Improve WithUser testing (#2943)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -10,6 +10,7 @@
|
||||
package org.eclipse.hawkbit.auth;
|
||||
|
||||
import lombok.AccessLevel;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
||||
|
||||
@@ -25,12 +26,9 @@ public class Hierarchy {
|
||||
SpRole.DEFAULT_ROLE_HIERARCHY;
|
||||
// @formatter:on
|
||||
|
||||
@Getter
|
||||
private static RoleHierarchy roleHierarchy;
|
||||
|
||||
public static RoleHierarchy getRoleHierarchy() {
|
||||
return roleHierarchy;
|
||||
}
|
||||
|
||||
public static void setRoleHierarchy(final RoleHierarchy roleHierarchy) {
|
||||
Hierarchy.roleHierarchy = roleHierarchy;
|
||||
}
|
||||
|
||||
@@ -27,10 +27,9 @@ import org.springframework.util.function.SingletonSupplier;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
|
||||
* Tenant software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
|
||||
* the authenticated users identity context.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* The permissions cover CRUD operations for various areas within eclipse hawkBit, like targets, software-artifacts,
|
||||
* distribution sets, config-options etc.
|
||||
@@ -127,7 +126,7 @@ public final class SpPermission {
|
||||
TENANT_CONFIGURATION + IMPLY + READ_GATEWAY_SECURITY_TOKEN + LINE_BREAK;
|
||||
// @formatter:on
|
||||
|
||||
private static final SingletonSupplier<Set<String>> ALL_TENANT_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
|
||||
private static final SingletonSupplier<Set<String>> ALL_AUTHORITIES = SingletonSupplier.of(SpPermission::getAuthorities);
|
||||
|
||||
private static Set<String> getAuthorities() {
|
||||
final Set<String> allPermissions = new HashSet<>();
|
||||
@@ -155,7 +154,7 @@ public final class SpPermission {
|
||||
}
|
||||
|
||||
public static Set<String> getAllAuthorities() {
|
||||
return ALL_TENANT_AUTHORITIES.get();
|
||||
return ALL_AUTHORITIES.get();
|
||||
}
|
||||
|
||||
@SuppressWarnings("java:S3776") // java:S3776 - better in one place for better readability
|
||||
|
||||
@@ -42,6 +42,7 @@ import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.TimeZone;
|
||||
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.ddi.rest.resource.DdiArtifactDownloadTest.DownloadTestConfiguration;
|
||||
import org.eclipse.hawkbit.repository.event.remote.DownloadProgressEvent;
|
||||
import org.eclipse.hawkbit.repository.model.Artifact;
|
||||
@@ -157,7 +158,7 @@ class DdiArtifactDownloadTest extends AbstractDDiApiIntegrationTest {
|
||||
* Tests valid downloads through the artifact resource by identifying the artifact not by ID but file name.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "4712", authorities = "ROLE_CONTROLLER", allSpPermissions = true)
|
||||
@WithUser(principal = "4712", authorities = { SpRole.CONTROLLER_ROLE, SpRole.TENANT_ADMIN })
|
||||
void downloadArtifactThroughFileName() throws Exception {
|
||||
synchronized (DdiArtifactDownloadTest.class) {
|
||||
downloadProgress = 1;
|
||||
@@ -231,7 +232,7 @@ class DdiArtifactDownloadTest extends AbstractDDiApiIntegrationTest {
|
||||
* Test various HTTP range requests for artifact download, e.g. chunk download or download resume.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TestdataFactory.DEFAULT_CONTROLLER_ID, authorities = "ROLE_CONTROLLER", allSpPermissions = true)
|
||||
@WithUser(principal = TestdataFactory.DEFAULT_CONTROLLER_ID, authorities = { SpRole.CONTROLLER_ROLE, SpRole.TENANT_ADMIN })
|
||||
void rangeDownloadArtifact() throws Exception {
|
||||
// create target
|
||||
final Target target = testdataFactory.createTarget();
|
||||
|
||||
@@ -18,7 +18,7 @@ import org.json.JSONException;
|
||||
import org.json.JSONObject;
|
||||
|
||||
/**
|
||||
* Builder class for building certain json strings.
|
||||
* Builder class for building certain JSON strings.
|
||||
*/
|
||||
@NoArgsConstructor(access = AccessLevel.PRIVATE)
|
||||
@Slf4j
|
||||
|
||||
@@ -39,6 +39,7 @@ import java.util.stream.IntStream;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import com.jayway.jsonpath.JsonPath;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.exception.SpServerError;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.MgmtId;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.distributionset.MgmtActionType;
|
||||
@@ -836,7 +837,7 @@ class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegrationTe
|
||||
* Ensures that multiple DS requested are listed with expected payload.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSets() throws Exception {
|
||||
// prepare test data
|
||||
assertThat(distributionSetManagement.findAll(PAGE)).isEmpty();
|
||||
@@ -879,7 +880,7 @@ class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegrationTe
|
||||
* Ensures that single DS requested by ID is listed with expected payload.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSet() throws Exception {
|
||||
final DistributionSet set = testdataFactory.createUpdatedDistributionSet();
|
||||
|
||||
@@ -915,7 +916,7 @@ class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegrationTe
|
||||
* Ensures that multiple DS posted to API are created in the repository.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void createDistributionSets() throws Exception {
|
||||
assertThat(distributionSetManagement.findAll(PAGE)).isEmpty();
|
||||
final SoftwareModule ah = testdataFactory.createSoftwareModule(TestdataFactory.SM_TYPE_APP);
|
||||
|
||||
@@ -30,6 +30,7 @@ import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import com.jayway.jsonpath.JsonPath;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.exception.SpServerError;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.distributionsettype.MgmtDistributionSetTypeRequestBodyPost;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.softwaremoduletype.MgmtSoftwareModuleTypeAssignment;
|
||||
@@ -61,7 +62,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSetTypes() throws Exception {
|
||||
DistributionSetType testType = distributionSetTypeManagement.create(
|
||||
DistributionSetTypeManagement.Create.builder()
|
||||
@@ -103,7 +104,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes GET requests with sorting by KEY.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSetTypesSortedByKey() throws Exception {
|
||||
DistributionSetType testType = distributionSetTypeManagement.create(
|
||||
DistributionSetTypeManagement.Create.builder()
|
||||
@@ -156,7 +157,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void createDistributionSetTypes() throws Exception {
|
||||
final MvcResult mvcResult = runPostDistributionSetType(createTestDistributionSetTestTypes());
|
||||
verifyCreatedDistributionSetTypes(mvcResult);
|
||||
@@ -166,7 +167,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void addMandatoryModuleToDistributionSetType() throws Exception {
|
||||
DistributionSetType testType = distributionSetTypeManagement.create(
|
||||
DistributionSetTypeManagement.Create.builder()
|
||||
@@ -192,7 +193,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void addOptionalModuleToDistributionSetType() throws Exception {
|
||||
DistributionSetType testType = distributionSetTypeManagement.create(
|
||||
DistributionSetTypeManagement.Create.builder()
|
||||
@@ -218,7 +219,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Verifies quota enforcement for /rest/v1/distributionsettypes/{ID}/optionalmoduletypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void assignModuleTypesToDistributionSetTypeUntilQuotaExceeded() throws Exception {
|
||||
// create software module types
|
||||
final int maxSoftwareModuleTypes = quotaManagement.getMaxSoftwareModuleTypesPerDistributionSetType();
|
||||
@@ -278,7 +279,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getMandatoryModulesOfDistributionSetType() throws Exception {
|
||||
final DistributionSetType testType = generateTestType();
|
||||
|
||||
@@ -297,7 +298,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getOptionalModulesOfDistributionSetType() throws Exception {
|
||||
final DistributionSetType testType = generateTestType();
|
||||
|
||||
@@ -316,7 +317,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes/{ID} GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getMandatoryModuleOfDistributionSetType() throws Exception {
|
||||
final DistributionSetType testType = generateTestType();
|
||||
|
||||
@@ -337,7 +338,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes/{ID} GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getOptionalModuleOfDistributionSetType() throws Exception {
|
||||
final DistributionSetType testType = generateTestType();
|
||||
|
||||
@@ -358,7 +359,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/mandatorymoduletypes/{ID} DELETE requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void removeMandatoryModuleToDistributionSetType() throws Exception {
|
||||
DistributionSetType testType = generateTestType();
|
||||
|
||||
@@ -377,7 +378,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID}/optionalmoduletypes/{ID} DELETE requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void removeOptionalModuleToDistributionSetType() throws Exception {
|
||||
DistributionSetType testType = generateTestType();
|
||||
|
||||
@@ -396,7 +397,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID} GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSetType() throws Exception {
|
||||
DistributionSetType testType = distributionSetTypeManagement.create(DistributionSetTypeManagement.Create.builder()
|
||||
.key("test123").name("TestName123").description("Desc123").build());
|
||||
@@ -431,7 +432,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/DistributionSetTypes/{ID} DELETE requests (hard delete scenario).
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteDistributionSetTypeUnused() throws Exception {
|
||||
final DistributionSetType testType = distributionSetTypeManagement.create(
|
||||
DistributionSetTypeManagement.Create.builder()
|
||||
@@ -460,7 +461,7 @@ class MgmtDistributionSetTypeResourceTest extends AbstractManagementApiIntegrati
|
||||
* Checks the correct behaviour of /rest/v1/DistributionSetTypes/{ID} DELETE requests (soft delete scenario).
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteDistributionSetTypeUsed() throws Exception {
|
||||
final DistributionSetType testType = distributionSetTypeManagement.create(
|
||||
DistributionSetTypeManagement.Create.builder()
|
||||
|
||||
@@ -35,6 +35,7 @@ import java.util.stream.Stream;
|
||||
|
||||
import org.awaitility.Awaitility;
|
||||
import org.awaitility.core.ConditionFactory;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.exception.SpServerError;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.rollout.MgmtRolloutResponseBody;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
@@ -344,21 +345,6 @@ class MgmtRolloutResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
.andExpect(jsonPath("errorCode", equalTo("hawkbit.server.error.rest.body.notReadable")));
|
||||
}
|
||||
|
||||
/**
|
||||
* Testing that creating rollout with insufficient permission returns forbidden
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true, removeFromAllPermission = "CREATE_ROLLOUT")
|
||||
void createRolloutWithInsufficientPermissionReturnsForbidden() throws Exception {
|
||||
final DistributionSet dsA = testdataFactory.createDistributionSet("");
|
||||
mvc.perform(post("/rest/v1/rollouts")
|
||||
.content(JsonBuilder.rollout("name", "desc", 10, dsA.getId(), "name==test", null))
|
||||
.contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
.andExpect(status().is(403))
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
/**
|
||||
* Testing that creating rollout with not existing distribution set returns not found
|
||||
*/
|
||||
|
||||
@@ -41,6 +41,7 @@ import org.eclipse.hawkbit.artifact.exception.ArtifactBinaryNotFoundException;
|
||||
import org.eclipse.hawkbit.artifact.exception.FileSizeQuotaExceededException;
|
||||
import org.eclipse.hawkbit.artifact.exception.StorageQuotaExceededException;
|
||||
import org.eclipse.hawkbit.artifact.model.ArtifactStream;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.exception.SpServerError;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.artifact.MgmtArtifact;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.softwaremodule.MgmtSoftwareModule;
|
||||
@@ -219,7 +220,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Tests the update of software module metadata. It is verified that only the selected fields for the update are really updated and the modification values are filled (i.e. updated by and at).
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "smUpdateTester", allSpPermissions = true)
|
||||
@WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void updateSoftwareModuleOnlyDescriptionAndVendorNameUntouched() throws Exception {
|
||||
final String knownSWName = "name1";
|
||||
final String knownSWVersion = "version1";
|
||||
@@ -272,7 +273,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Tests the update of the deletion flag. It is verified that the software module can't be marked as deleted through update operation.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "smUpdateTester", allSpPermissions = true)
|
||||
@WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void updateSoftwareModuleDeletedFlag() throws Exception {
|
||||
final String knownSWName = "name1";
|
||||
final String knownSWVersion = "version1";
|
||||
@@ -307,7 +308,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Tests the lock. It is verified that the software module can be marked as locked through update operation.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "smUpdateTester", allSpPermissions = true)
|
||||
@WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void lockSoftwareModule() throws Exception {
|
||||
final SoftwareModule sm = softwareModuleManagement.create(
|
||||
SoftwareModuleManagement.Create.builder().type(osType).name("name1").version("version1").build());
|
||||
@@ -338,7 +339,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Tests the unlock.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "smUpdateTester", allSpPermissions = true)
|
||||
@WithUser(principal = "smUpdateTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void unlockSoftwareModule() throws Exception {
|
||||
final SoftwareModule sm = softwareModuleManagement.create(
|
||||
SoftwareModuleManagement.Create.builder().type(osType).name("name1").version("version1").build());
|
||||
@@ -1105,7 +1106,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Test retrieval of all software modules the user has access to.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getSoftwareModules() throws Exception {
|
||||
final SoftwareModule os = testdataFactory.createSoftwareModuleOs();
|
||||
final SoftwareModule app = testdataFactory.createSoftwareModuleApp();
|
||||
@@ -1231,7 +1232,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Tests GET request on /rest/v1/softwaremodules/{smId}.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void getSoftwareModule() throws Exception {
|
||||
final SoftwareModule os = testdataFactory.createSoftwareModuleOs();
|
||||
|
||||
@@ -1261,7 +1262,7 @@ class MgmtSoftwareModuleResourceTest extends AbstractManagementApiIntegrationTes
|
||||
* Verifies that the create request actually results in the creation of the modules in the repository.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
void createSoftwareModules() throws Exception {
|
||||
final MgmtSoftwareModuleRequestBodyPost os = new MgmtSoftwareModuleRequestBodyPost()
|
||||
.setType(osType.getKey())
|
||||
|
||||
@@ -27,6 +27,7 @@ import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import com.jayway.jsonpath.JsonPath;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtSoftwareModuleTypeRestApi;
|
||||
import org.eclipse.hawkbit.repository.SoftwareModuleManagement;
|
||||
@@ -52,7 +53,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void getSoftwareModuleTypes() throws Exception {
|
||||
final SoftwareModuleType testType = createTestType();
|
||||
|
||||
@@ -98,7 +99,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Handles the GET request of retrieving all software module types within SP with parameters. In this case the first 10 result in ascending order by name where the name starts with 'a'.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void getSoftwareModuleTypesWithParameters() throws Exception {
|
||||
final SoftwareModuleType testType = testdataFactory.findOrCreateSoftwareModuleType("test123");
|
||||
softwareModuleTypeManagement
|
||||
@@ -115,7 +116,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes GET requests with sorting by MAXASSIGNMENTS field.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void getSoftwareModuleTypesSortedByMaxAssignments() throws Exception {
|
||||
final SoftwareModuleType testType = createTestType();
|
||||
|
||||
@@ -159,7 +160,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes POST requests when max assignment is smaller than 1
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void createSoftwareModuleTypesInvalidAssignmentBadRequest() throws Exception {
|
||||
|
||||
final List<SoftwareModuleTypeManagement.Create> types = new ArrayList<>();
|
||||
@@ -183,7 +184,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void createSoftwareModuleTypes() throws Exception {
|
||||
|
||||
final List<SoftwareModuleTypeManagement.Create> types = Arrays.asList(
|
||||
@@ -236,7 +237,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes/{ID} GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void getSoftwareModuleType() throws Exception {
|
||||
final SoftwareModuleType testType = createTestType();
|
||||
|
||||
@@ -259,7 +260,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes/{ID} DELETE requests (hard delete scenario).
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void deleteSoftwareModuleTypeUnused() throws Exception {
|
||||
final SoftwareModuleType testType = createTestType();
|
||||
|
||||
@@ -286,7 +287,7 @@ public class MgmtSoftwareModuleTypeResourceTest extends AbstractManagementApiInt
|
||||
* Checks the correct behaviour of /rest/v1/softwaremoduletypes/{ID} DELETE requests (soft delete scenario).
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = "uploadTester", allSpPermissions = true)
|
||||
@WithUser(principal = "uploadTester", authorities = SpRole.TENANT_ADMIN)
|
||||
public void deleteSoftwareModuleTypeUsed() throws Exception {
|
||||
final SoftwareModuleType testType = createTestType();
|
||||
softwareModuleManagement.create(SoftwareModuleManagement.Create.builder().type(testType).name("name").version("version").build());
|
||||
|
||||
@@ -413,7 +413,7 @@ class MgmtTargetResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Ensures that security token is not returned if user does not have READ_TARGET_SEC_TOKEN permission.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = false, authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET })
|
||||
@WithUser(authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET })
|
||||
void securityTokenIsNotInResponseIfMissingPermission() throws Exception {
|
||||
|
||||
final String knownControllerId = "knownControllerId";
|
||||
@@ -428,10 +428,8 @@ class MgmtTargetResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Ensures that security token is returned if user does have READ_TARGET_SEC_TOKEN permission.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = false, authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET,
|
||||
SpPermission.READ_TARGET_SECURITY_TOKEN })
|
||||
@WithUser(authorities = { SpPermission.READ_TARGET, SpPermission.CREATE_TARGET, SpPermission.READ_TARGET_SECURITY_TOKEN })
|
||||
void securityTokenIsInResponseWithCorrectPermission() throws Exception {
|
||||
|
||||
final String knownControllerId = "knownControllerId";
|
||||
final Target createTarget = testdataFactory.createTarget(knownControllerId);
|
||||
mvc.perform(get(TARGETS_V1 + "/{targetId}", knownControllerId))
|
||||
|
||||
@@ -31,6 +31,7 @@ import java.util.Set;
|
||||
|
||||
import com.jayway.jsonpath.JsonPath;
|
||||
import org.eclipse.hawkbit.auth.SpPermission;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.exception.SpServerError;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.MgmtId;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtDistributionSetTypeRestApi;
|
||||
@@ -43,6 +44,7 @@ import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetType;
|
||||
import org.eclipse.hawkbit.repository.model.NamedEntity;
|
||||
import org.eclipse.hawkbit.repository.model.TargetType;
|
||||
import org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
import org.eclipse.hawkbit.rest.util.MockMvcResultPrinter;
|
||||
import org.json.JSONObject;
|
||||
@@ -71,22 +73,25 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* GET targettypes returns Forbidden when permission is missing
|
||||
*/
|
||||
@Test
|
||||
@WithUser(
|
||||
principal = "targetTypeTester", allSpPermissions = true,
|
||||
removeFromAllPermission = {
|
||||
SpPermission.CREATE_TARGET, SpPermission.READ_TARGET, SpPermission.UPDATE_TARGET, SpPermission.DELETE_TARGET,
|
||||
SpPermission.READ_TARGET_TYPE })
|
||||
void getTargetTypesWithoutPermission() throws Exception {
|
||||
mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
.andExpect(status().isForbidden());
|
||||
SecurityContextSwitch.callAs(
|
||||
SecurityContextSwitch.withUser("test", SpPermission.READ_TARGET_TYPE),
|
||||
() -> mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
.andExpect(status().isOk()));
|
||||
SecurityContextSwitch.callAs(
|
||||
SecurityContextSwitch.withUser("test", SpPermission.READ_SOFTWARE_MODULE_ARTIFACT),
|
||||
() -> mvc.perform(get(TARGETTYPES_ENDPOINT).accept(MediaType.APPLICATION_JSON))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
.andExpect(status().isForbidden()));
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{id} GET request.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getTargetType() throws Exception {
|
||||
String typeName = "TestTypeGET";
|
||||
TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -115,7 +120,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getTargetTypes() throws Exception {
|
||||
String typeName = "TestTypeGET";
|
||||
int count = 5;
|
||||
@@ -155,7 +160,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes GET requests without prior created target types.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getDefaultTargetTypes() throws Exception {
|
||||
|
||||
// 0 types overall (no default types are created)
|
||||
@@ -172,7 +177,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes GET requests with sorting by name.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getTargetTypesSortedByName() throws Exception {
|
||||
String typeNameA = "ATestTypeGETsorted";
|
||||
String typeNameB = "BTestTypeGETsorted";
|
||||
@@ -238,7 +243,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes GET requests with paging.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getTargetTypesWithPagingLimitRequestParameter() throws Exception {
|
||||
final String typePrefix = "TestTypeGETPaging";
|
||||
final int count = 10;
|
||||
@@ -258,7 +263,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes GET requests with paging and offset.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getTargetTypesWithPagingLimitAndOffsetRequestParameter() throws Exception {
|
||||
final int count = 10;
|
||||
final int offset = 2;
|
||||
@@ -280,7 +285,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID} PUT requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void updateTargetType() throws Exception {
|
||||
String typeName = "TestTypePUT";
|
||||
final TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -302,7 +307,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{id} GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getUpdatedTargetType() throws Exception {
|
||||
final String initialTypeName = "TestTypeGET";
|
||||
TargetType testType = createTestTargetTypeInDB(initialTypeName);
|
||||
@@ -330,7 +335,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void createTargetTypes() throws Exception {
|
||||
String typeName = "TestTypePOST";
|
||||
final List<Create> types = buildTestTargetTypesWithoutDsTypes(typeName, 5);
|
||||
@@ -342,7 +347,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void addDistributionSetTypeToTargetType() throws Exception {
|
||||
String typeName = "TestTypeAddDs";
|
||||
TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -363,7 +368,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSetsOfTargetType() throws Exception {
|
||||
String typeName = "TestTypeGetDs";
|
||||
final TargetType testType = createTestTargetTypeInDB(typeName, Set.of(standardDsType));
|
||||
@@ -383,7 +388,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes/{ID} GET requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void getDistributionSetOfTargetTypeReturnsNotAllowed() throws Exception {
|
||||
String typeName = "TestTypeAddDs";
|
||||
final TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -399,7 +404,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID}/compatibledistributionsettypes/{ID} DELETE requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void removeDsTypeFromTargetType() throws Exception {
|
||||
String typeName = "TestTypeRemoveDs";
|
||||
TargetType testType = createTestTargetTypeInDB(typeName, Set.of(standardDsType));
|
||||
@@ -419,7 +424,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/distributionsettypes/{ID} DELETE requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void deletingDsTypeRemovesAssignmentFromTargetType() throws Exception {
|
||||
TargetType testType = createTestTargetTypeInDB("TestTypeRemoveDs", Set.of(standardDsType));
|
||||
assertThat(testType.getDistributionSetTypes()).hasSize(1);
|
||||
@@ -440,7 +445,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID} DELETE requests - Deletion when not in use.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteTargetTypeUnused() throws Exception {
|
||||
String typeName = "TestTypeUnusedDelete";
|
||||
final TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -458,7 +463,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Checks the correct behaviour of /rest/v1/targettypes/{ID} DELETE requests - Deletion not possible when in use.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteTargetTypeUsed() throws Exception {
|
||||
String typeName = "TestTypeUsedDelete";
|
||||
final TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -481,7 +486,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Ensures that target type deletion request to API on an entity that does not exist results in NOT_FOUND.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteTargetTypeThatDoesNotExistLeadsToNotFound() throws Exception {
|
||||
mvc.perform(delete(TARGETTYPE_SINGLE_ENDPOINT, 1234))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
@@ -492,7 +497,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Tests the update of the deletion flag. It is verified that the target type can't be marked as deleted through update operation.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void updateTargetTypeDeletedFlag() throws Exception {
|
||||
String typeName = "TestTypePUT";
|
||||
final TargetType testType = createTestTargetTypeInDB(typeName);
|
||||
@@ -630,7 +635,7 @@ class MgmtTargetTypeResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
* Verifies quota enforcement for /rest/v1/targettypes/{ID}/compatibledistributionsettypes POST requests.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(principal = TEST_USER, allSpPermissions = true)
|
||||
@WithUser(principal = TEST_USER, authorities = SpRole.TENANT_ADMIN)
|
||||
void assignDistributionSetTypeToTargetTypeUntilQuotaExceeded() throws Exception {
|
||||
final TargetType testType = createTestTargetTypeInDB("TestTypeQuota");
|
||||
|
||||
|
||||
@@ -385,24 +385,34 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
|
||||
* Loads an artifact binary based on given ID.
|
||||
*/
|
||||
@Test
|
||||
void loadStreamOfArtifact() throws IOException {
|
||||
void downloadStreamOfArtifact() throws IOException {
|
||||
final int artifactSize = 5 * 1024;
|
||||
final byte[] randomBytes = randomBytes(artifactSize);
|
||||
try (final InputStream input = new ByteArrayInputStream(randomBytes)) {
|
||||
final SoftwareModule smOs = testdataFactory.createSoftwareModuleOs();
|
||||
final Artifact artifact = createArtifactForSoftwareModule("file1", smOs.getId(), artifactSize, input);
|
||||
assertEqualFileContents(
|
||||
artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes);
|
||||
SecurityContextSwitch.runAs(
|
||||
SecurityContextSwitch.withUser("test_user", SpPermission.READ_SOFTWARE_MODULE_ARTIFACT),
|
||||
() -> assertEqualFileContents(
|
||||
artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
|
||||
SecurityContextSwitch.runAs(
|
||||
SecurityContextSwitch.withUser("test_user", SpRole.CONTROLLER_ROLE),
|
||||
() -> assertEqualFileContents(
|
||||
artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
|
||||
SecurityContextSwitch.runAs(
|
||||
SecurityContextSwitch.withUser("test_user", SpRole.CONTROLLER_ROLE_ANONYMOUS),
|
||||
() -> assertEqualFileContents(
|
||||
artifactManagement.getArtifactStream(artifact.getSha1Hash(), smOs.getId(), smOs.isEncrypted()), randomBytes));
|
||||
SecurityContextSwitch.runAs(
|
||||
SecurityContextSwitch.withUser("test_user", SpPermission.READ_PREFIX + SpPermission.SOFTWARE_MODULE),
|
||||
() -> assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||
.as("Should not have worked with missing permission.")
|
||||
.isThrownBy(() -> artifactManagement.getArtifactStream("123", 1, false)));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Trys and fails to load an artifact without required permission. Checks if expected InsufficientPermissionException is thrown.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true, removeFromAllPermission = {
|
||||
SpPermission.READ_SOFTWARE_MODULE_ARTIFACT,
|
||||
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
||||
@WithUser(authorities = {})
|
||||
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
|
||||
assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||
.as("Should not have worked with missing permission.")
|
||||
@@ -543,11 +553,13 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
|
||||
assertThat(runAsTenant(tenant, () -> artifactRepository.findAll())).hasSize(count);
|
||||
}
|
||||
|
||||
private void assertEqualFileContents(final ArtifactStream artifact, final byte[] randomBytes) throws IOException {
|
||||
private void assertEqualFileContents(final ArtifactStream artifact, final byte[] randomBytes) {
|
||||
try (final InputStream inputStream = artifact) {
|
||||
assertTrue(
|
||||
IOUtils.contentEquals(new ByteArrayInputStream(randomBytes), inputStream),
|
||||
"The stored binary matches the given binary");
|
||||
} catch (final IOException e) {
|
||||
throw new AssertionError(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -10,6 +10,7 @@
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch.withUserAndTenant;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.util.ArrayList;
|
||||
@@ -55,7 +56,8 @@ class SystemManagementTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
for (int i = 0; i < tenants; i++) {
|
||||
final String tenantname = "TENANT" + i;
|
||||
SecurityContextSwitch.getAs(SecurityContextSwitch.withUserAndTenant("bumlux", tenantname, true, true, false, SpRole.SYSTEM_ROLE),
|
||||
SecurityContextSwitch.getAs(
|
||||
withUserAndTenant(tenantname, "bumlux", new String[] { SpRole.SYSTEM_ROLE }, true, true),
|
||||
() -> {
|
||||
systemManagement.getTenantMetadataWithoutDetails();
|
||||
if (artifactSize > 0) {
|
||||
|
||||
@@ -482,7 +482,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
|
||||
* Checks that target type for a target can be created, updated and unassigned.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true)
|
||||
@WithUser(authorities = SpRole.TENANT_ADMIN)
|
||||
void createAndUpdateTargetTypeInTarget() {
|
||||
// create a target type
|
||||
final List<? extends TargetType> targetTypes = testdataFactory.createTargetTypes("targettype", 2);
|
||||
@@ -519,7 +519,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
|
||||
* Checks that target type to a target can be assigned.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true)
|
||||
@WithUser(authorities = SpRole.TENANT_ADMIN)
|
||||
void assignTargetTypeInTarget() {
|
||||
// create a target
|
||||
final Target target = testdataFactory.createTarget("target1", "testtarget");
|
||||
@@ -547,7 +547,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
|
||||
* Tests the assignment of types to multiple targets.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true)
|
||||
@WithUser(authorities = SpRole.TENANT_ADMIN)
|
||||
@ExpectEvents({
|
||||
@Expect(type = TargetCreatedEvent.class, count = 20),
|
||||
@Expect(type = TargetTypeCreatedEvent.class, count = 2),
|
||||
@@ -577,7 +577,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
|
||||
* Checks that target type can be unassigned from target.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true)
|
||||
@WithUser(authorities = SpRole.TENANT_ADMIN)
|
||||
void unAssignTargetTypeFromTarget() {
|
||||
// create a target type
|
||||
final TargetType targetType = testdataFactory.findOrCreateTargetType("targettype");
|
||||
@@ -827,7 +827,7 @@ class TargetManagementTest extends AbstractRepositoryManagementWithMetadataTest<
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true)
|
||||
@WithUser(authorities = SpRole.TENANT_ADMIN)
|
||||
void failToAssignInvalidTargetTypeToTarget() {
|
||||
// create a target
|
||||
final Target target = testdataFactory.createTarget("target1", "testtarget");
|
||||
|
||||
@@ -71,7 +71,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
|
||||
* Ensures that targets created by a tenant are not visible by another tenant.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(tenantId = "mytenant", allSpPermissions = true)
|
||||
@WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
|
||||
void queryTargetFromDifferentTenantIsNotVisible() throws Exception {
|
||||
// create target for another tenant
|
||||
final String anotherTenant = "anotherTenant";
|
||||
@@ -93,7 +93,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
|
||||
* Ensures that tenant with proper permissions can read and delete other tenants.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(tenantId = "mytenant", allSpPermissions = true)
|
||||
@WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteAnotherTenantNotPossibleWithTenantPermissions() throws Exception {
|
||||
// create target for another tenant
|
||||
final String anotherTenant = "anotherTenant";
|
||||
@@ -122,7 +122,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
|
||||
* Ensures that tenant metadata is retrieved for the current tenant.
|
||||
*/
|
||||
@Test
|
||||
@WithUser(tenantId = "mytenant", autoCreateTenant = false, allSpPermissions = true)
|
||||
@WithUser(tenantId = "mytenant", autoCreateTenant = false, authorities = SpRole.TENANT_ADMIN)
|
||||
void getTenantMetdata() throws Exception {
|
||||
// logged in tenant mytenant - check if tenant default data is autogenerated
|
||||
assertThat(distributionSetTypeManagement.findAll(PAGE)).isEmpty();
|
||||
@@ -142,7 +142,7 @@ class MultiTenancyEntityTest extends AbstractJpaIntegrationTest {
|
||||
* Ensures that targets created from a different tenant cannot be deleted from other tenants
|
||||
*/
|
||||
@Test
|
||||
@WithUser(tenantId = "mytenant", allSpPermissions = true)
|
||||
@WithUser(tenantId = "mytenant", authorities = SpRole.TENANT_ADMIN)
|
||||
void deleteTargetFromOtherTenantIsNotPossible() throws Exception {
|
||||
// create target for another tenant
|
||||
final String anotherTenant = "anotherTenant";
|
||||
|
||||
@@ -7,7 +7,6 @@
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
|
||||
package org.eclipse.hawkbit.repository.test.matcher;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@@ -13,6 +13,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.eclipse.hawkbit.auth.SpPermission.READ_TENANT_CONFIGURATION;
|
||||
import static org.eclipse.hawkbit.auth.SpRole.CONTROLLER_ROLE;
|
||||
import static org.eclipse.hawkbit.auth.SpRole.SYSTEM_ROLE;
|
||||
import static org.eclipse.hawkbit.auth.SpRole.TENANT_ADMIN;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
@@ -37,6 +38,7 @@ import org.awaitility.Awaitility;
|
||||
import org.awaitility.core.ConditionFactory;
|
||||
import org.eclipse.hawkbit.artifact.ArtifactStorage;
|
||||
import org.eclipse.hawkbit.artifact.exception.ArtifactStoreException;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.repository.ArtifactManagement;
|
||||
import org.eclipse.hawkbit.repository.ConfirmationManagement;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
@@ -103,7 +105,7 @@ import org.springframework.test.context.TestPropertySource;
|
||||
@Slf4j
|
||||
@ActiveProfiles({ "test" })
|
||||
@ExtendWith({ TestLoggerExtension.class, SharedSqlTestDatabaseExtension.class })
|
||||
@WithUser(principal = "bumlux", allSpPermissions = true, authorities = { CONTROLLER_ROLE, SYSTEM_ROLE })
|
||||
@WithUser(principal = "bumlux", authorities = { TENANT_ADMIN, CONTROLLER_ROLE, SYSTEM_ROLE })
|
||||
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.NONE)
|
||||
@ContextConfiguration(classes = { TestConfiguration.class })
|
||||
// destroy the context after each test class because otherwise we get problem when context is
|
||||
|
||||
@@ -9,19 +9,20 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.test.util;
|
||||
|
||||
import static org.eclipse.hawkbit.auth.SpRole.CONTROLLER_ROLE;
|
||||
import static org.eclipse.hawkbit.auth.SpRole.SYSTEM_ROLE;
|
||||
import static org.eclipse.hawkbit.auth.SpRole.TENANT_ADMIN;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
import java.lang.annotation.Annotation;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.concurrent.Callable;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
import lombok.AccessLevel;
|
||||
import lombok.NoArgsConstructor;
|
||||
import org.eclipse.hawkbit.auth.SpPermission;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.repository.SystemManagement;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAwareUser;
|
||||
@@ -38,8 +39,8 @@ public class SecurityContextSwitch {
|
||||
private static final SecurityContextSwitch INSTANCE = new SecurityContextSwitch();
|
||||
|
||||
public static final String DEFAULT_TENANT = "DEFAULT";
|
||||
private static final WithUser PRIVILEGED_USER = createWithUser(
|
||||
"bumlux", DEFAULT_TENANT, false, true, false, "ROLE_CONTROLLER", "ROLE_SYSTEM_CODE");
|
||||
private static final WithUser PRIVILEGED_USER = new WithUserImpl(
|
||||
DEFAULT_TENANT, "bumlux", new String[] {TENANT_ADMIN, CONTROLLER_ROLE, SYSTEM_ROLE}, false, false);
|
||||
|
||||
private static SystemManagement systemManagement;
|
||||
|
||||
@@ -92,21 +93,21 @@ public class SecurityContextSwitch {
|
||||
}
|
||||
|
||||
public static WithUser withController(final String principal, final String... authorities) {
|
||||
return withUserAndTenant(principal, DEFAULT_TENANT, true, false, true, authorities);
|
||||
return withUserAndTenant(DEFAULT_TENANT, principal, authorities, true, true);
|
||||
}
|
||||
|
||||
public static WithUser withUser(final String principal, final String... authorities) {
|
||||
return withUserAndTenant(principal, DEFAULT_TENANT, true, false, false, authorities);
|
||||
return withUserAndTenant(DEFAULT_TENANT, principal, authorities, false, true);
|
||||
}
|
||||
|
||||
public static WithUser withUserAndTenantAllSpPermissions(final String principal, final String tenant) {
|
||||
return withUserAndTenant(principal, tenant, true, true, false);
|
||||
return withUserAndTenant(tenant, principal, new String[] { SpRole.TENANT_ADMIN }, false, true);
|
||||
}
|
||||
|
||||
public static WithUser withUserAndTenant(final String principal, final String tenant,
|
||||
final boolean autoCreateTenant, final boolean allSpPermission, final boolean controller,
|
||||
final String... authorities) {
|
||||
return createWithUser(principal, tenant, autoCreateTenant, allSpPermission, controller, authorities);
|
||||
public static WithUser withUserAndTenant(
|
||||
final String tenant, final String principal, final String[] authorities,
|
||||
final boolean controller, final boolean autoCreateTenant) {
|
||||
return new WithUserImpl(tenant, principal, authorities, controller, autoCreateTenant);
|
||||
}
|
||||
|
||||
private static void setSecurityContext(final WithUser annotation) {
|
||||
@@ -123,12 +124,6 @@ public class SecurityContextSwitch {
|
||||
}
|
||||
}
|
||||
|
||||
private static WithUser createWithUser(
|
||||
final String principal, final String tenant, final boolean autoCreateTenant,
|
||||
final boolean allSpPermission, final boolean controller, final String... authorities) {
|
||||
return new WithUserImpl(principal, tenant, autoCreateTenant, allSpPermission, controller, authorities);
|
||||
}
|
||||
|
||||
// should be used only for test purposes and taking in account 'annotation' non-transient field in a Serializable
|
||||
@SuppressWarnings("java:S1948") // java:S1948 - see comments into the method
|
||||
static class WithUserSecurityContext implements SecurityContext {
|
||||
@@ -151,15 +146,9 @@ public class SecurityContextSwitch {
|
||||
|
||||
@Override
|
||||
public Authentication getAuthentication() {
|
||||
final String[] authorities;
|
||||
if (annotation.allSpPermissions()) {
|
||||
authorities = getAllAuthorities(annotation.authorities(), annotation.removeFromAllPermission());
|
||||
} else {
|
||||
authorities = annotation.authorities();
|
||||
}
|
||||
final TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(
|
||||
new TenantAwareUser(annotation.principal(), "***", null, annotation.tenantId()),
|
||||
annotation.credentials(), authorities);
|
||||
annotation.credentials(), annotation.authorities());
|
||||
testingAuthenticationToken.setDetails(
|
||||
new TenantAwareAuthenticationDetails(annotation.tenantId(), annotation.controller()));
|
||||
return testingAuthenticationToken;
|
||||
@@ -183,17 +172,6 @@ public class SecurityContextSwitch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
private String[] getAllAuthorities(final String[] additionalAuthorities, final String[] notInclude) {
|
||||
final List<String> permissions = new ArrayList<>(SpPermission.getAllAuthorities()); // list is unmodifiable
|
||||
if (notInclude != null) {
|
||||
permissions.removeAll(Arrays.asList(notInclude));
|
||||
}
|
||||
if (additionalAuthorities != null) {
|
||||
permissions.addAll(Arrays.asList(additionalAuthorities));
|
||||
}
|
||||
return permissions.toArray(new String[0]);
|
||||
}
|
||||
}
|
||||
|
||||
private static class WithUserImpl implements WithUser, Serializable {
|
||||
@@ -201,22 +179,20 @@ public class SecurityContextSwitch {
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final String principal;
|
||||
private final String tenant;
|
||||
private final boolean autoCreateTenant;
|
||||
private final boolean allSpPermission;
|
||||
private final boolean controller;
|
||||
private final String principal;
|
||||
private final String[] authorities;
|
||||
private final boolean controller;
|
||||
private final boolean autoCreateTenant;
|
||||
|
||||
private WithUserImpl(
|
||||
final String principal, final String tenant, final boolean autoCreateTenant,
|
||||
final boolean allSpPermission, final boolean controller, final String... authorities) {
|
||||
this.principal = principal;
|
||||
final String tenant, final String principal, final String[] authorities,
|
||||
final boolean controller, final boolean autoCreateTenant) {
|
||||
this.tenant = tenant;
|
||||
this.autoCreateTenant = autoCreateTenant;
|
||||
this.allSpPermission = allSpPermission;
|
||||
this.controller = controller;
|
||||
this.principal = principal;
|
||||
this.authorities = authorities;
|
||||
this.controller = controller;
|
||||
this.autoCreateTenant = autoCreateTenant;
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -224,6 +200,11 @@ public class SecurityContextSwitch {
|
||||
return WithUser.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String tenantId() {
|
||||
return tenant;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String principal() {
|
||||
return principal;
|
||||
@@ -234,34 +215,19 @@ public class SecurityContextSwitch {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String tenantId() {
|
||||
return tenant;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean autoCreateTenant() {
|
||||
return autoCreateTenant;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] authorities() {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean allSpPermissions() {
|
||||
return allSpPermission;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] removeFromAllPermission() {
|
||||
return new String[0];
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean controller() {
|
||||
return controller;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean autoCreateTenant() {
|
||||
return autoCreateTenant;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -28,6 +28,13 @@ import org.springframework.security.test.context.support.WithSecurityContextFact
|
||||
@Inherited
|
||||
public @interface WithUser {
|
||||
|
||||
/**
|
||||
* Gets the test tenant id.
|
||||
*
|
||||
* @return test tenant id
|
||||
*/
|
||||
String tenantId() default "DEFAULT";
|
||||
|
||||
/**
|
||||
* Gets the test principal.
|
||||
*
|
||||
@@ -42,20 +49,6 @@ public @interface WithUser {
|
||||
*/
|
||||
String credentials() default "TestCredentials";
|
||||
|
||||
/**
|
||||
* Gets the test tenant id.
|
||||
*
|
||||
* @return test tenant id
|
||||
*/
|
||||
String tenantId() default "DEFAULT";
|
||||
|
||||
/**
|
||||
* Should tenant auto created.
|
||||
*
|
||||
* @return <code>true</code> = auto create <code>false</code> not create
|
||||
*/
|
||||
boolean autoCreateTenant() default true;
|
||||
|
||||
/**
|
||||
* Gets the test authorities.
|
||||
*
|
||||
@@ -64,18 +57,11 @@ public @interface WithUser {
|
||||
String[] authorities() default {};
|
||||
|
||||
/**
|
||||
* Gets the test all permissions.
|
||||
* Should tenant auto created.
|
||||
*
|
||||
* @return permissions
|
||||
* @return <code>true</code> = auto create <code>false</code> not create
|
||||
*/
|
||||
boolean allSpPermissions() default false;
|
||||
|
||||
/**
|
||||
* Gets the test removeFromAllPermission.
|
||||
*
|
||||
* @return removeFromAllPermission
|
||||
*/
|
||||
String[] removeFromAllPermission() default {};
|
||||
boolean autoCreateTenant() default true;
|
||||
|
||||
boolean controller() default false;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user