Added Security Tests for ManagementAPI @PreAuthorize methods (#2167)
Co-authored-by: vasilchev <vasil.ilchev@bosch.com>
This commit is contained in:
@@ -15,15 +15,21 @@ import java.lang.reflect.Array;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.Callable;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.StreamSupport;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import jakarta.persistence.PersistenceContext;
|
||||
|
||||
import io.qameta.allure.Step;
|
||||
import lombok.SneakyThrows;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
|
||||
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
|
||||
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
|
||||
import org.eclipse.hawkbit.repository.jpa.model.JpaRollout;
|
||||
@@ -58,6 +64,7 @@ import org.eclipse.hawkbit.repository.model.TargetTypeAssignmentResult;
|
||||
import org.eclipse.hawkbit.repository.test.TestConfiguration;
|
||||
import org.eclipse.hawkbit.repository.test.util.AbstractIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.test.util.RolloutTestApprovalStrategy;
|
||||
import org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch;
|
||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.orm.jpa.JpaProperties;
|
||||
@@ -69,6 +76,7 @@ import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.TestPropertySource;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
@Slf4j
|
||||
@ContextConfiguration(classes = {
|
||||
RepositoryApplicationConfiguration.class, TestConfiguration.class })
|
||||
@Import(TestChannelBinderConfiguration.class)
|
||||
@@ -79,6 +87,8 @@ public abstract class AbstractJpaIntegrationTest extends AbstractIntegrationTest
|
||||
protected static final String NOT_EXIST_ID = "12345678990";
|
||||
protected static final long NOT_EXIST_IDL = Long.parseLong(NOT_EXIST_ID);
|
||||
|
||||
protected static final List<String> REPOSITORY_AND_TARGET_PERMISSIONS = List.of(SpPermission.READ_REPOSITORY, SpPermission.CREATE_REPOSITORY, SpPermission.UPDATE_REPOSITORY, SpPermission.DELETE_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_TARGET, SpPermission.UPDATE_TARGET, SpPermission.DELETE_TARGET);
|
||||
|
||||
@PersistenceContext
|
||||
protected EntityManager entityManager;
|
||||
|
||||
@@ -231,6 +241,68 @@ public abstract class AbstractJpaIntegrationTest extends AbstractIntegrationTest
|
||||
assertThat(running.getTotalElements()).as("Action count").isEqualTo(count);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that the given callable throws an InsufficientPermissionException.
|
||||
* If callable succeeds without any exception or exception other than InsufficientPermissionException, it will be considered as an assert failure.
|
||||
*
|
||||
* @param callable the callable to call
|
||||
*/
|
||||
@SneakyThrows
|
||||
protected void assertPermissions(final Callable<?> callable, List<String> requiredPermissions) {
|
||||
final List<String> insufficiantPermissions = REPOSITORY_AND_TARGET_PERMISSIONS.stream()
|
||||
.filter(p -> !requiredPermissions.contains(p)).toList();
|
||||
// check if the user has the correct permissions
|
||||
SecurityContextSwitch.runAs(SecurityContextSwitch.withUser("user_with_permissions", requiredPermissions.toArray(new String[0])), () -> {
|
||||
assertPermissionWorks(callable);
|
||||
log.info("assertPermissionWorks Passed");
|
||||
return null;
|
||||
});
|
||||
|
||||
// check if the user has the insufficient permissions
|
||||
SecurityContextSwitch.runAs(SecurityContextSwitch.withUser("user_without_permissions", insufficiantPermissions.toArray(new String[0])), () -> {
|
||||
assertInsufficientPermission(callable);
|
||||
log.info("assertInsufficientPermission Passed");
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that the given callable throws an InsufficientPermissionException.
|
||||
* If callable succeeds without any exception or exception other than InsufficientPermissionException, it will be considered as an assert failure.
|
||||
*
|
||||
* @param callable the callable to call
|
||||
*/
|
||||
private void assertInsufficientPermission(final Callable<?> callable) {
|
||||
try {
|
||||
callable.call();
|
||||
throw new AssertionError(
|
||||
"Expected Exception 'InsufficientPermissionException' to be thrown, but request passed with no exception.");
|
||||
} catch (Exception ex) {
|
||||
assertThat(ex).isInstanceOf(InsufficientPermissionException.class);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that the given callable succeeds.
|
||||
*
|
||||
* Note: This method will assume that EntityNotFoundException is OK, as security tests use dummy (non-existing) IDs.
|
||||
* It matters to either callable succeeds without any exception or at most EntityNotFoundException.
|
||||
* All other cases will be considered as an error.
|
||||
*
|
||||
* @param callable the callable to call
|
||||
*/
|
||||
private void assertPermissionWorks(final Callable<?> callable) {
|
||||
try {
|
||||
callable.call();
|
||||
} catch (Throwable th) {
|
||||
if (th instanceof EntityNotFoundException) {
|
||||
log.info("Expected (at most) EntityNotFoundException catch: {}", th.getMessage());
|
||||
} else {
|
||||
throw new AssertionError("Expected no Exception (other then EntityNotFound) to be thrown, but got: " + th.getMessage(), th);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected void finishAction(final Action action) {
|
||||
controllerManagement
|
||||
.addUpdateActionStatus(entityFactory.actionStatus().create(action.getId()).status(Action.Status.FINISHED));
|
||||
|
||||
@@ -0,0 +1,111 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.RepositoryManagement;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
|
||||
public abstract class AbstractRepositoryManagementSecurityTest<T, C, U> extends AbstractJpaIntegrationTest {
|
||||
|
||||
/**
|
||||
* @return the repository management to test with
|
||||
*/
|
||||
protected abstract RepositoryManagement<T, C, U> getRepositoryManagement();
|
||||
|
||||
/**
|
||||
* @return the object to create
|
||||
*/
|
||||
protected abstract C getCreateObject();
|
||||
|
||||
/**
|
||||
* @return the object to update
|
||||
*/
|
||||
protected abstract U getUpdateObject();
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
void createCollectionPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().create(List.of(getCreateObject())), List.of(SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
void createPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().create(getCreateObject()), List.of(SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
void updatePermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().update(getUpdateObject()), List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
void deletePermissionCheck() {
|
||||
assertPermissions(() -> {
|
||||
getRepositoryManagement().delete(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void countPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().count(), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void deleteCollectionRepositoryManagement() {
|
||||
assertPermissions(() -> {
|
||||
getRepositoryManagement().delete(List.of(1L));
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void getPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().get(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void getCollectionPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().get(List.of(1L)), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void existsCollectionPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().exists(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void findAllPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().findAll(Pageable.ofSize(1)), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.")
|
||||
public void findByRsqlPermissionCheck() {
|
||||
assertPermissions(() -> getRepositoryManagement().findByRsql(Pageable.ofSize(1), "(name==*)"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,94 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - ArtifactManagement")
|
||||
@Story("SecurityTests ArtifactManagement")
|
||||
class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#count() method")
|
||||
@WithUser(principal = "user", authorities = { SpPermission.READ_REPOSITORY })
|
||||
void countPermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.count(), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#create() method")
|
||||
void createPermissionCheck() {
|
||||
ArtifactUpload artifactUpload = new ArtifactUpload(new ByteArrayInputStream("RandomString".getBytes()), 1L, "filename", false, 1024);
|
||||
assertPermissions(() -> artifactManagement.create(artifactUpload), List.of(SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#delete() method")
|
||||
void deletePermissionCheck() {
|
||||
assertPermissions(() -> {
|
||||
artifactManagement.delete(1);
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#get() method")
|
||||
void getPermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#getByFilenameAndSoftwareModule() method")
|
||||
void getByFilenameAndSoftwareModulePermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#findFirstBySHA1() method")
|
||||
void findFirstBySHA1PermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#getByFilename() method")
|
||||
void getByFilenamePermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#findBySoftwareModule() method")
|
||||
void findBySoftwareModulePermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.findBySoftwareModule(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#countBySoftwareModule() method")
|
||||
void countBySoftwareModulePermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.countBySoftwareModule(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ArtifactManagement#loadArtifactBinary() method")
|
||||
void loadArtifactBinaryPermissionCheck() {
|
||||
assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - ConfirmationManagement")
|
||||
@Story("SecurityTests ConfirmationManagement")
|
||||
class ConfirmationManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#findActiveActionsWaitingConfirmation() method")
|
||||
void findActiveActionsWaitingConfirmationPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.findActiveActionsWaitingConfirmation("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#activateAutoConfirmation() method")
|
||||
void activateAutoConfirmationPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.activateAutoConfirmation("controllerId", "initiator", "remark"),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#getStatus() method")
|
||||
void getStatusPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#autoConfirmActiveActions() method")
|
||||
void autoConfirmActiveActionsPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.autoConfirmActiveActions("controllerId"),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#confirmAction() method")
|
||||
void confirmActionPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.confirmAction(1L, null, null),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#denyAction() method")
|
||||
void denyActionPermissionsCheck() {
|
||||
assertPermissions(() -> confirmationManagement.denyAction(1L, null, null),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ConfirmationManagement#deactivateAutoConfirmation() method")
|
||||
void deactivateAutoConfirmationPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
confirmationManagement.deactivateAutoConfirmation("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,238 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
|
||||
@Feature("SecurityTests - ControllerManagement")
|
||||
@Story("SecurityTests ControllerManagement")
|
||||
class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#cancelActionStatus() method")
|
||||
void addCancelActionStatusPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.addCancelActionStatus(entityFactory.actionStatus().create(0L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getSoftwareModule() method")
|
||||
void getSoftwareModulePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findTargetVisibleMetaDataBySoftwareModuleId() method")
|
||||
void findTargetVisibleMetaDataBySoftwareModuleIdPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findTargetVisibleMetaDataBySoftwareModuleId(List.of(1L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#addInformationalActionStatus() method")
|
||||
void addInformationalActionStatusPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.addInformationalActionStatus(entityFactory.actionStatus().create(0L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#addUpdateActionStatus() method")
|
||||
void addUpdateActionStatusPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.addUpdateActionStatus(entityFactory.actionStatus().create(0L)),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findActiveActionWithHighestWeight() method")
|
||||
void findActiveActionWithHighestWeightPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActiveActionWithHighestWeight("controllerId"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findActiveActionsWithHighestWeight() method")
|
||||
void findActiveActionsWithHighestWeightPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActiveActionsWithHighestWeight("controllerId", 1),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findActionWithDetails() method")
|
||||
void findActionWithDetailsPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findActionStatusByAction() method")
|
||||
void findActionStatusByActionPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findActionStatusByAction(Pageable.unpaged(), 1L),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findOrRegisterTargetIfItDoesNotExist() method")
|
||||
void findOrRegisterTargetIfItDoesNotExistPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress")),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#findOrRegisterTargetIfItDoesNotExist() method")
|
||||
void findOrRegisterTargetIfItDoesNotExistWithDetailsPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress"), "name", "type"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getActionForDownloadByTargetAndSoftwareModule() method")
|
||||
void getActionForDownloadByTargetAndSoftwareModulePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getActionForDownloadByTargetAndSoftwareModule("controllerId", 1L),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getPollingTime() method")
|
||||
void getPollingTimePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getPollingTime(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getMinPollingTime() method")
|
||||
void getMinPollingTimePermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getMinPollingTime(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getMaxPollingTime() method")
|
||||
void getMaintenanceWindowPollCountPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getMaintenanceWindowPollCount(),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getPollingTimeForAction() method")
|
||||
void getPollingTimeForActionPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getPollingTimeForAction(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#hasTargetArtifactAssigned() method")
|
||||
void hasTargetArtifactAssignedPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned("controllerId", "sha1Hash"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#hasTargetArtifactAssigned() method")
|
||||
void hasTargetArtifactAssignedByIdPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned(1L, "sha1Hash"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#updateControllerAttributes() method")
|
||||
void updateControllerAttributesPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.updateControllerAttributes("controllerId", Map.of(), null),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getByControllerId() method")
|
||||
void getByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getByControllerId("controllerId"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#get() method")
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getActionHistoryMessages() method")
|
||||
void getActionHistoryMessagesPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getActionHistoryMessages(1L, 1),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#cancelAction() method")
|
||||
void cancelActionPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.cancelAction(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#updateActionExternalRef() method")
|
||||
void updateActionExternalRefPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
controllerManagement.updateActionExternalRef(1L, "externalRef");
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getActionByExternalRef() method")
|
||||
void getActionByExternalRefPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getActionByExternalRef("externalRef"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#deleteExistingTarget() method")
|
||||
void deleteExistingTargetPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
controllerManagement.deleteExistingTarget("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#getInstalledActionByTarget() method")
|
||||
void getInstalledActionByTargetPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.getInstalledActionByTarget("controllerId"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#activateAutoConfirmation() method")
|
||||
void activateAutoConfirmationPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.activateAutoConfirmation("controllerId", "initiator", "remark"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#deactivateAutoConfirmation() method")
|
||||
void deactivateAutoConfirmationPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
controllerManagement.deactivateAutoConfirmation("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ControllerManagement#updateOfflineAssignedVersion() method")
|
||||
void updateOfflineAssignedVersionPermissionsCheck() {
|
||||
assertPermissions(() -> controllerManagement.updateOfflineAssignedVersion("controllerId", "distributionName", "version"),
|
||||
List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,239 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.DeploymentRequest;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetInvalidation;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
|
||||
@Feature("SecurityTests - DeploymentManagement")
|
||||
@Story("SecurityTests DeploymentManagement")
|
||||
class DeploymentManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignDistributionSetsPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.assignDistributionSets(
|
||||
List.of(new DeploymentRequest("controllerId", 1L, Action.ActionType.SOFT, 1L, 1, "maintenanceSchedule",
|
||||
"maintenanceWindowDuration", "maintenanceWindowTimeZone", true))),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignDistributionSetsWithInitiatedByPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.assignDistributionSets("initiator",
|
||||
List.of(new DeploymentRequest("controllerId", 1L, Action.ActionType.SOFT, 1L, 1, "maintenanceSchedule",
|
||||
"maintenanceWindowDuration", "maintenanceWindowTimeZone", true)), "message"),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void offlineAssignedDistributionSetsPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.offlineAssignedDistributionSets(List.of()), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void offlineAssignedDistributionSetsWithInitiatedByPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.offlineAssignedDistributionSets(List.of(), "initiator"),
|
||||
List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void cancelActionPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.cancelAction(1L), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countActionsByTargetWithFilterPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.countActionsByTarget("rsqlParam", "controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countActionsByTargetPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.countActionsByTarget("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countActionsAllPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.countActionsAll(), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countActionsPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.countActions("id==1"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActionPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findAction(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
void findActionsAllPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActionsAll(Pageable.unpaged()), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActionsPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActions("id==1", Pageable.unpaged()), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActionsByTargetPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActionsByTarget("rsql==param", "controllerId", Pageable.unpaged()),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActionsByTargetWithControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActionsByTarget("controllerId", Pageable.unpaged()),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActionStatusByActionPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActionStatusByAction(Pageable.unpaged(), 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countActionStatusByActionPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.countActionStatusByAction(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMessagesByActionStatusIdPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findMessagesByActionStatusId(PAGE, 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActionWithDetailsPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActionWithDetails(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActiveActionsByTargetPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActiveActionsByTarget(Pageable.unpaged(), "controllerId"),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findInActiveActionsByTargetPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findInActiveActionsByTarget(Pageable.unpaged(), "controllerId"),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActiveActionsWithHighestWeightPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.findActiveActionsWithHighestWeight("controllerId", 1), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void forceQuitActionPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.forceQuitAction(1L), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void forceTargetActionPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.forceTargetAction(1L), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void cancelInactiveScheduledActionsForTargetsPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
deploymentManagement.cancelInactiveScheduledActionsForTargets(List.of(1L));
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void startScheduledActionsByRolloutGroupParentPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
deploymentManagement.startScheduledActionsByRolloutGroupParent(1L, 1L, 1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void startScheduledActionsPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
deploymentManagement.startScheduledActions(List.of());
|
||||
return null;
|
||||
}, List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getAssignedDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.getAssignedDistributionSet("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getInstalledDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.getInstalledDistributionSet("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteActionsByStatusAndLastModifiedBeforePermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.deleteActionsByStatusAndLastModifiedBefore(Set.of(Action.Status.CANCELED), 1L),
|
||||
List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void hasPendingCancellationsPermissionsCheck() {
|
||||
assertPermissions(() -> deploymentManagement.hasPendingCancellations(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void cancelActionsForDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
deploymentManagement.cancelActionsForDistributionSet(DistributionSetInvalidation.CancelationType.FORCE,
|
||||
entityFactory.distributionSet().create().build());
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,252 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.RepositoryManagement;
|
||||
import org.eclipse.hawkbit.repository.builder.DistributionSetCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.DistributionSetUpdate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetFilter;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - DistributionSetManagement")
|
||||
@Story("SecurityTests DistributionSetManagement")
|
||||
class DistributionSetManagementSecurityTest
|
||||
extends AbstractRepositoryManagementSecurityTest<DistributionSet, DistributionSetCreate, DistributionSetUpdate> {
|
||||
|
||||
@Override
|
||||
protected RepositoryManagement<DistributionSet, DistributionSetCreate, DistributionSetUpdate> getRepositoryManagement() {
|
||||
return distributionSetManagement;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected DistributionSetCreate getCreateObject() {
|
||||
return entityFactory.distributionSet().create().name("name").version("1.0.0").type("type");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected DistributionSetUpdate getUpdateObject() {
|
||||
return entityFactory.distributionSet().update(0L).name("a new name")
|
||||
.description("a new description").version("a new version").requiredMigrationStep(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
public void assignSoftwareModulesPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.assignSoftwareModules(1L, List.of(1L)), List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignTagPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.assignTag(List.of(1L), 1L),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests that the method throws InsufficientPermissionException when the user does not have the correct permission")
|
||||
void unassignTagPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.unassignTag(List.of(1L), 1L),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createMetaDataPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> distributionSetManagement.createMetaData(1L, List.of(entityFactory.generateTargetMetadata("key", "value"))),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteMetaDataPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
distributionSetManagement.deleteMetaData(1L, "key");
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void lockPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
distributionSetManagement.lock(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unlockPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
distributionSetManagement.unlock(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByActionPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getByAction(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getWithDetailsPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getWithDetails(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNameAndVersionPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getByNameAndVersion("name", "version"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getValidAndCompletePermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getValidAndComplete(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getValidPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getValid(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getOrElseThrowExceptionPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getOrElseThrowException(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataByDistributionSetIdPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.findMetaDataByDistributionSetId(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countMetaDataByDistributionSetIdPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countMetaDataByDistributionSetId(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataByDistributionSetIdAndRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.findMetaDataByDistributionSetIdAndRsql(PAGE, 1L, "rsql"),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByCompletedPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.findByCompleted(PAGE, true), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByCompletedPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countByCompleted(true), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByDistributionSetFilterPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.findByDistributionSetFilter(PAGE, DistributionSetFilter.builder().build()),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByDistributionSetFilterPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countByDistributionSetFilter(DistributionSetFilter.builder().build()),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTagPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.findByTag(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlAndTagPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.findByRsqlAndTag(PAGE, "rsql", 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getMetaDataByDistributionSetIdPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.getMetaDataByDistributionSetId(1L, "key"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void isInUsePermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.isInUse(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unassignSoftwareModulePermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.unassignSoftwareModule(1L, 1L), List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updateMetaDataPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.updateMetaData(1L, entityFactory.generateDsMetadata("key", "value")),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByTypeIdPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countByTypeId(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countRolloutsByStatusForDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countRolloutsByStatusForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countActionsByStatusForDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countActionsByStatusForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countAutoAssignmentsForDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetManagement.countAutoAssignmentsForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void invalidatePermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
distributionSetManagement.invalidate(entityFactory.distributionSet().create().name("name").version("1.0").type("type").build());
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.RepositoryManagement;
|
||||
import org.eclipse.hawkbit.repository.builder.TagCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.TagUpdate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetTag;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
|
||||
@Feature("SecurityTests - DistributionSetTagManagement")
|
||||
@Story("SecurityTests DistributionSetTagManagement")
|
||||
public class DistributionSetTagManagementSecurityTest
|
||||
extends AbstractRepositoryManagementSecurityTest<DistributionSetTag, TagCreate, TagUpdate> {
|
||||
|
||||
@Override
|
||||
protected RepositoryManagement<DistributionSetTag, TagCreate, TagUpdate> getRepositoryManagement() {
|
||||
return distributionSetTagManagement;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected TagCreate getCreateObject() {
|
||||
return entityFactory.tag().create().name("tag");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected TagUpdate getUpdateObject() {
|
||||
return entityFactory.tag().update(1L).name("tag");
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNameWitPermissionWorks() {
|
||||
assertPermissions(() -> distributionSetTagManagement.getByName("tagName"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetTagManagement.findByDistributionSet(Pageable.unpaged(), 1L),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteDistributionSetTagPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
distributionSetTagManagement.delete("tagName");
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_REPOSITORY));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,76 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.RepositoryManagement;
|
||||
import org.eclipse.hawkbit.repository.builder.DistributionSetTypeCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.DistributionSetTypeUpdate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSetType;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - DistributionSetTypeManagement")
|
||||
@Story("SecurityTests DistributionSetTypeManagement")
|
||||
public class DistributionSetTypeManagementSecurityTest
|
||||
extends AbstractRepositoryManagementSecurityTest<DistributionSetType, DistributionSetTypeCreate, DistributionSetTypeUpdate> {
|
||||
|
||||
@Override
|
||||
protected RepositoryManagement<DistributionSetType, DistributionSetTypeCreate, DistributionSetTypeUpdate> getRepositoryManagement() {
|
||||
return distributionSetTypeManagement;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected DistributionSetTypeCreate getCreateObject() {
|
||||
return entityFactory.distributionSetType().create().key("key").name("name");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected DistributionSetTypeUpdate getUpdateObject() {
|
||||
return entityFactory.distributionSetType().update(1L).description("description");
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByKeyPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetTypeManagement.getByKey("key"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNamePermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetTypeManagement.getByName("name"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignOptionalSoftwareModuleTypesPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetTypeManagement.assignOptionalSoftwareModuleTypes(1L, List.of(1L)),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignMandatorySoftwareModuleTypesPermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetTypeManagement.assignMandatorySoftwareModuleTypes(1L, List.of(1L)),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unassignSoftwareModuleTypePermissionsCheck() {
|
||||
assertPermissions(() -> distributionSetTypeManagement.unassignSoftwareModuleType(1L, 1L), List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,87 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - RolloutGroupManagement")
|
||||
@Story("SecurityTests RolloutGroupManagement")
|
||||
public class RolloutGroupManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.get(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.getWithDetailedStatus(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRolloutPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.countByRollout(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countTargetsOfRolloutsGroupPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.countTargetsOfRolloutsGroup(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRolloutPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findByRollout(1L, PAGE), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRolloutAndRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsql(1L, "name==*", PAGE), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findTargetsOfRolloutGroupPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findTargetsOfRolloutGroup(1L, PAGE),
|
||||
List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findTargetsOfRolloutGroupByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findTargetsOfRolloutGroupByRsql(PAGE, 1L, "name==*"),
|
||||
List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRolloutAndRsqlWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsqlWithDetailedStatus(1L, "name==*", PAGE),
|
||||
List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRolloutWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findByRolloutWithDetailedStatus(1L, PAGE), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,228 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import jakarta.validation.ConstraintDeclarationException;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.builder.DistributionSetCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.DistributionSetTypeCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.DynamicRolloutGroupTemplate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
import org.eclipse.hawkbit.repository.model.Rollout;
|
||||
import org.eclipse.hawkbit.repository.model.RolloutGroupConditionBuilder;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.data.domain.PageImpl;
|
||||
|
||||
@Slf4j
|
||||
@Feature("SecurityTests - RolloutManagement")
|
||||
@Story("SecurityTests RolloutManagement")
|
||||
public class RolloutManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.get(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNamePermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.getByName("name"), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.getWithDetailedStatus(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void approveOrDenyPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.approveOrDeny(1L, Rollout.ApprovalDecision.APPROVED), List.of(SpPermission.APPROVE_ROLLOUT));
|
||||
assertPermissions(() -> rolloutManagement.approveOrDeny(1L, Rollout.ApprovalDecision.APPROVED, "comment"),
|
||||
List.of(SpPermission.APPROVE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void pauseRolloutPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
rolloutManagement.pauseRollout(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.HANDLE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void resumeRolloutPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
rolloutManagement.resumeRollout(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.HANDLE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findActiveRolloutsPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.findActiveRollouts(), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void cancelRolloutsForDistributionSetPermissionsCheck() {
|
||||
final DistributionSetTypeCreate key = entityFactory.distributionSetType().create().name("type").key("type");
|
||||
distributionSetTypeManagement.create(key);
|
||||
final DistributionSetCreate dsCreate = entityFactory.distributionSet().create().name("name").version("1.0.0").type("type");
|
||||
final DistributionSet ds = distributionSetManagement.create(dsCreate);
|
||||
assertPermissions(() -> {
|
||||
rolloutManagement.cancelRolloutsForDistributionSet(ds);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_ROLLOUT, SpPermission.READ_REPOSITORY, SpPermission.CREATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.count(), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByDistributionSetIdAndRolloutIsStoppablePermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.countByDistributionSetIdAndRolloutIsStoppable(1L), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByFiltersPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.countByFilters("searchFilter"), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), 1, false,
|
||||
new RolloutGroupConditionBuilder().withDefaults().build()), List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY));
|
||||
assertPermissions(() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), 1, false,
|
||||
new RolloutGroupConditionBuilder().withDefaults().build(), DynamicRolloutGroupTemplate.builder().build()),
|
||||
List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY));
|
||||
assertPermissions(
|
||||
() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L),
|
||||
List.of(entityFactory.rolloutGroup().create()),
|
||||
new RolloutGroupConditionBuilder().withDefaults().build()),
|
||||
List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findAllPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.findAll(PAGE, false), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.findByRsql(PAGE, "id==1", false), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findAllWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.findAllWithDetailedStatus(PAGE, false), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByFiltersWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.findByFiltersWithDetailedStatus(PAGE, "searchFilter", false),
|
||||
List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void setRolloutStatusDetailsPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
rolloutManagement.setRolloutStatusDetails(new PageImpl<>(List.of(entityFactory.rollout().create().distributionSetId(1L).build())));
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_ROLLOUT, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void startPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.start(1L), List.of(SpPermission.HANDLE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updatePermissionsCheck() {
|
||||
assertPermissions(() -> rolloutManagement.update(entityFactory.rollout().update(1L)), List.of(SpPermission.UPDATE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deletePermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
rolloutManagement.delete(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void triggerNextGroupPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
rolloutManagement.triggerNextGroup(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
// @WithUser(principal = "user", authorities = { SpPermission.CREATE_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.READ_ROLLOUT,
|
||||
// SpPermission.READ_TARGET })
|
||||
void validateTargetsInGroupsPermissionsCheck() {
|
||||
try {
|
||||
assertPermissions(
|
||||
() -> rolloutManagement.validateTargetsInGroups(List.of(entityFactory.rolloutGroup().create()), "name==dummy", 1L, 1L),
|
||||
List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET));
|
||||
} catch (Error e) {
|
||||
if (e.getCause() instanceof ConstraintDeclarationException) {
|
||||
log.info("ConstraintDeclarationException thrown expected");
|
||||
} else {
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
@WithUser(principal = "user", authorities = { SpPermission.READ_ROLLOUT })
|
||||
void findByRolloutAndRsqlWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsqlWithDetailedStatus(1L, "name==*", PAGE),
|
||||
List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRolloutWithDetailedStatusPermissionsCheck() {
|
||||
assertPermissions(() -> rolloutGroupManagement.findByRolloutWithDetailedStatus(1L, PAGE), List.of(SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,158 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.RepositoryManagement;
|
||||
import org.eclipse.hawkbit.repository.builder.SoftwareModuleCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.SoftwareModuleUpdate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
|
||||
import org.eclipse.hawkbit.repository.model.SoftwareModule;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - SoftwareManagement")
|
||||
@Story("SecurityTests SoftwareManagement")
|
||||
public class SoftwareManagementSecurityTest
|
||||
extends AbstractRepositoryManagementSecurityTest<SoftwareModule, SoftwareModuleCreate, SoftwareModuleUpdate> {
|
||||
|
||||
@Override
|
||||
protected RepositoryManagement<SoftwareModule, SoftwareModuleCreate, SoftwareModuleUpdate> getRepositoryManagement() {
|
||||
return softwareModuleManagement;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SoftwareModuleCreate getCreateObject() {
|
||||
return entityFactory.softwareModule().create().name("name").version("version").type("type");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SoftwareModuleUpdate getUpdateObject() {
|
||||
return entityFactory.softwareModule().update(1L).locked(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createMetaDataPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> softwareModuleManagement.createMetaData(entityFactory.softwareModuleMetadata().create(1L).key("key").value("value")),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
assertPermissions(() -> softwareModuleManagement.createMetaData(
|
||||
List.of(entityFactory.softwareModuleMetadata().create(1L).key("key").value("value"))), List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteMetaDataPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
softwareModuleManagement.deleteMetaData(1L, "key");
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByAssignedToPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findByAssignedTo(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByAssignedToPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.countByAssignedTo(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTextAndTypePermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findByTextAndType(PAGE, "text", 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
void getByNameAndVersionAndTypePermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.getByNameAndVersionAndType("name", "version", 1L),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getMetaDataBySoftwareModuleIdPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.getMetaDataBySoftwareModuleId(1L, "key"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataBySoftwareModuleIdPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleId(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countMetaDataBySoftwareModuleIdPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.countMetaDataBySoftwareModuleId(1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataBySoftwareModuleIdAndTargetVisiblePermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleIdAndTargetVisible(PAGE, 1L),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findMetaDataByRsql(PAGE, 1L, "key==value"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTypePermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findByType(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void lockPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
softwareModuleManagement.lock(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unlockPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
softwareModuleManagement.unlock(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updateMetaDataPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> softwareModuleManagement.updateMetaData(entityFactory.softwareModuleMetadata().update(1L, "key").value("value")),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataBySoftwareModuleIdsAndTargetVisiblePermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleIdsAndTargetVisible(List.of(1L)),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.RepositoryManagement;
|
||||
import org.eclipse.hawkbit.repository.builder.SoftwareModuleTypeCreate;
|
||||
import org.eclipse.hawkbit.repository.builder.SoftwareModuleTypeUpdate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest;
|
||||
import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - SoftwareModuleTypeManagement")
|
||||
@Story("SecurityTests SoftwareModuleTypeManagement")
|
||||
public class SoftwareModuleTypeManagementSecurityTest
|
||||
extends AbstractRepositoryManagementSecurityTest<SoftwareModuleType, SoftwareModuleTypeCreate, SoftwareModuleTypeUpdate> {
|
||||
|
||||
@Override
|
||||
protected RepositoryManagement<SoftwareModuleType, SoftwareModuleTypeCreate, SoftwareModuleTypeUpdate> getRepositoryManagement() {
|
||||
return softwareModuleTypeManagement;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SoftwareModuleTypeCreate getCreateObject() {
|
||||
return entityFactory.softwareModuleType().create().key("key").name("name");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SoftwareModuleTypeUpdate getUpdateObject() {
|
||||
return entityFactory.softwareModuleType().update(1L).description("description");
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByKeyPermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleTypeManagement.getByKey("key"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNamePermissionsCheck() {
|
||||
assertPermissions(() -> softwareModuleTypeManagement.getByName("name"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,86 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Slf4j
|
||||
@Feature("SecurityTests - SystemManagement")
|
||||
@Story("SecurityTests SystemManagement")
|
||||
public class SystemManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findTenantsPermissionWorks() {
|
||||
assertPermissions(() -> systemManagement.findTenants(PAGE), List.of(SpPermission.SYSTEM_ADMIN));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteTenantPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
systemManagement.deleteTenant("tenant");
|
||||
return null;
|
||||
}, List.of(SpPermission.SYSTEM_ADMIN));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void forEachTenantTenantPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
systemManagement.forEachTenant(log::info);
|
||||
return null;
|
||||
}, List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getSystemUsageStatisticsWithTenantsPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.getSystemUsageStatisticsWithTenants(), List.of(SpPermission.SYSTEM_ADMIN));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getSystemUsageStatisticsPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.getSystemUsageStatistics(), List.of(SpPermission.SYSTEM_ADMIN));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getTenantMetadataPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.READ_TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getTenantMetadataByTenantPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createTenantMetadataPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updateTenantMetadataPermissionsCheck() {
|
||||
assertPermissions(() -> systemManagement.updateTenantMetadata(1L), List.of(SpPermission.TENANT_CONFIGURATION));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,146 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Feature("SecurityTests - TargetFilterQueryManagement")
|
||||
@Story("SecurityTests TargetFilterQueryManagement")
|
||||
public class TargetFilterQueryManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> targetFilterQueryManagement.create(entityFactory.targetFilterQuery().create().name("name").query("controllerId==id")),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deletePermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetFilterQueryManagement.delete(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void verifyTargetFilterQuerySyntaxPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.verifyTargetFilterQuerySyntax("controllerId==id"),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findAllPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.count(), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByAutoAssignDistributionSetIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.countByAutoAssignDistributionSetId(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findByName(PAGE, "filterName"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.countByName("filterName"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findByRsql(PAGE, "name==id"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByQueryPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findByQuery(PAGE, "controllerId==id"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByAutoAssignDistributionSetIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findByAutoAssignDistributionSetId(PAGE, 1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByAutoAssignDSAndRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findByAutoAssignDSAndRsql(PAGE, 1L, "rsqlParam"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findWithAutoAssignDSPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.findWithAutoAssignDS(PAGE), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getTargetFilterQueryByIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.get(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getTargetFilterQueryByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.getByName("filterName"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updatePermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.update(entityFactory.targetFilterQuery().update(1L)),
|
||||
List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updateAutoAssignDSPermissionsCheck() {
|
||||
assertPermissions(() -> targetFilterQueryManagement.updateAutoAssignDS(new AutoAssignDistributionSetUpdate(1L).weight(1)),
|
||||
List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void cancelAutoAssignmentForDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetFilterQueryManagement.cancelAutoAssignmentForDistributionSet(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,439 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.FilterParams;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Slf4j
|
||||
@Feature("SecurityTests - TargetManagement")
|
||||
@Story("SecurityTests TargetManagement")
|
||||
public class TargetManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByAssignedDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByAssignedDistributionSet(1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByFiltersPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByFilters(new FilterParams(null, null, null, null, null, null)),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByInstalledDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByInstalledDistributionSet(1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void existsByInstalledOrAssignedDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.existsByInstalledOrAssignedDistributionSet(1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByRsql("controllerId==id"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRsqlAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByRsqlAndUpdatable("controllerId==id"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRsqlAndCompatiblePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByRsqlAndCompatible("controllerId==id", 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRsqlAndCompatibleAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByRsqlAndCompatibleAndUpdatable("controllerId==id", 1L),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByFailedInRolloutPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByFailedInRollout("1", 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.count(), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.create(entityFactory.target().create().controllerId("controller").name("name")),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createCollectionPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.create(List.of(entityFactory.target().create().controllerId("controller").name("name"))),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deletePermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetManagement.delete(List.of(1L));
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteByControllerIDPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetManagement.deleteByControllerID("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByTargetFilterQueryPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByTargetFilterQuery(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(PAGE, 1L, "controllerId==id"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRsqlAndNonDSAndCompatibleAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByRsqlAndNonDSAndCompatibleAndUpdatable(1L, "controllerId==id"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> targetManagement.findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatable(PAGE, List.of(1L),
|
||||
"controllerId==id",
|
||||
entityFactory.distributionSetType().create().build()), List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByActionsInRolloutGroupPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByActionsInRolloutGroup(1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(List.of(1L), "controllerId==id",
|
||||
entityFactory.distributionSetType().create().build()), List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByFailedRolloutAndNotInRolloutGroupsPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByFailedRolloutAndNotInRolloutGroups(PAGE, List.of(1L), "1"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByFailedRolloutAndNotInRolloutGroupsPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countByFailedRolloutAndNotInRolloutGroups(List.of(1L), "1"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByInRolloutGroupWithoutActionPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByInRolloutGroupWithoutAction(PAGE, 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByAssignedDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByAssignedDistributionSet(PAGE, 1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByAssignedDistributionSetAndRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByAssignedDistributionSetAndRsql(PAGE, 1L, "controllerId==id"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByControllerCollectionIDPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.getByControllerID(List.of("controllerId")), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByControllerIDPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.getByControllerID("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByFiltersPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByFilters(PAGE, new FilterParams(null, null, null, null, null, null)),
|
||||
List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByInstalledDistributionSetPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByInstalledDistributionSet(PAGE, 1L),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByInstalledDistributionSetAndRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByInstalledDistributionSetAndRsql(PAGE, 1L, "controllerId==id"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByUpdateStatusPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByUpdateStatus(PAGE, TargetUpdateStatus.IN_SYNC), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findAllPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByRsql(PAGE, "controllerId==id"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTargetFilterQueryPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByTargetFilterQuery(PAGE, 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByTagPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByTag(PAGE, 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlAndTagPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByRsqlAndTag(PAGE, "controllerId==id", 1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignTypePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.assignType(List.of("controllerId"), 1L), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unassignTypeByIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.unassignType("controllerId"), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignTagWithHandlerPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.assignTag(List.of("controllerId"), 1L, strings -> {}),
|
||||
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignTagPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.assignTag(List.of("controllerId"), 1L),
|
||||
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unassignTagPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.unassignTag(List.of("controllerId"), 1L), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unassignTagWithHandlerPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.unassignTag(List.of("controllerId"), 1L, strings -> {}),
|
||||
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void unassignTypePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.unassignType(List.of("controllerId")), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignTypeByIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.assignType("controllerId", 1L), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updatePermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.update(entityFactory.target().update("controllerId")), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.get(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getCollectionPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getControllerAttributesPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.getControllerAttributes("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void requestControllerAttributesPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetManagement.requestControllerAttributes("controllerId");
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void isControllerAttributesRequestedPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.isControllerAttributesRequested("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByControllerAttributesRequestedPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findByControllerAttributesRequested(PAGE), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void existsByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.existsByControllerId("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatablePermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> targetManagement.isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatable("controllerId", 1L, "controllerId==id"),
|
||||
List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getTagsByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.getTagsByControllerId("controllerId"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createMetaDataPermissionsCheck() {
|
||||
assertPermissions(
|
||||
() -> targetManagement.createMetaData("controllerId", List.of(entityFactory.generateTargetMetadata("key", "value"))),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteMetaDataPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetManagement.deleteMetaData("controllerId", "key");
|
||||
return null;
|
||||
}, List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countMetaDataByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.countMetaDataByControllerId("controllerId"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataByControllerIdAndRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findMetaDataByControllerIdAndRsql(PAGE, "controllerId", "controllerId==id"),
|
||||
List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getMetaDataByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.getMetaDataByControllerId("controllerId", "key"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findMetaDataByControllerIdPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.findMetaDataByControllerId(PAGE, "controllerId"), List.of(SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
@WithUser(principal = "user", authorities = { SpPermission.UPDATE_REPOSITORY })
|
||||
void updateMetadataPermissionsCheck() {
|
||||
assertPermissions(() -> targetManagement.updateMetadata("controllerId", entityFactory.generateTargetMetadata("key", "value")),
|
||||
List.of(SpPermission.UPDATE_REPOSITORY));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,90 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Slf4j
|
||||
@Feature("SecurityTests - TargetTagManagement")
|
||||
@Story("SecurityTests TargetTagManagement")
|
||||
public class TargetTagManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.count(), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.create(entityFactory.tag().create().name("name")), List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createCollectionPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.create(List.of(entityFactory.tag().create().name("name"))),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deletePermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetTagManagement.delete("tag");
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findAllPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.findByRsql(PAGE, "name==tag"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.getByName("tag"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.get(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getCollectionPermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updatePermissionsCheck() {
|
||||
assertPermissions(() -> targetTagManagement.update(entityFactory.tag().update(1L)), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,126 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.eclipse.hawkbit.repository.test.util.WithUser;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Slf4j
|
||||
@Feature("SecurityTests - TargetTypeManagement")
|
||||
@Story("SecurityTests TargetTypeManagement")
|
||||
public class TargetTypeManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByKeyPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.getByKey("key"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.getByName("name"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.count(), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void countByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.countByName("name"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.create(entityFactory.targetType().create().name("name")),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void createCollectionPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.create(List.of(entityFactory.targetType().create().name("name"))),
|
||||
List.of(SpPermission.CREATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deletePermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
targetTypeManagement.delete(1L);
|
||||
return null;
|
||||
}, List.of(SpPermission.DELETE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findAllPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByRsqlPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.findByRsql(PAGE, "name==tag"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void findByNamePermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.findByName(PAGE, "name"), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.get(1L), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getCollectionPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void updatePermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.update(entityFactory.targetType().update(1L)), List.of(SpPermission.UPDATE_TARGET));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void assignCompatibleDistributionSetTypesPermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.assignCompatibleDistributionSetTypes(1L, List.of(1L)),
|
||||
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
@WithUser(principal = "user", authorities = { SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY })
|
||||
void unassignDistributionSetTypePermissionsCheck() {
|
||||
assertPermissions(() -> targetTypeManagement.unassignDistributionSetType(1L, 1L),
|
||||
List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,77 @@
|
||||
/**
|
||||
* Copyright (c) 2022 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.repository.jpa.management;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@Slf4j
|
||||
@Feature("SecurityTests - TargetManagement")
|
||||
@Story("SecurityTests TargetManagement")
|
||||
public class TenantConfigurationManagementSecurityTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void addOrUpdateConfigurationPermissionsCheck() {
|
||||
assertPermissions(() -> tenantConfigurationManagement.addOrUpdateConfiguration("authentication.header.enabled", true),
|
||||
List.of(SpPermission.TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void addOrUpdateConfigurationWithMapPermissionsCheck() {
|
||||
assertPermissions(() -> tenantConfigurationManagement.addOrUpdateConfiguration(Map.of("authentication.header.enabled", true)),
|
||||
List.of(SpPermission.TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void deleteConfigurationPermissionsCheck() {
|
||||
assertPermissions(() -> {
|
||||
tenantConfigurationManagement.deleteConfiguration("authentication.header.enabled");
|
||||
return null;
|
||||
}, List.of(SpPermission.TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getConfigurationValuePermissionsCheck() {
|
||||
assertPermissions(() -> tenantConfigurationManagement.getConfigurationValue("authentication.header.enabled"),
|
||||
List.of(SpPermission.READ_TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getConfigurationValueWithTypePermissionsCheck() {
|
||||
assertPermissions(() -> tenantConfigurationManagement.getConfigurationValue("authentication.header.enabled", Boolean.class),
|
||||
List.of(SpPermission.READ_TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void getGlobalConfigurationValuePermissionsCheck() {
|
||||
assertPermissions(() -> tenantConfigurationManagement.getGlobalConfigurationValue("authentication.header.enabled", Boolean.class),
|
||||
List.of(SpPermission.READ_TENANT_CONFIGURATION));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.")
|
||||
void pollStatusResolverPermissionsCheck() {
|
||||
assertPermissions(() -> tenantConfigurationManagement.pollStatusResolver(), List.of(SpPermission.READ_TARGET));
|
||||
}
|
||||
}
|
||||
@@ -15,6 +15,9 @@ logging.level.org.eclipse.persistence=ERROR
|
||||
spring.jpa.properties.eclipselink.logging.level=FINE
|
||||
spring.jpa.properties.eclipselink.logging.level.sql=FINE
|
||||
spring.jpa.properties.eclipselink.logging.parameters=true
|
||||
#logging.level.org.springframework.security=TRACE
|
||||
#logging.level.org.springframework.aop=TRACE
|
||||
#spring.aop.proxy-target-class=true
|
||||
|
||||
#hibernate.generate_statistics=true
|
||||
#logging.level.org.hibernate.SQL=TRACE
|
||||
|
||||
Reference in New Issue
Block a user