import org.onap.vid.model.aaiTree.RelatedVnf;
import org.onap.vid.model.aaiTree.VpnBinding;
import org.onap.vid.properties.Features;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleProvider;
import org.onap.vid.services.AaiService;
import org.springframework.beans.factory.annotation.Autowired;
final boolean isEditPermitted = roleProvider
.getUserRolesValidator(request)
- .isServicePermitted(subscriberId, serviceType);
+ .isServicePermitted(new PermissionProperties(subscriberId, serviceType));
return new Permissions(isEditPermitted);
}
import org.onap.vid.model.serviceInstantiation.ServiceInstantiation;
import org.onap.vid.mso.MsoResponseWrapper2;
import org.onap.vid.properties.Features;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleProvider;
+import org.onap.vid.roles.RoleValidator;
import org.onap.vid.services.AsyncInstantiationBusinessLogic;
import org.onap.vid.services.AuditService;
import org.onap.vid.utils.SystemPropertiesWrapper;
}
private void throwExceptionIfAccessDenied(ServiceInstantiation request, HttpServletRequest httpServletRequest, String userId) {
- if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION) && !roleProvider.getUserRolesValidator(httpServletRequest).isServicePermitted(request.getGlobalSubscriberId(), request.getSubscriptionServiceType())) {
- throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
+ if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION)) {
+ RoleValidator roleValidator = roleProvider.getUserRolesValidator(httpServletRequest);
+ if (!roleValidator.isServicePermitted(new PermissionProperties(request.getGlobalSubscriberId(), request.getSubscriptionServiceType()))) {
+ throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
+ }
}
}
}
package org.onap.vid.model;
-public class ServiceInstanceSearchResult {
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.apache.commons.lang3.StringUtils;
+import org.onap.vid.roles.WithPermissionProperties;
+
+public class ServiceInstanceSearchResult implements WithPermissionProperties {
+
+ private final String SUBSCRIBER_ID_FRONTEND_ALIAS = "globalCustomerId";
private String serviceInstanceId;
- private String globalCustomerId;
+ private String subscriberId;
private String serviceType;
private boolean isPermitted;
public ServiceInstanceSearchResult(){
-
}
- public ServiceInstanceSearchResult(String serviceInstanceId, String globalCustomerId, String serviceType,
+
+ public ServiceInstanceSearchResult(String serviceInstanceId, String subscriberId, String serviceType,
String serviceInstanceName, String subscriberName, String aaiModelInvariantId,
String aaiModelVersionId, boolean isPermitted) {
this.serviceInstanceId = serviceInstanceId;
- this.globalCustomerId = globalCustomerId;
+ this.subscriberId = subscriberId;
this.serviceType = serviceType;
this.serviceInstanceName = serviceInstanceName;
this.subscriberName = subscriberName;
this.serviceInstanceId = serviceInstanceId;
}
- public String getGlobalCustomerId() {
- return globalCustomerId;
+ @Override
+ @JsonProperty(SUBSCRIBER_ID_FRONTEND_ALIAS)
+ public String getSubscriberId() {
+ return subscriberId;
}
- public void setGlobalCustomerId(String globalCustomerId) {
- this.globalCustomerId = globalCustomerId;
+ public void setSubscriberId(String subscriberId) {
+ this.subscriberId = subscriberId;
}
+ @Override
public String getServiceType() {
return serviceType;
}
}
@Override
- public boolean equals(Object other){
- if (other instanceof ServiceInstanceSearchResult) {
- ServiceInstanceSearchResult serviceInstanceSearchResultOther = (ServiceInstanceSearchResult) other;
- if (this.getServiceInstanceId().equals(serviceInstanceSearchResultOther.getServiceInstanceId())) {
- return true;
- }
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
}
- return false;
+ ServiceInstanceSearchResult that = (ServiceInstanceSearchResult) o;
+
+ return StringUtils.equals(serviceInstanceId, that.serviceInstanceId);
}
@Override
public int hashCode() {
- int result = 17;
- result = 31 * result + serviceInstanceId.hashCode();
- return result;
+ return serviceInstanceId != null ? serviceInstanceId.hashCode() : 0;
}
}
}
@Override
- public boolean isServicePermitted(String subscriberName, String serviceType) {
+ public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
return true;
}
--- /dev/null
+package org.onap.vid.roles
+
+import org.onap.vid.aai.ServiceSubscription
+
+
+interface WithPermissionProperties {
+ val subscriberId: String?
+ val serviceType: String?
+}
+
+data class PermissionProperties(
+ override val subscriberId: String,
+ override val serviceType: String
+) : WithPermissionProperties {
+ constructor(serviceSubscription: ServiceSubscription, subscriberId: String) : this(subscriberId, serviceSubscription.serviceType)
+}
+
boolean isSubscriberPermitted(String subscriberName);
- boolean isServicePermitted(String subscriberName, String serviceType);
+ boolean isServicePermitted(WithPermissionProperties serviceInstanceSearchResult);
boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName);
}
}
@Override
- public boolean isServicePermitted(String subscriberName, String serviceType) {
+ public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
return false;
}
package org.onap.vid.roles;
import java.util.List;
-import java.util.Map;
-import org.onap.vid.mso.rest.RequestDetails;
public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
}
@Override
- public boolean isServicePermitted(String subscriberName, String serviceType) {
+ public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
for (Role role : userRoles) {
- if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
+ if (role.getSubscribeName().equals(permissionProperties.getSubscriberId()) && role.getServiceType().equals(permissionProperties.getServiceType())) {
return true;
}
}
return false;
}
- boolean isMsoRequestValid(RequestDetails msoRequest) {
- try {
- String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
- .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
- String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
- .get("requestParameters")).get("subscriptionServiceType");
- return isServicePermitted(globalSubscriberIdRequested, serviceType);
- } catch (Exception e) {
- //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
- return true;
- }
- }
-
}
import org.onap.vid.model.aaiTree.RelatedVnf;
import org.onap.vid.model.aaiTree.VpnBinding;
import org.onap.vid.model.aaiTree.VpnBindingKt;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleValidator;
import org.onap.vid.utils.Intersection;
import org.onap.vid.utils.Logging;
} else if (key.equals(SERVICE_TYPE)) {
serviceInstanceSearchResult.setServiceType(relationshipData.getRelationshipValue());
} else if (key.equals(CUSTOMER_ID)) {
- serviceInstanceSearchResult.setGlobalCustomerId(relationshipData.getRelationshipValue());
+ serviceInstanceSearchResult.setSubscriberId(relationshipData.getRelationshipValue());
}
}
- boolean isPermitted = roleValidator.isServicePermitted(serviceInstanceSearchResult.getSubscriberName(), serviceInstanceSearchResult.getServiceType());
+ boolean isPermitted = roleValidator.isServicePermitted(serviceInstanceSearchResult);
serviceInstanceSearchResult.setIsPermitted(isPermitted);
}
}
@Override
public AaiResponse getSubscriberData(String subscriberId, RoleValidator roleValidator, boolean omitServiceInstances) {
AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, omitServiceInstances);
- String subscriberGlobalId = subscriberResponse.getT().globalCustomerId;
for (ServiceSubscription serviceSubscription : subscriberResponse.getT().serviceSubscriptions.serviceSubscription) {
- String serviceType = serviceSubscription.serviceType;
- serviceSubscription.isPermitted = roleValidator.isServicePermitted(subscriberGlobalId, serviceType);
+ serviceSubscription.isPermitted = roleValidator.isServicePermitted(
+ new PermissionProperties(serviceSubscription, subscriberResponse.getT().globalCustomerId));
}
return subscriberResponse;
private List<ServiceInstanceSearchResult> getServicesBySubscriber(String subscriberId, String instanceIdentifier, RoleValidator roleValidator) {
AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, false);
- String subscriberGlobalId = subscriberResponse.getT().globalCustomerId;
String subscriberName = subscriberResponse.getT().subscriberName;
ServiceSubscriptions serviceSubscriptions = subscriberResponse.getT().serviceSubscriptions;
- return getSearchResultsForSubscriptions(serviceSubscriptions, subscriberId, instanceIdentifier, roleValidator, subscriberGlobalId, subscriberName);
-
+ return getSearchResultsForSubscriptions(serviceSubscriptions, subscriberId, instanceIdentifier, roleValidator, subscriberName);
}
- private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSubscriptions(ServiceSubscriptions serviceSubscriptions, String subscriberId, String instanceIdentifier, RoleValidator roleValidator, String subscriberGlobalId, String subscriberName) {
+ private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSubscriptions(
+ ServiceSubscriptions serviceSubscriptions, String subscriberId, String instanceIdentifier,
+ RoleValidator roleValidator, String subscriberName) {
ArrayList<ServiceInstanceSearchResult> results = new ArrayList<>();
if (serviceSubscriptions != null) {
for (ServiceSubscription serviceSubscription : serviceSubscriptions.serviceSubscription) {
- String serviceType = serviceSubscription.serviceType;
- serviceSubscription.isPermitted = roleValidator.isServicePermitted(subscriberGlobalId, serviceType);
- ArrayList<ServiceInstanceSearchResult> resultsForSubscription = getSearchResultsForSingleSubscription(serviceSubscription, subscriberId, instanceIdentifier, subscriberName, serviceType);
- results.addAll(resultsForSubscription);
+ serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionProperties(serviceSubscription, subscriberId));
+ results.addAll(getSearchResultsForSingleSubscription(
+ serviceSubscription, subscriberId, instanceIdentifier, subscriberName,
+ serviceSubscription.serviceType, roleValidator)
+ );
}
}
return results;
}
- private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSingleSubscription(ServiceSubscription serviceSubscription, String subscriberId, String instanceIdentifier, String subscriberName, String serviceType) {
+ private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSingleSubscription(
+ ServiceSubscription serviceSubscription, String subscriberId, String instanceIdentifier, String subscriberName,
+ String serviceType, RoleValidator roleValidator) {
ArrayList<ServiceInstanceSearchResult> results = new ArrayList<>();
if (serviceSubscription.serviceInstances != null) {
for (ServiceInstance serviceInstance : serviceSubscription.serviceInstances.serviceInstance) {
ServiceInstanceSearchResult serviceInstanceSearchResult =
new ServiceInstanceSearchResult(serviceInstance.serviceInstanceId, subscriberId, serviceType, serviceInstance.serviceInstanceName,
- subscriberName, serviceInstance.modelInvariantId, serviceInstance.modelVersionId, serviceSubscription.isPermitted);
+ subscriberName, serviceInstance.modelInvariantId, serviceInstance.modelVersionId, false);
+
+ serviceInstanceSearchResult.setIsPermitted(roleValidator.isServicePermitted(serviceInstanceSearchResult));
if ((instanceIdentifier == null) || (serviceInstanceMatchesIdentifier(instanceIdentifier, serviceInstance))){
results.add(serviceInstanceSearchResult);
import org.jetbrains.annotations.NotNull;
import org.onap.vid.aai.model.Permissions;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleProvider;
import org.onap.vid.roles.RoleValidator;
import org.springframework.mock.web.MockHttpServletRequest;
RoleProvider roleProvider = mock(RoleProvider.class);
RoleValidator roleValidator = mock(RoleValidator.class);
when(roleProvider.getUserRolesValidator(any())).thenReturn(roleValidator);
- when(roleValidator.isServicePermitted(subscriberId, serviceType)).thenReturn(expected);
+ when(roleValidator.isServicePermitted(new PermissionProperties(subscriberId, serviceType))).thenReturn(expected);
AaiController2 aaiController2 = new AaiController2(null, roleProvider, null, null);
package org.onap.vid.model;
-import org.junit.Test;
+import static com.google.code.beanmatchers.BeanMatchers.hasValidBeanConstructor;
+import static com.google.code.beanmatchers.BeanMatchers.hasValidBeanEqualsFor;
+import static com.google.code.beanmatchers.BeanMatchers.hasValidBeanHashCodeFor;
+import static com.google.code.beanmatchers.BeanMatchers.hasValidGettersAndSetters;
+import static net.javacrumbs.jsonunit.JsonMatchers.jsonNodeAbsent;
+import static net.javacrumbs.jsonunit.JsonMatchers.jsonPartEquals;
+import static org.apache.commons.lang3.ArrayUtils.toArray;
+import static org.hamcrest.CoreMatchers.allOf;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+import org.testng.annotations.Test;
public class ServiceInstanceSearchResultTest {
- private ServiceInstanceSearchResult createTestSubject() {
- return new ServiceInstanceSearchResult();
- }
-
- @Test
- public void testGetServiceInstanceId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getServiceInstanceId();
- }
-
- @Test
- public void testSetServiceInstanceId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String serviceInstanceId = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setServiceInstanceId(serviceInstanceId);
- }
-
- @Test
- public void testGetGlobalCustomerId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getGlobalCustomerId();
- }
-
- @Test
- public void testSetGlobalCustomerId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String globalCustomerId = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setGlobalCustomerId(globalCustomerId);
- }
-
- @Test
- public void testGetServiceType() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getServiceType();
- }
-
- @Test
- public void testSetServiceType() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String serviceType = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setServiceType(serviceType);
- }
-
- @Test
- public void testGetServiceInstanceName() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getServiceInstanceName();
- }
-
- @Test
- public void testSetServiceInstanceName() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String serviceInstanceName = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setServiceInstanceName(serviceInstanceName);
- }
-
- @Test
- public void testGetSubscriberName() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getSubscriberName();
- }
-
- @Test
- public void testSetSubscriberName() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String subscriberName = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setSubscriberName(subscriberName);
- }
-
@Test
- public void testGetAaiModelInvariantId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getAaiModelInvariantId();
- }
-
- @Test
- public void testSetAaiModelInvariantId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String aaiModelInvariantId = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setAaiModelInvariantId(aaiModelInvariantId);
- }
-
- @Test
- public void testGetAaiModelVersionId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getAaiModelVersionId();
+ public void shouldHaveValidGettersAndSetters() {
+ assertThat(ServiceInstanceSearchResult.class, hasValidGettersAndSetters());
}
@Test
- public void testSetAaiModelVersionId() throws Exception {
- ServiceInstanceSearchResult testSubject;
- String aaiModelVersionId = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setAaiModelVersionId(aaiModelVersionId);
- }
-
- @Test
- public void testGetIsPermitted() throws Exception {
- ServiceInstanceSearchResult testSubject;
- boolean result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getIsPermitted();
+ public void shouldHaveValidConstructor() {
+ assertThat(ServiceInstanceSearchResult.class, hasValidBeanConstructor());
}
@Test
- public void testSetIsPermitted() throws Exception {
- ServiceInstanceSearchResult testSubject;
- boolean isPermitted = false;
+ public void shouldHaveValidEqualsAndHashCode() {
+ String[] propertiesToEqualBy = toArray("serviceInstanceId");
- // default test
- testSubject = createTestSubject();
- testSubject.setIsPermitted(isPermitted);
+ assertThat(ServiceInstanceSearchResult.class, allOf(
+ hasValidBeanHashCodeFor(propertiesToEqualBy),
+ hasValidBeanEqualsFor(propertiesToEqualBy))
+ );
}
@Test
- public void testEquals() throws Exception {
- ServiceInstanceSearchResult testSubject;
- Object other = null;
- boolean result;
+ public void subscriberId_shouldBeSerializedAsGlobalCustomerId() {
+ ServiceInstanceSearchResult underTest = new ServiceInstanceSearchResult();
+ underTest.setSubscriberId("example");
- // default test
- testSubject = createTestSubject();
- result = testSubject.equals(other);
+ assertThat(underTest, jsonPartEquals("globalCustomerId", "example"));
+ assertThat(underTest, jsonNodeAbsent("subscriberId"));
}
}
@Test
public void testIsServicePermitted() {
- assertTrue(new AlwaysValidRoleValidator().isServicePermitted("any", "any"));
+ assertTrue(new AlwaysValidRoleValidator().isServicePermitted(new PermissionProperties("any", "any")));
}
@Test
@Test
public void testIsServicePermitted() {
- assertFalse(roleValidatorByOwningEntity.isServicePermitted(SUBSCRIBER_NAME, SERVICE_TYPE));
+ assertFalse(roleValidatorByOwningEntity.isServicePermitted(new PermissionProperties(SUBSCRIBER_NAME, SERVICE_TYPE)));
}
@Test
@Test
public void shouldPermitServiceWhenNamesMatches() {
- assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isTrue();
+ assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isTrue();
}
@Test
public void shouldNotPermitServiceWhenSubscriberNameNotMatches() {
assertThat(
- roleValidatorBySubscriberAndServiceType.isServicePermitted(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isFalse();
+ roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isFalse();
}
@Test
public void shouldNotPermitServiceWhenServiceTypeNotMatches() {
- assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER)).isFalse();
+ assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER))).isFalse();
}
@Test
.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, NOT_MATCHING_TENANT)).isFalse();
}
- @Test
- public void shouldValidateProperlySORequest() {
- requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties);
-
- assertThat(roleValidatorBySubscriberAndServiceType.isMsoRequestValid(requestDetails)).isTrue();
- }
-
- @Test
- public void shouldValidateUnknownSORequest() {
- assertThat(roleValidatorBySubscriberAndServiceType.isMsoRequestValid(new RequestDetails())).isTrue();
- }
-
- @Test
- public void shouldRejectSORequestWhenSubscriberNotMatches() {
- Map<String, Object> subscriberInfo = ImmutableMap.of("globalSubscriberId", "sample");
- Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters);
- requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties);
-
- assertThat(roleValidatorBySubscriberAndServiceType.isMsoRequestValid(requestDetails)).isFalse();
- }
}
AaiResponse<Services> aaiResponseServices = new AaiResponse<>(services, null, HttpStatus.SC_OK);
when(aaiClient.getSubscriberData(SUBSCRIBER_ID, false)).thenReturn(aaiResponseServices);
- when(roleValidator.isServicePermitted(eq(GLOBAL_CUSTOMER_ID), anyString())).thenReturn(Boolean.TRUE);
+ when(roleValidator.isServicePermitted(any())).thenReturn(Boolean.TRUE);
AaiResponse actualResponse = aaiService.getSubscriberData(SUBSCRIBER_ID, roleValidator, false);
List<ServiceSubscription> actualServiceSubscriptions = ((AaiResponse<Services>) actualResponse)
Code Review / vid.git / commitdiff