1 /*******************************************************************************
2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * Modification copyright (C) 2021 Nordix Foundation.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 *******************************************************************************/
22 package org.onap.dmaap.kafkaAuthorize;
24 import static org.junit.Assert.assertNotNull;
25 import static org.junit.Assert.assertTrue;
27 import org.apache.kafka.common.acl.AclOperation;
28 import org.apache.kafka.common.security.auth.KafkaPrincipal;
29 import org.junit.Before;
30 import org.junit.Test;
31 import org.junit.runner.RunWith;
32 import org.mockito.Mock;
33 import org.mockito.MockitoAnnotations;
34 import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider;
35 import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory;
36 import org.powermock.api.mockito.PowerMockito;
37 import org.powermock.core.classloader.annotations.PowerMockIgnore;
38 import org.powermock.core.classloader.annotations.PrepareForTest;
39 import org.powermock.modules.junit4.PowerMockRunner;
41 import kafka.network.RequestChannel.Session;
42 import kafka.security.auth.Operation;
43 import kafka.security.auth.Resource;
44 import kafka.security.auth.ResourceType;
46 @RunWith(PowerMockRunner.class)
47 @PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"})
48 @PrepareForTest({ AuthorizationProviderFactory.class })
49 public class KafkaCustomAuthorizerTest {
57 KafkaPrincipal principal;
59 ResourceType resourceType;
61 AuthorizationProviderFactory factory;
63 AuthorizationProvider provider;
65 KafkaCustomAuthorizer authorizer;
68 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
69 System.setProperty("enableCadi", "true");
74 MockitoAnnotations.initMocks(this);
75 PowerMockito.when(principal.getName()).thenReturn("fullName");
76 PowerMockito.when(arg0.principal()).thenReturn(principal);
77 PowerMockito.when(arg1.name()).thenReturn("Write");
78 PowerMockito.when(resourceType.name()).thenReturn("Topic");
79 PowerMockito.when(arg2.resourceType()).thenReturn(resourceType);
80 PowerMockito.when(arg2.name()).thenReturn("namespace.Topic");
81 PowerMockito.mockStatic(AuthorizationProviderFactory.class);
82 PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory);
83 PowerMockito.when(factory.getProvider()).thenReturn(provider);
88 public void testAuthorizerSuccess() {
89 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
91 authorizer = new KafkaCustomAuthorizer();
92 assertTrue(authorizer.authorize(arg0, arg1, arg2));
96 public void testAuthorizerFailure() {
97 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
98 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
99 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE);
100 System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
101 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
103 authorizer = new KafkaCustomAuthorizer();
105 authorizer.authorize(arg0, arg1, arg2);
106 } catch (Exception e) {
113 public void testAuthorizerFailure1() {
114 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
115 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
116 PowerMockito.when(resourceType.name()).thenReturn("Cluster");
117 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE);
118 System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
119 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
121 authorizer = new KafkaCustomAuthorizer();
123 authorizer.authorize(arg0, arg1, arg2);
124 } catch (Exception e) {
131 public void testAuthorizerFailure2() {
132 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
133 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
134 PowerMockito.when(resourceType.name()).thenReturn("Topic");
135 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.WRITE);
136 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
138 authorizer = new KafkaCustomAuthorizer();
140 authorizer.authorize(arg0, arg1, arg2);
141 } catch (Exception e) {
148 public void testAuthorizerFailure3() {
149 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
150 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
151 PowerMockito.when(resourceType.name()).thenReturn("Topic");
152 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DESCRIBE);
153 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
155 authorizer = new KafkaCustomAuthorizer();
157 authorizer.authorize(arg0, arg1, arg2);
158 } catch (Exception e) {
164 public void testAuthorizerFailure4() {
165 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
166 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
167 PowerMockito.when(resourceType.name()).thenReturn("Topic");
168 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.READ);
169 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
171 authorizer = new KafkaCustomAuthorizer();
173 authorizer.authorize(arg0, arg1, arg2);
174 } catch (Exception e) {
181 public void testAuthorizerFailure5() {
182 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
183 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
184 PowerMockito.when(resourceType.name()).thenReturn("Cluster");
185 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.IDEMPOTENT_WRITE);
186 System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
187 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
189 authorizer = new KafkaCustomAuthorizer();
191 authorizer.authorize(arg0, arg1, arg2);
192 } catch (Exception e) {
199 public void testAuthorizerFailure6() {
200 System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
201 PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic");
202 PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DELETE);
203 System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:");
204 PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
206 authorizer = new KafkaCustomAuthorizer();
208 authorizer.authorize(arg0, arg1, arg2);
209 } catch (Exception e) {