Code Review / dmaap / datarouter.git / blob
? search:


d014629db1935a9e930dc3c83aa64f8c93590dd2
[dmaap/datarouter.git] / datarouter-prov / src / test / java / org / onap / dmaap / datarouter / provisioning / DRFeedsServletTest.java
1 /*******************************************************************************
2  * ============LICENSE_START==================================================
3  * * org.onap.dmaap
4  * * ===========================================================================
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6  * * ===========================================================================
7  * * Licensed under the Apache License, Version 2.0 (the "License");
8  * * you may not use this file except in compliance with the License.
9  * * You may obtain a copy of the License at
10  * *
11  *  *      http://www.apache.org/licenses/LICENSE-2.0
12  * *
13  *  * Unless required by applicable law or agreed to in writing, software
14  * * distributed under the License is distributed on an "AS IS" BASIS,
15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * * See the License for the specific language governing permissions and
17  * * limitations under the License.
18  * * ============LICENSE_END====================================================
19  * *
20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
21  * *
22  ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
24
25 import ch.qos.logback.classic.spi.ILoggingEvent;
26 import ch.qos.logback.core.read.ListAppender;
27 import org.apache.commons.lang3.reflect.FieldUtils;
28 import org.jetbrains.annotations.NotNull;
29 import org.json.JSONArray;
30 import org.json.JSONObject;
31 import org.junit.AfterClass;
32 import org.junit.Before;
33 import org.junit.BeforeClass;
34 import org.junit.Test;
35 import org.junit.runner.RunWith;
36 import org.mockito.Mock;
37 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
38 import org.onap.dmaap.datarouter.authz.Authorizer;
39 import org.onap.dmaap.datarouter.provisioning.beans.Insertable;
40 import org.onap.dmaap.datarouter.provisioning.utils.DB;
41 import org.powermock.modules.junit4.PowerMockRunner;
42
43 import javax.persistence.EntityManager;
44 import javax.persistence.EntityManagerFactory;
45 import javax.persistence.Persistence;
46 import javax.servlet.ServletOutputStream;
47 import javax.servlet.http.HttpServletRequest;
48 import javax.servlet.http.HttpServletResponse;
49 import java.util.HashSet;
50 import java.util.Set;
51
52 import static org.hamcrest.Matchers.notNullValue;
53 import static org.mockito.Mockito.*;
54 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
55
56
57 @RunWith(PowerMockRunner.class)
58 public class DRFeedsServletTest extends DrServletTestBase {
59
60     private static DRFeedsServlet drfeedsServlet;
61     private static EntityManagerFactory emf;
62     private static EntityManager em;
63     private DB db;
64
65     @Mock
66     private HttpServletRequest request;
67     @Mock
68     private HttpServletResponse response;
69
70     private ListAppender<ILoggingEvent> listAppender;
71
72     @BeforeClass
73     public static void init() {
74         emf = Persistence.createEntityManagerFactory("dr-unit-tests");
75         em = emf.createEntityManager();
76         System.setProperty(
77                 "org.onap.dmaap.datarouter.provserver.properties",
78                 "src/test/resources/h2Database.properties");
79     }
80
81     @AfterClass
82     public static void tearDownClass() {
83         em.clear();
84         em.close();
85         emf.close();
86     }
87
88     @Before
89     public void setUp() throws Exception {
90         listAppender = setTestLogger(DRFeedsServlet.class);
91         drfeedsServlet = new DRFeedsServlet();
92         db = new DB();
93         setAuthoriserToReturnRequestIsAuthorized();
94         setPokerToNotCreateTimersWhenDeleteFeedIsCalled();
95         setupValidAuthorisedRequest();
96         setUpValidSecurityOnHttpRequest();
97         setUpValidContentHeadersAndJSONOnHttpRequest();
98     }
99
100     @Test
101     public void Given_Request_Is_HTTP_DELETE_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
102         drfeedsServlet.doDelete(request, response);
103         verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
104         verifyEnteringExitCalled(listAppender);
105     }
106
107     @Test
108     public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
109         throws Exception {
110         when(request.isSecure()).thenReturn(false);
111         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
112         drfeedsServlet.doGet(request, response);
113         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
114         verifyEnteringExitCalled(listAppender);
115     }
116
117     @Test
118     public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
119         throws Exception {
120         setBehalfHeader(null);
121         drfeedsServlet.doGet(request, response);
122         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
123     }
124
125
126     @Test
127     public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
128         throws Exception {
129         when(request.getRequestURI()).thenReturn("/123");
130         drfeedsServlet.doGet(request, response);
131         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
132     }
133
134
135     @Test
136     public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
137         throws Exception {
138         setAuthoriserToReturnRequestNotAuthorized();
139         drfeedsServlet.doGet(request, response);
140         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
141     }
142
143     @Test
144     public void Given_Request_Is_HTTP_GET_And_Request_Fails_With_Valid_Name_And_Version() throws Exception {
145         when(request.getParameter("name")).thenReturn("stub_name");
146         when(request.getParameter("version")).thenReturn("stub_version");
147         drfeedsServlet.doGet(request, response);
148         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
149     }
150
151     @Test
152     public void Given_Request_Is_HTTP_GET_And_Request_Succeeds_With_Valid_Name_And_Version() throws Exception {
153         ServletOutputStream outStream = mock(ServletOutputStream.class);
154         when(response.getOutputStream()).thenReturn(outStream);
155         when(request.getParameter("name")).thenReturn("Feed1");
156         when(request.getParameter("version")).thenReturn("v0.1");
157         drfeedsServlet.doGet(request, response);
158         verify(response).setStatus(eq(HttpServletResponse.SC_OK));
159         verify(response).setContentType(BaseServlet.FEEDFULL_CONTENT_TYPE);
160         verifyEnteringExitCalled(listAppender);
161     }
162
163
164     @Test
165     public void Given_Request_Is_HTTP_GET_And_Request_Succeeds_With_Invalid_Name_And_Version() throws Exception {
166         ServletOutputStream outStream = mock(ServletOutputStream.class);
167         when(response.getOutputStream()).thenReturn(outStream);
168         drfeedsServlet.doGet(request, response);
169         verify(response).setStatus(eq(HttpServletResponse.SC_OK));
170     }
171
172
173     @Test
174     public void Given_Request_Is_HTTP_PUT_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
175         drfeedsServlet.doPut(request, response);
176         verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
177         verifyEnteringExitCalled(listAppender);
178     }
179
180
181     @Test
182     public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
183         throws Exception {
184         when(request.isSecure()).thenReturn(false);
185         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
186         drfeedsServlet.doPost(request, response);
187         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
188         verifyEnteringExitCalled(listAppender);
189     }
190
191     @Test
192     public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
193         throws Exception {
194         setBehalfHeader(null);
195         drfeedsServlet.doPost(request, response);
196         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
197     }
198
199
200     @Test
201     public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
202         throws Exception {
203         when(request.getRequestURI()).thenReturn("/123");
204         drfeedsServlet.doPost(request, response);
205         verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
206     }
207
208
209     @Test
210     public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
211         throws Exception {
212         when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.1");
213         when(request.getContentType()).thenReturn("stub_contentType");
214         drfeedsServlet.doPost(request, response);
215         verify(response)
216             .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
217     }
218
219     @Test
220     public void Given_Request_Is_HTTP_POST_And_CadiEnabled_Is_True_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
221         throws Exception {
222         setAuthoriserToReturnRequestNotAuthorized();
223         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
224         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
225         JSONObject JSObject = buildRequestJsonObject();
226         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
227             protected JSONObject getJSONfromInput(HttpServletRequest req) {
228                 JSONObject jo = new JSONObject();
229                 jo.put("name", "not_stub_name");
230                 jo.put("version", "1.0");
231                 jo.put("authorization", JSObject);
232                 jo.put("aaf_instance", "legacy");
233                 return jo;
234             }
235         };
236         drfeedsServlet.doPost(request, response);
237         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
238     }
239
240     @Test
241     public void Given_Request_Is_HTTP_POST_And_CadiEnabled_Is_False_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
242             throws Exception {
243         setAuthoriserToReturnRequestNotAuthorized();
244         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "false", true);
245         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
246         JSONObject JSObject = buildRequestJsonObject();
247         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
248             protected JSONObject getJSONfromInput(HttpServletRequest req) {
249                 JSONObject jo = new JSONObject();
250                 jo.put("name", "not_stub_name");
251                 jo.put("version", "1.0");
252                 jo.put("authorization", JSObject);
253                 jo.put("aaf_instance", "legacy");
254                 return jo;
255             }
256         };
257         drfeedsServlet.doPost(request, response);
258         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
259     }
260
261     @Test
262     public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_True_Then_Forbidden_Response_Is_Generated() throws Exception {
263         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
264         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
265         JSONObject JSObject = buildRequestJsonObject();
266         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
267             protected JSONObject getJSONfromInput(HttpServletRequest req) {
268                 JSONObject jo = new JSONObject();
269                 jo.put("name", "not_stub_name");
270                 jo.put("version", "1.0");
271                 jo.put("authorization", JSObject);
272                 jo.put("aaf_instance", "https://aaf-onap-test.osaaf.org:8095");
273                 return jo;
274             }
275         };
276         drfeedsServlet.doPost(request, response);
277         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("Invalid request exclude_AAF"));
278     }
279
280     @Test
281     public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_False_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
282         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
283         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
284         JSONObject JSObject = buildRequestJsonObject();
285         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
286             protected JSONObject getJSONfromInput(HttpServletRequest req) {
287                 JSONObject jo = new JSONObject();
288                 jo.put("name", "not_stub_name");
289                 jo.put("version", "1.0");
290                 jo.put("authorization", JSObject);
291                 jo.put("aaf_instance", "*");
292                 return jo;
293             }
294         };
295         drfeedsServlet.doPost(request, response);
296         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
297     }
298
299     @Test
300     public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_False_With_Permissions_Then_Created_OK_Response_Is_Generated() throws Exception {
301         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
302         ServletOutputStream outStream = mock(ServletOutputStream.class);
303         when(response.getOutputStream()).thenReturn(outStream);
304         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
305         JSONObject JSObject = buildRequestJsonObject();
306         when(request.isUserInRole("org.onap.dmaap-dr.feed|*|create")).thenReturn(true);
307         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
308             protected JSONObject getJSONfromInput(HttpServletRequest req) {
309                 JSONObject jo = new JSONObject();
310                 jo.put("name", "not_stub_name");
311                 jo.put("version", "1.0");
312                 jo.put("authorization", JSObject);
313                 jo.put("aaf_instance", "*");
314                 return jo;
315             }
316
317             @Override
318             protected boolean doInsert(Insertable bean) {
319                 return true;
320             }
321         };
322         drfeedsServlet.doPost(request, response);
323         verify(response).setStatus(eq(HttpServletResponse.SC_CREATED));
324         verifyEnteringExitCalled(listAppender);
325     }
326
327     @Test
328     public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
329         throws Exception {
330         drfeedsServlet.doPost(request, response);
331         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
332     }
333
334     @Test
335     public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated()
336         throws Exception {
337         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 0, true);
338         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
339             protected JSONObject getJSONfromInput(HttpServletRequest req) {
340                 return new JSONObject();
341             }
342         };
343         drfeedsServlet.doPost(request, response);
344         verify(response).sendError(eq(HttpServletResponse.SC_CONFLICT), argThat(notNullValue(String.class)));
345     }
346
347     @Test
348     public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated()
349         throws Exception {
350         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
351             protected JSONObject getJSONfromInput(HttpServletRequest req) {
352                 return new JSONObject();
353             }
354         };
355
356         drfeedsServlet.doPost(request, response);
357         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
358     }
359
360     @Test
361     public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated()
362         throws Exception {
363         when(request.getParameter("name")).thenReturn("AafFeed");
364         when(request.getParameter("version")).thenReturn("v0.1");
365         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
366         when(request.isUserInRole("org.onap.dmaap-dr.feed|*|create")).thenReturn(true);
367         JSONObject JSObject = buildRequestJsonObject();
368         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
369             protected JSONObject getJSONfromInput(HttpServletRequest req) {
370                 JSONObject jo = new JSONObject();
371                 jo.put("name", "AafFeed");
372                 jo.put("version", "v0.1");
373                 jo.put("authorization", JSObject);
374                 jo.put("aaf_instance", "*");
375                 return jo;
376             }
377         };
378         drfeedsServlet.doPost(request, response);
379         verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("This feed already exists in the database"));
380     }
381
382     @Test
383     public void Given_Request_Is_HTTP_POST_And_POST_Fails_Bad_Request_Response_Is_Generated() throws Exception {
384         JSONObject JSObject = buildRequestJsonObject();
385         when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
386         DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
387             protected JSONObject getJSONfromInput(HttpServletRequest req) {
388                 JSONObject jo = new JSONObject();
389                 jo.put("name", "stub_name");
390                 jo.put("version", "2.0");
391                 jo.put("authorization", JSObject);
392                 jo.put("aaf_instance", "legacy");
393                 return jo;
394             }
395
396             @Override
397             protected boolean doInsert(Insertable bean) {
398                 return false;
399             }
400         };
401         drfeedsServlet.doPost(request, response);
402         verify(response)
403             .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
404     }
405
406     @NotNull
407     private JSONObject buildRequestJsonObject() {
408         JSONObject JSObject = new JSONObject();
409         JSONArray endpointIDs = new JSONArray();
410         JSONObject JOEndpointIDs = new JSONObject();
411         JOEndpointIDs.put("id", "stub_endpoint_id");
412         JOEndpointIDs.put("password", "stub_endpoint_password");
413         endpointIDs.put(JOEndpointIDs);
414
415         JSONArray endpointAddresses = new JSONArray();
416         endpointAddresses.put("127.0.0.1");
417
418         JSObject.put("classification", "stub_classification");
419         JSObject.put("endpoint_ids", endpointIDs);
420         JSObject.put("endpoint_addrs", endpointAddresses);
421         return JSObject;
422     }
423
424     private void setUpValidSecurityOnHttpRequest() throws Exception {
425         when(request.isSecure()).thenReturn(true);
426         Set<String> authAddressesAndNetworks = new HashSet<>();
427         authAddressesAndNetworks.add(("127.0.0.1"));
428         FieldUtils
429             .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
430                 true);
431         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
432         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 100, true);
433     }
434
435     private void setBehalfHeader(String headerValue) {
436         when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
437     }
438
439     private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
440         AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
441         Authorizer authorizer = mock(Authorizer.class);
442         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
443         when(authorizer.decide(request)).thenReturn(authResponse);
444         when(authResponse.isAuthorized()).thenReturn(false);
445     }
446
447     private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
448         AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
449         Authorizer authorizer = mock(Authorizer.class);
450         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
451         when(authorizer.decide(request)).thenReturn(authResponse);
452         when(authResponse.isAuthorized()).thenReturn(true);
453     }
454
455     private void setPokerToNotCreateTimersWhenDeleteFeedIsCalled() throws Exception {
456         Poker poker = mock(Poker.class);
457         FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
458     }
459
460     private void setupValidAuthorisedRequest() throws Exception {
461         setUpValidSecurityOnHttpRequest();
462         setBehalfHeader("Stub_Value");
463     }
464
465     private void setUpValidContentHeadersAndJSONOnHttpRequest() throws IllegalAccessException {
466         when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.0");
467         when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
468     }
469 }
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API