Code Review / dmaap / datarouter.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[DMaaP DR] JKD 11 migration
[dmaap/datarouter.git] / datarouter-prov / src / test / java / org / onap / dmaap / datarouter / provisioning / DRFeedsServletTest.java
1 /*******************************************************************************
2  * ============LICENSE_START==================================================
3  * * org.onap.dmaap
4  * * ===========================================================================
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6  * * ===========================================================================
7  * * Licensed under the Apache License, Version 2.0 (the "License");
8  * * you may not use this file except in compliance with the License.
9  * * You may obtain a copy of the License at
10  * *
11  *  *      http://www.apache.org/licenses/LICENSE-2.0
12  * *
13  *  * Unless required by applicable law or agreed to in writing, software
14  * * distributed under the License is distributed on an "AS IS" BASIS,
15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * * See the License for the specific language governing permissions and
17  * * limitations under the License.
18  * * ============LICENSE_END====================================================
19  * *
20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
21  * *
22  ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
24
25 import static org.mockito.ArgumentMatchers.anyString;
26 import static org.mockito.Mockito.contains;
27 import static org.mockito.Mockito.eq;
28 import static org.mockito.Mockito.mock;
29 import static org.mockito.Mockito.verify;
30 import static org.mockito.Mockito.when;
31 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
32
33 import ch.qos.logback.classic.spi.ILoggingEvent;
34 import ch.qos.logback.core.read.ListAppender;
35 import java.util.HashSet;
36 import java.util.Set;
37 import javax.persistence.EntityManager;
38 import javax.persistence.EntityManagerFactory;
39 import javax.persistence.Persistence;
40 import javax.servlet.ServletOutputStream;
41 import javax.servlet.http.HttpServletRequest;
42 import javax.servlet.http.HttpServletResponse;
43 import org.apache.commons.lang3.reflect.FieldUtils;
44 import org.jetbrains.annotations.NotNull;
45 import org.json.JSONArray;
46 import org.json.JSONObject;
47 import org.junit.AfterClass;
48 import org.junit.Before;
49 import org.junit.BeforeClass;
50 import org.junit.Test;
51 import org.junit.runner.RunWith;
52 import org.mockito.Mock;
53 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
54 import org.onap.dmaap.datarouter.authz.Authorizer;
55 import org.onap.dmaap.datarouter.provisioning.beans.Insertable;
56 import org.onap.dmaap.datarouter.provisioning.utils.Poker;
57 import org.powermock.core.classloader.annotations.PowerMockIgnore;
58 import org.powermock.modules.junit4.PowerMockRunner;
59
60
61 @RunWith(PowerMockRunner.class)
62 @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.*"})
63 public class DRFeedsServletTest extends DrServletTestBase {
64
65     private static DRFeedsServlet drfeedsServlet;
66     private static EntityManagerFactory emf;
67     private static EntityManager em;
68
69     @Mock
70     private HttpServletRequest request;
71     @Mock
72     private HttpServletResponse response;
73
74     private ListAppender<ILoggingEvent> listAppender;
75
76     @BeforeClass
77     public static void init() {
78         emf = Persistence.createEntityManagerFactory("dr-unit-tests");
79         em = emf.createEntityManager();
80         System.setProperty(
81                 "org.onap.dmaap.datarouter.provserver.properties",
82                 "src/test/resources/h2Database.properties");
83     }
84
85     @AfterClass
86     public static void tearDownClass() {
87         em.clear();
88         em.close();
89         emf.close();
90     }
91
92     @Before
93     public void setUp() throws Exception {
94         listAppender = setTestLogger(DRFeedsServlet.class);
95         drfeedsServlet = new DRFeedsServlet();
96         setAuthoriserToReturnRequestIsAuthorized();
97         setPokerToNotCreateTimersWhenDeleteFeedIsCalled();
98         setupValidAuthorisedRequest();
99         setUpValidSecurityOnHttpRequest();
100         setUpValidContentHeadersAndJSONOnHttpRequest();
101     }
102
103     @Test
104     public void Given_Request_Is_HTTP_DELETE_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
105         drfeedsServlet.doDelete(request, response);
106         verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), anyString());
107         verifyEnteringExitCalled(listAppender);
108     }
109
110     @Test
111     public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
112         throws Exception {
113         when(request.isSecure()).thenReturn(false);
114         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
115         drfeedsServlet.doGet(request, response);
116         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
117         verifyEnteringExitCalled(listAppender);
118     }
119
120     @Test
121     public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
122         throws Exception {
123         setBehalfHeader(null);
124         drfeedsServlet.doGet(request, response);
125         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
126     }
127
128
129     @Test
130     public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
131         throws Exception {
132         when(request.getRequestURI()).thenReturn("/123");
133         drfeedsServlet.doGet(request, response);
134         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), anyString());
135     }
136
137
138     @Test
139     public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
140         throws Exception {
141         setAuthoriserToReturnRequestNotAuthorized();
142         drfeedsServlet.doGet(request, response);
143         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
144     }
145
146     @Test
147     public void Given_Request_Is_HTTP_GET_And_Request_Fails_With_Valid_Name_And_Version() throws Exception {
148         when(request.getParameter("name")).thenReturn("stub_name");
149         when(request.getParameter("version")).thenReturn("stub_version");
150         drfeedsServlet.doGet(request, response);
151         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
152     }
153
154     @Test
155     public void Given_Request_Is_HTTP_GET_And_Request_Succeeds_With_Valid_Name_And_Version() throws Exception {
156         ServletOutputStream outStream = mock(ServletOutputStream.class);
157         when(response.getOutputStream()).thenReturn(outStream);
158         when(request.getParameter("name")).thenReturn("Feed1");
159         when(request.getParameter("version")).thenReturn("v0.1");
160         drfeedsServlet.doGet(request, response);
161         verify(response).setStatus(eq(HttpServletResponse.SC_OK));
162         verify(response).setContentType(BaseServlet.FEEDFULL_CONTENT_TYPE);
163         verifyEnteringExitCalled(listAppender);
164     }
165
166
167     @Test
168     public void Given_Request_Is_HTTP_GET_And_Request_Succeeds_With_Invalid_Name_And_Version() throws Exception {
169         ServletOutputStream outStream = mock(ServletOutputStream.class);
170         when(response.getOutputStream()).thenReturn(outStream);
171         drfeedsServlet.doGet(request, response);
172         verify(response).setStatus(eq(HttpServletResponse.SC_OK));
173     }
174
175
176     @Test
177     public void Given_Request_Is_HTTP_PUT_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
178         drfeedsServlet.doPut(request, response);
179         verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), anyString());
180         verifyEnteringExitCalled(listAppender);
181     }
182
183
184     @Test
185     public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
186         throws Exception {
187         when(request.isSecure()).thenReturn(false);
188         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
189         drfeedsServlet.doPost(request, response);
190         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
191         verifyEnteringExitCalled(listAppender);
192     }
193
194     @Test
195     public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
196         throws Exception {
197         setBehalfHeader(null);
198         drfeedsServlet.doPost(request, response);
199         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
200     }
201
202
203     @Test
204     public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
205         throws Exception {
206         when(request.getRequestURI()).thenReturn("/123");
207         drfeedsServlet.doPost(request, response);
208         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), anyString());
209     }
210
211
212     @Test
213     public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
214         throws Exception {
215         when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.1");
216         when(request.getContentType()).thenReturn("stub_contentType");
217         drfeedsServlet.doPost(request, response);
218         verify(response)
219             .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), anyString());
220     }
221
222     @Test
223     public void Given_Request_Is_HTTP_POST_And_CadiEnabled_Is_True_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
224         throws Exception {
225         setAuthoriserToReturnRequestNotAuthorized();
226         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
227         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
228         JSONObject JSObject = buildRequestJsonObject();
229         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
230             public JSONObject getJSONfromInput(HttpServletRequest req) {
231                 JSONObject jo = new JSONObject();
232                 jo.put("name", "not_stub_name");
233                 jo.put("version", "1.0");
234                 jo.put("authorization", JSObject);
235                 jo.put("aaf_instance", "legacy");
236                 return jo;
237             }
238         };
239         drfeedsServlet.doPost(request, response);
240         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
241     }
242
243     @Test
244     public void Given_Request_Is_HTTP_POST_And_CadiEnabled_Is_False_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
245             throws Exception {
246         setAuthoriserToReturnRequestNotAuthorized();
247         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "false", true);
248         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
249         JSONObject JSObject = buildRequestJsonObject();
250         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
251             public JSONObject getJSONfromInput(HttpServletRequest req) {
252                 JSONObject jo = new JSONObject();
253                 jo.put("name", "not_stub_name");
254                 jo.put("version", "1.0");
255                 jo.put("authorization", JSObject);
256                 jo.put("aaf_instance", "legacy");
257                 return jo;
258             }
259         };
260         drfeedsServlet.doPost(request, response);
261         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
262     }
263
264     @Test
265     public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_True_Then_Forbidden_Response_Is_Generated() throws Exception {
266         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
267         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
268         JSONObject JSObject = buildRequestJsonObject();
269         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
270             public JSONObject getJSONfromInput(HttpServletRequest req) {
271                 JSONObject jo = new JSONObject();
272                 jo.put("name", "not_stub_name");
273                 jo.put("version", "1.0");
274                 jo.put("authorization", JSObject);
275                 jo.put("aaf_instance", "https://aaf-onap-test.osaaf.org:8095");
276                 return jo;
277             }
278         };
279         drfeedsServlet.doPost(request, response);
280         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("Invalid request exclude_AAF"));
281     }
282
283     @Test
284     public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_False_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
285         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
286         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
287         JSONObject JSObject = buildRequestJsonObject();
288         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
289             public JSONObject getJSONfromInput(HttpServletRequest req) {
290                 JSONObject jo = new JSONObject();
291                 jo.put("name", "not_stub_name");
292                 jo.put("version", "1.0");
293                 jo.put("authorization", JSObject);
294                 jo.put("aaf_instance", "*");
295                 return jo;
296             }
297         };
298         drfeedsServlet.doPost(request, response);
299         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
300     }
301
302     @Test
303     public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_False_With_Permissions_Then_Created_OK_Response_Is_Generated() throws Exception {
304         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
305         ServletOutputStream outStream = mock(ServletOutputStream.class);
306         when(response.getOutputStream()).thenReturn(outStream);
307         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
308         JSONObject JSObject = buildRequestJsonObject();
309         when(request.isUserInRole("org.onap.dmaap-dr.feed|*|create")).thenReturn(true);
310         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
311             public JSONObject getJSONfromInput(HttpServletRequest req) {
312                 JSONObject jo = new JSONObject();
313                 jo.put("name", "not_stub_name");
314                 jo.put("version", "1.0");
315                 jo.put("authorization", JSObject);
316                 jo.put("aaf_instance", "*");
317                 return jo;
318             }
319
320             @Override
321             protected boolean doInsert(Insertable bean) {
322                 return true;
323             }
324         };
325         drfeedsServlet.doPost(request, response);
326         verify(response).setStatus(eq(HttpServletResponse.SC_CREATED));
327         verifyEnteringExitCalled(listAppender);
328     }
329
330     @Test
331     public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
332         throws Exception {
333         drfeedsServlet.doPost(request, response);
334         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
335     }
336
337     @Test
338     public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated()
339         throws Exception {
340         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 0, true);
341         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
342             public JSONObject getJSONfromInput(HttpServletRequest req) {
343                 return new JSONObject();
344             }
345         };
346         drfeedsServlet.doPost(request, response);
347         verify(response).sendError(eq(HttpServletResponse.SC_CONFLICT), anyString());
348     }
349
350     @Test
351     public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated()
352         throws Exception {
353         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
354             public JSONObject getJSONfromInput(HttpServletRequest req) {
355                 return new JSONObject();
356             }
357         };
358
359         drfeedsServlet.doPost(request, response);
360         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
361     }
362
363     @Test
364     public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated()
365         throws Exception {
366         when(request.getParameter("name")).thenReturn("AafFeed");
367         when(request.getParameter("version")).thenReturn("v0.1");
368         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
369         when(request.isUserInRole("org.onap.dmaap-dr.feed|*|create")).thenReturn(true);
370         JSONObject JSObject = buildRequestJsonObject();
371         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
372             public JSONObject getJSONfromInput(HttpServletRequest req) {
373                 JSONObject jo = new JSONObject();
374                 jo.put("name", "AafFeed");
375                 jo.put("version", "v0.1");
376                 jo.put("authorization", JSObject);
377                 jo.put("aaf_instance", "*");
378                 return jo;
379             }
380         };
381         drfeedsServlet.doPost(request, response);
382         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("This feed already exists in the database"));
383     }
384
385     @Test
386     public void Given_Request_Is_HTTP_POST_And_POST_Fails_Bad_Request_Response_Is_Generated() throws Exception {
387         JSONObject JSObject = buildRequestJsonObject();
388         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
389         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
390             public JSONObject getJSONfromInput(HttpServletRequest req) {
391                 JSONObject jo = new JSONObject();
392                 jo.put("name", "stub_name");
393                 jo.put("version", "2.0");
394                 jo.put("authorization", JSObject);
395                 jo.put("aaf_instance", "legacy");
396                 return jo;
397             }
398
399             @Override
400             protected boolean doInsert(Insertable bean) {
401                 return false;
402             }
403         };
404         drfeedsServlet.doPost(request, response);
405         verify(response)
406             .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), anyString());
407     }
408
409     @NotNull
410     private JSONObject buildRequestJsonObject() {
411         JSONObject JSObject = new JSONObject();
412         JSONArray endpointIDs = new JSONArray();
413         JSONObject JOEndpointIDs = new JSONObject();
414         JOEndpointIDs.put("id", "stub_endpoint_id");
415         JOEndpointIDs.put("password", "stub_endpoint_password");
416         endpointIDs.put(JOEndpointIDs);
417
418         JSONArray endpointAddresses = new JSONArray();
419         endpointAddresses.put("127.0.0.1");
420
421         JSObject.put("classification", "stub_classification");
422         JSObject.put("endpoint_ids", endpointIDs);
423         JSObject.put("endpoint_addrs", endpointAddresses);
424         return JSObject;
425     }
426
427     private void setUpValidSecurityOnHttpRequest() throws Exception {
428         when(request.isSecure()).thenReturn(true);
429         Set<String> authAddressesAndNetworks = new HashSet<>();
430         authAddressesAndNetworks.add(("127.0.0.1"));
431         FieldUtils
432             .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
433                 true);
434         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
435         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 100, true);
436     }
437
438     private void setBehalfHeader(String headerValue) {
439         when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
440     }
441
442     private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
443         AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
444         Authorizer authorizer = mock(Authorizer.class);
445         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
446         when(authorizer.decide(request)).thenReturn(authResponse);
447         when(authResponse.isAuthorized()).thenReturn(false);
448     }
449
450     private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
451         AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
452         Authorizer authorizer = mock(Authorizer.class);
453         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
454         when(authorizer.decide(request)).thenReturn(authResponse);
455         when(authResponse.isAuthorized()).thenReturn(true);
456     }
457
458     private void setPokerToNotCreateTimersWhenDeleteFeedIsCalled() throws Exception {
459         Poker poker = mock(Poker.class);
460         FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
461     }
462
463     private void setupValidAuthorisedRequest() throws Exception {
464         setUpValidSecurityOnHttpRequest();
465         setBehalfHeader("Stub_Value");
466     }
467
468     private void setUpValidContentHeadersAndJSONOnHttpRequest() throws IllegalAccessException {
469         when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.0");
470         when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
471     }
472 }
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API