diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/Hierarchy.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/Hierarchy.java
index dbbdc1a2f..a6d135d82 100644
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/Hierarchy.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/Hierarchy.java
@@ -10,6 +10,7 @@
package org.eclipse.hawkbit.auth;
import lombok.AccessLevel;
+import lombok.Getter;
import lombok.NoArgsConstructor;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
@@ -25,12 +26,9 @@ public class Hierarchy {
SpRole.DEFAULT_ROLE_HIERARCHY;
// @formatter:on
+ @Getter
private static RoleHierarchy roleHierarchy;
- public static RoleHierarchy getRoleHierarchy() {
- return roleHierarchy;
- }
-
public static void setRoleHierarchy(final RoleHierarchy roleHierarchy) {
Hierarchy.roleHierarchy = roleHierarchy;
}
diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpPermission.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpPermission.java
index cfff7f782..2e49cc506 100644
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpPermission.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/SpPermission.java
@@ -27,10 +27,9 @@ import org.springframework.util.function.SingletonSupplier;
/**
*
- * Software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
+ * Tenant software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
* the authenticated users identity context.
*
- *
*
* The permissions cover CRUD operations for various areas within eclipse hawkBit, like targets, software-artifacts,
* distribution sets, config-options etc.
@@ -127,7 +126,7 @@ public final class SpPermission {
TENANT_CONFIGURATION + IMPLY + READ_GATEWAY_SECURITY_TOKEN + LINE_BREAK;
// @formatter:on
- private static final SingletonSupplier> ALL_TENANT_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
+ private static final SingletonSupplier> ALL_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
private static Set getAuthorities() {
final Set allPermissions = new HashSet<>();
@@ -155,7 +154,7 @@ public final class SpPermission {
}
public static Set getAllAuthorities() {
- return ALL_TENANT_AUTHORITIES.get();
+ return ALL_AUTHORITIES.get();
}
@SuppressWarnings("java:S3776") // java:S3776 - better in one place for better readability
diff --git a/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java b/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java
index 6f8a92b2e..07e505662 100644
--- a/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java
+++ b/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java
@@ -42,6 +42,7 @@ import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.ddi.rest.resource.DdiArtifactDownloadTest.DownloadTestConfiguration;
import org.eclipse.hawkbit.repository.event.remote.DownloadProgressEvent;
import org.eclipse.hawkbit.repository.model.Artifact;
@@ -157,7 +158,7 @@ class DdiArtifactDownloadTest extends AbstractDDiApiIntegrationTest {
* Tests valid downloads through the artifact resource by identifying the artifact not by ID but file name.
*/
@Test
- @WithUser(principal = "4712", authorities = "ROLE_CONTROLLER", allSpPermissions = true)
+ @WithUser(principal = "4712", authorities = { SpRole.CONTROLLER_ROLE, SpRole.TENANT_ADMIN })
void downloadArtifactThroughFileName() throws Exception {
synchronized (DdiArtifactDownloadTest.class) {
downloadProgress = 1;
@@ -231,7 +232,7 @@ class DdiArtifactDownloadTest extends AbstractDDiApiIntegrationTest {
* Test various HTTP range requests for artifact download, e.g. chunk download or download resume.
*/
@Test
- @WithUser(principal = TestdataFactory.DEFAULT_CONTROLLER_ID, authorities = "ROLE_CONTROLLER", allSpPermissions = true)
+ @WithUser(principal = TestdataFactory.DEFAULT_CONTROLLER_ID, authorities = { SpRole.CONTROLLER_ROLE, SpRole.TENANT_ADMIN })
void rangeDownloadArtifact() throws Exception {
// create target
final Target target = testdataFactory.createTarget();
diff --git a/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/JsonBuilder.java b/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/JsonBuilder.java
index c96a62def..14bdf1712 100644
--- a/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/JsonBuilder.java
+++ b/hawkbit-ddi/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/JsonBuilder.java
@@ -18,7 +18,7 @@ import org.json.JSONException;
import org.json.JSONObject;
/**
- * Builder class for building certain json strings.
+ * Builder class for building certain JSON strings.
*/
@NoArgsConstructor(access = AccessLevel.PRIVATE)
@Slf4j
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResourceTest.java
index 6d529b72b..efb6906a9 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResourceTest.java
@@ -39,6 +39,7 @@ import java.util.stream.IntStream;
import java.util.stream.Stream;
import com.jayway.jsonpath.JsonPath;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.exception.SpServerError;
import org.eclipse.hawkbit.mgmt.json.model.MgmtId;
import org.eclipse.hawkbit.mgmt.json.model.distributionset.MgmtActionType;
@@ -836,7 +837,7 @@ class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegrationTe
* Ensures that multiple DS requested are listed with expected payload.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getDistributionSets() throws Exception {
// prepare test data
assertThat(distributionSetManagement.findAll(PAGE)).isEmpty();
@@ -879,7 +880,7 @@ class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegrationTe
* Ensures that single DS requested by ID is listed with expected payload.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getDistributionSet() throws Exception {
final DistributionSet set = testdataFactory.createUpdatedDistributionSet();
@@ -915,7 +916,7 @@ class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegrationTe
* Ensures that multiple DS posted to API are created in the repository.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void createDistributionSets() throws Exception {
assertThat(distributionSetManagement.findAll(PAGE)).isEmpty();
final SoftwareModule ah = testdataFactory.createSoftwareModule(TestdataFactory.SM_TYPE_APP);
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetTypeResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetTypeResourceTest.java
index ebef6b9ce..d04310ffb 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetTypeResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetTypeResourceTest.java
@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Set;
import com.jayway.jsonpath.JsonPath;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.exception.SpServerError;
import org.eclipse.hawkbit.mgmt.json.model.distributionsettype.MgmtDistributionSetTypeRequestBodyPost;
import org.eclipse.hawkbit.mgmt.json.model.softwaremoduletype.MgmtSoftwareModuleTypeAssignment;
@@ -61,7 +62,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getDistributionSetTypes() throws Exception {
DistributionSetType testType = distributionSetTypeManagement.create(
DistributionSetTypeManagement.Create.builder()
@@ -103,7 +104,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes GET requests with sorting by KEY.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getDistributionSetTypesSortedByKey() throws Exception {
DistributionSetType testType = distributionSetTypeManagement.create(
DistributionSetTypeManagement.Create.builder()
@@ -156,7 +157,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes POST requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void createDistributionSetTypes() throws Exception {
final MvcResult mvcResult = runPostDistributionSetType(createTestDistributionSetTestTypes());
verifyCreatedDistributionSetTypes(mvcResult);
@@ -166,7 +167,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes POST requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void addMandatoryModuleToDistributionSetType() throws Exception {
DistributionSetType testType = distributionSetTypeManagement.create(
DistributionSetTypeManagement.Create.builder()
@@ -192,7 +193,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes POST requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void addOptionalModuleToDistributionSetType() throws Exception {
DistributionSetType testType = distributionSetTypeManagement.create(
DistributionSetTypeManagement.Create.builder()
@@ -218,7 +219,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Verifies quota enforcement for /rest/v1/distributionsettypes/{ID}/optionalmoduletypes POST requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void assignModuleTypesToDistributionSetTypeUntilQuotaExceeded() throws Exception {
// create software module types
final int maxSoftwareModuleTypes = quotaManagement.getMaxSoftwareModuleTypesPerDistributionSetType();
@@ -278,7 +279,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getMandatoryModulesOfDistributionSetType() throws Exception {
final DistributionSetType testType = generateTestType();
@@ -297,7 +298,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getOptionalModulesOfDistributionSetType() throws Exception {
final DistributionSetType testType = generateTestType();
@@ -316,7 +317,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes/{ID} GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getMandatoryModuleOfDistributionSetType() throws Exception {
final DistributionSetType testType = generateTestType();
@@ -337,7 +338,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes/{ID} GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getOptionalModuleOfDistributionSetType() throws Exception {
final DistributionSetType testType = generateTestType();
@@ -358,7 +359,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes/{ID} DELETE requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void removeMandatoryModuleToDistributionSetType() throws Exception {
DistributionSetType testType = generateTestType();
@@ -377,7 +378,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes/{ID} DELETE requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void removeOptionalModuleToDistributionSetType() throws Exception {
DistributionSetType testType = generateTestType();
@@ -396,7 +397,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID} GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getDistributionSetType() throws Exception {
DistributionSetType testType = distributionSetTypeManagement.create(DistributionSetTypeManagement.Create.builder()
.key("test123").name("TestName123").description("Desc123").build());
@@ -431,7 +432,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/DistributionSetTypes/{ID} DELETE requests (hard delete scenario).
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void deleteDistributionSetTypeUnused() throws Exception {
final DistributionSetType testType = distributionSetTypeManagement.create(
DistributionSetTypeManagement.Create.builder()
@@ -460,7 +461,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
* Checks the correct behaviour of /rest/v1/DistributionSetTypes/{ID} DELETE requests (soft delete scenario).
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void deleteDistributionSetTypeUsed() throws Exception {
final DistributionSetType testType = distributionSetTypeManagement.create(
DistributionSetTypeManagement.Create.builder()
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtRolloutResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtRolloutResourceTest.java
index 74fc9f2a0..610f6c6d1 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtRolloutResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtRolloutResourceTest.java
@@ -35,6 +35,7 @@ import java.util.stream.Stream;
import org.awaitility.Awaitility;
import org.awaitility.core.ConditionFactory;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.exception.SpServerError;
import org.eclipse.hawkbit.mgmt.json.model.rollout.MgmtRolloutResponseBody;
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
@@ -344,21 +345,6 @@ class MgmtRolloutResourceTest extends AbstractManagementApiIntegrationTest {
.andExpect(jsonPath("errorCode", equalTo("hawkbit.server.error.rest.body.notReadable")));
}
- /**
- * Testing that creating rollout with insufficient permission returns forbidden
- */
- @Test
- @WithUser(allSpPermissions = true, removeFromAllPermission = "CREATE_ROLLOUT")
- void createRolloutWithInsufficientPermissionReturnsForbidden() throws Exception {
- final DistributionSet dsA = testdataFactory.createDistributionSet("");
- mvc.perform(post("/rest/v1/rollouts")
- .content(JsonBuilder.rollout("name", "desc", 10, dsA.getId(), "name==test", null))
- .contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON))
- .andDo(MockMvcResultPrinter.print())
- .andExpect(status().is(403))
- .andReturn();
- }
-
/**
* Testing that creating rollout with not existing distribution set returns not found
*/
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleResourceTest.java
index a3d869997..b4650b1d2 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleResourceTest.java
@@ -41,6 +41,7 @@ import org.eclipse.hawkbit.artifact.exception.ArtifactBinaryNotFoundException;
import org.eclipse.hawkbit.artifact.exception.FileSizeQuotaExceededException;
import org.eclipse.hawkbit.artifact.exception.StorageQuotaExceededException;
import org.eclipse.hawkbit.artifact.model.ArtifactStream;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.exception.SpServerError;
import org.eclipse.hawkbit.mgmt.json.model.artifact.MgmtArtifact;
import org.eclipse.hawkbit.mgmt.json.model.softwaremodule.MgmtSoftwareModule;
@@ -219,7 +220,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Tests the update of software module metadata. It is verified that only the selected fields for the update are really updated and the modification values are filled (i.e. updated by and at).
*/
@Test
- @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+ @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
void updateSoftwareModuleOnlyDescriptionAndVendorNameUntouched() throws Exception {
final String knownSWName = "name1";
final String knownSWVersion = "version1";
@@ -272,7 +273,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Tests the update of the deletion flag. It is verified that the software module can't be marked as deleted through update operation.
*/
@Test
- @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+ @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
void updateSoftwareModuleDeletedFlag() throws Exception {
final String knownSWName = "name1";
final String knownSWVersion = "version1";
@@ -307,7 +308,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Tests the lock. It is verified that the software module can be marked as locked through update operation.
*/
@Test
- @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+ @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
void lockSoftwareModule() throws Exception {
final SoftwareModule sm = softwareModuleManagement.create(
SoftwareModuleManagement.Create.builder().type(osType).name("name1").version("version1").build());
@@ -338,7 +339,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Tests the unlock.
*/
@Test
- @WithUser(principal = "smUpdateTester", allSpPermissions = true)
+ @WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
void unlockSoftwareModule() throws Exception {
final SoftwareModule sm = softwareModuleManagement.create(
SoftwareModuleManagement.Create.builder().type(osType).name("name1").version("version1").build());
@@ -1105,7 +1106,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Test retrieval of all software modules the user has access to.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getSoftwareModules() throws Exception {
final SoftwareModule os = testdataFactory.createSoftwareModuleOs();
final SoftwareModule app = testdataFactory.createSoftwareModuleApp();
@@ -1231,7 +1232,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Tests GET request on /rest/v1/softwaremodules/{smId}.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void getSoftwareModule() throws Exception {
final SoftwareModule os = testdataFactory.createSoftwareModuleOs();
@@ -1261,7 +1262,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
* Verifies that the create request actually results in the creation of the modules in the repository.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
void createSoftwareModules() throws Exception {
final MgmtSoftwareModuleRequestBodyPost os = new MgmtSoftwareModuleRequestBodyPost()
.setType(osType.getKey())
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleTypeResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleTypeResourceTest.java
index 2ecd568e3..db24362a8 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleTypeResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSoftwareModuleTypeResourceTest.java
@@ -27,6 +27,7 @@ import java.util.Arrays;
import java.util.List;
import com.jayway.jsonpath.JsonPath;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
import org.eclipse.hawkbit.mgmt.rest.api.MgmtSoftwareModuleTypeRestApi;
import org.eclipse.hawkbit.repository.SoftwareModuleManagement;
@@ -52,7 +53,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void getSoftwareModuleTypes() throws Exception {
final SoftwareModuleType testType = createTestType();
@@ -98,7 +99,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Handles the GET request of retrieving all software module types within SP with parameters. In this case the first 10 result in ascending order by name where the name starts with 'a'.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void getSoftwareModuleTypesWithParameters() throws Exception {
final SoftwareModuleType testType = testdataFactory.findOrCreateSoftwareModuleType("test123");
softwareModuleTypeManagement
@@ -115,7 +116,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes GET requests with sorting by MAXASSIGNMENTS field.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void getSoftwareModuleTypesSortedByMaxAssignments() throws Exception {
final SoftwareModuleType testType = createTestType();
@@ -159,7 +160,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes POST requests when max assignment is smaller than 1
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void createSoftwareModuleTypesInvalidAssignmentBadRequest() throws Exception {
final List types = new ArrayList<>();
@@ -183,7 +184,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes POST requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void createSoftwareModuleTypes() throws Exception {
final List types = Arrays.asList(
@@ -236,7 +237,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes/{ID} GET requests.
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void getSoftwareModuleType() throws Exception {
final SoftwareModuleType testType = createTestType();
@@ -259,7 +260,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes/{ID} DELETE requests (hard delete scenario).
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void deleteSoftwareModuleTypeUnused() throws Exception {
final SoftwareModuleType testType = createTestType();
@@ -286,7 +287,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
* Checks the correct behaviour of /rest/v1/softwaremoduletypes/{ID} DELETE requests (soft delete scenario).
*/
@Test
- @WithUser(principal = "uploadTester", allSpPermissions = true)
+ @WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
public void deleteSoftwareModuleTypeUsed() throws Exception {
final SoftwareModuleType testType = createTestType();
softwareModuleManagement.create(SoftwareModuleManagement.Create.builder().type(testType).name("name").version("version").build());
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetResourceTest.java
index 5eab93669..fd415c454 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetResourceTest.java
@@ -413,7 +413,7 @@ class MgmtTargetResourceTest extends AbstractManagementApiIntegrationTest {
* Ensures that security token is not returned if user does not have READ_TARGET_SEC_TOKEN permission.
*/
@Test
- @WithUser(allSpPermissions = false, authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET })
+ @WithUser(authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET })
void securityTokenIsNotInResponseIfMissingPermission() throws Exception {
final String knownControllerId = "knownControllerId";
@@ -428,10 +428,8 @@ class MgmtTargetResourceTest extends AbstractManagementApiIntegrationTest {
* Ensures that security token is returned if user does have READ_TARGET_SEC_TOKEN permission.
*/
@Test
- @WithUser(allSpPermissions = false, authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET,
- SpPermission.READ_TARGET_SECURITY_TOKEN })
+ @WithUser(authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET, SpPermission.READ_TARGET_SECURITY_TOKEN })
void securityTokenIsInResponseWithCorrectPermission() throws Exception {
-
final String knownControllerId = "knownControllerId";
final Target createTarget = testdataFactory.createTarget(knownControllerId);
mvc.perform(get(TARGETS_V1 + "/{targetId}", knownControllerId))
diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetTypeResourceTest.java b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetTypeResourceTest.java
index 93e480bad..02af6435c 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetTypeResourceTest.java
+++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtTargetTypeResourceTest.java
@@ -31,6 +31,7 @@ import java.util.Set;
import com.jayway.jsonpath.JsonPath;
import org.eclipse.hawkbit.auth.SpPermission;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.exception.SpServerError;
import org.eclipse.hawkbit.mgmt.json.model.MgmtId;
import org.eclipse.hawkbit.mgmt.rest.api.MgmtDistributionSetTypeRestApi;
@@ -43,6 +44,7 @@ import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException
import org.eclipse.hawkbit.repository.model.DistributionSetType;
import org.eclipse.hawkbit.repository.model.NamedEntity;
import org.eclipse.hawkbit.repository.model.TargetType;
+import org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch;
import org.eclipse.hawkbit.repository.test.util.WithUser;
import org.eclipse.hawkbit.rest.util.MockMvcResultPrinter;
import org.json.JSONObject;
@@ -71,22 +73,25 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* GET targettypes returns Forbidden when permission is missing
*/
@Test
- @WithUser(
- principal = "targetTypeTester", allSpPermissions = true,
- removeFromAllPermission = {
- SpPermission.CREATE_TARGET, SpPermission.READ_TARGET, SpPermission.UPDATE_TARGET, SpPermission.DELETE_TARGET,
- SpPermission.READ_TARGET_TYPE })
void getTargetTypesWithoutPermission() throws Exception {
- mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
- .andDo(MockMvcResultPrinter.print())
- .andExpect(status().isForbidden());
+ SecurityContextSwitch.callAs(
+ SecurityContextSwitch.withUser("test", SpPermission.READ_TARGET_TYPE),
+ () -> mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
+ .andDo(MockMvcResultPrinter.print())
+ .andExpect(status().isOk()));
+ SecurityContextSwitch.callAs(
+ SecurityContextSwitch.withUser("test", SpPermission.READ_SOFTWARE_MODULE_ARTIFACT),
+ () -> mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
+ .andDo(MockMvcResultPrinter.print())
+ .andExpect(status().isForbidden()));
+
}
/**
* Checks the correct behaviour of /rest/v1/targettypes/{id} GET request.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getTargetType() throws Exception {
String typeName = "TestTypeGET";
TargetType testType = createTestTargetTypeInDB(typeName);
@@ -115,7 +120,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes GET requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getTargetTypes() throws Exception {
String typeName = "TestTypeGET";
int count = 5;
@@ -155,7 +160,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes GET requests without prior created target types.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getDefaultTargetTypes() throws Exception {
// 0 types overall (no default types are created)
@@ -172,7 +177,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes GET requests with sorting by name.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getTargetTypesSortedByName() throws Exception {
String typeNameA = "ATestTypeGETsorted";
String typeNameB = "BTestTypeGETsorted";
@@ -238,7 +243,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes GET requests with paging.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getTargetTypesWithPagingLimitRequestParameter() throws Exception {
final String typePrefix = "TestTypeGETPaging";
final int count = 10;
@@ -258,7 +263,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes GET requests with paging and offset.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getTargetTypesWithPagingLimitAndOffsetRequestParameter() throws Exception {
final int count = 10;
final int offset = 2;
@@ -280,7 +285,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID} PUT requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void updateTargetType() throws Exception {
String typeName = "TestTypePUT";
final TargetType testType = createTestTargetTypeInDB(typeName);
@@ -302,7 +307,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{id} GET requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getUpdatedTargetType() throws Exception {
final String initialTypeName = "TestTypeGET";
TargetType testType = createTestTargetTypeInDB(initialTypeName);
@@ -330,7 +335,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes POST requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void createTargetTypes() throws Exception {
String typeName = "TestTypePOST";
final List types = buildTestTargetTypesWithoutDsTypes(typeName, 5);
@@ -342,7 +347,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes POST requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void addDistributionSetTypeToTargetType() throws Exception {
String typeName = "TestTypeAddDs";
TargetType testType = createTestTargetTypeInDB(typeName);
@@ -363,7 +368,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes GET requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getDistributionSetsOfTargetType() throws Exception {
String typeName = "TestTypeGetDs";
final TargetType testType = createTestTargetTypeInDB(typeName, Set.of(standardDsType));
@@ -383,7 +388,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes/{ID} GET requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void getDistributionSetOfTargetTypeReturnsNotAllowed() throws Exception {
String typeName = "TestTypeAddDs";
final TargetType testType = createTestTargetTypeInDB(typeName);
@@ -399,7 +404,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes/{ID} DELETE requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void removeDsTypeFromTargetType() throws Exception {
String typeName = "TestTypeRemoveDs";
TargetType testType = createTestTargetTypeInDB(typeName, Set.of(standardDsType));
@@ -419,7 +424,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID} DELETE requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void deletingDsTypeRemovesAssignmentFromTargetType() throws Exception {
TargetType testType = createTestTargetTypeInDB("TestTypeRemoveDs", Set.of(standardDsType));
assertThat(testType.getDistributionSetTypes()).hasSize(1);
@@ -440,7 +445,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID} DELETE requests - Deletion when not in use.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void deleteTargetTypeUnused() throws Exception {
String typeName = "TestTypeUnusedDelete";
final TargetType testType = createTestTargetTypeInDB(typeName);
@@ -458,7 +463,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Checks the correct behaviour of /rest/v1/targettypes/{ID} DELETE requests - Deletion not possible when in use.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void deleteTargetTypeUsed() throws Exception {
String typeName = "TestTypeUsedDelete";
final TargetType testType = createTestTargetTypeInDB(typeName);
@@ -481,7 +486,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Ensures that target type deletion request to API on an entity that does not exist results in NOT_FOUND.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void deleteTargetTypeThatDoesNotExistLeadsToNotFound() throws Exception {
mvc.perform(delete(TARGETTYPE_SINGLE_ENDPOINT, 1234))
.andDo(MockMvcResultPrinter.print())
@@ -492,7 +497,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Tests the update of the deletion flag. It is verified that the target type can't be marked as deleted through update operation.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void updateTargetTypeDeletedFlag() throws Exception {
String typeName = "TestTypePUT";
final TargetType testType = createTestTargetTypeInDB(typeName);
@@ -630,7 +635,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
* Verifies quota enforcement for /rest/v1/targettypes/{ID}/compatibledistributionsettypes POST requests.
*/
@Test
- @WithUser(principal = TEST_USER, allSpPermissions = true)
+ @WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
void assignDistributionSetTypeToTargetTypeUntilQuotaExceeded() throws Exception {
final TargetType testType = createTestTargetTypeInDB("TestTypeQuota");
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementTest.java
index a14b9fee7..6d63b143d 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementTest.java
@@ -385,24 +385,34 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
* Loads an artifact binary based on given ID.
*/
@Test
- void loadStreamOfArtifact() throws IOException {
+ void downloadStreamOfArtifact() throws IOException {
final int artifactSize = 5 * 1024;
final byte[] randomBytes = randomBytes(artifactSize);
try (final InputStream input = new ByteArrayInputStream(randomBytes)) {
final SoftwareModule smOs = testdataFactory.createSoftwareModuleOs();
final Artifact artifact = createArtifactForSoftwareModule("file1", smOs.getId(), artifactSize, input);
- assertEqualFileContents(
- artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes);
+ SecurityContextSwitch.runAs(
+ SecurityContextSwitch.withUser("test_user", SpPermission.READ_SOFTWARE_MODULE_ARTIFACT),
+ () -> assertEqualFileContents(
+ artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
+ SecurityContextSwitch.runAs(
+ SecurityContextSwitch.withUser("test_user", SpRole.CONTROLLER_ROLE),
+ () -> assertEqualFileContents(
+ artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
+ SecurityContextSwitch.runAs(
+ SecurityContextSwitch.withUser("test_user", SpRole.CONTROLLER_ROLE_ANONYMOUS),
+ () -> assertEqualFileContents(
+ artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
+ SecurityContextSwitch.runAs(
+ SecurityContextSwitch.withUser("test_user", SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE),
+ () -> assertThatExceptionOfType(InsufficientPermissionException.class)
+ .as("Should not have worked with missing permission.")
+ .isThrownBy(() -> artifactManagement.getArtifactStream("123", 1, false)));
}
}
- /**
- * Trys and fails to load an artifact without required permission. Checks if expected InsufficientPermissionException is thrown.
- */
@Test
- @WithUser(allSpPermissions = true, removeFromAllPermission = {
- SpPermission.READ_SOFTWARE_MODULE_ARTIFACT,
- SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
+ @WithUser(authorities = {})
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
assertThatExceptionOfType(InsufficientPermissionException.class)
.as("Should not have worked with missing permission.")
@@ -543,11 +553,13 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
assertThat(runAsTenant(tenant, () -> artifactRepository.findAll())).hasSize(count);
}
- private void assertEqualFileContents(final ArtifactStream artifact, final byte[] randomBytes) throws IOException {
+ private void assertEqualFileContents(final ArtifactStream artifact, final byte[] randomBytes) {
try (final InputStream inputStream = artifact) {
assertTrue(
IOUtils.contentEquals(new ByteArrayInputStream(randomBytes), inputStream),
"The stored binary matches the given binary");
+ } catch (final IOException e) {
+ throw new AssertionError(e);
}
}
}
\ No newline at end of file
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementTest.java
index 954032fdb..fcb82e63b 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementTest.java
@@ -10,6 +10,7 @@
package org.eclipse.hawkbit.repository.jpa.management;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUserAndTenant;
import java.io.ByteArrayInputStream;
import java.util.ArrayList;
@@ -55,7 +56,8 @@ class SystemManagementTest extends AbstractJpaIntegrationTest {
for (int i = 0; i < tenants; i++) {
final String tenantname = "TENANT" + i;
- SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false, SpRole.SYSTEM_ROLE),
+ SecurityContextSwitch.getAs(
+ withUserAndTenant(tenantname, "bumlux", new String[] { SpRole.SYSTEM_ROLE }, true, true),
() -> {
systemManagement.getTenantMetadataWithoutDetails();
if (artifactSize > 0) {
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementTest.java
index 5568031fd..2c0b99bae 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementTest.java
@@ -482,7 +482,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
* Checks that target type for a target can be created, updated and unassigned.
*/
@Test
- @WithUser(allSpPermissions = true)
+ @WithUser(authorities = SpRole.TENANT_ADMIN)
void createAndUpdateTargetTypeInTarget() {
// create a target type
final List targetTypes = testdataFactory.createTargetTypes("targettype", 2);
@@ -519,7 +519,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
* Checks that target type to a target can be assigned.
*/
@Test
- @WithUser(allSpPermissions = true)
+ @WithUser(authorities = SpRole.TENANT_ADMIN)
void assignTargetTypeInTarget() {
// create a target
final Target target = testdataFactory.createTarget("target1", "testtarget");
@@ -547,7 +547,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
* Tests the assignment of types to multiple targets.
*/
@Test
- @WithUser(allSpPermissions = true)
+ @WithUser(authorities = SpRole.TENANT_ADMIN)
@ExpectEvents({
@Expect(type = TargetCreatedEvent.class, count = 20),
@Expect(type = TargetTypeCreatedEvent.class, count = 2),
@@ -577,7 +577,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
* Checks that target type can be unassigned from target.
*/
@Test
- @WithUser(allSpPermissions = true)
+ @WithUser(authorities = SpRole.TENANT_ADMIN)
void unAssignTargetTypeFromTarget() {
// create a target type
final TargetType targetType = testdataFactory.findOrCreateTargetType("targettype");
@@ -827,7 +827,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
}
@Test
- @WithUser(allSpPermissions = true)
+ @WithUser(authorities = SpRole.TENANT_ADMIN)
void failToAssignInvalidTargetTypeToTarget() {
// create a target
final Target target = testdataFactory.createTarget("target1", "testtarget");
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java
index 9d1c83340..7763b8f8f 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java
@@ -71,7 +71,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
* Ensures that targets created by a tenant are not visible by another tenant.
*/
@Test
- @WithUser(tenantId = "mytenant", allSpPermissions = true)
+ @WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
void queryTargetFromDifferentTenantIsNotVisible() throws Exception {
// create target for another tenant
final String anotherTenant = "anotherTenant";
@@ -93,7 +93,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
* Ensures that tenant with proper permissions can read and delete other tenants.
*/
@Test
- @WithUser(tenantId = "mytenant", allSpPermissions = true)
+ @WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
void deleteAnotherTenantNotPossibleWithTenantPermissions() throws Exception {
// create target for another tenant
final String anotherTenant = "anotherTenant";
@@ -122,7 +122,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
* Ensures that tenant metadata is retrieved for the current tenant.
*/
@Test
- @WithUser(tenantId = "mytenant", autoCreateTenant = false, allSpPermissions = true)
+ @WithUser(tenantId = "mytenant", autoCreateTenant = false, authorities = SpRole.TENANT_ADMIN)
void getTenantMetdata() throws Exception {
// logged in tenant mytenant - check if tenant default data is autogenerated
assertThat(distributionSetTypeManagement.findAll(PAGE)).isEmpty();
@@ -142,7 +142,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
* Ensures that targets created from a different tenant cannot be deleted from other tenants
*/
@Test
- @WithUser(tenantId = "mytenant", allSpPermissions = true)
+ @WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
void deleteTargetFromOtherTenantIsNotPossible() throws Exception {
// create target for another tenant
final String anotherTenant = "anotherTenant";
diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/matcher/EventVerifier.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/matcher/EventVerifier.java
index 677bdb200..fd9c86b66 100644
--- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/matcher/EventVerifier.java
+++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/matcher/EventVerifier.java
@@ -7,7 +7,6 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-
package org.eclipse.hawkbit.repository.test.matcher;
import static org.assertj.core.api.Assertions.assertThat;
diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java
index 4a89ad5c9..85e4d0275 100644
--- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java
+++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java
@@ -13,6 +13,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.eclipse.hawkbit.auth.SpPermission.READ_TENANT_CONFIGURATION;
import static org.eclipse.hawkbit.auth.SpRole.CONTROLLER_ROLE;
import static org.eclipse.hawkbit.auth.SpRole.SYSTEM_ROLE;
+import static org.eclipse.hawkbit.auth.SpRole.TENANT_ADMIN;
import java.io.File;
import java.io.IOException;
@@ -37,6 +38,7 @@ import org.awaitility.Awaitility;
import org.awaitility.core.ConditionFactory;
import org.eclipse.hawkbit.artifact.ArtifactStorage;
import org.eclipse.hawkbit.artifact.exception.ArtifactStoreException;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.repository.ArtifactManagement;
import org.eclipse.hawkbit.repository.ConfirmationManagement;
import org.eclipse.hawkbit.repository.ControllerManagement;
@@ -103,7 +105,7 @@ import org.springframework.test.context.TestPropertySource;
@Slf4j
@ActiveProfiles({ "test" })
@ExtendWith({ TestLoggerExtension.class, SharedSqlTestDatabaseExtension.class })
-@WithUser(principal = "bumlux", allSpPermissions = true, authorities = { CONTROLLER_ROLE, SYSTEM_ROLE })
+@WithUser(principal = "bumlux", authorities = { TENANT_ADMIN, CONTROLLER_ROLE, SYSTEM_ROLE })
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.NONE)
@ContextConfiguration(classes = { TestConfiguration.class })
// destroy the context after each test class because otherwise we get problem when context is
diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/SecurityContextSwitch.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/SecurityContextSwitch.java
index 914d562cf..0b57dbf9a 100644
--- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/SecurityContextSwitch.java
+++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/SecurityContextSwitch.java
@@ -9,19 +9,20 @@
*/
package org.eclipse.hawkbit.repository.test.util;
+import static org.eclipse.hawkbit.auth.SpRole.CONTROLLER_ROLE;
+import static org.eclipse.hawkbit.auth.SpRole.SYSTEM_ROLE;
+import static org.eclipse.hawkbit.auth.SpRole.TENANT_ADMIN;
+
import java.io.Serial;
import java.io.Serializable;
import java.lang.annotation.Annotation;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
import java.util.Objects;
import java.util.concurrent.Callable;
import java.util.function.Supplier;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
-import org.eclipse.hawkbit.auth.SpPermission;
+import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.repository.SystemManagement;
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.tenancy.TenantAwareUser;
@@ -38,8 +39,8 @@ public class SecurityContextSwitch {
private static final SecurityContextSwitch INSTANCE = new SecurityContextSwitch();
public static final String DEFAULT_TENANT = "DEFAULT";
- private static final WithUser PRIVILEGED_USER = createWithUser(
- "bumlux", DEFAULT_TENANT, false, true, false, "ROLE_CONTROLLER", "ROLE_SYSTEM_CODE");
+ private static final WithUser PRIVILEGED_USER = new WithUserImpl(
+ DEFAULT_TENANT, "bumlux", new String[] {TENANT_ADMIN, CONTROLLER_ROLE, SYSTEM_ROLE}, false, false);
private static SystemManagement systemManagement;
@@ -92,21 +93,21 @@ public class SecurityContextSwitch {
}
public static WithUser withController(final String principal, final String... authorities) {
- return withUserAndTenant(principal, DEFAULT_TENANT, true, false, true, authorities);
+ return withUserAndTenant(DEFAULT_TENANT, principal, authorities, true, true);
}
public static WithUser withUser(final String principal, final String... authorities) {
- return withUserAndTenant(principal, DEFAULT_TENANT, true, false, false, authorities);
+ return withUserAndTenant(DEFAULT_TENANT, principal, authorities, false, true);
}
public static WithUser withUserAndTenantAllSpPermissions(final String principal, final String tenant) {
- return withUserAndTenant(principal, tenant, true, true, false);
+ return withUserAndTenant(tenant, principal, new String[] { SpRole.TENANT_ADMIN }, false, true);
}
- public static WithUser withUserAndTenant(final String principal, final String tenant,
- final boolean autoCreateTenant, final boolean allSpPermission, final boolean controller,
- final String... authorities) {
- return createWithUser(principal, tenant, autoCreateTenant, allSpPermission, controller, authorities);
+ public static WithUser withUserAndTenant(
+ final String tenant, final String principal, final String[] authorities,
+ final boolean controller, final boolean autoCreateTenant) {
+ return new WithUserImpl(tenant, principal, authorities, controller, autoCreateTenant);
}
private static void setSecurityContext(final WithUser annotation) {
@@ -123,12 +124,6 @@ public class SecurityContextSwitch {
}
}
- private static WithUser createWithUser(
- final String principal, final String tenant, final boolean autoCreateTenant,
- final boolean allSpPermission, final boolean controller, final String... authorities) {
- return new WithUserImpl(principal, tenant, autoCreateTenant, allSpPermission, controller, authorities);
- }
-
// should be used only for test purposes and taking in account 'annotation' non-transient field in a Serializable
@SuppressWarnings("java:S1948") // java:S1948 - see comments into the method
static class WithUserSecurityContext implements SecurityContext {
@@ -151,15 +146,9 @@ public class SecurityContextSwitch {
@Override
public Authentication getAuthentication() {
- final String[] authorities;
- if (annotation.allSpPermissions()) {
- authorities = getAllAuthorities(annotation.authorities(), annotation.removeFromAllPermission());
- } else {
- authorities = annotation.authorities();
- }
final TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(
new TenantAwareUser(annotation.principal(), "***", null, annotation.tenantId()),
- annotation.credentials(), authorities);
+ annotation.credentials(), annotation.authorities());
testingAuthenticationToken.setDetails(
new TenantAwareAuthenticationDetails(annotation.tenantId(), annotation.controller()));
return testingAuthenticationToken;
@@ -183,17 +172,6 @@ public class SecurityContextSwitch {
return false;
}
}
-
- private String[] getAllAuthorities(final String[] additionalAuthorities, final String[] notInclude) {
- final List permissions = new ArrayList<>(SpPermission.getAllAuthorities()); // list is unmodifiable
- if (notInclude != null) {
- permissions.removeAll(Arrays.asList(notInclude));
- }
- if (additionalAuthorities != null) {
- permissions.addAll(Arrays.asList(additionalAuthorities));
- }
- return permissions.toArray(new String[0]);
- }
}
private static class WithUserImpl implements WithUser, Serializable {
@@ -201,22 +179,20 @@ public class SecurityContextSwitch {
@Serial
private static final long serialVersionUID = 1L;
- private final String principal;
private final String tenant;
- private final boolean autoCreateTenant;
- private final boolean allSpPermission;
- private final boolean controller;
+ private final String principal;
private final String[] authorities;
+ private final boolean controller;
+ private final boolean autoCreateTenant;
private WithUserImpl(
- final String principal, final String tenant, final boolean autoCreateTenant,
- final boolean allSpPermission, final boolean controller, final String... authorities) {
- this.principal = principal;
+ final String tenant, final String principal, final String[] authorities,
+ final boolean controller, final boolean autoCreateTenant) {
this.tenant = tenant;
- this.autoCreateTenant = autoCreateTenant;
- this.allSpPermission = allSpPermission;
- this.controller = controller;
+ this.principal = principal;
this.authorities = authorities;
+ this.controller = controller;
+ this.autoCreateTenant = autoCreateTenant;
}
@Override
@@ -224,6 +200,11 @@ public class SecurityContextSwitch {
return WithUser.class;
}
+ @Override
+ public String tenantId() {
+ return tenant;
+ }
+
@Override
public String principal() {
return principal;
@@ -234,34 +215,19 @@ public class SecurityContextSwitch {
return null;
}
- @Override
- public String tenantId() {
- return tenant;
- }
-
- @Override
- public boolean autoCreateTenant() {
- return autoCreateTenant;
- }
-
@Override
public String[] authorities() {
return authorities;
}
- @Override
- public boolean allSpPermissions() {
- return allSpPermission;
- }
-
- @Override
- public String[] removeFromAllPermission() {
- return new String[0];
- }
-
@Override
public boolean controller() {
return controller;
}
+
+ @Override
+ public boolean autoCreateTenant() {
+ return autoCreateTenant;
+ }
}
}
\ No newline at end of file
diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithUser.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithUser.java
index 7d50db84d..aeb1c499a 100644
--- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithUser.java
+++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/WithUser.java
@@ -28,6 +28,13 @@ import org.springframework.security.test.context.support.WithSecurityContextFact
@Inherited
public @interface WithUser {
+ /**
+ * Gets the test tenant id.
+ *
+ * @return test tenant id
+ */
+ String tenantId() default "DEFAULT";
+
/**
* Gets the test principal.
*
@@ -42,20 +49,6 @@ public @interface WithUser {
*/
String credentials() default "TestCredentials";
- /**
- * Gets the test tenant id.
- *
- * @return test tenant id
- */
- String tenantId() default "DEFAULT";
-
- /**
- * Should tenant auto created.
- *
- * @return true = auto create false not create
- */
- boolean autoCreateTenant() default true;
-
/**
* Gets the test authorities.
*
@@ -64,18 +57,11 @@ public @interface WithUser {
String[] authorities() default {};
/**
- * Gets the test all permissions.
+ * Should tenant auto created.
*
- * @return permissions
+ * @return true = auto create false not create
*/
- boolean allSpPermissions() default false;
-
- /**
- * Gets the test removeFromAllPermission.
- *
- * @return removeFromAllPermission
- */
- String[] removeFromAllPermission() default {};
+ boolean autoCreateTenant() default true;
boolean controller() default false;