From a1c6eff4add57b70b2c22284d08441073ceaa3aa Mon Sep 17 00:00:00 2001
From: Tomek Kaminski <tomasz.kaminski@nokia.com>
Date: Sun, 26 Aug 2018 22:53:28 +0200
Subject: [PATCH] Mapper_2_0 Junits

Junits for roles mapping

Change-Id: I2d3ffd4b5adef6b164e096fda229d4e1b34be416
Issue-ID: AAF-450
Signed-off-by: Tomek Kaminski <tomasz.kaminski@nokia.com>
---
 .../onap/aaf/auth/service/mapper/Mapper_2_0.java   |  15 +-
 .../aaf/authz/service/mapper/JU_Mapper_2_0.java    | 358 +++++++++++++++------
 2 files changed, 261 insertions(+), 112 deletions(-)

diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
index 06278f92..f414a9fd 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
@@ -416,8 +416,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
 	public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
 		final boolean needNS = trans.requested(REQD_TYPE.ns); 
 		for(RoleDAO.Data frole : from) {
-			// Only Add Data to view if User is allowed to see this Role 
-			//if(!filter || q.mayUserViewRole(trans, trans.user(), frole).isOK()) {
+			// Only Add Data to view if User is allowed to see this Role
 			if(!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
 				Role role = new Role();
 				role.setName(frole.ns + '.' + frole.name);
@@ -427,7 +426,8 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
 				}
 				for(String p : frole.perms(false)) { // can see any Perms in the Role he has permission for
 					Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);
-					if(rpa.notOK()) return Result.err(rpa);
+					if(rpa.notOK())
+						return Result.err(rpa);
 					
 					String[] pa = rpa.value;
 					Pkey pKey = new Pkey();
@@ -481,12 +481,6 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
 		return Result.ok(to);
 	}
 
-	/**
-	 * 
-	 * @param base
-	 * @param start
-	 * @return
-	 */
 	@Override
 	public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, Request base) {
 		try {
@@ -495,8 +489,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
 			// Setup UserRoleData, either for immediate placement, or for futureIt i
 			UserRoleDAO.Data to = new UserRoleDAO.Data();
 			if (from.getUser() != null) {
-				String user = from.getUser();
-				to.user = user;
+				to.user = from.getUser();
 			}
 			if (from.getRole() != null) {
 				to.role(trans,q,from.getRole());
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
index deea14c2..a7df421b 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/authz/service/mapper/JU_Mapper_2_0.java
@@ -22,6 +22,8 @@
 package org.onap.aaf.authz.service.mapper;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -29,22 +31,42 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.onap.aaf.auth.layer.Result.ERR_BadData;
+import static org.onap.aaf.auth.layer.Result.ERR_General;
 
 import aaf.v2_0.NsRequest;
 import aaf.v2_0.Nss;
 import aaf.v2_0.Nss.Ns;
 import aaf.v2_0.Perm;
+import aaf.v2_0.PermKey;
+import aaf.v2_0.PermRequest;
 import aaf.v2_0.Perms;
+import aaf.v2_0.Pkey;
 import aaf.v2_0.Request;
+import aaf.v2_0.Role;
+import aaf.v2_0.RoleRequest;
+import aaf.v2_0.Roles;
+import aaf.v2_0.UserRole;
+import aaf.v2_0.UserRoleRequest;
+import aaf.v2_0.UserRoles;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Date;
+import java.util.GregorianCalendar;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -57,11 +79,15 @@ import org.onap.aaf.auth.dao.cass.NsSplit;
 import org.onap.aaf.auth.dao.cass.NsType;
 import org.onap.aaf.auth.dao.cass.PermDAO;
 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
 import org.onap.aaf.auth.dao.hl.Question;
 import org.onap.aaf.auth.dao.hl.Question.Access;
 import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
 import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Expiration;
 import org.onap.aaf.auth.rserv.Pair;
 import org.onap.aaf.auth.service.mapper.Mapper.API;
 import org.onap.aaf.auth.service.mapper.Mapper_2_0;
@@ -69,6 +95,7 @@ import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.Env;
 import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.org.DefaultOrg;
 
 @RunWith(MockitoJUnitRunner.class)
 public class JU_Mapper_2_0 {
@@ -361,135 +388,264 @@ public class JU_Mapper_2_0 {
       return perm;
   }
 
-	@Test
-	public void test() {
-		assertTrue(true);
-	}
-	
-	@Test
-	public void testApprovals(){
-		assertTrue(true);
-	}
-	
-	@Test
-	public void testCert(){
-		assertTrue(true);
-		
-	}
-	
-	@Test
-	public void testCred(){
-		assertTrue(true);
-		
-	}
-	
-	@Test
-	public void testDelegate(){
-		assertTrue(true);
-	}
-	
-	@Test
-	public void testErrorFromMessage(){
-		assertTrue(true);
-		
-	}
-	
-	@Test
-	public void testFuture(){
-		assertTrue(true);
-	}
-	
-	@Test
-	public void testGetClass(){
-		assertTrue(true);
-	}
+  @Test
+	public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception {
+		//given
+		String roleName = "admin";
+		RoleRequest request = createRoleRequest(roleName, "role description");
+		given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException()));
 
-	@Test
-	public void testGetExpires(){
-		assertTrue(true);
+		//when
+		Result<RoleDAO.Data> result = mapper.role(transaction, request);
+
+		//then
+		assertFalse(result.isOK());
+		assertNull(result.value);
+		assertEquals(ERR_General, result.status);
 	}
-	
+
 	@Test
-	public void testGetMarshal(){
-		assertTrue(true);
-		
+	public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception {
+		//given
+		String roleName = "admin";
+		String roleNs = "org.onap.roles";
+		String roleFullName = roleNs + "." + roleName;
+		String description =" role description";
+		RoleRequest request = createRoleRequest(roleFullName, description);
+		given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName)));
+
+		//when
+		Result<RoleDAO.Data> result = mapper.role(transaction, request);
+
+		//then
+		assertTrue(result.isOK());
+		assertEquals(roleName, result.value.name);
+		assertEquals(roleNs, result.value.ns);
+		assertEquals(description, result.value.description);
+		verify(transaction).checkpoint(roleFullName, Env.ALWAYS);
 	}
-	
-	@Test
-	public void testHistory(){
-		assertTrue(true);
+
+	private RoleRequest createRoleRequest(String name, String description) {
+		RoleRequest req = mapper.newInstance(API.ROLE_REQ);
+		req.setName(name);
+		req.setDescription(description);
+		return req;
 	}
-	
+
 	@Test
-	public void testKeys(){
-		assertTrue(true);
-		
+	public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() {
+		//given
+		Roles initialRoles = new Roles();
+		RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
+
+		//when
+		Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false);
+
+		//then
+		assertTrue(result.isOK());
+		assertEquals(initialRoles.getRole(), result.value.getRole());
 	}
-	
+
 	@Test
-	public void testNewInstance(){
-		assertTrue(true);
+	public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() {
+		//given
+		Roles initialRoles = new Roles();
+		RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
+		given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+			.willReturn(Result.err(9, "error"));
+
+		//when
+		Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true);
+
+		//then
+		assertTrue(result.isOK());
+		assertEquals(initialRoles.getRole(), result.value.getRole());
 	}
-	
+
 	@Test
-	public void testNs(){
-		assertTrue(true);
+	public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() {
+		test_roles_shouldAddRoles(false);
 	}
-	
+
 	@Test
-	public void testNss(){
-		assertTrue(true);
+	public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() {
+		test_roles_shouldAddRoles(true);
 	}
-	
-	@Test
-	public void testPerm(){
-		assertTrue(true);
+
+	private void test_roles_shouldAddRoles(boolean namespaceRequested) {
+		//given
+		String namespace = "org.onap.app1";
+		String description = "role description";
+		Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer");
+		List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description))
+			.collect(Collectors.toList());
+		given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+			.willReturn(Result.ok(new NsDAO.Data()));
+		given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested);
+
+		//when
+		Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true);
+
+		//then
+		assertTrue(result.isOK());
+		assertEquals(2, result.value.getRole().size());
+		result.value.getRole().stream().forEach( role -> {
+			assertTrue(role.getPerms().isEmpty());
+			if(namespaceRequested) {
+				assertEquals(namespace, role.getNs());
+			} else {
+				assertNull(role.getNs());
+			}
+			assertTrue(roleNames.contains(role.getName()));
+			assertEquals(description, role.getDescription());
+		});
 	}
-	
+
 	@Test
-	public void testPermFromRPRequest(){
-		assertTrue(true);
+	public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() {
+		//given
+		given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+			.willReturn(Result.ok(new NsDAO.Data()));
+		RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
+		role.perms = Sets.newHashSet("invalidPermFormat");
+
+		//when
+		Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
+
+		//then
+		assertFalse(result.isOK());
+		assertEquals(ERR_BadData, result.status);
 	}
-	
+
 	@Test
-	public void testPermKey(){
-		assertTrue(true);
+	public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() {
+		//given
+		given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+			.willReturn(Result.ok(new NsDAO.Data()));
+		given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class)));
+		RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
+		role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve");
+
+		//when
+		Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
+
+		//then
+		assertTrue(result.isOK());
+		Role mappedRole = Iterables.getOnlyElement(result.value.getRole());
+		Pkey pKey =  Iterables.getOnlyElement(mappedRole.getPerms());
+		assertEquals("org.onap.app.access", pKey.getType());
+		assertEquals("*", pKey.getInstance());
+		assertEquals("read,approve", pKey.getAction());
 	}
-	
-	@Test
-	public void testPerms(){
-		assertTrue(true);
+
+	private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) {
+		NsDAO.Data ns = new NsDAO.Data();
+		ns.name = namespace;
+		RoleDAO.Data role = RoleDAO.Data.create(ns, rolename);
+		role.description = desc;
+		return role;
 	}
-	
+
 	@Test
-	public void testRole(){
-		assertTrue(true);
+	public void userRoles_shouldMapUserRolesFromDAO() {
+		//given
+		String user = "john@people.osaaf.org";
+		String role = "admin";
+		String namespace = "org.osaaf.aaf";
+		int year = 2020;
+		int month = 10;
+		int day = 31;
+		Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based
+		UserRoles targetRoles = new UserRoles();
+
+		//when
+		Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList(
+			createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles);
+
+		//then
+		assertTrue(result.isOK());
+		UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole());
+		assertEquals(user, targetRole.getUser());
+		assertEquals(role, targetRole.getRole());
+		assertEquals(year, targetRole.getExpires().getYear());
+		assertEquals(month, targetRole.getExpires().getMonth());
+		assertEquals(day, targetRole.getExpires().getDay());
 	}
-	
+
 	@Test
-	public void testRoleFromRPRequest(){
-		assertTrue(true);
+	public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() {
+		//given
+		PermRequest wrongRequestType = new PermRequest();
+
+		//when
+		Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType);
+
+		//then
+		assertFalse(result.isOK());
+		assertEquals(ERR_BadData, result.status);
+		verifyZeroInteractions(transaction);
 	}
-	
+
 	@Test
-	public void testRoles(){
-		assertTrue(true);
+	public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() {
+		//given
+		UserRoleRequest request = new UserRoleRequest();
+		given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException()));
+		Organization org = mock(Organization.class);
+		given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
+		given(transaction.org()).willReturn(org);
+
+		//when
+		Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request);
+
+		//then
+		assertTrue(result.isOK());
+		assertNull(result.value.ns);
+		assertNull(result.value.rname);
+		assertNull(result.value.role);
+		assertNull(result.value.user);
+		assertNotNull(result.value.expires);
 	}
-	
+
 	@Test
-	public void testUserRole(){
-		assertTrue(true);
+	public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() {
+		//given
+		String user = "johny@people.osaaf.org";
+		String role = "org.onap.app1.deployer";
+		String rName = "deployer";
+		String namespace = "org.onap.app1";
+
+		given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName)));
+		Organization org = mock(Organization.class);
+		given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
+		given(transaction.org()).willReturn(org);
+
+		//when
+		Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user));
+
+		//then
+		assertTrue(result.isOK());
+		assertEquals(user, result.value.user);
+		assertEquals(role, result.value.role);
+		assertEquals(rName, result.value.rname);
+		assertEquals(namespace, result.value.ns);
+		assertNotNull(result.value.expires);
 	}
-	
-	@Test
-	public void testUserRoles(){
-		assertTrue(true);
+
+	private UserRoleRequest createUserRoleRequest(String role, String user) {
+		UserRoleRequest request = new UserRoleRequest();
+		request.setRole(role);
+		request.setUser(user);
+		return request;
 	}
-	
-	@Test
-	public void testUsers(){
-		assertTrue(true);
+
+	private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) {
+		UserRoleDAO.Data userRole =  new UserRoleDAO.Data();
+		userRole.user = userName;
+		userRole.expires = expires;
+		userRole.ns = namespace;
+		userRole.role = roleName;
+		return userRole;
 	}
 
-	
 }
-- 
2.16.6