Added Security Tests for ManagementAPI @PreAuthorize methods (#2167)

Co-authored-by: vasilchev <vasil.ilchev@bosch.com>
This commit is contained in:
Vasil Ilchev
2025-01-07 08:26:37 +02:00
committed by GitHub
parent 49455e1924
commit b36df62864
20 changed files with 2720 additions and 0 deletions

View File

@@ -15,15 +15,21 @@ import java.lang.reflect.Array;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import io.qameta.allure.Step;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
import org.eclipse.hawkbit.repository.jpa.model.JpaRollout;
@@ -58,6 +64,7 @@ import org.eclipse.hawkbit.repository.model.TargetTypeAssignmentResult;
import org.eclipse.hawkbit.repository.test.TestConfiguration;
import org.eclipse.hawkbit.repository.test.util.AbstractIntegrationTest;
import org.eclipse.hawkbit.repository.test.util.RolloutTestApprovalStrategy;
import org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.orm.jpa.JpaProperties;
@@ -69,6 +76,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.transaction.annotation.Transactional;
@Slf4j
@ContextConfiguration(classes = {
RepositoryApplicationConfiguration.class, TestConfiguration.class })
@Import(TestChannelBinderConfiguration.class)
@@ -79,6 +87,8 @@ public abstract class AbstractJpaIntegrationTest extends AbstractIntegrationTest
protected static final String NOT_EXIST_ID = "12345678990";
protected static final long NOT_EXIST_IDL = Long.parseLong(NOT_EXIST_ID);
protected static final List<String> REPOSITORY_AND_TARGET_PERMISSIONS = List.of(SpPermission.READ_REPOSITORY, SpPermission.CREATE_REPOSITORY, SpPermission.UPDATE_REPOSITORY, SpPermission.DELETE_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_TARGET, SpPermission.UPDATE_TARGET, SpPermission.DELETE_TARGET);
@PersistenceContext
protected EntityManager entityManager;
@@ -231,6 +241,68 @@ public abstract class AbstractJpaIntegrationTest extends AbstractIntegrationTest
assertThat(running.getTotalElements()).as("Action count").isEqualTo(count);
}
/**
* Asserts that the given callable throws an InsufficientPermissionException.
* If callable succeeds without any exception or exception other than InsufficientPermissionException, it will be considered as an assert failure.
*
* @param callable the callable to call
*/
@SneakyThrows
protected void assertPermissions(final Callable<?> callable, List<String> requiredPermissions) {
final List<String> insufficiantPermissions = REPOSITORY_AND_TARGET_PERMISSIONS.stream()
.filter(p -> !requiredPermissions.contains(p)).toList();
// check if the user has the correct permissions
SecurityContextSwitch.runAs(SecurityContextSwitch.withUser("user_with_permissions", requiredPermissions.toArray(new String[0])), () -> {
assertPermissionWorks(callable);
log.info("assertPermissionWorks Passed");
return null;
});
// check if the user has the insufficient permissions
SecurityContextSwitch.runAs(SecurityContextSwitch.withUser("user_without_permissions", insufficiantPermissions.toArray(new String[0])), () -> {
assertInsufficientPermission(callable);
log.info("assertInsufficientPermission Passed");
return null;
});
}
/**
* Asserts that the given callable throws an InsufficientPermissionException.
* If callable succeeds without any exception or exception other than InsufficientPermissionException, it will be considered as an assert failure.
*
* @param callable the callable to call
*/
private void assertInsufficientPermission(final Callable<?> callable) {
try {
callable.call();
throw new AssertionError(
"Expected Exception 'InsufficientPermissionException' to be thrown, but request passed with no exception.");
} catch (Exception ex) {
assertThat(ex).isInstanceOf(InsufficientPermissionException.class);
}
}
/**
* Asserts that the given callable succeeds.
*
* Note: This method will assume that EntityNotFoundException is OK, as security tests use dummy (non-existing) IDs.
* It matters to either callable succeeds without any exception or at most EntityNotFoundException.
* All other cases will be considered as an error.
*
* @param callable the callable to call
*/
private void assertPermissionWorks(final Callable<?> callable) {
try {
callable.call();
} catch (Throwable th) {
if (th instanceof EntityNotFoundException) {
log.info("Expected (at most) EntityNotFoundException catch: {}", th.getMessage());
} else {
throw new AssertionError("Expected no Exception (other then EntityNotFound) to be thrown, but got: " + th.getMessage(), th);
}
}
}
protected void finishAction(final Action action) {
controllerManagement
.addUpdateActionStatus(entityFactory.actionStatus().create(action.getId()).status(Action.Status.FINISHED));

View File

@@ -0,0 +1,111 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa;
import java.util.List;
import io.qameta.allure.Description;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.RepositoryManagement;
import org.eclipse.hawkbit.repository.test.util.WithUser;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.Pageable;
public abstract class AbstractRepositoryManagementSecurityTest<T, C, U> extends AbstractJpaIntegrationTest {
/**
* @return the repository management to test with
*/
protected abstract RepositoryManagement<T, C, U> getRepositoryManagement();
/**
* @return the object to create
*/
protected abstract C getCreateObject();
/**
* @return the object to update
*/
protected abstract U getUpdateObject();
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
void createCollectionPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().create(List.of(getCreateObject())), List.of(SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
void createPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().create(getCreateObject()), List.of(SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
void updatePermissionCheck() {
assertPermissions(() -> getRepositoryManagement().update(getUpdateObject()), List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
void deletePermissionCheck() {
assertPermissions(() -> {
getRepositoryManagement().delete(1L);
return null;
}, List.of(SpPermission.DELETE_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void countPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().count(), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void deleteCollectionRepositoryManagement() {
assertPermissions(() -> {
getRepositoryManagement().delete(List.of(1L));
return null;
}, List.of(SpPermission.DELETE_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void getPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().get(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void getCollectionPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().get(List.of(1L)), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void existsCollectionPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().exists(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void findAllPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().findAll(Pageable.ofSize(1)), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
public void findByRsqlPermissionCheck() {
assertPermissions(() -> getRepositoryManagement().findByRsql(Pageable.ofSize(1), "(name==*)"), List.of(SpPermission.READ_REPOSITORY));
}
}

View File

@@ -0,0 +1,94 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.io.ByteArrayInputStream;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
import org.eclipse.hawkbit.repository.test.util.WithUser;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - ArtifactManagement")
@Story("SecurityTests ArtifactManagement")
class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ArtifactManagement#count() method")
@WithUser(principal = "user", authorities = { SpPermission.READ_REPOSITORY })
void countPermissionCheck() {
assertPermissions(() -> artifactManagement.count(), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#create() method")
void createPermissionCheck() {
ArtifactUpload artifactUpload = new ArtifactUpload(new ByteArrayInputStream("RandomString".getBytes()), 1L, "filename", false, 1024);
assertPermissions(() -> artifactManagement.create(artifactUpload), List.of(SpPermission.CREATE_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#delete() method")
void deletePermissionCheck() {
assertPermissions(() -> {
artifactManagement.delete(1);
return null;
}, List.of(SpPermission.DELETE_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#get() method")
void getPermissionCheck() {
assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#getByFilenameAndSoftwareModule() method")
void getByFilenameAndSoftwareModulePermissionCheck() {
assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#findFirstBySHA1() method")
void findFirstBySHA1PermissionCheck() {
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#getByFilename() method")
void getByFilenamePermissionCheck() {
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#findBySoftwareModule() method")
void findBySoftwareModulePermissionCheck() {
assertPermissions(() -> artifactManagement.findBySoftwareModule(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#countBySoftwareModule() method")
void countBySoftwareModulePermissionCheck() {
assertPermissions(() -> artifactManagement.countBySoftwareModule(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ArtifactManagement#loadArtifactBinary() method")
void loadArtifactBinaryPermissionCheck() {
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT));
}
}

View File

@@ -0,0 +1,74 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - ConfirmationManagement")
@Story("SecurityTests ConfirmationManagement")
class ConfirmationManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ConfirmationManagement#findActiveActionsWaitingConfirmation() method")
void findActiveActionsWaitingConfirmationPermissionsCheck() {
assertPermissions(() -> confirmationManagement.findActiveActionsWaitingConfirmation("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ConfirmationManagement#activateAutoConfirmation() method")
void activateAutoConfirmationPermissionsCheck() {
assertPermissions(() -> confirmationManagement.activateAutoConfirmation("controllerId", "initiator", "remark"),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ConfirmationManagement#getStatus() method")
void getStatusPermissionsCheck() {
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ConfirmationManagement#autoConfirmActiveActions() method")
void autoConfirmActiveActionsPermissionsCheck() {
assertPermissions(() -> confirmationManagement.autoConfirmActiveActions("controllerId"),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ConfirmationManagement#confirmAction() method")
void confirmActionPermissionsCheck() {
assertPermissions(() -> confirmationManagement.confirmAction(1L, null, null),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ConfirmationManagement#denyAction() method")
void denyActionPermissionsCheck() {
assertPermissions(() -> confirmationManagement.denyAction(1L, null, null),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ConfirmationManagement#deactivateAutoConfirmation() method")
void deactivateAutoConfirmationPermissionsCheck() {
assertPermissions(() -> {
confirmationManagement.deactivateAutoConfirmation("controllerId");
return null;
}, List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
}

View File

@@ -0,0 +1,238 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.net.URI;
import java.util.List;
import java.util.Map;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.Pageable;
@Feature("SecurityTests - ControllerManagement")
@Story("SecurityTests ControllerManagement")
class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ControllerManagement#cancelActionStatus() method")
void addCancelActionStatusPermissionsCheck() {
assertPermissions(() -> controllerManagement.addCancelActionStatus(entityFactory.actionStatus().create(0L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getSoftwareModule() method")
void getSoftwareModulePermissionsCheck() {
assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findTargetVisibleMetaDataBySoftwareModuleId() method")
void findTargetVisibleMetaDataBySoftwareModuleIdPermissionsCheck() {
assertPermissions(() -> controllerManagement.findTargetVisibleMetaDataBySoftwareModuleId(List.of(1L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#addInformationalActionStatus() method")
void addInformationalActionStatusPermissionsCheck() {
assertPermissions(() -> controllerManagement.addInformationalActionStatus(entityFactory.actionStatus().create(0L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#addUpdateActionStatus() method")
void addUpdateActionStatusPermissionsCheck() {
assertPermissions(() -> controllerManagement.addUpdateActionStatus(entityFactory.actionStatus().create(0L)),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findActiveActionWithHighestWeight() method")
void findActiveActionWithHighestWeightPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActiveActionWithHighestWeight("controllerId"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findActiveActionsWithHighestWeight() method")
void findActiveActionsWithHighestWeightPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActiveActionsWithHighestWeight("controllerId", 1),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findActionWithDetails() method")
void findActionWithDetailsPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findActionStatusByAction() method")
void findActionStatusByActionPermissionsCheck() {
assertPermissions(() -> controllerManagement.findActionStatusByAction(Pageable.unpaged(), 1L),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findOrRegisterTargetIfItDoesNotExist() method")
void findOrRegisterTargetIfItDoesNotExistPermissionsCheck() {
assertPermissions(() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress")),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#findOrRegisterTargetIfItDoesNotExist() method")
void findOrRegisterTargetIfItDoesNotExistWithDetailsPermissionsCheck() {
assertPermissions(
() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress"), "name", "type"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getActionForDownloadByTargetAndSoftwareModule() method")
void getActionForDownloadByTargetAndSoftwareModulePermissionsCheck() {
assertPermissions(() -> controllerManagement.getActionForDownloadByTargetAndSoftwareModule("controllerId", 1L),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getPollingTime() method")
void getPollingTimePermissionsCheck() {
assertPermissions(() -> controllerManagement.getPollingTime(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getMinPollingTime() method")
void getMinPollingTimePermissionsCheck() {
assertPermissions(() -> controllerManagement.getMinPollingTime(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getMaxPollingTime() method")
void getMaintenanceWindowPollCountPermissionsCheck() {
assertPermissions(() -> controllerManagement.getMaintenanceWindowPollCount(),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getPollingTimeForAction() method")
void getPollingTimeForActionPermissionsCheck() {
assertPermissions(() -> controllerManagement.getPollingTimeForAction(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#hasTargetArtifactAssigned() method")
void hasTargetArtifactAssignedPermissionsCheck() {
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned("controllerId", "sha1Hash"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#hasTargetArtifactAssigned() method")
void hasTargetArtifactAssignedByIdPermissionsCheck() {
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned(1L, "sha1Hash"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#updateControllerAttributes() method")
void updateControllerAttributesPermissionsCheck() {
assertPermissions(() -> controllerManagement.updateControllerAttributes("controllerId", Map.of(), null),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getByControllerId() method")
void getByControllerIdPermissionsCheck() {
assertPermissions(() -> controllerManagement.getByControllerId("controllerId"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#get() method")
void getPermissionsCheck() {
assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getActionHistoryMessages() method")
void getActionHistoryMessagesPermissionsCheck() {
assertPermissions(() -> controllerManagement.getActionHistoryMessages(1L, 1),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#cancelAction() method")
void cancelActionPermissionsCheck() {
assertPermissions(() -> controllerManagement.cancelAction(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#updateActionExternalRef() method")
void updateActionExternalRefPermissionsCheck() {
assertPermissions(() -> {
controllerManagement.updateActionExternalRef(1L, "externalRef");
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getActionByExternalRef() method")
void getActionByExternalRefPermissionsCheck() {
assertPermissions(() -> controllerManagement.getActionByExternalRef("externalRef"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#deleteExistingTarget() method")
void deleteExistingTargetPermissionsCheck() {
assertPermissions(() -> {
controllerManagement.deleteExistingTarget("controllerId");
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#getInstalledActionByTarget() method")
void getInstalledActionByTargetPermissionsCheck() {
assertPermissions(() -> controllerManagement.getInstalledActionByTarget("controllerId"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#activateAutoConfirmation() method")
void activateAutoConfirmationPermissionsCheck() {
assertPermissions(() -> controllerManagement.activateAutoConfirmation("controllerId", "initiator", "remark"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#deactivateAutoConfirmation() method")
void deactivateAutoConfirmationPermissionsCheck() {
assertPermissions(() -> {
controllerManagement.deactivateAutoConfirmation("controllerId");
return null;
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
@Test
@Description("Tests ControllerManagement#updateOfflineAssignedVersion() method")
void updateOfflineAssignedVersionPermissionsCheck() {
assertPermissions(() -> controllerManagement.updateOfflineAssignedVersion("controllerId", "distributionName", "version"),
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
}
}

View File

@@ -0,0 +1,239 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import java.util.Set;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.Action;
import org.eclipse.hawkbit.repository.model.DeploymentRequest;
import org.eclipse.hawkbit.repository.model.DistributionSetInvalidation;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.Pageable;
@Feature("SecurityTests - DeploymentManagement")
@Story("SecurityTests DeploymentManagement")
class DeploymentManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignDistributionSetsPermissionsCheck() {
assertPermissions(() -> deploymentManagement.assignDistributionSets(
List.of(new DeploymentRequest("controllerId", 1L, Action.ActionType.SOFT, 1L, 1, "maintenanceSchedule",
"maintenanceWindowDuration", "maintenanceWindowTimeZone", true))),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignDistributionSetsWithInitiatedByPermissionsCheck() {
assertPermissions(() -> deploymentManagement.assignDistributionSets("initiator",
List.of(new DeploymentRequest("controllerId", 1L, Action.ActionType.SOFT, 1L, 1, "maintenanceSchedule",
"maintenanceWindowDuration", "maintenanceWindowTimeZone", true)), "message"),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void offlineAssignedDistributionSetsPermissionsCheck() {
assertPermissions(() -> deploymentManagement.offlineAssignedDistributionSets(List.of()), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void offlineAssignedDistributionSetsWithInitiatedByPermissionsCheck() {
assertPermissions(() -> deploymentManagement.offlineAssignedDistributionSets(List.of(), "initiator"),
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void cancelActionPermissionsCheck() {
assertPermissions(() -> deploymentManagement.cancelAction(1L), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countActionsByTargetWithFilterPermissionsCheck() {
assertPermissions(() -> deploymentManagement.countActionsByTarget("rsqlParam", "controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countActionsByTargetPermissionsCheck() {
assertPermissions(() -> deploymentManagement.countActionsByTarget("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countActionsAllPermissionsCheck() {
assertPermissions(() -> deploymentManagement.countActionsAll(), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countActionsPermissionsCheck() {
assertPermissions(() -> deploymentManagement.countActions("id==1"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActionPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findAction(1L), List.of(SpPermission.READ_TARGET));
}
@Test
void findActionsAllPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActionsAll(Pageable.unpaged()), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActionsPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActions("id==1", Pageable.unpaged()), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActionsByTargetPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActionsByTarget("rsql==param", "controllerId", Pageable.unpaged()),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActionsByTargetWithControllerIdPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActionsByTarget("controllerId", Pageable.unpaged()),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActionStatusByActionPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActionStatusByAction(Pageable.unpaged(), 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countActionStatusByActionPermissionsCheck() {
assertPermissions(() -> deploymentManagement.countActionStatusByAction(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMessagesByActionStatusIdPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findMessagesByActionStatusId(PAGE, 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActionWithDetailsPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActionWithDetails(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActiveActionsByTargetPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActiveActionsByTarget(Pageable.unpaged(), "controllerId"),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findInActiveActionsByTargetPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findInActiveActionsByTarget(Pageable.unpaged(), "controllerId"),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActiveActionsWithHighestWeightPermissionsCheck() {
assertPermissions(() -> deploymentManagement.findActiveActionsWithHighestWeight("controllerId", 1), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void forceQuitActionPermissionsCheck() {
assertPermissions(() -> deploymentManagement.forceQuitAction(1L), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void forceTargetActionPermissionsCheck() {
assertPermissions(() -> deploymentManagement.forceTargetAction(1L), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void cancelInactiveScheduledActionsForTargetsPermissionsCheck() {
assertPermissions(() -> {
deploymentManagement.cancelInactiveScheduledActionsForTargets(List.of(1L));
return null;
}, List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void startScheduledActionsByRolloutGroupParentPermissionsCheck() {
assertPermissions(() -> {
deploymentManagement.startScheduledActionsByRolloutGroupParent(1L, 1L, 1L);
return null;
}, List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void startScheduledActionsPermissionsCheck() {
assertPermissions(() -> {
deploymentManagement.startScheduledActions(List.of());
return null;
}, List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getAssignedDistributionSetPermissionsCheck() {
assertPermissions(() -> deploymentManagement.getAssignedDistributionSet("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getInstalledDistributionSetPermissionsCheck() {
assertPermissions(() -> deploymentManagement.getInstalledDistributionSet("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteActionsByStatusAndLastModifiedBeforePermissionsCheck() {
assertPermissions(() -> deploymentManagement.deleteActionsByStatusAndLastModifiedBefore(Set.of(Action.Status.CANCELED), 1L),
List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void hasPendingCancellationsPermissionsCheck() {
assertPermissions(() -> deploymentManagement.hasPendingCancellations(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void cancelActionsForDistributionSetPermissionsCheck() {
assertPermissions(() -> {
deploymentManagement.cancelActionsForDistributionSet(DistributionSetInvalidation.CancelationType.FORCE,
entityFactory.distributionSet().create().build());
return null;
}, List.of(SpPermission.UPDATE_TARGET));
}
}

View File

@@ -0,0 +1,252 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.RepositoryManagement;
import org.eclipse.hawkbit.repository.builder.DistributionSetCreate;
import org.eclipse.hawkbit.repository.builder.DistributionSetUpdate;
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
import org.eclipse.hawkbit.repository.model.DistributionSet;
import org.eclipse.hawkbit.repository.model.DistributionSetFilter;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - DistributionSetManagement")
@Story("SecurityTests DistributionSetManagement")
class DistributionSetManagementSecurityTest
extends AbstractRepositoryManagementSecurityTest<DistributionSet, DistributionSetCreate, DistributionSetUpdate> {
@Override
protected RepositoryManagement<DistributionSet, DistributionSetCreate, DistributionSetUpdate> getRepositoryManagement() {
return distributionSetManagement;
}
@Override
protected DistributionSetCreate getCreateObject() {
return entityFactory.distributionSet().create().name("name").version("1.0.0").type("type");
}
@Override
protected DistributionSetUpdate getUpdateObject() {
return entityFactory.distributionSet().update(0L).name("a new name")
.description("a new description").version("a new version").requiredMigrationStep(true);
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
public void assignSoftwareModulesPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.assignSoftwareModules(1L, List.of(1L)), List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignTagPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.assignTag(List.of(1L), 1L),
List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests that the method throws InsufficientPermissionException when the user does not have the correct permission")
void unassignTagPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.unassignTag(List.of(1L), 1L),
List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createMetaDataPermissionsCheck() {
assertPermissions(
() -> distributionSetManagement.createMetaData(1L, List.of(entityFactory.generateTargetMetadata("key", "value"))),
List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteMetaDataPermissionsCheck() {
assertPermissions(() -> {
distributionSetManagement.deleteMetaData(1L, "key");
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void lockPermissionsCheck() {
assertPermissions(() -> {
distributionSetManagement.lock(1L);
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unlockPermissionsCheck() {
assertPermissions(() -> {
distributionSetManagement.unlock(1L);
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByActionPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getByAction(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getWithDetailsPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getWithDetails(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNameAndVersionPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getByNameAndVersion("name", "version"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getValidAndCompletePermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getValidAndComplete(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getValidPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getValid(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getOrElseThrowExceptionPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getOrElseThrowException(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataByDistributionSetIdPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.findMetaDataByDistributionSetId(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countMetaDataByDistributionSetIdPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countMetaDataByDistributionSetId(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataByDistributionSetIdAndRsqlPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.findMetaDataByDistributionSetIdAndRsql(PAGE, 1L, "rsql"),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByCompletedPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.findByCompleted(PAGE, true), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByCompletedPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countByCompleted(true), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByDistributionSetFilterPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.findByDistributionSetFilter(PAGE, DistributionSetFilter.builder().build()),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByDistributionSetFilterPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countByDistributionSetFilter(DistributionSetFilter.builder().build()),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTagPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.findByTag(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlAndTagPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.findByRsqlAndTag(PAGE, "rsql", 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getMetaDataByDistributionSetIdPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.getMetaDataByDistributionSetId(1L, "key"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void isInUsePermissionsCheck() {
assertPermissions(() -> distributionSetManagement.isInUse(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unassignSoftwareModulePermissionsCheck() {
assertPermissions(() -> distributionSetManagement.unassignSoftwareModule(1L, 1L), List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updateMetaDataPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.updateMetaData(1L, entityFactory.generateDsMetadata("key", "value")),
List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByTypeIdPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countByTypeId(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countRolloutsByStatusForDistributionSetPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countRolloutsByStatusForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countActionsByStatusForDistributionSetPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countActionsByStatusForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countAutoAssignmentsForDistributionSetPermissionsCheck() {
assertPermissions(() -> distributionSetManagement.countAutoAssignmentsForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void invalidatePermissionsCheck() {
assertPermissions(() -> {
distributionSetManagement.invalidate(entityFactory.distributionSet().create().name("name").version("1.0").type("type").build());
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY));
}
}

View File

@@ -0,0 +1,67 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.RepositoryManagement;
import org.eclipse.hawkbit.repository.builder.TagCreate;
import org.eclipse.hawkbit.repository.builder.TagUpdate;
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
import org.eclipse.hawkbit.repository.model.DistributionSetTag;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.Pageable;
@Feature("SecurityTests - DistributionSetTagManagement")
@Story("SecurityTests DistributionSetTagManagement")
public class DistributionSetTagManagementSecurityTest
extends AbstractRepositoryManagementSecurityTest<DistributionSetTag, TagCreate, TagUpdate> {
@Override
protected RepositoryManagement<DistributionSetTag, TagCreate, TagUpdate> getRepositoryManagement() {
return distributionSetTagManagement;
}
@Override
protected TagCreate getCreateObject() {
return entityFactory.tag().create().name("tag");
}
@Override
protected TagUpdate getUpdateObject() {
return entityFactory.tag().update(1L).name("tag");
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNameWitPermissionWorks() {
assertPermissions(() -> distributionSetTagManagement.getByName("tagName"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByDistributionSetPermissionsCheck() {
assertPermissions(() -> distributionSetTagManagement.findByDistributionSet(Pageable.unpaged(), 1L),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteDistributionSetTagPermissionsCheck() {
assertPermissions(() -> {
distributionSetTagManagement.delete("tagName");
return null;
}, List.of(SpPermission.DELETE_REPOSITORY));
}
}

View File

@@ -0,0 +1,76 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.RepositoryManagement;
import org.eclipse.hawkbit.repository.builder.DistributionSetTypeCreate;
import org.eclipse.hawkbit.repository.builder.DistributionSetTypeUpdate;
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
import org.eclipse.hawkbit.repository.model.DistributionSetType;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - DistributionSetTypeManagement")
@Story("SecurityTests DistributionSetTypeManagement")
public class DistributionSetTypeManagementSecurityTest
extends AbstractRepositoryManagementSecurityTest<DistributionSetType, DistributionSetTypeCreate, DistributionSetTypeUpdate> {
@Override
protected RepositoryManagement<DistributionSetType, DistributionSetTypeCreate, DistributionSetTypeUpdate> getRepositoryManagement() {
return distributionSetTypeManagement;
}
@Override
protected DistributionSetTypeCreate getCreateObject() {
return entityFactory.distributionSetType().create().key("key").name("name");
}
@Override
protected DistributionSetTypeUpdate getUpdateObject() {
return entityFactory.distributionSetType().update(1L).description("description");
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByKeyPermissionsCheck() {
assertPermissions(() -> distributionSetTypeManagement.getByKey("key"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNamePermissionsCheck() {
assertPermissions(() -> distributionSetTypeManagement.getByName("name"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignOptionalSoftwareModuleTypesPermissionsCheck() {
assertPermissions(() -> distributionSetTypeManagement.assignOptionalSoftwareModuleTypes(1L, List.of(1L)),
List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignMandatorySoftwareModuleTypesPermissionsCheck() {
assertPermissions(() -> distributionSetTypeManagement.assignMandatorySoftwareModuleTypes(1L, List.of(1L)),
List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unassignSoftwareModuleTypePermissionsCheck() {
assertPermissions(() -> distributionSetTypeManagement.unassignSoftwareModuleType(1L, 1L), List.of(SpPermission.UPDATE_REPOSITORY));
}
}

View File

@@ -0,0 +1,87 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - RolloutGroupManagement")
@Story("SecurityTests RolloutGroupManagement")
public class RolloutGroupManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.get(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.getWithDetailedStatus(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRolloutPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.countByRollout(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countTargetsOfRolloutsGroupPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.countTargetsOfRolloutsGroup(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRolloutPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findByRollout(1L, PAGE), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRolloutAndRsqlPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsql(1L, "name==*", PAGE), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findTargetsOfRolloutGroupPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findTargetsOfRolloutGroup(1L, PAGE),
List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findTargetsOfRolloutGroupByRsqlPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findTargetsOfRolloutGroupByRsql(PAGE, 1L, "name==*"),
List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRolloutAndRsqlWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsqlWithDetailedStatus(1L, "name==*", PAGE),
List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRolloutWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findByRolloutWithDetailedStatus(1L, PAGE), List.of(SpPermission.READ_ROLLOUT));
}
}

View File

@@ -0,0 +1,228 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import jakarta.validation.ConstraintDeclarationException;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.builder.DistributionSetCreate;
import org.eclipse.hawkbit.repository.builder.DistributionSetTypeCreate;
import org.eclipse.hawkbit.repository.builder.DynamicRolloutGroupTemplate;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.DistributionSet;
import org.eclipse.hawkbit.repository.model.Rollout;
import org.eclipse.hawkbit.repository.model.RolloutGroupConditionBuilder;
import org.eclipse.hawkbit.repository.test.util.WithUser;
import org.junit.jupiter.api.Test;
import org.springframework.data.domain.PageImpl;
@Slf4j
@Feature("SecurityTests - RolloutManagement")
@Story("SecurityTests RolloutManagement")
public class RolloutManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getPermissionsCheck() {
assertPermissions(() -> rolloutManagement.get(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNamePermissionsCheck() {
assertPermissions(() -> rolloutManagement.getByName("name"), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutManagement.getWithDetailedStatus(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void approveOrDenyPermissionsCheck() {
assertPermissions(() -> rolloutManagement.approveOrDeny(1L, Rollout.ApprovalDecision.APPROVED), List.of(SpPermission.APPROVE_ROLLOUT));
assertPermissions(() -> rolloutManagement.approveOrDeny(1L, Rollout.ApprovalDecision.APPROVED, "comment"),
List.of(SpPermission.APPROVE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void pauseRolloutPermissionsCheck() {
assertPermissions(() -> {
rolloutManagement.pauseRollout(1L);
return null;
}, List.of(SpPermission.HANDLE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void resumeRolloutPermissionsCheck() {
assertPermissions(() -> {
rolloutManagement.resumeRollout(1L);
return null;
}, List.of(SpPermission.HANDLE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findActiveRolloutsPermissionsCheck() {
assertPermissions(() -> rolloutManagement.findActiveRollouts(), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void cancelRolloutsForDistributionSetPermissionsCheck() {
final DistributionSetTypeCreate key = entityFactory.distributionSetType().create().name("type").key("type");
distributionSetTypeManagement.create(key);
final DistributionSetCreate dsCreate = entityFactory.distributionSet().create().name("name").version("1.0.0").type("type");
final DistributionSet ds = distributionSetManagement.create(dsCreate);
assertPermissions(() -> {
rolloutManagement.cancelRolloutsForDistributionSet(ds);
return null;
}, List.of(SpPermission.UPDATE_ROLLOUT, SpPermission.READ_REPOSITORY, SpPermission.CREATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countPermissionsCheck() {
assertPermissions(() -> rolloutManagement.count(), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByDistributionSetIdAndRolloutIsStoppablePermissionsCheck() {
assertPermissions(() -> rolloutManagement.countByDistributionSetIdAndRolloutIsStoppable(1L), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByFiltersPermissionsCheck() {
assertPermissions(() -> rolloutManagement.countByFilters("searchFilter"), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createPermissionsCheck() {
assertPermissions(() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), 1, false,
new RolloutGroupConditionBuilder().withDefaults().build()), List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY));
assertPermissions(() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), 1, false,
new RolloutGroupConditionBuilder().withDefaults().build(), DynamicRolloutGroupTemplate.builder().build()),
List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY));
assertPermissions(
() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L),
List.of(entityFactory.rolloutGroup().create()),
new RolloutGroupConditionBuilder().withDefaults().build()),
List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findAllPermissionsCheck() {
assertPermissions(() -> rolloutManagement.findAll(PAGE, false), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlPermissionsCheck() {
assertPermissions(() -> rolloutManagement.findByRsql(PAGE, "id==1", false), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findAllWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutManagement.findAllWithDetailedStatus(PAGE, false), List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByFiltersWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutManagement.findByFiltersWithDetailedStatus(PAGE, "searchFilter", false),
List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void setRolloutStatusDetailsPermissionsCheck() {
assertPermissions(() -> {
rolloutManagement.setRolloutStatusDetails(new PageImpl<>(List.of(entityFactory.rollout().create().distributionSetId(1L).build())));
return null;
}, List.of(SpPermission.UPDATE_ROLLOUT, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void startPermissionsCheck() {
assertPermissions(() -> rolloutManagement.start(1L), List.of(SpPermission.HANDLE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updatePermissionsCheck() {
assertPermissions(() -> rolloutManagement.update(entityFactory.rollout().update(1L)), List.of(SpPermission.UPDATE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deletePermissionsCheck() {
assertPermissions(() -> {
rolloutManagement.delete(1L);
return null;
}, List.of(SpPermission.DELETE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void triggerNextGroupPermissionsCheck() {
assertPermissions(() -> {
rolloutManagement.triggerNextGroup(1L);
return null;
}, List.of(SpPermission.UPDATE_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
// @WithUser(principal = "user", authorities = { SpPermission.CREATE_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.READ_ROLLOUT,
// SpPermission.READ_TARGET })
void validateTargetsInGroupsPermissionsCheck() {
try {
assertPermissions(
() -> rolloutManagement.validateTargetsInGroups(List.of(entityFactory.rolloutGroup().create()), "name==dummy", 1L, 1L),
List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET));
} catch (Error e) {
if (e.getCause() instanceof ConstraintDeclarationException) {
log.info("ConstraintDeclarationException thrown expected");
} else {
throw e;
}
}
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
@WithUser(principal = "user", authorities = { SpPermission.READ_ROLLOUT })
void findByRolloutAndRsqlWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsqlWithDetailedStatus(1L, "name==*", PAGE),
List.of(SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRolloutWithDetailedStatusPermissionsCheck() {
assertPermissions(() -> rolloutGroupManagement.findByRolloutWithDetailedStatus(1L, PAGE), List.of(SpPermission.READ_ROLLOUT));
}
}

View File

@@ -0,0 +1,158 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.RepositoryManagement;
import org.eclipse.hawkbit.repository.builder.SoftwareModuleCreate;
import org.eclipse.hawkbit.repository.builder.SoftwareModuleUpdate;
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
import org.eclipse.hawkbit.repository.model.SoftwareModule;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - SoftwareManagement")
@Story("SecurityTests SoftwareManagement")
public class SoftwareManagementSecurityTest
extends AbstractRepositoryManagementSecurityTest<SoftwareModule, SoftwareModuleCreate, SoftwareModuleUpdate> {
@Override
protected RepositoryManagement<SoftwareModule, SoftwareModuleCreate, SoftwareModuleUpdate> getRepositoryManagement() {
return softwareModuleManagement;
}
@Override
protected SoftwareModuleCreate getCreateObject() {
return entityFactory.softwareModule().create().name("name").version("version").type("type");
}
@Override
protected SoftwareModuleUpdate getUpdateObject() {
return entityFactory.softwareModule().update(1L).locked(true);
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createMetaDataPermissionsCheck() {
assertPermissions(
() -> softwareModuleManagement.createMetaData(entityFactory.softwareModuleMetadata().create(1L).key("key").value("value")),
List.of(SpPermission.UPDATE_REPOSITORY));
assertPermissions(() -> softwareModuleManagement.createMetaData(
List.of(entityFactory.softwareModuleMetadata().create(1L).key("key").value("value"))), List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteMetaDataPermissionsCheck() {
assertPermissions(() -> {
softwareModuleManagement.deleteMetaData(1L, "key");
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByAssignedToPermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findByAssignedTo(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByAssignedToPermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.countByAssignedTo(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTextAndTypePermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findByTextAndType(PAGE, "text", 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
void getByNameAndVersionAndTypePermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.getByNameAndVersionAndType("name", "version", 1L),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getMetaDataBySoftwareModuleIdPermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.getMetaDataBySoftwareModuleId(1L, "key"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataBySoftwareModuleIdPermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleId(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countMetaDataBySoftwareModuleIdPermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.countMetaDataBySoftwareModuleId(1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataBySoftwareModuleIdAndTargetVisiblePermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleIdAndTargetVisible(PAGE, 1L),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataByRsqlPermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findMetaDataByRsql(PAGE, 1L, "key==value"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTypePermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findByType(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void lockPermissionsCheck() {
assertPermissions(() -> {
softwareModuleManagement.lock(1L);
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unlockPermissionsCheck() {
assertPermissions(() -> {
softwareModuleManagement.unlock(1L);
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updateMetaDataPermissionsCheck() {
assertPermissions(
() -> softwareModuleManagement.updateMetaData(entityFactory.softwareModuleMetadata().update(1L, "key").value("value")),
List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataBySoftwareModuleIdsAndTargetVisiblePermissionsCheck() {
assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleIdsAndTargetVisible(List.of(1L)),
List.of(SpPermission.READ_REPOSITORY));
}
}

View File

@@ -0,0 +1,57 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.RepositoryManagement;
import org.eclipse.hawkbit.repository.builder.SoftwareModuleTypeCreate;
import org.eclipse.hawkbit.repository.builder.SoftwareModuleTypeUpdate;
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - SoftwareModuleTypeManagement")
@Story("SecurityTests SoftwareModuleTypeManagement")
public class SoftwareModuleTypeManagementSecurityTest
extends AbstractRepositoryManagementSecurityTest<SoftwareModuleType, SoftwareModuleTypeCreate, SoftwareModuleTypeUpdate> {
@Override
protected RepositoryManagement<SoftwareModuleType, SoftwareModuleTypeCreate, SoftwareModuleTypeUpdate> getRepositoryManagement() {
return softwareModuleTypeManagement;
}
@Override
protected SoftwareModuleTypeCreate getCreateObject() {
return entityFactory.softwareModuleType().create().key("key").name("name");
}
@Override
protected SoftwareModuleTypeUpdate getUpdateObject() {
return entityFactory.softwareModuleType().update(1L).description("description");
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByKeyPermissionsCheck() {
assertPermissions(() -> softwareModuleTypeManagement.getByKey("key"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNamePermissionsCheck() {
assertPermissions(() -> softwareModuleTypeManagement.getByName("name"), List.of(SpPermission.READ_REPOSITORY));
}
}

View File

@@ -0,0 +1,86 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@Slf4j
@Feature("SecurityTests - SystemManagement")
@Story("SecurityTests SystemManagement")
public class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findTenantsPermissionWorks() {
assertPermissions(() -> systemManagement.findTenants(PAGE), List.of(SpPermission.SYSTEM_ADMIN));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteTenantPermissionsCheck() {
assertPermissions(() -> {
systemManagement.deleteTenant("tenant");
return null;
}, List.of(SpPermission.SYSTEM_ADMIN));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void forEachTenantTenantPermissionsCheck() {
assertPermissions(() -> {
systemManagement.forEachTenant(log::info);
return null;
}, List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getSystemUsageStatisticsWithTenantsPermissionsCheck() {
assertPermissions(() -> systemManagement.getSystemUsageStatisticsWithTenants(), List.of(SpPermission.SYSTEM_ADMIN));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getSystemUsageStatisticsPermissionsCheck() {
assertPermissions(() -> systemManagement.getSystemUsageStatistics(), List.of(SpPermission.SYSTEM_ADMIN));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getTenantMetadataPermissionsCheck() {
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.READ_TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getTenantMetadataByTenantPermissionsCheck() {
assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createTenantMetadataPermissionsCheck() {
assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updateTenantMetadataPermissionsCheck() {
assertPermissions(() -> systemManagement.updateTenantMetadata(1L), List.of(SpPermission.TENANT_CONFIGURATION));
}
}

View File

@@ -0,0 +1,146 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@Feature("SecurityTests - TargetFilterQueryManagement")
@Story("SecurityTests TargetFilterQueryManagement")
public class TargetFilterQueryManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createPermissionsCheck() {
assertPermissions(
() -> targetFilterQueryManagement.create(entityFactory.targetFilterQuery().create().name("name").query("controllerId==id")),
List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deletePermissionsCheck() {
assertPermissions(() -> {
targetFilterQueryManagement.delete(1L);
return null;
}, List.of(SpPermission.DELETE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void verifyTargetFilterQuerySyntaxPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.verifyTargetFilterQuerySyntax("controllerId==id"),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findAllPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.count(), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByAutoAssignDistributionSetIdPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.countByAutoAssignDistributionSetId(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByNamePermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findByName(PAGE, "filterName"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByNamePermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.countByName("filterName"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findByRsql(PAGE, "name==id"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByQueryPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findByQuery(PAGE, "controllerId==id"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByAutoAssignDistributionSetIdPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findByAutoAssignDistributionSetId(PAGE, 1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByAutoAssignDSAndRsqlPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findByAutoAssignDSAndRsql(PAGE, 1L, "rsqlParam"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findWithAutoAssignDSPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.findWithAutoAssignDS(PAGE), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getTargetFilterQueryByIdPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.get(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getTargetFilterQueryByNamePermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.getByName("filterName"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updatePermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.update(entityFactory.targetFilterQuery().update(1L)),
List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updateAutoAssignDSPermissionsCheck() {
assertPermissions(() -> targetFilterQueryManagement.updateAutoAssignDS(new AutoAssignDistributionSetUpdate(1L).weight(1)),
List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void cancelAutoAssignmentForDistributionSetPermissionsCheck() {
assertPermissions(() -> {
targetFilterQueryManagement.cancelAutoAssignmentForDistributionSet(1L);
return null;
}, List.of(SpPermission.UPDATE_TARGET));
}
}

View File

@@ -0,0 +1,439 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.FilterParams;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
import org.eclipse.hawkbit.repository.test.util.WithUser;
import org.junit.jupiter.api.Test;
@Slf4j
@Feature("SecurityTests - TargetManagement")
@Story("SecurityTests TargetManagement")
public class TargetManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByAssignedDistributionSetPermissionsCheck() {
assertPermissions(() -> targetManagement.countByAssignedDistributionSet(1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByFiltersPermissionsCheck() {
assertPermissions(() -> targetManagement.countByFilters(new FilterParams(null, null, null, null, null, null)),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByInstalledDistributionSetPermissionsCheck() {
assertPermissions(() -> targetManagement.countByInstalledDistributionSet(1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void existsByInstalledOrAssignedDistributionSetPermissionsCheck() {
assertPermissions(() -> targetManagement.existsByInstalledOrAssignedDistributionSet(1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRsqlPermissionsCheck() {
assertPermissions(() -> targetManagement.countByRsql("controllerId==id"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRsqlAndUpdatablePermissionsCheck() {
assertPermissions(() -> targetManagement.countByRsqlAndUpdatable("controllerId==id"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRsqlAndCompatiblePermissionsCheck() {
assertPermissions(() -> targetManagement.countByRsqlAndCompatible("controllerId==id", 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRsqlAndCompatibleAndUpdatablePermissionsCheck() {
assertPermissions(() -> targetManagement.countByRsqlAndCompatibleAndUpdatable("controllerId==id", 1L),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByFailedInRolloutPermissionsCheck() {
assertPermissions(() -> targetManagement.countByFailedInRollout("1", 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countPermissionsCheck() {
assertPermissions(() -> targetManagement.count(), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createPermissionsCheck() {
assertPermissions(() -> targetManagement.create(entityFactory.target().create().controllerId("controller").name("name")),
List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createCollectionPermissionsCheck() {
assertPermissions(() -> targetManagement.create(List.of(entityFactory.target().create().controllerId("controller").name("name"))),
List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deletePermissionsCheck() {
assertPermissions(() -> {
targetManagement.delete(List.of(1L));
return null;
}, List.of(SpPermission.DELETE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteByControllerIDPermissionsCheck() {
assertPermissions(() -> {
targetManagement.deleteByControllerID("controllerId");
return null;
}, List.of(SpPermission.DELETE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByTargetFilterQueryPermissionsCheck() {
assertPermissions(() -> targetManagement.countByTargetFilterQuery(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatablePermissionsCheck() {
assertPermissions(() -> targetManagement.findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(PAGE, 1L, "controllerId==id"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRsqlAndNonDSAndCompatibleAndUpdatablePermissionsCheck() {
assertPermissions(() -> targetManagement.countByRsqlAndNonDSAndCompatibleAndUpdatable(1L, "controllerId==id"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatablePermissionsCheck() {
assertPermissions(
() -> targetManagement.findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatable(PAGE, List.of(1L),
"controllerId==id",
entityFactory.distributionSetType().create().build()), List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByActionsInRolloutGroupPermissionsCheck() {
assertPermissions(() -> targetManagement.countByActionsInRolloutGroup(1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatablePermissionsCheck() {
assertPermissions(() -> targetManagement.countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(List.of(1L), "controllerId==id",
entityFactory.distributionSetType().create().build()), List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByFailedRolloutAndNotInRolloutGroupsPermissionsCheck() {
assertPermissions(() -> targetManagement.findByFailedRolloutAndNotInRolloutGroups(PAGE, List.of(1L), "1"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByFailedRolloutAndNotInRolloutGroupsPermissionsCheck() {
assertPermissions(() -> targetManagement.countByFailedRolloutAndNotInRolloutGroups(List.of(1L), "1"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByInRolloutGroupWithoutActionPermissionsCheck() {
assertPermissions(() -> targetManagement.findByInRolloutGroupWithoutAction(PAGE, 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByAssignedDistributionSetPermissionsCheck() {
assertPermissions(() -> targetManagement.findByAssignedDistributionSet(PAGE, 1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByAssignedDistributionSetAndRsqlPermissionsCheck() {
assertPermissions(() -> targetManagement.findByAssignedDistributionSetAndRsql(PAGE, 1L, "controllerId==id"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByControllerCollectionIDPermissionsCheck() {
assertPermissions(() -> targetManagement.getByControllerID(List.of("controllerId")), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByControllerIDPermissionsCheck() {
assertPermissions(() -> targetManagement.getByControllerID("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByFiltersPermissionsCheck() {
assertPermissions(() -> targetManagement.findByFilters(PAGE, new FilterParams(null, null, null, null, null, null)),
List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByInstalledDistributionSetPermissionsCheck() {
assertPermissions(() -> targetManagement.findByInstalledDistributionSet(PAGE, 1L),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByInstalledDistributionSetAndRsqlPermissionsCheck() {
assertPermissions(() -> targetManagement.findByInstalledDistributionSetAndRsql(PAGE, 1L, "controllerId==id"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByUpdateStatusPermissionsCheck() {
assertPermissions(() -> targetManagement.findByUpdateStatus(PAGE, TargetUpdateStatus.IN_SYNC), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findAllPermissionsCheck() {
assertPermissions(() -> targetManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlPermissionsCheck() {
assertPermissions(() -> targetManagement.findByRsql(PAGE, "controllerId==id"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTargetFilterQueryPermissionsCheck() {
assertPermissions(() -> targetManagement.findByTargetFilterQuery(PAGE, 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByTagPermissionsCheck() {
assertPermissions(() -> targetManagement.findByTag(PAGE, 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlAndTagPermissionsCheck() {
assertPermissions(() -> targetManagement.findByRsqlAndTag(PAGE, "controllerId==id", 1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignTypePermissionsCheck() {
assertPermissions(() -> targetManagement.assignType(List.of("controllerId"), 1L), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unassignTypeByIdPermissionsCheck() {
assertPermissions(() -> targetManagement.unassignType("controllerId"), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignTagWithHandlerPermissionsCheck() {
assertPermissions(() -> targetManagement.assignTag(List.of("controllerId"), 1L, strings -> {}),
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignTagPermissionsCheck() {
assertPermissions(() -> targetManagement.assignTag(List.of("controllerId"), 1L),
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unassignTagPermissionsCheck() {
assertPermissions(() -> targetManagement.unassignTag(List.of("controllerId"), 1L), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unassignTagWithHandlerPermissionsCheck() {
assertPermissions(() -> targetManagement.unassignTag(List.of("controllerId"), 1L, strings -> {}),
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void unassignTypePermissionsCheck() {
assertPermissions(() -> targetManagement.unassignType(List.of("controllerId")), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignTypeByIdPermissionsCheck() {
assertPermissions(() -> targetManagement.assignType("controllerId", 1L), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updatePermissionsCheck() {
assertPermissions(() -> targetManagement.update(entityFactory.target().update("controllerId")), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getPermissionsCheck() {
assertPermissions(() -> targetManagement.get(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getCollectionPermissionsCheck() {
assertPermissions(() -> targetManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getControllerAttributesPermissionsCheck() {
assertPermissions(() -> targetManagement.getControllerAttributes("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void requestControllerAttributesPermissionsCheck() {
assertPermissions(() -> {
targetManagement.requestControllerAttributes("controllerId");
return null;
}, List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void isControllerAttributesRequestedPermissionsCheck() {
assertPermissions(() -> targetManagement.isControllerAttributesRequested("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByControllerAttributesRequestedPermissionsCheck() {
assertPermissions(() -> targetManagement.findByControllerAttributesRequested(PAGE), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void existsByControllerIdPermissionsCheck() {
assertPermissions(() -> targetManagement.existsByControllerId("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatablePermissionsCheck() {
assertPermissions(
() -> targetManagement.isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatable("controllerId", 1L, "controllerId==id"),
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getTagsByControllerIdPermissionsCheck() {
assertPermissions(() -> targetManagement.getTagsByControllerId("controllerId"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createMetaDataPermissionsCheck() {
assertPermissions(
() -> targetManagement.createMetaData("controllerId", List.of(entityFactory.generateTargetMetadata("key", "value"))),
List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteMetaDataPermissionsCheck() {
assertPermissions(() -> {
targetManagement.deleteMetaData("controllerId", "key");
return null;
}, List.of(SpPermission.UPDATE_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countMetaDataByControllerIdPermissionsCheck() {
assertPermissions(() -> targetManagement.countMetaDataByControllerId("controllerId"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataByControllerIdAndRsqlPermissionsCheck() {
assertPermissions(() -> targetManagement.findMetaDataByControllerIdAndRsql(PAGE, "controllerId", "controllerId==id"),
List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getMetaDataByControllerIdPermissionsCheck() {
assertPermissions(() -> targetManagement.getMetaDataByControllerId("controllerId", "key"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findMetaDataByControllerIdPermissionsCheck() {
assertPermissions(() -> targetManagement.findMetaDataByControllerId(PAGE, "controllerId"), List.of(SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
@WithUser(principal = "user", authorities = { SpPermission.UPDATE_REPOSITORY })
void updateMetadataPermissionsCheck() {
assertPermissions(() -> targetManagement.updateMetadata("controllerId", entityFactory.generateTargetMetadata("key", "value")),
List.of(SpPermission.UPDATE_REPOSITORY));
}
}

View File

@@ -0,0 +1,90 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@Slf4j
@Feature("SecurityTests - TargetTagManagement")
@Story("SecurityTests TargetTagManagement")
public class TargetTagManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countPermissionsCheck() {
assertPermissions(() -> targetTagManagement.count(), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createPermissionsCheck() {
assertPermissions(() -> targetTagManagement.create(entityFactory.tag().create().name("name")), List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createCollectionPermissionsCheck() {
assertPermissions(() -> targetTagManagement.create(List.of(entityFactory.tag().create().name("name"))),
List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deletePermissionsCheck() {
assertPermissions(() -> {
targetTagManagement.delete("tag");
return null;
}, List.of(SpPermission.DELETE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findAllPermissionsCheck() {
assertPermissions(() -> targetTagManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlPermissionsCheck() {
assertPermissions(() -> targetTagManagement.findByRsql(PAGE, "name==tag"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNamePermissionsCheck() {
assertPermissions(() -> targetTagManagement.getByName("tag"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getPermissionsCheck() {
assertPermissions(() -> targetTagManagement.get(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getCollectionPermissionsCheck() {
assertPermissions(() -> targetTagManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updatePermissionsCheck() {
assertPermissions(() -> targetTagManagement.update(entityFactory.tag().update(1L)), List.of(SpPermission.UPDATE_TARGET));
}
}

View File

@@ -0,0 +1,126 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.eclipse.hawkbit.repository.test.util.WithUser;
import org.junit.jupiter.api.Test;
@Slf4j
@Feature("SecurityTests - TargetTypeManagement")
@Story("SecurityTests TargetTypeManagement")
public class TargetTypeManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByKeyPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.getByKey("key"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getByNamePermissionsCheck() {
assertPermissions(() -> targetTypeManagement.getByName("name"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.count(), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void countByNamePermissionsCheck() {
assertPermissions(() -> targetTypeManagement.countByName("name"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.create(entityFactory.targetType().create().name("name")),
List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void createCollectionPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.create(List.of(entityFactory.targetType().create().name("name"))),
List.of(SpPermission.CREATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deletePermissionsCheck() {
assertPermissions(() -> {
targetTypeManagement.delete(1L);
return null;
}, List.of(SpPermission.DELETE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findAllPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByRsqlPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.findByRsql(PAGE, "name==tag"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void findByNamePermissionsCheck() {
assertPermissions(() -> targetTypeManagement.findByName(PAGE, "name"), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.get(1L), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getCollectionPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void updatePermissionsCheck() {
assertPermissions(() -> targetTypeManagement.update(entityFactory.targetType().update(1L)), List.of(SpPermission.UPDATE_TARGET));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void assignCompatibleDistributionSetTypesPermissionsCheck() {
assertPermissions(() -> targetTypeManagement.assignCompatibleDistributionSetTypes(1L, List.of(1L)),
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
@WithUser(principal = "user", authorities = { SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY })
void unassignDistributionSetTypePermissionsCheck() {
assertPermissions(() -> targetTypeManagement.unassignDistributionSetType(1L, 1L),
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
}
}

View File

@@ -0,0 +1,77 @@
/**
* Copyright (c) 2022 Bosch.IO GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.repository.jpa.management;
import java.util.List;
import java.util.Map;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
import org.junit.jupiter.api.Test;
@Slf4j
@Feature("SecurityTests - TargetManagement")
@Story("SecurityTests TargetManagement")
public class TenantConfigurationManagementSecurityTest extends AbstractJpaIntegrationTest {
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void addOrUpdateConfigurationPermissionsCheck() {
assertPermissions(() -> tenantConfigurationManagement.addOrUpdateConfiguration("authentication.header.enabled", true),
List.of(SpPermission.TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void addOrUpdateConfigurationWithMapPermissionsCheck() {
assertPermissions(() -> tenantConfigurationManagement.addOrUpdateConfiguration(Map.of("authentication.header.enabled", true)),
List.of(SpPermission.TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void deleteConfigurationPermissionsCheck() {
assertPermissions(() -> {
tenantConfigurationManagement.deleteConfiguration("authentication.header.enabled");
return null;
}, List.of(SpPermission.TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getConfigurationValuePermissionsCheck() {
assertPermissions(() -> tenantConfigurationManagement.getConfigurationValue("authentication.header.enabled"),
List.of(SpPermission.READ_TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getConfigurationValueWithTypePermissionsCheck() {
assertPermissions(() -> tenantConfigurationManagement.getConfigurationValue("authentication.header.enabled", Boolean.class),
List.of(SpPermission.READ_TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void getGlobalConfigurationValuePermissionsCheck() {
assertPermissions(() -> tenantConfigurationManagement.getGlobalConfigurationValue("authentication.header.enabled", Boolean.class),
List.of(SpPermission.READ_TENANT_CONFIGURATION));
}
@Test
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
void pollStatusResolverPermissionsCheck() {
assertPermissions(() -> tenantConfigurationManagement.pollStatusResolver(), List.of(SpPermission.READ_TARGET));
}
}

View File

@@ -15,6 +15,9 @@ logging.level.org.eclipse.persistence=ERROR
spring.jpa.properties.eclipselink.logging.level=FINE
spring.jpa.properties.eclipselink.logging.level.sql=FINE
spring.jpa.properties.eclipselink.logging.parameters=true
#logging.level.org.springframework.security=TRACE
#logging.level.org.springframework.aop=TRACE
#spring.aop.proxy-target-class=true
#hibernate.generate_statistics=true
#logging.level.org.hibernate.SQL=TRACE