import javax.servlet.http.HttpServletRequest;
import java.util.*;
+import java.util.function.Function;
import java.util.stream.Collectors;
static final String READ_PERMISSION_STRING = "read";
private final ObjectMapper om = new ObjectMapper();
- @Autowired
private AaiService aaiService;
+ private Function<HttpServletRequest, Integer> getUserIdFunction;
+ private Function<HttpServletRequest, Map> getRolesFunction;
+
+ @Autowired
+ public RoleProvider(AaiService aaiService) {
+ this.aaiService=aaiService;
+ getUserIdFunction = UserUtils::getUserId;
+ getRolesFunction = UserUtils::getRoles;
+ }
+
+ RoleProvider(AaiService aaiService, Function<HttpServletRequest, Integer> getUserIdFunction, Function<HttpServletRequest, Map> getRolesFunction) {
+ this.aaiService = aaiService;
+ this.getRolesFunction = getRolesFunction;
+ this.getUserIdFunction = getUserIdFunction;
+ }
+
public List<Role> getUserRoles(HttpServletRequest request) {
- String logPrefix = "Role Provider (" + UserUtils.getUserId(request) + ") ==>";
+ int userId= getUserIdFunction.apply(request);
+ String logPrefix = "Role Provider (" + userId + ") ==>";
- LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Entering to get user role for user " + UserUtils.getUserId(request));
+ LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Entering to get user role for user " + userId);
List<Role> roleList = new ArrayList<>();
- Map roles = UserUtils.getRoles(request);
+ Map roles = getRolesFunction.apply(request);
for (Object role : roles.keySet()) {
org.onap.portalsdk.core.domain.Role sdkRol = (org.onap.portalsdk.core.domain.Role) roles.get(role);
}
String[] roleParts = splitRole((sdkRol.getName()), logPrefix);
roleList.add(createRoleFromStringArr(roleParts, logPrefix));
- String msg = String.format("%s User %s got permissions %s", logPrefix, UserUtils.getUserId(request), Arrays.toString(roleParts));
+ String msg = String.format("%s User %s got permissions %s", logPrefix, userId, Arrays.toString(roleParts));
LOG.debug(EELFLoggerDelegate.debugLogger, msg);
} catch (Exception e) {
LOG.error(logPrefix + " Failed to parse permission");
}
public boolean isSubscriberPermitted(String subscriberName) {
- if(this.disableRoles) return true;
-
+ if (this.disableRoles) return true;
+
for (Role role : userRoles) {
if (role.getSubscribeName().equals(subscriberName))
return true;
}
public boolean isServicePermitted(String subscriberName, String serviceType) {
- if(this.disableRoles) return true;
-
+ if (this.disableRoles) return true;
+
for (Role role : userRoles) {
if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType))
return true;
}
public boolean isMsoRequestValid(RequestDetails mso_request) {
- if(this.disableRoles) return true;
-
+ if (this.disableRoles) return true;
+
try {
String globalSubscriberIdRequested = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
String serviceType = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("requestParameters")).get("subscriptionServiceType");
//Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
return true;
}
-// return false;
}
public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
- if(this.disableRoles) return true;
-
+ if (this.disableRoles) return true;
+
for (Role role : userRoles) {
if (role.getSubscribeName().equals(globalCustomerId)
&& role.getServiceType().equals(serviceType)
}
return false;
}
+
+ void enableRoles() {
+ this.disableRoles = false;
+ }
}
package org.onap.vid.roles;
-import org.junit.Test;
+import com.google.common.collect.ImmutableMap;
+import io.joshworks.restclient.http.HttpResponse;
+import org.assertj.core.util.Lists;
+import org.mockito.Mock;
+import org.onap.vid.aai.exceptions.RoleParsingException;
+import org.onap.vid.model.Subscriber;
+import org.onap.vid.model.SubscriberList;
+import org.onap.vid.services.AaiService;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.initMocks;
public class RoleProviderTest {
- private RoleProvider createTestSubject() {
- return new RoleProvider();
- }
-
-
-// @Test
-// public void testGetUserRoles() throws Exception {
-// RoleProvider testSubject;
-// HttpServletRequest request = null;
-// List<Role> result;
-//
-// // default test
-// testSubject = createTestSubject();
-// result = testSubject.getUserRoles(request);
-// }
-
-
- @Test
- public void testSplitRole() throws Exception {
- RoleProvider testSubject;
- String roleAsString = "";
- String[] result;
-
- // default test
- testSubject = createTestSubject();
- //TODO:fix result = testSubject.splitRole(roleAsString);
- }
+ private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber";
+ private static final String SAMPLE_CUSTOMER_ID = "sampleCustomerId";
+ private static final String SERVICE_TYPE_LOGS = "LOGS";
+ private static final String TENANT_PERMITTED = "PERMITTED";
+ private static final String SAMPLE_SERVICE = "sampleService";
+ private static final String SAMPLE_TENANT = "sampleTenant";
+ private static final String SAMPLE_ROLE_PREFIX = "prefix";
+
+ @Mock
+ private AaiService aaiService;
+
+ @Mock
+ private HttpServletRequest request;
+
+ @Mock
+ private HttpResponse<SubscriberList> subscriberListHttpResponse;
+
+
+ private RoleProvider roleProvider;
+
+
+ @BeforeMethod
+ public void setUp() {
+ initMocks(this);
+ roleProvider = new RoleProvider(aaiService, httpServletRequest -> 5, httpServletRequest -> createRoles());
+ }
+
+ @Test
+ public void shouldSplitRolesWhenDelimiterIsPresent() {
+ String roles = "role_a___role_b";
+
+ assertThat(roleProvider.splitRole(roles, "")).isEqualTo(new String[]{"role_a", "role_b"});
+ }
+
+
+ @Test
+ public void shouldProperlyCreateRoleFromCorrectArray() throws RoleParsingException {
+ setSubscribers();
+ String[] roleParts = {SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT};
+
+ Role role = roleProvider.createRoleFromStringArr(roleParts, SAMPLE_ROLE_PREFIX);
+
+ assertThat(role.getEcompRole()).isEqualTo(EcompRole.READ);
+ assertThat(role.getSubscribeName()).isEqualTo(SAMPLE_CUSTOMER_ID);
+ assertThat(role.getTenant()).isEqualTo(SAMPLE_TENANT);
+ assertThat(role.getServiceType()).isEqualTo(SAMPLE_SERVICE);
+ }
+
+ @Test
+ public void shouldProperlyCreateRoleWhenTenantIsNotProvided() throws RoleParsingException {
+ setSubscribers();
+
+ String[] roleParts = {SAMPLE_SUBSCRIBER, SAMPLE_SERVICE};
+
+ Role role = roleProvider.createRoleFromStringArr(roleParts, SAMPLE_ROLE_PREFIX);
+
+ assertThat(role.getEcompRole()).isEqualTo(EcompRole.READ);
+ assertThat(role.getSubscribeName()).isEqualTo(SAMPLE_CUSTOMER_ID);
+ assertThat(role.getServiceType()).isEqualTo(SAMPLE_SERVICE);
+ assertThat(role.getTenant()).isNullOrEmpty();
+ }
+
+ @Test(expectedExceptions = RoleParsingException.class)
+ public void shouldRaiseExceptionWhenRolePartsAreIncomplete() throws RoleParsingException {
+ setSubscribers();
+
+ roleProvider.createRoleFromStringArr(new String[]{SAMPLE_SUBSCRIBER}, SAMPLE_ROLE_PREFIX);
+ }
+
+ @Test
+ public void shouldProperlyRetrieveUserRolesWhenPermissionIsDifferentThanRead() {
+ Role expectedRole = new Role(EcompRole.READ, SAMPLE_CUSTOMER_ID, SAMPLE_SERVICE, SAMPLE_TENANT);
+ setSubscribers();
+
+ List<Role> userRoles = roleProvider.getUserRoles(request);
+
+
+ assertThat(userRoles.size()).isEqualTo(1);
+ Role actualRole = userRoles.get(0);
+
+ assertThat(actualRole.getTenant()).isEqualTo(expectedRole.getTenant());
+ assertThat(actualRole.getSubscribeName()).isEqualTo(expectedRole.getSubscribeName());
+ assertThat(actualRole.getServiceType()).isEqualTo(expectedRole.getServiceType());
+ }
+
+ @Test
+ public void shouldReturnReadOnlyPermissionWhenRolesAreEmpty() {
+ assertThat(roleProvider.userPermissionIsReadOnly(Lists.emptyList())).isTrue();
+ }
+
+ @Test
+ public void shouldReturnNotReadOnlyPermissionWhenRolesArePresent() {
+ assertThat(roleProvider.userPermissionIsReadOnly(Lists.list(new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT)))).isFalse();
+ }
+
+ @Test
+ public void userShouldHavePermissionToReadLogsWhenServiceAndTenantAreCorrect() {
+ Role withoutPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT);
+ Role withPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SERVICE_TYPE_LOGS, TENANT_PERMITTED);
+
+ assertThat(roleProvider.userPermissionIsReadLogs(Lists.list(withoutPermission, withPermission))).isTrue();
+ }
+
+ private void setSubscribers() {
+ Subscriber subscriber = new Subscriber();
+ subscriber.subscriberName = SAMPLE_SUBSCRIBER;
+ subscriber.globalCustomerId = SAMPLE_CUSTOMER_ID;
+ SubscriberList subscriberList = new SubscriberList(Lists.list(subscriber));
+ when(aaiService.getFullSubscriberList()).thenReturn(subscriberListHttpResponse);
+ when(subscriberListHttpResponse.getBody()).thenReturn(subscriberList);
+ }
+ private Map<Long, org.onap.portalsdk.core.domain.Role> createRoles() {
+ org.onap.portalsdk.core.domain.Role role1 = new org.onap.portalsdk.core.domain.Role();
+ role1.setName("read___role2");
+ org.onap.portalsdk.core.domain.Role role2 = new org.onap.portalsdk.core.domain.Role();
+ role2.setName("sampleSubscriber___sampleService___sampleTenant");
+ return ImmutableMap.of(1L, role1, 2L, role2);
+ }
}
\ No newline at end of file
+++ /dev/null
-package org.onap.vid.roles;
-
-import org.junit.Test;
-
-public class RoleTest {
-
- private Role createTestSubject() {
- return new Role(EcompRole.READ, "", "", "");
- }
-
- @Test
- public void testGetEcompRole() throws Exception {
- Role testSubject;
- EcompRole result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getEcompRole();
- }
-
- @Test
- public void testGetSubscribeName() throws Exception {
- Role testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getSubscribeName();
- }
-
- @Test
- public void testSetSubscribeName() throws Exception {
- Role testSubject;
- String subscribeName = "";
-
- // default test
- testSubject = createTestSubject();
- testSubject.setSubscribeName(subscribeName);
- }
-
- @Test
- public void testGetServiceType() throws Exception {
- Role testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getServiceType();
- }
-
- @Test
- public void testGetTenant() throws Exception {
- Role testSubject;
- String result;
-
- // default test
- testSubject = createTestSubject();
- result = testSubject.getTenant();
- }
-}
\ No newline at end of file
package org.onap.vid.roles;
-import org.junit.Test;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
import org.onap.vid.mso.rest.RequestDetails;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import java.util.List;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
public class RoleValidatorTest {
- private RoleValidator createTestSubject() {
- return new RoleValidator(null);
+ private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber";
+ private static final String NOT_MATCHING_SUBSCRIBER = "notMatchingSubscriber";
+ private static final String SAMPLE_SERVICE_TYPE = "sampleServiceType";
+ private static final String NOT_MATCHING_TENANT = "notMatchingTenant";
+ private static final String SAMPLE_TENANT = "sampleTenant";
+
+ private static final Role SAMPLE_ROLE = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT);
+
+ private List<Role> roles = ImmutableList.of(SAMPLE_ROLE);
+ private Map<String, Object> subscriberInfo = ImmutableMap.of("globalSubscriberId", SAMPLE_SUBSCRIBER);
+ private Map<String, Object> requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE);
+ private Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters);
+ private RequestDetails requestDetails;
+ private RoleValidator roleValidator;
+
+ @BeforeMethod
+ public void setUp() {
+ roleValidator = new RoleValidator(roles);
+ roleValidator.enableRoles();
+ requestDetails = new RequestDetails();
}
@Test
- public void testIsMsoRequestValid() throws Exception {
- RoleValidator testSubject;
- RequestDetails mso_request = null;
- boolean result;
+ public void shouldPermitSubscriberWhenNameMatchesAndRolesAreEnabled() {
+ assertThat(roleValidator.isSubscriberPermitted(SAMPLE_SUBSCRIBER)).isTrue();
+ }
- // default test
- testSubject = createTestSubject();
- result = testSubject.isMsoRequestValid(mso_request);
+ @Test
+ public void shouldNotPermitSubscriberWhenNameNotMatches() {
+ assertThat(roleValidator.isSubscriberPermitted(NOT_MATCHING_SUBSCRIBER)).isFalse();
}
@Test
- public void testIsServicePermitted() throws Exception {
- RoleValidator testSubject;
- String subscriberName = "";
- String serviceType = "";
- boolean result;
+ public void shouldPermitServiceWhenNamesMatches() {
+ assertThat(roleValidator.isServicePermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isTrue();
+ }
- // default test
- testSubject = createTestSubject();
- result = testSubject.isServicePermitted(subscriberName, serviceType);
+
+ @Test
+ public void shouldNotPermitServiceWhenSubscriberNameNotMatches() {
+ assertThat(roleValidator.isServicePermitted(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE)).isFalse();
}
@Test
- public void testIsSubscriberPermitted() throws Exception {
- RoleValidator testSubject;
- String subscriberName = "";
- boolean result;
+ public void shouldNotPermitServiceWhenServiceTypeNotMatches() {
+ assertThat(roleValidator.isServicePermitted(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER)).isFalse();
+ }
- // default test
- testSubject = createTestSubject();
- result = testSubject.isSubscriberPermitted(subscriberName);
+ @Test
+ public void shouldPermitTenantWhenNameMatches() {
+ assertThat(roleValidator.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT)).isTrue();
+ }
+
+
+ @Test
+ public void shouldNotPermitTenantWhenNameNotMatches() {
+ assertThat(roleValidator.isTenantPermitted(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, NOT_MATCHING_TENANT)).isFalse();
}
@Test
- public void testIsTenantPermitted() throws Exception {
- RoleValidator testSubject;
- String globalCustomerId = "";
- String serviceType = "";
- String tenantName = "";
- boolean result;
+ public void shouldValidateProperlySORequest() {
+ requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties);
- // default test
- testSubject = createTestSubject();
- result = testSubject.isTenantPermitted(globalCustomerId, serviceType, tenantName);
+ assertThat(roleValidator.isMsoRequestValid(requestDetails)).isTrue();
}
+ @Test
+ public void shouldValidateUnknownSORequest() {
+ assertThat(roleValidator.isMsoRequestValid(new RequestDetails())).isTrue();
+ }
+
+ @Test
+ public void shouldRejectSORequestWhenSubscriberNotMatches() {
+ Map<String, Object> subscriberInfo = ImmutableMap.of("globalSubscriberId", "sample");
+ Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters);
+ requestDetails.setAdditionalProperty("requestDetails", requestDetailsProperties);
+
+ assertThat(roleValidator.isMsoRequestValid(requestDetails)).isFalse();
+ }
}
\ No newline at end of file
Code Review / vid.git / commitdiff