From: Popescu, Serban <serban.popescu@amdocs.com>
Date: Fri, 14 Dec 2018 17:45:57 +0000 (-0500)
Subject: Add option to bypass user authorization
X-Git-Tag: 1.4.2~24
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aai%2Fsearch-data-service.git;a=commitdiff_plain;h=7ca6c2a19ee1971a402a6b7eaad4324d83fb236a

Add option to bypass user authorization

the es.auth.authorization.enabled property, if set to false, will bypass
user authorization
Issue-ID: AAI-2007

Change-Id: I46e3e087ee13eacdf977bbdc9c439045b0072a33
Signed-off-by: Serban Popescu <serban.popescu@amdocs.com>
---

diff --git a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
index 5247baa..d62bfd6 100644
--- a/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
+++ b/src/main/java/org/onap/aai/sa/rest/SearchServiceApi.java
@@ -185,6 +185,12 @@ public class SearchServiceApi {
 
     protected boolean validateRequest(HttpHeaders headers, HttpServletRequest req, Action action,
             String authPolicyFunctionName) {
+
+        boolean isUserAuthEnabled = ((ElasticSearchHttpController)documentStore).getElasticSearchConfig().useAuthorizationUser();
+        if(! isUserAuthEnabled) {
+            return true;
+        }
+        
         SearchDbServiceAuth serviceAuth = new SearchDbServiceAuth();
 
         String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
index 0d116f8..87d0378 100644
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
@@ -40,6 +40,7 @@ public class ElasticSearchConfig {
     private String httpPort;
     private String javaApiPort;
     private String clusterName;
+    private String authorizationEnabled;
 
     public static final String ES_CLUSTER_NAME = "es.cluster-name";
     public static final String ES_IP_ADDRESS = "es.ip-address";
@@ -51,6 +52,7 @@ public class ElasticSearchConfig {
     public static final String ES_KEY_STORE_ENC = "es.key-store-password";
     public static final String ES_AUTH_USER = "es.auth-user";
     public static final String ES_AUTH_ENC = "es.auth-password";
+    public static final String ES_AUTH_ENABLED = "es.auth.authorization.enabled";
 
     private static final String DEFAULT_URI_SCHEME = "http";
     private static final String JAVA_API_PORT_DEFAULT = "9300";
@@ -66,6 +68,7 @@ public class ElasticSearchConfig {
         setHttpPort(props.getProperty(ES_HTTP_PORT));
         setJavaApiPort(JAVA_API_PORT_DEFAULT);
         initializeAuthValues(props);
+        setAuthorizationEnabled(props.getProperty(ES_AUTH_ENABLED));
     }
 
 
@@ -161,12 +164,24 @@ public class ElasticSearchConfig {
         return authValue;
     }
 
+    public String getAuthorizationEnabled() {
+        return authorizationEnabled;
+    }
+
+    public void setAuthorizationEnabled(String authorizationEnabled) {
+        this.authorizationEnabled = authorizationEnabled;
+    }
+
+    public boolean useAuthorizationUser() {
+        return getAuthorizationEnabled()== null? true : Boolean.parseBoolean(getAuthorizationEnabled());
+    }
+
     @Override
     public String toString() {
         return String.format(
-                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)",
+                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)%nauthorizationUser=%s",
                 uriScheme, ipAddress, httpPort, clusterName, javaApiPort, useAuth(), trustStore,
-                trustStorePassword != null, keyStore, keyStorePassword != null);
+                trustStorePassword != null, keyStore, keyStorePassword != null, useAuthorizationUser());
     }
 
     private void initializeAuthValues(Properties props) {
diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
index 759c997..c4a52b4 100644
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/dao/ElasticSearchHttpController.java
@@ -176,6 +176,10 @@ public class ElasticSearchHttpController implements DocumentStoreInterface {
         return analysisConfig;
     }
 
+    public ElasticSearchConfig getElasticSearchConfig() {
+        return config;
+    }
+
     @Override
     public OperationResult createIndex(String index, DocumentSchema documentSchema) {
         try {
diff --git a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
index d16fe87..e780e3b 100644
--- a/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
+++ b/src/test/java/org/onap/aai/sa/rest/DocumentTest.java
@@ -33,8 +33,12 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.onap.aai.sa.searchdbabstraction.elasticsearch.config.ElasticSearchConfig;
 import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreDataEntity;
 import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.DocumentStoreInterface;
+import org.onap.aai.sa.searchdbabstraction.elasticsearch.dao.ElasticSearchHttpController;
 import org.onap.aai.sa.searchdbabstraction.elasticsearch.exception.DocumentStoreOperationException;
 import org.onap.aai.sa.searchdbabstraction.entity.DocumentOperationResult;
 import org.onap.aai.sa.searchdbabstraction.entity.ErrorResult;
@@ -43,6 +47,7 @@ import org.onap.aai.sa.searchdbabstraction.entity.SearchOperationResult;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import java.util.Properties;
 
 
 public class DocumentTest {
@@ -70,6 +75,9 @@ public class DocumentTest {
 
     DocumentApi documentApi;
 
+    @Mock
+    ElasticSearchHttpController httpController;
+
     @Before
     public void setUp() {
         MockitoAnnotations.initMocks(this);
@@ -654,4 +662,66 @@ public class DocumentTest {
         Assert.assertNotNull(response);
         Assert.assertTrue(HttpStatus.INTERNAL_SERVER_ERROR.value() == response.getStatusCodeValue());
     }
-}
+
+    @Test
+    public void testUserAuthorization() throws Exception {
+        String transactionId = "transactionId-1";
+        String remoteAddr = "http://127.0.0.1";
+        String content = "content";
+        // Mockito.when(headers.getRequestHeaders()).thenReturn(multivaluedMap);;
+        Mockito.when(multivaluedMap.getFirst(Mockito.anyString())).thenReturn(transactionId);
+        Mockito.when(request.getRemoteAddr()).thenReturn(remoteAddr);
+        Mockito.when(request.getMethod()).thenReturn("testMethod");
+        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://127.0.0.1"));
+        Mockito.when(request.getRemoteHost()).thenReturn("localhost");
+        Mockito.when(searchServiceApi.validateRequest(Mockito.any(HttpHeaders.class),
+                Mockito.any(HttpServletRequest.class), Mockito.any(ApiUtils.Action.class), Mockito.anyString()))
+                .thenCallRealMethod();
+
+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {
+            public ElasticSearchConfig answer(InvocationOnMock invocation) {
+                Properties properties = new Properties();
+                return new ElasticSearchConfig(properties);
+            }
+        }).when(httpController).getElasticSearchConfig();
+
+        searchServiceApi.documentStore = httpController;
+
+        ResponseEntity<String> response =
+                documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);
+        Assert.assertNotNull(response);
+        Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());
+
+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {
+            public ElasticSearchConfig answer(InvocationOnMock invocation) {
+                Properties properties = new Properties();
+                properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "true");
+                return new ElasticSearchConfig(properties);
+            }
+        }).when(httpController).getElasticSearchConfig();
+
+
+        response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);
+        Assert.assertNotNull(response);
+        Assert.assertTrue(HttpStatus.FORBIDDEN.value() == response.getStatusCodeValue());
+
+        Mockito.doAnswer(new Answer<ElasticSearchConfig>() {
+            public ElasticSearchConfig answer(InvocationOnMock invocation) {
+                Properties properties = new Properties();
+                properties.put(ElasticSearchConfig.ES_AUTH_ENABLED, "false");
+                return new ElasticSearchConfig(properties);
+            }
+        }).when(httpController).getElasticSearchConfig();
+
+        DocumentOperationResult result = new DocumentOperationResult();
+        result.setResultCode(302);
+        result.setError(new ErrorResult("type-1", "reason-1"));
+        result.setFailureCause("test-failure");
+        Mockito.when(documentStore.createDocument(Mockito.anyString(), Mockito.any(DocumentStoreDataEntity.class),
+                Mockito.anyBoolean())).thenReturn(result);
+        response = documentApi.processPut(content, request, headers, httpResponse, "index", "id-1", documentStore);
+        Assert.assertNotNull(response);
+        Assert.assertTrue(HttpStatus.FOUND.value() == response.getStatusCodeValue());
+
+    }
+}
\ No newline at end of file