Fix properties files to make admin a DEFAULT tenant user (#1689)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

hawkbit-runtime/hawkbit-mgmt-server/src/main/resources/application.properties

@@ -11,14 +11,15 @@
 spring.application.name=mgmt-server
 spring.port=8080
 
-# User Security
-spring.security.user.name=admin
-spring.security.user.password={noop}admin
-spring.main.allow-bean-definition-overriding=true
-
-# allow to auto create DEFAULT tenant (on mgmt api call)
+# Define DEFAULT tenant admin user admin/admin
+hawkbit.security.user.admin.password={noop}admin
+hawkbit.security.user.admin.roles=TENANT_ADMIN
+hawkbit.security.user.admin.tenant=DEFAULT
+# allow to auto/implicit create DEFAULT tenant (on mgmt api call)
 hawkbit.server.repository.implicitTenantCreateAllowed=true
 
+spring.main.allow-bean-definition-overriding=true
+
 # Http Encoding
 server.servlet.encoding.charset=UTF-8
 server.servlet.encoding.enabled=true
@@ -34,11 +35,6 @@ spring.rabbitmq.virtual-host=/
 spring.rabbitmq.host=localhost
 spring.rabbitmq.port=5672
 
-# Define own (my_user) users instead together default "admin" (system-wide) user:
-#hawkbit.security.user.my_user.password={noop}isAwesome!
-#hawkbit.security.user.my_user.roles=TENANT_ADMIN
-#hawkbit.security.user.my_user.tenant=DEFAULT
-
 # Enable CORS and specify the allowed origins:
 #hawkbit.server.security.cors.enabled=true
 #hawkbit.server.security.cors.allowedOrigins=http://localhost

hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/CorsTest.java

@@ -14,12 +14,13 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
+import org.eclipse.hawkbit.im.authentication.SpRole;
 import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
 
+import org.eclipse.hawkbit.repository.test.util.WithUser;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.HttpHeaders;
-import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.web.servlet.ResultActions;
 
 import io.qameta.allure.Description;
@@ -44,9 +45,9 @@ public class CorsTest extends AbstractSecurityTest {
     private final static String INVALID_ORIGIN = "http://test.invalid.origin";
     private final static String INVALID_CORS_REQUEST = "Invalid CORS request";
 
-    @WithUserDetails("admin")
     @Test
     @Description("Ensures that Cors is working.")
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
     public void validateCorsRequest() throws Exception {
         performOptionsRequestToRestWithOrigin(ALLOWED_ORIGIN_FIRST).andExpect(status().isOk())
                 .andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN_FIRST));

hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java

@@ -13,6 +13,7 @@ import io.qameta.allure.Description;
 import io.qameta.allure.Feature;
 import io.qameta.allure.Story;
 import org.eclipse.hawkbit.im.authentication.SpPermission;
+import org.eclipse.hawkbit.im.authentication.SpRole;
 import org.eclipse.hawkbit.repository.test.util.WithUser;
 import org.junit.jupiter.api.Test;
 import org.springframework.http.HttpStatus;
@@ -40,4 +41,13 @@ public class PreAuthorizeEnabledTest extends AbstractSecurityTest {
             assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value());
         });
     }
+
+    @Test
+    @Description("Tests whether request succeed if a role is granted for the user")
+    @WithUser(authorities =  { SpRole.TENANT_ADMIN })
+    public void successIfHasTenantAdminRole() throws Exception {
+        mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
+            assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value());
+        });
+    }
 }

hawkbit-runtime/hawkbit-update-server/src/main/resources/application.properties

@@ -8,13 +8,15 @@
 # SPDX-License-Identifier: EPL-2.0
 #
 
-# User Security
-spring.security.user.name=admin
-spring.security.user.password={noop}admin
-spring.main.allow-bean-definition-overriding=true
-# allow to auto create DEFAULT tenant (on mgmt api call)
+# Define DEFAULT tenant admin user admin/admin
+hawkbit.security.user.admin.password={noop}admin
+hawkbit.security.user.admin.roles=TENANT_ADMIN
+hawkbit.security.user.admin.tenant=DEFAULT
+# allow to auto/implicit create DEFAULT tenant (on mgmt api call)
 hawkbit.server.repository.implicitTenantCreateAllowed=true
 
+spring.main.allow-bean-definition-overriding=true
+
 # Http Encoding
 server.servlet.encoding.charset=UTF-8
 server.servlet.encoding.enabled=true
@@ -35,11 +37,6 @@ spring.rabbitmq.virtual-host=/
 spring.rabbitmq.host=localhost
 spring.rabbitmq.port=5672
 
-# Define own (my_user) users instead together default "admin" (system-wide) user:
-#hawkbit.security.user.my_user.password={noop}isAwesome!
-#hawkbit.security.user.my_user.roles=TENANT_ADMIN
-#hawkbit.security.user.my_user.tenant=DEFAULT
-
 # Enable CORS and specify the allowed origins:
 #hawkbit.server.security.cors.enabled=true
 #hawkbit.server.security.cors.allowedOrigins=http://localhost

hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/CorsTest.java

@@ -14,12 +14,13 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
+import org.eclipse.hawkbit.im.authentication.SpRole;
 import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
 
+import org.eclipse.hawkbit.repository.test.util.WithUser;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.HttpHeaders;
-import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.web.servlet.ResultActions;
 
 import io.qameta.allure.Description;
@@ -44,9 +45,9 @@ public class CorsTest extends AbstractSecurityTest {
     private final static String INVALID_ORIGIN = "http://test.invalid.origin";
     private final static String INVALID_CORS_REQUEST = "Invalid CORS request";
 
-    @WithUserDetails("admin")
     @Test
     @Description("Ensures that Cors is working.")
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
     public void validateCorsRequest() throws Exception {
         performOptionsRequestToRestWithOrigin(ALLOWED_ORIGIN_FIRST).andExpect(status().isOk())
                 .andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN_FIRST));

hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java

@@ -13,6 +13,7 @@ import io.qameta.allure.Description;
 import io.qameta.allure.Feature;
 import io.qameta.allure.Story;
 import org.eclipse.hawkbit.im.authentication.SpPermission;
+import org.eclipse.hawkbit.im.authentication.SpRole;
 import org.eclipse.hawkbit.repository.test.util.WithUser;
 import org.junit.jupiter.api.Test;
 import org.springframework.http.HttpStatus;
@@ -40,4 +41,13 @@ public class PreAuthorizeEnabledTest extends AbstractSecurityTest {
             assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value());
         });
     }
+
+    @Test
+    @Description("Tests whether request succeed if a role is granted for the user")
+    @WithUser(authorities =  { SpRole.TENANT_ADMIN })
+    public void successIfHasTenantAdminRole() throws Exception {
+        mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> {
+            assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value());
+        });
+    }
 }