sidecar/rproxy/src/test/java/org/onap/aaf/rproxy/PermissionMatchingTest.java

   1 /**
   2  * ============LICENSE_START=======================================================
   3  * org.onap.aaf
   4  * ================================================================================
   5  * Copyright © 2018 European Software Marketing Ltd.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *       http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20 package org.onap.aaf.rproxy;
  21
  22 import static org.hamcrest.Matchers.equalTo;
  23 import static org.springframework.test.web.client.match.MockRestRequestMatchers.header;
  24 import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
  25 import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
  26 import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
  27 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
  28 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
  29 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
  30
  31 import javax.annotation.Resource;
  32 import org.eclipse.jetty.util.security.Password;
  33 import org.junit.Before;
  34 import org.junit.Test;
  35 import org.junit.runner.RunWith;
  36 import org.onap.aaf.rproxy.config.ForwardProxyProperties;
  37 import org.onap.aaf.rproxy.config.PrimaryServiceProperties;
  38 import org.springframework.beans.factory.annotation.Autowired;
  39 import org.springframework.beans.factory.annotation.Value;
  40 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
  41 import org.springframework.boot.test.context.SpringBootTest;
  42 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
  43 import org.springframework.http.HttpMethod;
  44 import org.springframework.http.MediaType;
  45 import org.springframework.test.context.ContextConfiguration;
  46 import org.springframework.test.context.TestPropertySource;
  47 import org.springframework.test.context.junit4.SpringRunner;
  48 import org.springframework.test.web.client.MockRestServiceServer;
  49 import org.springframework.test.web.servlet.MockMvc;
  50 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
  51 import org.springframework.web.client.RestTemplate;
  52
  53
  54 @RunWith(SpringRunner.class)
  55 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
  56 @AutoConfigureMockMvc
  57
  58 @TestPropertySource(locations = {"classpath:primary-service.properties", "classpath:forward-proxy.properties"})
  59
  60 @ContextConfiguration(classes = ReverseProxyTestConfig.class)
  61 public class PermissionMatchingTest {
  62
  63     static {
  64         System.setProperty("server.ssl.key-store-password",
  65                 Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
  66     }
  67
  68     @Value("${transactionid.header.name}")
  69     private String transactionIdHeaderName;
  70
  71     @Resource(name = "PrimaryServiceProperties")
  72     private PrimaryServiceProperties primaryServiceProps;
  73
  74     @Resource(name = "ForwardProxyProperties")
  75     private ForwardProxyProperties forwardProxyProps;
  76
  77     @Autowired
  78     private MockMvc mockMvc;
  79
  80     @Autowired
  81     private RestTemplate restTemplate;
  82
  83     private MockRestServiceServer mockServer;
  84
  85     private String primaryServiceBaseUrl;
  86
  87     @Before
  88     public void setUp() throws Exception {
  89         mockServer = MockRestServiceServer.createServer(restTemplate);
  90         primaryServiceBaseUrl = primaryServiceProps.getProtocol() + "://" + primaryServiceProps.getHost() + ":"
  91                 + primaryServiceProps.getPort();
  92     }
  93
  94         @Test
  95         public void testURIMismatch() throws Exception {
  96
  97         String testUrl = "/uri/does/not/exist";
  98         String testResponse = "Sorry, the request is not allowed";
  99
 100         mockMvc
 101                 .perform(get(testUrl))
 102                 .andExpect(status().isForbidden())
 103                 .andExpect(status().reason(testResponse));
 104
 105         }
 106
 107         @Test
 108         public void testURINoPermission() throws Exception {
 109
 110         String testUrl = "/not/allowed/at/all";
 111         String testResponse = "Sorry, the request is not allowed";
 112
 113         mockMvc
 114                 .perform(get(testUrl))
 115                 .andExpect(status().isForbidden())
 116                 .andExpect(status().reason(testResponse));
 117
 118         }
 119
 120         @Test
 121         public void testURIMatchSinglePermissionMatch() throws Exception {
 122
 123         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 124         String testUrl = "/single/permission/required";
 125         String testResponse = "Response from MockRestService";
 126
 127         mockServer
 128                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 129                 .andExpect(method(HttpMethod.GET))
 130                 .andExpect(header(transactionIdHeaderName, transactionId))
 131                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 132
 133         // Send request to mock server with transaction Id
 134         mockMvc
 135                 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
 136                 .andExpect(status().isOk())
 137             .andExpect(content().string(equalTo(testResponse)));
 138
 139         mockServer.verify();
 140
 141         }
 142
 143         @Test
 144         public void testURIMatchMultiplePermissionMatch() throws Exception {
 145
 146         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 147         String testUrl = "/multiple/permissions/required";
 148         String testResponse = "Response from MockRestService";
 149
 150         mockServer
 151                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 152                 .andExpect(method(HttpMethod.GET))
 153                 .andExpect(header(transactionIdHeaderName, transactionId))
 154                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 155
 156         // Send request to mock server with transaction Id
 157         mockMvc
 158                 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
 159                 .andExpect(status().isOk())
 160             .andExpect(content().string(equalTo(testResponse)));
 161
 162         mockServer.verify();
 163
 164         }
 165
 166         @Test
 167         public void testURIMatchMultipleMissingOnePermissionMatch() throws Exception {
 168
 169         String testUrl = "/multiple/permissions/required/one/missing";
 170         String testResponse = "Sorry, the request is not allowed";
 171
 172         mockMvc
 173                 .perform(get(testUrl))
 174                 .andExpect(status().isForbidden())
 175                 .andExpect(status().reason(testResponse));
 176         }
 177
 178         @Test
 179         public void testURIInstanceActionWildCardPermissionMatch() throws Exception {
 180
 181         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 182         String testUrl = "/wildcard/permission/granted";
 183         String testResponse = "Response from MockRestService";
 184
 185         mockServer
 186                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 187                 .andExpect(method(HttpMethod.GET))
 188                 .andExpect(header(transactionIdHeaderName, transactionId))
 189                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 190
 191         // Send request to mock server with transaction Id
 192         mockMvc
 193                 .perform(MockMvcRequestBuilders
 194                                         .get(testUrl)
 195                                         .accept(MediaType.APPLICATION_JSON)
 196                                         .header(transactionIdHeaderName, transactionId)
 197                                         .header("PermissionsUser", "UserWithInstanceActionWildcardPermissionGranted")
 198                                 )
 199                 .andExpect(status().isOk())
 200             .andExpect(content().string(equalTo(testResponse)));
 201
 202         mockServer.verify();
 203
 204         }
 205
 206         @Test
 207         public void testURIInstanceWildCardPermissionMatch() throws Exception {
 208
 209         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 210         String testUrl = "/instance/wildcard/permission/granted";
 211         String testResponse = "Response from MockRestService";
 212
 213         mockServer
 214                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 215                 .andExpect(method(HttpMethod.GET))
 216                 .andExpect(header(transactionIdHeaderName, transactionId))
 217                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 218
 219         // Send request to mock server with transaction Id
 220         mockMvc
 221                 .perform(MockMvcRequestBuilders
 222                                         .get(testUrl)
 223                                         .accept(MediaType.APPLICATION_JSON)
 224                                         .header(transactionIdHeaderName, transactionId)
 225                                         .header("PermissionsUser", "UserWithInstanceWildcardPermissionGranted")
 226                                 )
 227                 .andExpect(status().isOk())
 228             .andExpect(content().string(equalTo(testResponse)));
 229
 230         mockServer.verify();
 231
 232         }
 233
 234         @Test
 235         public void testURIActionWildCardPermissionMatch() throws Exception {
 236
 237         String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
 238         String testUrl = "/action/wildcard/permission/granted";
 239         String testResponse = "Response from MockRestService";
 240
 241         mockServer
 242                 .expect(requestTo(primaryServiceBaseUrl + testUrl))
 243                 .andExpect(method(HttpMethod.GET))
 244                 .andExpect(header(transactionIdHeaderName, transactionId))
 245                 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
 246
 247         // Send request to mock server with transaction Id
 248         mockMvc
 249                 .perform(MockMvcRequestBuilders
 250                                         .get(testUrl)
 251                                         .accept(MediaType.APPLICATION_JSON)
 252                                         .header(transactionIdHeaderName, transactionId)
 253                                         .header("PermissionsUser", "UserWithActionWildcardPermissionGranted")
 254                                 )
 255                 .andExpect(status().isOk())
 256             .andExpect(content().string(equalTo(testResponse)));
 257
 258         mockServer.verify();
 259
 260         }
 261
 262 }