Add option to bypass user authorization

the es.auth.authorization.enabled property, if set to false, will bypass
user authorization
Issue-ID: AAI-2007

Change-Id: I46e3e087ee13eacdf977bbdc9c439045b0072a33
Signed-off-by: Serban Popescu <serban.popescu@amdocs.com>

diff --git a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
index 5247baa..d62bfd6 100644 (file)
--- a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
+++ b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
@@ -185,6 +185,12 @@ public class SearchServiceApi {
 
     protected boolean validateRequest(HttpHeaders headers, HttpServletRequest req, Action action,
             String authPolicyFunctionName) {
+
+        boolean isUserAuthEnabled = ((ElasticSearchHttpController)documentStore).getElasticSearchConfig().useAuthorizationUser();
+        if(! isUserAuthEnabled) {
+            return true;
+        }
+        
         SearchDbServiceAuth serviceAuth = new SearchDbServiceAuth();
 
         String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");

diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
index 0d116f8..87d0378 100644 (file)
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
@@ -40,6 +40,7 @@ public class ElasticSearchConfig {
     private String httpPort;
     private String javaApiPort;
     private String clusterName;
+    private String authorizationEnabled;
 
     public static final String ES_CLUSTER_NAME = "es.cluster-name";
     public static final String ES_IP_ADDRESS = "es.ip-address";
@@ -51,6 +52,7 @@ public class ElasticSearchConfig {
     public static final String ES_KEY_STORE_ENC = "es.key-store-password";
     public static final String ES_AUTH_USER = "es.auth-user";
     public static final String ES_AUTH_ENC = "es.auth-password";
+    public static final String ES_AUTH_ENABLED = "es.auth.authorization.enabled";
 
     private static final String DEFAULT_URI_SCHEME = "http";
     private static final String JAVA_API_PORT_DEFAULT = "9300";
@@ -66,6 +68,7 @@ public class ElasticSearchConfig {
         setHttpPort(props.getProperty(ES_HTTP_PORT));
         setJavaApiPort(JAVA_API_PORT_DEFAULT);
         initializeAuthValues(props);
+        setAuthorizationEnabled(props.getProperty(ES_AUTH_ENABLED));
     }
 
 
@@ -161,12 +164,24 @@ public class ElasticSearchConfig {
         return authValue;
     }
 
+    public String getAuthorizationEnabled() {
+        return authorizationEnabled;
+    }
+
+    public void setAuthorizationEnabled(String authorizationEnabled) {
+        this.authorizationEnabled = authorizationEnabled;
+    }
+
+    public boolean useAuthorizationUser() {
+        return getAuthorizationEnabled()== null? true : Boolean.parseBoolean(getAuthorizationEnabled());
+    }
+
     @Override
     public String toString() {
         return String.format(
-                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)",
+                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)%nauthorizationUser=%s",
                 uriScheme, ipAddress, httpPort, clusterName, javaApiPort, useAuth(), trustStore,
-                trustStorePassword != null, keyStore, keyStorePassword != null);
+                trustStorePassword != null, keyStore, keyStorePassword != null, useAuthorizationUser());
     }
 
     private void initializeAuthValues(Properties props) {

diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
index 759c997..c4a52b4 100644 (file)
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
@@ -176,6 +176,10 @@ public class ElasticSearchHttpController implements DocumentStoreInterface {
         return analysisConfig;
     }
 
+    public ElasticSearchConfig getElasticSearchConfig() {
+        return config;
+    }
+
     @Override
     public OperationResult createIndex(String index, DocumentSchema documentSchema) {
         try {

diff --git a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
index d16fe87..e780e3b 100644 (file)
--- a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
+++ b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
@@ -33,8 +33,12 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;\r
 import org.mockito.Mockito;\r
 import org.mockito.MockitoAnnotations;\r
+import org.mockito.invocation.InvocationOnMock;\r
+import org.mockito.stubbing.Answer;\r
+import org.onap.aai.sa.searchdbabstraction.elasticsearch.config.ElasticSearchConfig;\r
 import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreDataEntity;\r
 import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreInterface;\r
+import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.ElasticSearchHttpController;\r
 import org.onap.aai.sa.searchdbabstraction.elasticsearch.exception.DocumentStoreOperationException;\r
 import org.onap.aai.sa.searchdbabstraction.entity.DocumentOperationResult;\r
 import org.onap.aai.sa.searchdbabstraction.entity.ErrorResult;\r
@@ -43,6 +47,7 @@ import org.onap.aai.sa.searchdbabstraction.entity.SearchOperationResult;
 import org.springframework.http.HttpHeaders;\r
 import org.springframework.http.HttpStatus;\r
 import org.springframework.http.ResponseEntity;\r
+import java.util.Properties;\r
 \r
 \r
 public class DocumentTest {\r
@@ -70,6 +75,9 @@ public class DocumentTest {
 \r
     DocumentApi documentApi;\r
 \r
+    @Mock\r
+    ElasticSearchHttpController httpController;\r
+\r
     @Before\r
     public void setUp() {\r
         MockitoAnnotations.initMocks(this);\r
@@ -654,4 +662,66 @@ public class DocumentTest {
         Assert.assertNotNull(response);\r
         Assert.assertTrue(HttpStatus.INTERNAL_SERVER_ERROR.value() == response.getStatusCodeValue());\r
     }\r
-}\r
+\r
+    @Test\r
+    public void testUserAuthorization() throws Exception {\r
+        String transactionId = "transactionId-1";\r
+        String remoteAddr = "http://127.0.0.1";\r
+        String content = "content";\r
+        // Mockito.when(headers.getRequestHeaders()).thenReturn(multivaluedMap);;\r
+        Mockito.when(multivaluedMap.getFirst(Mockito.anyString())).thenReturn(transactionId);\r
+        Mockito.when(request.getRemoteAddr()).thenReturn(remoteAddr);\r
+        Mockito.when(request.getMethod()).thenReturn("testMethod");\r
+        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://127.0.0.1"));\r
+        Mockito.when(request.getRemoteHost()).thenReturn("localhost");\r
+        Mockito.when(searchServiceApi.validateRequest(Mockito.any(HttpHeaders.class),\r
+                Mockito.any(HttpServletRequest.class), Mockito.any(ApiUtils.Action.class), Mockito.anyString()))\r
+                .thenCallRealMethod();\r
+\r
+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {\r
+            public ElasticSearchConfig answer(InvocationOnMock invocation) {\r
+                Properties properties = new Properties();\r
+                return new ElasticSearchConfig(properties);\r
+            }\r
+        }).when(httpController).getElasticSearchConfig();\r
+\r
+        searchServiceApi.documentStore = httpController;\r
+\r
+        ResponseEntity<String> response =\r
+                documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);\r
+        Assert.assertNotNull(response);\r
+        Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());\r
+\r
+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {\r
+            public ElasticSearchConfig answer(InvocationOnMock invocation) {\r
+                Properties properties = new Properties();\r
+                properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "true");\r
+                return new ElasticSearchConfig(properties);\r
+            }\r
+        }).when(httpController).getElasticSearchConfig();\r
+\r
+\r
+        response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);\r
+        Assert.assertNotNull(response);\r
+        Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());\r
+\r
+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {\r
+            public ElasticSearchConfig answer(InvocationOnMock invocation) {\r
+                Properties properties = new Properties();\r
+                properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "false");\r
+                return new ElasticSearchConfig(properties);\r
+            }\r
+        }).when(httpController).getElasticSearchConfig();\r
+\r
+        DocumentOperationResult result = new DocumentOperationResult();\r
+        result.setResultCode(302);\r
+        result.setError(new ErrorResult("type-1", "reason-1"));\r
+        result.setFailureCause("test-failure");\r
+        Mockito.when(documentStore.createDocument(Mockito.anyString(), Mockito.any(DocumentStoreDataEntity.class),\r
+                Mockito.anyBoolean())).thenReturn(result);\r
+        response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);\r
+        Assert.assertNotNull(response);\r
+        Assert.assertTrue(HttpStatus.FOUND.value() == response.getStatusCodeValue());\r
+\r
+    }\r
+}
\ No newline at end of file