/******************************************************************************* * ============LICENSE_START======================================================= * org.onap.dmaap * ================================================================================ * Copyright © 2017 AT&T Intellectual Property. All rights reserved. * Modification copyright (C) 2021 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= * * *******************************************************************************/ package org.onap.dmaap.kafkaAuthorize; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import org.apache.kafka.common.acl.AclOperation; import org.apache.kafka.common.security.auth.KafkaPrincipal; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; import kafka.network.RequestChannel.Session; import kafka.security.auth.Operation; import kafka.security.auth.Resource; import kafka.security.auth.ResourceType; @RunWith(PowerMockRunner.class) @PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) @PrepareForTest({ AuthorizationProviderFactory.class }) public class KafkaCustomAuthorizerTest { @Mock Session arg0; @Mock Operation arg1; @Mock Resource arg2; @Mock KafkaPrincipal principal; @Mock ResourceType resourceType; @Mock AuthorizationProviderFactory factory; @Mock AuthorizationProvider provider; KafkaCustomAuthorizer authorizer; static { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); System.setProperty("enableCadi", "true"); } @Before public void setUp() { MockitoAnnotations.initMocks(this); PowerMockito.when(principal.getName()).thenReturn("fullName"); PowerMockito.when(arg0.principal()).thenReturn(principal); PowerMockito.when(arg1.name()).thenReturn("Write"); PowerMockito.when(resourceType.name()).thenReturn("Topic"); PowerMockito.when(arg2.resourceType()).thenReturn(resourceType); PowerMockito.when(arg2.name()).thenReturn("namespace.Topic"); PowerMockito.mockStatic(AuthorizationProviderFactory.class); PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); PowerMockito.when(factory.getProvider()).thenReturn(provider); } @Test public void testAuthorizerSuccess() { PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(true); authorizer = new KafkaCustomAuthorizer(); assertTrue(authorizer.authorize(arg0, arg1, arg2)); } @Test public void testAuthorizerFailure() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } @Test public void testAuthorizerFailure1() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(resourceType.name()).thenReturn("Cluster"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } @Test public void testAuthorizerFailure2() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(resourceType.name()).thenReturn("Topic"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.WRITE); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } @Test public void testAuthorizerFailure3() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(resourceType.name()).thenReturn("Topic"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DESCRIBE); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } @Test public void testAuthorizerFailure4() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(resourceType.name()).thenReturn("Topic"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.READ); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } @Test public void testAuthorizerFailure5() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(resourceType.name()).thenReturn("Cluster"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.IDEMPOTENT_WRITE); System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } @Test public void testAuthorizerFailure6() { System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DELETE); System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) .thenReturn(false); authorizer = new KafkaCustomAuthorizer(); try { authorizer.authorize(arg0, arg1, arg2); } catch (Exception e) { assertTrue(true); } } }