From 45ccf584c8574e9f96dd6fa3b8016accf24fc541 Mon Sep 17 00:00:00 2001 From: pkaras Date: Thu, 30 May 2019 11:11:54 +0200 Subject: [PATCH] AafPermissionService implementation based on methods from MR_ClientService Change-Id: If90327b4ab0d4de1b58e5f15564d35cd2d43ec39 Issue-ID: DMAAP-1211 Signed-off-by: piotr.karas --- pom.xml | 7 + .../org/onap/dmaap/dbcapi/aaf/AafUserRole.java | 22 ++- .../java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java | 101 +++++++------ .../java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java | 115 ++++++++------ .../dmaap/dbcapi/service/AafPermissionService.java | 133 +++++++++++++++++ .../dbcapi/service/AafPermissionServiceTest.java | 165 +++++++++++++++++++++ 6 files changed, 449 insertions(+), 94 deletions(-) create mode 100644 src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java create mode 100644 src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java diff --git a/pom.xml b/pom.xml index a555393..91af75a 100644 --- a/pom.xml +++ b/pom.xml @@ -347,6 +347,12 @@ org.glassfish.jersey.inject jersey-hk2 + + junit + junit + ${junit.version} + test + pl.pragmatists JUnitParams @@ -388,6 +394,7 @@ 9.4.12.RC2 1.0.0 1.0.28-SNAPSHOT + 4.12 0.7.7.201606060606 3.2 diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java index 7b4f882..859ae13 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java @@ -22,6 +22,8 @@ package org.onap.dmaap.dbcapi.aaf; import org.apache.log4j.Logger; +import java.util.Objects; + public class AafUserRole extends AafObject { static final Logger logger = Logger.getLogger(AafUserRole.class); @@ -62,8 +64,20 @@ public class AafUserRole extends AafObject { return postJSON; } - - - - + + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + AafUserRole that = (AafUserRole) o; + return Objects.equals(identity, that.identity) && + Objects.equals(role, that.role); + } + + @Override + public int hashCode() { + + return Objects.hash(identity, role); + } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java index 90668be..bcee2a3 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,46 +22,61 @@ package org.onap.dmaap.dbcapi.aaf; import org.apache.log4j.Logger; +import java.util.Objects; + public class DmaapGrant extends AafObject { - static final Logger logger = Logger.getLogger(DmaapGrant.class); - - private DmaapPerm perm; - private String role; - - public DmaapGrant(){ - - } - - public DmaapGrant( DmaapPerm p, String r ) { - this.perm = p; - this.role = r; - } - - public DmaapPerm getPerm() { - return perm; - } - - public void setPerm(DmaapPerm perm) { - this.perm = perm; - } - - public String getRole() { - return role; - } - - public void setRole(String role) { - this.role = role; - } - - public String toJSON() { - - String postJSON = String.format(" { \"perm\": %s, \"role\": \"%s\"}", - this.perm.toJSON(), - this.getRole() ); - logger.info( "returning JSON: " + postJSON); - - return postJSON; - } - - + static final Logger logger = Logger.getLogger(DmaapGrant.class); + + private DmaapPerm perm; + private String role; + + public DmaapGrant() { + + } + + public DmaapGrant(DmaapPerm p, String r) { + this.perm = p; + this.role = r; + } + + public DmaapPerm getPerm() { + return perm; + } + + public void setPerm(DmaapPerm perm) { + this.perm = perm; + } + + public String getRole() { + return role; + } + + public void setRole(String role) { + this.role = role; + } + + public String toJSON() { + + String postJSON = String.format(" { \"perm\": %s, \"role\": \"%s\"}", + this.perm.toJSON(), + this.getRole()); + logger.info("returning JSON: " + postJSON); + + return postJSON; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + DmaapGrant that = (DmaapGrant) o; + return Objects.equals(perm, that.perm) && + Objects.equals(role, that.role); + } + + @Override + public int hashCode() { + + return Objects.hash(perm, role); + } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java index 1893a71..1f57068 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,50 +22,71 @@ package org.onap.dmaap.dbcapi.aaf; import org.apache.log4j.Logger; +import java.util.Objects; -public class DmaapPerm extends AafObject { - static final Logger logger = Logger.getLogger(DmaapPerm.class); - - private String permission; - private String ptype; - private String action; - - public DmaapPerm(String permission, String ptype, String action) { - super(); - this.permission = permission; - this.ptype = ptype; - this.action = action; - } - public String getPermission() { - return permission; - } - public void setPermission(String permission) { - this.permission = permission; - } - public String getPtype() { - return ptype; - } - public void setPtype(String ptype) { - this.ptype = ptype; - } - public String getAction() { - return action; - } - public void setAction(String action) { - this.action = action; - } - public String toJSON() { - - String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}", - this.getPermission(), - this.getPtype(), - this.getAction() ); - logger.info( "returning JSON: " + postJSON); - - return postJSON; - } - - - - + +public class DmaapPerm extends AafObject { + static final Logger logger = Logger.getLogger(DmaapPerm.class); + + private String permission; + private String ptype; + private String action; + + public DmaapPerm(String permission, String ptype, String action) { + super(); + this.permission = permission; + this.ptype = ptype; + this.action = action; + } + + public String getPermission() { + return permission; + } + + public void setPermission(String permission) { + this.permission = permission; + } + + public String getPtype() { + return ptype; + } + + public void setPtype(String ptype) { + this.ptype = ptype; + } + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + + public String toJSON() { + + String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}", + this.getPermission(), + this.getPtype(), + this.getAction()); + logger.info("returning JSON: " + postJSON); + + return postJSON; + } + + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + DmaapPerm dmaapPerm = (DmaapPerm) o; + return Objects.equals(permission, dmaapPerm.permission) && + Objects.equals(ptype, dmaapPerm.ptype) && + Objects.equals(action, dmaapPerm.action); + } + + @Override + public int hashCode() { + return Objects.hash(permission, ptype, action); + } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java new file mode 100644 index 0000000..857b695 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java @@ -0,0 +1,133 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.service; + +import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafUserRole; +import org.onap.dmaap.dbcapi.aaf.DmaapGrant; +import org.onap.dmaap.dbcapi.aaf.DmaapPerm; +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.model.ApiError; +import org.onap.dmaap.dbcapi.model.DmaapObject.DmaapObject_Status; +import org.onap.dmaap.dbcapi.model.MR_Client; + +public class AafPermissionService extends BaseLoggingClass { + + private final AafService aafService; + private final DmaapService dmaapService; + + public AafPermissionService() { + this(new AafService(AafService.ServiceType.AAF_TopicMgr), new DmaapService()); + } + + AafPermissionService(AafService aafService, DmaapService dmaapService) { + this.aafService = aafService; + this.dmaapService = dmaapService; + } + + void assignIdentityToRole(MR_Client client, String role, ApiError err) { + okStatus(err); + AafUserRole ur = new AafUserRole(client.getClientIdentity(), role); + client.setStatus(DmaapObject_Status.VALID); + int rc = aafService.addUserRole(ur); + if (rc != 201 && rc != 409) { + client.setStatus(DmaapObject_Status.INVALID); + assignClientToRoleError(err, rc, client.getClientIdentity(), role); + } + } + + void grantClientRolePerms(MR_Client client, ApiError err) { + + okStatus(err); + String instance = ":topic." + client.getFqtn(); + client.setStatus(DmaapObject_Status.VALID); + + for (String action : client.getAction()) { + if (client.getClientRole() != null) { + int rc = grantPermForClientRole(client.getClientRole(), instance, action); + if (rc != 201 && rc != 409) { + client.setStatus(DmaapObject_Status.INVALID); + grantPermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole()); + } + + } else { + logger.warn("No Grant of " + permissionFullName(dmaapService.getTopicPerm(), instance, action) + " because role is null "); + } + } + } + + void revokeClientPerms(MR_Client client, ApiError err) { + okStatus(err); + String instance = ":topic." + client.getFqtn(); + client.setStatus(DmaapObject_Status.VALID); + + for (String action : client.getAction()) { + + int rc = revokePermForClientRole(client.getClientRole(), instance, action); + + if (rc != 200 && rc != 404) { + client.setStatus(DmaapObject_Status.INVALID); + revokePermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole()); + } + } + + } + + private int grantPermForClientRole(String clientRole, String instance, String action) { + DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action); + DmaapGrant g = new DmaapGrant(perm, clientRole); + return aafService.addGrant(g); + } + + private int revokePermForClientRole(String clientRole, String instance, String action) { + DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action); + DmaapGrant g = new DmaapGrant(perm, clientRole); + return aafService.delGrant(g); + } + + private void assignClientToRoleError(ApiError err, int code, String clientIdentity, String role) { + err.setCode(code); + err.setMessage("Failed to add user " + clientIdentity + " to " + role); + logger.warn(err.getMessage()); + } + + private void grantPermsError(ApiError err, int code, String permission, String instance, String action, String role) { + err.setCode(code); + err.setMessage("Grant of " + permissionFullName(permission, instance, action) + " failed for " + role); + logger.warn(err.getMessage()); + } + + private void revokePermsError(ApiError err, int code, String permission, String instance, String action, String role) { + err.setCode(code); + err.setMessage("Revoke of " + permissionFullName(permission, instance, action) + " failed for " + role); + logger.warn(err.getMessage()); + } + + private String permissionFullName(String permission, String instance, String action) { + return permission + "|" + instance + "|" + action; + } + + private void okStatus(ApiError err) { + err.setCode(200); + err.setMessage("OK"); + } + +} diff --git a/src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java b/src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java new file mode 100644 index 0000000..1bba2bf --- /dev/null +++ b/src/test/java/org/onap/dmaap/dbcapi/service/AafPermissionServiceTest.java @@ -0,0 +1,165 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.service; + +import junitparams.JUnitParamsRunner; +import junitparams.Parameters; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafUserRole; +import org.onap.dmaap.dbcapi.aaf.DmaapGrant; +import org.onap.dmaap.dbcapi.aaf.DmaapPerm; +import org.onap.dmaap.dbcapi.model.ApiError; +import org.onap.dmaap.dbcapi.model.MR_Client; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.BDDMockito.given; +import static org.mockito.BDDMockito.then; +import static org.mockito.Mockito.verifyZeroInteractions; + +@RunWith(JUnitParamsRunner.class) +public class AafPermissionServiceTest { + + private static final String ROLE = "dmaap.mr.demoTopic.publisher"; + private static final String IDENTITY = "dmaap-bc@dmaap-bc.onap.org"; + private static final String TOPIC_PERM = "org.onap.dmaap.mr.topic"; + private static final String FQTN = "org.onap.dmaap.mr.demoTopic"; + private static final String PUB_ACTION = "pub"; + private static final int INTERNAL_SERVER_ERROR = 500; + @Mock + private AafService aafService; + @Mock + private DmaapService dmaapService; + @Mock + private MR_Client mrClient; + private AafPermissionService aafPermissionService; + + @Before + public void setUp() throws Exception { + MockitoAnnotations.initMocks(this); + aafPermissionService = new AafPermissionService(aafService, dmaapService); + given(mrClient.getClientIdentity()).willReturn(IDENTITY); + given(mrClient.getFqtn()).willReturn(FQTN); + given(mrClient.getAction()).willReturn(new String[]{PUB_ACTION}); + given(dmaapService.getTopicPerm()).willReturn(TOPIC_PERM); + } + + @Test + @Parameters({"201", "409"}) + public void shouldAssignClientToRole(int aafServiceReturnedCode) { + ApiError apiError = new ApiError(); + AafUserRole userRole = new AafUserRole(IDENTITY, ROLE); + given(aafService.addUserRole(userRole)).willReturn(aafServiceReturnedCode); + + aafPermissionService.assignIdentityToRole(mrClient, ROLE, apiError); + + then(aafService).should().addUserRole(userRole); + assertOkStatus(apiError); + } + + @Test + public void shouldReturnErrorStatusWhenClientWasNotAssignedToRole() { + ApiError apiError = new ApiError(); + AafUserRole userRole = new AafUserRole(IDENTITY, ROLE); + given(aafService.addUserRole(userRole)).willReturn(INTERNAL_SERVER_ERROR); + + aafPermissionService.assignIdentityToRole(mrClient, ROLE, apiError); + + assertErrorStatus(apiError, INTERNAL_SERVER_ERROR); + } + + @Test + @Parameters({"201", "409"}) + public void shouldGrantActionPermissionForClientRole(int aafServiceReturnedCode) { + ApiError apiError = new ApiError(); + DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE); + given(mrClient.getClientRole()).willReturn(ROLE); + given(aafService.addGrant(grant)).willReturn(aafServiceReturnedCode); + + aafPermissionService.grantClientRolePerms(mrClient, apiError); + + then(aafService).should().addGrant(grant); + assertOkStatus(apiError); + } + + @Test + public void shouldReturnErrorStatusWhenPermissionWasNotGrantToRole() { + ApiError apiError = new ApiError(); + DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE); + given(mrClient.getClientRole()).willReturn(ROLE); + given(aafService.addGrant(grant)).willReturn(INTERNAL_SERVER_ERROR); + + aafPermissionService.grantClientRolePerms(mrClient, apiError); + + assertErrorStatus(apiError, INTERNAL_SERVER_ERROR); + } + + @Test + public void shouldReturnOkStatusWhenClientRoleIsNull() { + ApiError apiError = new ApiError(); + given(mrClient.getClientRole()).willReturn(null); + + aafPermissionService.grantClientRolePerms(mrClient, apiError); + + verifyZeroInteractions(aafService); + assertOkStatus(apiError); + } + + @Test + @Parameters({"200", "404"}) + public void shouldRevokeActionPermissionForClientRole(int aafServiceReturnedCode) { + ApiError apiError = new ApiError(); + DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE); + given(mrClient.getClientRole()).willReturn(ROLE); + given(aafService.delGrant(grant)).willReturn(aafServiceReturnedCode); + + aafPermissionService.revokeClientPerms(mrClient, apiError); + + then(aafService).should().delGrant(grant); + assertOkStatus(apiError); + } + + @Test + public void shouldReturnErrorStatusWhenPermissionWasNotRevokedFromRole() { + ApiError apiError = new ApiError(); + DmaapGrant grant = new DmaapGrant(new DmaapPerm(TOPIC_PERM, ":topic." + FQTN, PUB_ACTION), ROLE); + given(mrClient.getClientRole()).willReturn(ROLE); + given(aafService.delGrant(grant)).willReturn(INTERNAL_SERVER_ERROR); + + aafPermissionService.revokeClientPerms(mrClient, apiError); + + assertErrorStatus(apiError, INTERNAL_SERVER_ERROR); + } + + private void assertErrorStatus(ApiError apiError, int code) { + assertEquals(code, apiError.getCode()); + } + + private void assertOkStatus(ApiError apiError) { + assertTrue(apiError.is2xx()); + assertEquals("OK", apiError.getMessage()); + } +} \ No newline at end of file -- 2.16.6