authentication authentication;
- private List<GrantedAuthority> authList = new LinkedList<GrantedAuthority>();
+ private PermissionTestDefaultHelper permissionTestHelper = new PermissionTestDefaultHelper();
+
+ @Spy
+ MockEnvironment env;
+
+ @Spy
+ @InjectMocks
+ private ClampProperties clampProp = new ClampProperties();
+
+ @InjectMocks
+ private AuthorizationController auth;
/**
* Setup the variable before the tests execution.
- *
- * @throws IOException
- * In case of issues when opening the files
*/
@Before
- public void setupBefore() throws IOException {
- authList.add(new SimpleGrantedAuthority("permission-type-cl-manage|dev|*"));
- authList.add(new SimpleGrantedAuthority("permission-type-cl|dev|read"));
- authList.add(new SimpleGrantedAuthority("permission-type-cl|dev|update"));
- authList.add(new SimpleGrantedAuthority("permission-type-template|dev|read"));
- authList.add(new SimpleGrantedAuthority("permission-type-template|dev|update"));
- authList.add(new SimpleGrantedAuthority("permission-type-filter-vf|dev|*"));
- authList.add(new SimpleGrantedAuthority("permission-type-cl-event|dev|*"));
-
- authentication = new UsernamePasswordAuthenticationToken(new User("admin", "", authList), "", authList);
- }
+ public void setupBefore() {
+ permissionTestHelper.setupMockEnv(env);
+ List<GrantedAuthority> authList = permissionTestHelper.getAuthList();
- @Test
- public void testIsUserPermittedNoException() {
SecurityContext securityContext = Mockito.mock(SecurityContext.class);
- Mockito.when(securityContext.getAuthentication()).thenReturn(authentication);
+ Mockito.when(securityContext.getAuthentication()).thenReturn(
+ new UsernamePasswordAuthenticationToken(new User("admin", "", authList),
+ "", authList)
+ );
PrincipalUtils.setSecurityContext(securityContext);
+ }
- AuthorizationController auth = new AuthorizationController();
+ @Test
+ public void testIsUserPermitted() {
assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","dev","read")));
assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl-manage","dev","DEPLOY")));
- assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-filter-vf","dev","12345-55555-55555-5555")));
+ assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-filter-vf","dev",
+ "12345-55555-55555-5555")));
assertFalse(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","test","read")));
}
+
+ @Test
+ public void testIfUserAuthorize() {
+ Exchange ex = Mockito.mock(Exchange.class);
+ try {
+ permissionTestHelper.doActionOnAllPermissions(((type, instance, action) ->
+ auth.authorize(ex, type, instance, action)
+ )
+ );
+ } catch (NotAuthorizedException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test(expected = NotAuthorizedException.class)
+ public void testIfAuthorizeThrowException() {
+ Exchange ex = Mockito.mock(Exchange.class);
+ auth.authorize(ex,"permission-type-cl","test","read");
+ }
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2019 Samsung. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+
+package org.onap.clamp.clds.it;
+
+import com.google.common.collect.ImmutableMap;
+
+import java.util.Map;
+
+public class PermissionTestDefaultHelper extends PermissionTestHelper {
+
+ private static final String[] ALL_ACTION = new String[] {"*"};
+ private static final String[] READ_UPDATE_ACTION = new String[] {"read", "update"};
+
+ private static final String DEV_INSTANCE = "dev";
+ private static final String TEST_INSTANCE = "test";
+
+ private static final Map<String, Map> defaultPermission = ImmutableMap.of(
+ "permission-type-cl", ImmutableMap.of(
+ DEV_INSTANCE, ALL_ACTION),
+ "permission-type-cl-event", ImmutableMap.of(
+ DEV_INSTANCE, ALL_ACTION,
+ TEST_INSTANCE, READ_UPDATE_ACTION),
+ "permission-type-cl-manage", ImmutableMap.of(
+ DEV_INSTANCE, ALL_ACTION,
+ TEST_INSTANCE, READ_UPDATE_ACTION),
+ "permission-type-filter-vf", ImmutableMap.of(
+ DEV_INSTANCE, ALL_ACTION,
+ TEST_INSTANCE, READ_UPDATE_ACTION),
+ "permission-type-template", ImmutableMap.of(
+ DEV_INSTANCE, ALL_ACTION,
+ TEST_INSTANCE, READ_UPDATE_ACTION)
+ );
+
+ /**
+ * Permission test default helper constructor.
+ * This class setup the default permission in the parent PermissionTestHelper class.
+ */
+ public PermissionTestDefaultHelper() {
+ super(defaultPermission);
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2019 Samsung. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+
+package org.onap.clamp.clds.it;
+
+import static org.onap.clamp.authorization.AuthorizationController.PERM_PREFIX;
+import static org.onap.clamp.clds.config.ClampProperties.CONFIG_PREFIX;
+
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.mock.env.MockEnvironment;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+public class PermissionTestHelper {
+
+ private static final String securityPrefix = CONFIG_PREFIX + PERM_PREFIX;
+ private final Map<String, Map> permission;
+ private static final List<GrantedAuthority> authList = new LinkedList<>();
+
+ /**
+ * Permission Test Helper constructor
+ * Generate authList base on general permission collection
+ */
+ public PermissionTestHelper(Map<String, Map> permission) {
+ this.permission = permission;
+ this.createAuthList();
+ }
+
+ private void createAuthList() {
+ permission.forEach((type, instanceMap) -> instanceMap.forEach((instance, actionList) -> {
+ for (String action : (String[]) actionList) {
+ authList.add(new SimpleGrantedAuthority(type + "|" + instance + "|" + action));
+ }
+ }));
+ }
+
+ List<GrantedAuthority> getAuthList() {
+ return authList;
+ }
+
+ void setupMockEnv(MockEnvironment env) {
+ permission.forEach((type, instanceMap) -> env.withProperty(securityPrefix + type, type));
+ }
+
+ void doActionOnAllPermissions(PermissionAction action) {
+ permission.forEach((type, instanceMap) -> instanceMap.forEach((instance, actionList) -> {
+ for (String actionName : (String[]) actionList) {
+ action.doAction(type, (String) instance, actionName);
+ }
+ }));
+ }
+
+ @FunctionalInterface
+ public interface PermissionAction {
+ void doAction(String type, String instance, String action);
+ }
+}
Code Review / clamp.git / commitdiff