Improve WithUser testing (#2943)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2026-02-27 12:59:13 +02:00
parent f2318078bd
commit 5d043b2766
19 changed files with 161 additions and 203 deletions
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementTest.java
@@ -385,24 +385,34 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
     * Loads an artifact binary based on given ID.
     */
    @Test
-    void loadStreamOfArtifact() throws IOException {
+    void downloadStreamOfArtifact() throws IOException {
        final int artifactSize = 5 * 1024;
        final byte[] randomBytes = randomBytes(artifactSize);
        try (final InputStream input = new ByteArrayInputStream(randomBytes)) {
            final SoftwareModule smOs = testdataFactory.createSoftwareModuleOs();
            final Artifact artifact = createArtifactForSoftwareModule("file1", smOs.getId(), artifactSize, input);
-            assertEqualFileContents(
-                    artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes);
+            SecurityContextSwitch.runAs(
+                    SecurityContextSwitch.withUser("test_user", SpPermission.READ_SOFTWARE_MODULE_ARTIFACT),
+                    () -> assertEqualFileContents(
+                            artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
+            SecurityContextSwitch.runAs(
+                    SecurityContextSwitch.withUser("test_user", SpRole.CONTROLLER_ROLE),
+                    () -> assertEqualFileContents(
+                            artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
+            SecurityContextSwitch.runAs(
+                    SecurityContextSwitch.withUser("test_user", SpRole.CONTROLLER_ROLE_ANONYMOUS),
+                    () -> assertEqualFileContents(
+                            artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
+            SecurityContextSwitch.runAs(
+                    SecurityContextSwitch.withUser("test_user", SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE),
+                    () -> assertThatExceptionOfType(InsufficientPermissionException.class)
+                            .as("Should not have worked with missing permission.")
+                            .isThrownBy(() -> artifactManagement.getArtifactStream("123", 1, false)));
        }
    }

-    /**
-     * Trys and fails to load an artifact without required permission. Checks if expected InsufficientPermissionException is thrown.
-     */
    @Test
-    @WithUser(allSpPermissions = true, removeFromAllPermission = {
-            SpPermission.READ_SOFTWARE_MODULE_ARTIFACT,
-            SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
+    @WithUser(authorities = {})
    void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
        assertThatExceptionOfType(InsufficientPermissionException.class)
                .as("Should not have worked with missing permission.")
@@ -543,11 +553,13 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
        assertThat(runAsTenant(tenant, () -> artifactRepository.findAll())).hasSize(count);
    }

-    private void assertEqualFileContents(final ArtifactStream artifact, final byte[] randomBytes) throws IOException {
+    private void assertEqualFileContents(final ArtifactStream artifact, final byte[] randomBytes) {
        try (final InputStream inputStream = artifact) {
            assertTrue(
                    IOUtils.contentEquals(new ByteArrayInputStream(randomBytes), inputStream),
                    "The stored binary matches the given binary");
+        } catch (final IOException e) {
+            throw new AssertionError(e);
        }
    }
 }
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementTest.java
@@ -10,6 +10,7 @@
 package org.eclipse.hawkbit.repository.jpa.management;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUserAndTenant;

 import java.io.ByteArrayInputStream;
 import java.util.ArrayList;
@@ -55,7 +56,8 @@ class SystemManagementTest extends AbstractJpaIntegrationTest {

        for (int i = 0; i < tenants; i++) {
            final String tenantname = "TENANT" + i;
-            SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false, SpRole.SYSTEM_ROLE),
+            SecurityContextSwitch.getAs(
+                    withUserAndTenant(tenantname, "bumlux", new String[] { SpRole.SYSTEM_ROLE }, true, true),
                    () -> {
                        systemManagement.getTenantMetadataWithoutDetails();
                        if (artifactSize > 0) {
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementTest.java
@@ -482,7 +482,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
     * Checks that target type for a target can be created, updated and unassigned.
     */
    @Test
-    @WithUser(allSpPermissions = true)
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
    void createAndUpdateTargetTypeInTarget() {
        // create a target type
        final List<? extends TargetType> targetTypes = testdataFactory.createTargetTypes("targettype", 2);
@@ -519,7 +519,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
     * Checks that target type to a target can be assigned.
     */
    @Test
-    @WithUser(allSpPermissions = true)
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
    void assignTargetTypeInTarget() {
        // create a target
        final Target target = testdataFactory.createTarget("target1", "testtarget");
@@ -547,7 +547,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
     * Tests the assignment of types to multiple targets.
     */
    @Test
-    @WithUser(allSpPermissions = true)
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
    @ExpectEvents({
            @Expect(type = TargetCreatedEvent.class, count = 20),
            @Expect(type = TargetTypeCreatedEvent.class, count = 2),
@@ -577,7 +577,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
     * Checks that target type can be unassigned from target.
     */
    @Test
-    @WithUser(allSpPermissions = true)
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
    void unAssignTargetTypeFromTarget() {
        // create a target type
        final TargetType targetType = testdataFactory.findOrCreateTargetType("targettype");
@@ -827,7 +827,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
    }

    @Test
-    @WithUser(allSpPermissions = true)
+    @WithUser(authorities = SpRole.TENANT_ADMIN)
    void failToAssignInvalidTargetTypeToTarget() {
        // create a target
        final Target target = testdataFactory.createTarget("target1", "testtarget");
--- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/tenancy/MultiTenancyEntityTest.java
@@ -71,7 +71,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
     * Ensures that targets created by a tenant are not visible by another tenant.
     */
    @Test
-    @WithUser(tenantId = "mytenant", allSpPermissions = true)
+    @WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
    void queryTargetFromDifferentTenantIsNotVisible() throws Exception {
        // create target for another tenant
        final String anotherTenant = "anotherTenant";
@@ -93,7 +93,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
     * Ensures that tenant with proper permissions can read and delete other tenants.
     */
    @Test
-    @WithUser(tenantId = "mytenant", allSpPermissions = true)
+    @WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
    void deleteAnotherTenantNotPossibleWithTenantPermissions() throws Exception {
        // create target for another tenant
        final String anotherTenant = "anotherTenant";
@@ -122,7 +122,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
     * Ensures that tenant metadata is retrieved for the current tenant.
     */
    @Test
-    @WithUser(tenantId = "mytenant", autoCreateTenant = false, allSpPermissions = true)
+    @WithUser(tenantId = "mytenant", autoCreateTenant = false, authorities = SpRole.TENANT_ADMIN)
    void getTenantMetdata() throws Exception {
        // logged in tenant mytenant - check if tenant default data is autogenerated
        assertThat(distributionSetTypeManagement.findAll(PAGE)).isEmpty();
@@ -142,7 +142,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
     * Ensures that targets created from a different tenant cannot be deleted from other tenants
     */
    @Test
-    @WithUser(tenantId = "mytenant", allSpPermissions = true)
+    @WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
    void deleteTargetFromOtherTenantIsNotPossible() throws Exception {
        // create target for another tenant
        final String anotherTenant = "anotherTenant";