acs-integration-tests/src/test/java/com/ge/predix/acceptance/test/zone/admin/DefaultZoneAuthorizationIT.java - gerrit/www.eclipse.org/keti - Git at Google

 /*******************************************************************************
  * Copyright 2017 General Electric Company
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * SPDX-License-Identifier: Apache-2.0
  *******************************************************************************/

 package com.ge.predix.acceptance.test.zone.admin;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.testng.AbstractTestNGSpringContextTests;
 import org.springframework.web.client.HttpClientErrorException;
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;

 import com.ge.predix.acs.rest.BaseResource;
 import com.ge.predix.acs.rest.Zone;
 import com.ge.predix.test.utils.ACSITSetUpFactory;
 import com.ge.predix.test.utils.ACSTestUtil;
 import com.ge.predix.test.utils.PolicyHelper;
 import com.ge.predix.test.utils.PrivilegeHelper;

 @Test
 @ContextConfiguration("classpath:integration-test-spring-context.xml")
 public class DefaultZoneAuthorizationIT extends AbstractTestNGSpringContextTests {

     @Autowired
     private PrivilegeHelper privilegeHelper;
     @Autowired
     private ACSITSetUpFactory acsitSetUpFactory;

     private String zone2Name;

     @BeforeClass
     public void setup() throws Exception {
         this.acsitSetUpFactory.setUp();
         this.zone2Name = this.acsitSetUpFactory.getZone2().getName();
     }

     @AfterClass
     public void cleanup() {
         this.acsitSetUpFactory.destroy();

     }

     /**
      * 1. Create a token from zone issuer with scopes for accessing: a. zone specific resources, AND b.
      * acs.zones.admin
      *
      * 2. Try to access a zone specific resource . This should work 3. Try to access /v1/zone - THIS SHOULD FAIL
      *
      * @throws Exception
      */
     public void testAccessGlobalResourceWithZoneIssuer() throws Exception {
         OAuth2RestTemplate zone2AcsTemplate = this.acsitSetUpFactory.getAcsZone2AdminRestTemplate();

         HttpHeaders zoneTwoHeaders = ACSTestUtil.httpHeaders();
         zoneTwoHeaders.set(PolicyHelper.PREDIX_ZONE_ID, this.zone2Name);

         // Write a resource to zone2. This should work
         ResponseEntity<Object> responseEntity = this.privilegeHelper.postResources(zone2AcsTemplate,
                 this.acsitSetUpFactory.getAcsUrl(), zoneTwoHeaders, new BaseResource("/sites/sanramon"));
         Assert.assertEquals(responseEntity.getStatusCode(), HttpStatus.NO_CONTENT);

         // Try to get global resource from global/baseUrl. This should FAIL
         try {
             zone2AcsTemplate.exchange(this.acsitSetUpFactory.getAcsUrl() + "/v1/zone/" + this.zone2Name, HttpMethod.GET,
                     null, Zone.class);
             Assert.fail("Able to access non-zone specific resource with a zone specific issuer token!");
         } catch (HttpClientErrorException e) {
             // expected
         }

         // Try to get global resource from zone2Url. This should FAIL
         try {
             zone2AcsTemplate.exchange(this.acsitSetUpFactory.getAcsUrl() + "/v1/zone/" + this.zone2Name, HttpMethod.GET,
                     new HttpEntity<>(zoneTwoHeaders), Zone.class);
             Assert.fail("Able to access non-zone specific resource from a zone specific URL, "
                     + "with a zone specific issuer token!");
         } catch (InvalidRequestException e) {
             // expected
         }

     }

 }
	/*******************************************************************************
	* Copyright 2017 General Electric Company
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	* SPDX-License-Identifier: Apache-2.0
	*******************************************************************************/

	package com.ge.predix.acceptance.test.zone.admin;

	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.http.HttpEntity;
	import org.springframework.http.HttpHeaders;
	import org.springframework.http.HttpMethod;
	import org.springframework.http.HttpStatus;
	import org.springframework.http.ResponseEntity;
	import org.springframework.security.oauth2.client.OAuth2RestTemplate;
	import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
	import org.springframework.test.context.ContextConfiguration;
	import org.springframework.test.context.testng.AbstractTestNGSpringContextTests;
	import org.springframework.web.client.HttpClientErrorException;
	import org.testng.Assert;
	import org.testng.annotations.AfterClass;
	import org.testng.annotations.BeforeClass;
	import org.testng.annotations.Test;

	import com.ge.predix.acs.rest.BaseResource;
	import com.ge.predix.acs.rest.Zone;
	import com.ge.predix.test.utils.ACSITSetUpFactory;
	import com.ge.predix.test.utils.ACSTestUtil;
	import com.ge.predix.test.utils.PolicyHelper;
	import com.ge.predix.test.utils.PrivilegeHelper;

	@Test
	@ContextConfiguration("classpath:integration-test-spring-context.xml")
	public class DefaultZoneAuthorizationIT extends AbstractTestNGSpringContextTests {

	@Autowired
	private PrivilegeHelper privilegeHelper;
	@Autowired
	private ACSITSetUpFactory acsitSetUpFactory;

	private String zone2Name;

	@BeforeClass
	public void setup() throws Exception {
	this.acsitSetUpFactory.setUp();
	this.zone2Name = this.acsitSetUpFactory.getZone2().getName();
	}

	@AfterClass
	public void cleanup() {
	this.acsitSetUpFactory.destroy();

	}

	/**
	* 1. Create a token from zone issuer with scopes for accessing: a. zone specific resources, AND b.
	* acs.zones.admin
	*
	* 2. Try to access a zone specific resource . This should work 3. Try to access /v1/zone - THIS SHOULD FAIL
	*
	* @throws Exception
	*/
	public void testAccessGlobalResourceWithZoneIssuer() throws Exception {
	OAuth2RestTemplate zone2AcsTemplate = this.acsitSetUpFactory.getAcsZone2AdminRestTemplate();

	HttpHeaders zoneTwoHeaders = ACSTestUtil.httpHeaders();
	zoneTwoHeaders.set(PolicyHelper.PREDIX_ZONE_ID, this.zone2Name);

	// Write a resource to zone2. This should work
	ResponseEntity<Object> responseEntity = this.privilegeHelper.postResources(zone2AcsTemplate,
	this.acsitSetUpFactory.getAcsUrl(), zoneTwoHeaders, new BaseResource("/sites/sanramon"));
	Assert.assertEquals(responseEntity.getStatusCode(), HttpStatus.NO_CONTENT);

	// Try to get global resource from global/baseUrl. This should FAIL
	try {
	zone2AcsTemplate.exchange(this.acsitSetUpFactory.getAcsUrl() + "/v1/zone/" + this.zone2Name, HttpMethod.GET,
	null, Zone.class);
	Assert.fail("Able to access non-zone specific resource with a zone specific issuer token!");
	} catch (HttpClientErrorException e) {
	// expected
	}

	// Try to get global resource from zone2Url. This should FAIL
	try {
	zone2AcsTemplate.exchange(this.acsitSetUpFactory.getAcsUrl() + "/v1/zone/" + this.zone2Name, HttpMethod.GET,
	new HttpEntity<>(zoneTwoHeaders), Zone.class);
	Assert.fail("Able to access non-zone specific resource from a zone specific URL, "
	+ "with a zone specific issuer token!");
	} catch (InvalidRequestException e) {
	// expected
	}

	}

	}