diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractJpaIntegrationTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractJpaIntegrationTest.java index 9a3341486..9b286d67e 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractJpaIntegrationTest.java +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractJpaIntegrationTest.java @@ -15,15 +15,21 @@ import java.lang.reflect.Array; import java.util.Collection; import java.util.List; import java.util.Set; +import java.util.concurrent.Callable; import java.util.stream.Collectors; import java.util.stream.StreamSupport; import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; +import io.qameta.allure.Step; +import lombok.SneakyThrows; +import lombok.extern.slf4j.Slf4j; import org.assertj.core.api.Assertions; import org.assertj.core.api.ThrowableAssert.ThrowingCallable; +import org.eclipse.hawkbit.im.authentication.SpPermission; import org.eclipse.hawkbit.repository.exception.EntityNotFoundException; +import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException; import org.eclipse.hawkbit.repository.jpa.model.JpaAction; import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet; import org.eclipse.hawkbit.repository.jpa.model.JpaRollout; @@ -58,6 +64,7 @@ import org.eclipse.hawkbit.repository.model.TargetTypeAssignmentResult; import org.eclipse.hawkbit.repository.test.TestConfiguration; import org.eclipse.hawkbit.repository.test.util.AbstractIntegrationTest; import org.eclipse.hawkbit.repository.test.util.RolloutTestApprovalStrategy; +import org.eclipse.hawkbit.repository.test.util.SecurityContextSwitch; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.orm.jpa.JpaProperties; @@ -69,6 +76,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.transaction.annotation.Transactional; +@Slf4j @ContextConfiguration(classes = { RepositoryApplicationConfiguration.class, TestConfiguration.class }) @Import(TestChannelBinderConfiguration.class) @@ -79,6 +87,8 @@ public abstract class AbstractJpaIntegrationTest extends AbstractIntegrationTest protected static final String NOT_EXIST_ID = "12345678990"; protected static final long NOT_EXIST_IDL = Long.parseLong(NOT_EXIST_ID); + protected static final List REPOSITORY_AND_TARGET_PERMISSIONS = List.of(SpPermission.READ_REPOSITORY, SpPermission.CREATE_REPOSITORY, SpPermission.UPDATE_REPOSITORY, SpPermission.DELETE_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_TARGET, SpPermission.UPDATE_TARGET, SpPermission.DELETE_TARGET); + @PersistenceContext protected EntityManager entityManager; @@ -231,6 +241,68 @@ public abstract class AbstractJpaIntegrationTest extends AbstractIntegrationTest assertThat(running.getTotalElements()).as("Action count").isEqualTo(count); } + /** + * Asserts that the given callable throws an InsufficientPermissionException. + * If callable succeeds without any exception or exception other than InsufficientPermissionException, it will be considered as an assert failure. + * + * @param callable the callable to call + */ + @SneakyThrows + protected void assertPermissions(final Callable callable, List requiredPermissions) { + final List insufficiantPermissions = REPOSITORY_AND_TARGET_PERMISSIONS.stream() + .filter(p -> !requiredPermissions.contains(p)).toList(); + // check if the user has the correct permissions + SecurityContextSwitch.runAs(SecurityContextSwitch.withUser("user_with_permissions", requiredPermissions.toArray(new String[0])), () -> { + assertPermissionWorks(callable); + log.info("assertPermissionWorks Passed"); + return null; + }); + + // check if the user has the insufficient permissions + SecurityContextSwitch.runAs(SecurityContextSwitch.withUser("user_without_permissions", insufficiantPermissions.toArray(new String[0])), () -> { + assertInsufficientPermission(callable); + log.info("assertInsufficientPermission Passed"); + return null; + }); + } + + /** + * Asserts that the given callable throws an InsufficientPermissionException. + * If callable succeeds without any exception or exception other than InsufficientPermissionException, it will be considered as an assert failure. + * + * @param callable the callable to call + */ + private void assertInsufficientPermission(final Callable callable) { + try { + callable.call(); + throw new AssertionError( + "Expected Exception 'InsufficientPermissionException' to be thrown, but request passed with no exception."); + } catch (Exception ex) { + assertThat(ex).isInstanceOf(InsufficientPermissionException.class); + } + } + + /** + * Asserts that the given callable succeeds. + * + * Note: This method will assume that EntityNotFoundException is OK, as security tests use dummy (non-existing) IDs. + * It matters to either callable succeeds without any exception or at most EntityNotFoundException. + * All other cases will be considered as an error. + * + * @param callable the callable to call + */ + private void assertPermissionWorks(final Callable callable) { + try { + callable.call(); + } catch (Throwable th) { + if (th instanceof EntityNotFoundException) { + log.info("Expected (at most) EntityNotFoundException catch: {}", th.getMessage()); + } else { + throw new AssertionError("Expected no Exception (other then EntityNotFound) to be thrown, but got: " + th.getMessage(), th); + } + } + } + protected void finishAction(final Action action) { controllerManagement .addUpdateActionStatus(entityFactory.actionStatus().create(action.getId()).status(Action.Status.FINISHED)); diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractRepositoryManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractRepositoryManagementSecurityTest.java new file mode 100644 index 000000000..cce3a1bf9 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/AbstractRepositoryManagementSecurityTest.java @@ -0,0 +1,111 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa; + +import java.util.List; + +import io.qameta.allure.Description; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.RepositoryManagement; +import org.eclipse.hawkbit.repository.test.util.WithUser; +import org.junit.jupiter.api.Test; +import org.springframework.data.domain.Pageable; + +public abstract class AbstractRepositoryManagementSecurityTest extends AbstractJpaIntegrationTest { + + /** + * @return the repository management to test with + */ + protected abstract RepositoryManagement getRepositoryManagement(); + + /** + * @return the object to create + */ + protected abstract C getCreateObject(); + + /** + * @return the object to update + */ + protected abstract U getUpdateObject(); + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + void createCollectionPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().create(List.of(getCreateObject())), List.of(SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + void createPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().create(getCreateObject()), List.of(SpPermission.CREATE_REPOSITORY, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + void updatePermissionCheck() { + assertPermissions(() -> getRepositoryManagement().update(getUpdateObject()), List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + void deletePermissionCheck() { + assertPermissions(() -> { + getRepositoryManagement().delete(1L); + return null; + }, List.of(SpPermission.DELETE_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void countPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().count(), List.of(SpPermission.READ_REPOSITORY)); + } + + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void deleteCollectionRepositoryManagement() { + assertPermissions(() -> { + getRepositoryManagement().delete(List.of(1L)); + return null; + }, List.of(SpPermission.DELETE_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void getPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().get(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void getCollectionPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().get(List.of(1L)), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void existsCollectionPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().exists(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void findAllPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().findAll(Pageable.ofSize(1)), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests RepositoryManagement PreAuthorized method with correct and insufficient permissions.") + public void findByRsqlPermissionCheck() { + assertPermissions(() -> getRepositoryManagement().findByRsql(Pageable.ofSize(1), "(name==*)"), List.of(SpPermission.READ_REPOSITORY)); + } + +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementSecurityTest.java new file mode 100644 index 000000000..a4c061e64 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ArtifactManagementSecurityTest.java @@ -0,0 +1,94 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.io.ByteArrayInputStream; +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.eclipse.hawkbit.repository.model.ArtifactUpload; +import org.eclipse.hawkbit.repository.test.util.WithUser; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - ArtifactManagement") +@Story("SecurityTests ArtifactManagement") +class ArtifactManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ArtifactManagement#count() method") + @WithUser(principal = "user", authorities = { SpPermission.READ_REPOSITORY }) + void countPermissionCheck() { + assertPermissions(() -> artifactManagement.count(), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#create() method") + void createPermissionCheck() { + ArtifactUpload artifactUpload = new ArtifactUpload(new ByteArrayInputStream("RandomString".getBytes()), 1L, "filename", false, 1024); + assertPermissions(() -> artifactManagement.create(artifactUpload), List.of(SpPermission.CREATE_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#delete() method") + void deletePermissionCheck() { + assertPermissions(() -> { + artifactManagement.delete(1); + return null; + }, List.of(SpPermission.DELETE_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#get() method") + void getPermissionCheck() { + assertPermissions(() -> artifactManagement.get(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#getByFilenameAndSoftwareModule() method") + void getByFilenameAndSoftwareModulePermissionCheck() { + assertPermissions(() -> artifactManagement.getByFilenameAndSoftwareModule("filename", 1L), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#findFirstBySHA1() method") + void findFirstBySHA1PermissionCheck() { + assertPermissions(() -> artifactManagement.findFirstBySHA1("sha1"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#getByFilename() method") + void getByFilenamePermissionCheck() { + assertPermissions(() -> artifactManagement.getByFilename("filename"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#findBySoftwareModule() method") + void findBySoftwareModulePermissionCheck() { + assertPermissions(() -> artifactManagement.findBySoftwareModule(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#countBySoftwareModule() method") + void countBySoftwareModulePermissionCheck() { + assertPermissions(() -> artifactManagement.countBySoftwareModule(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ArtifactManagement#loadArtifactBinary() method") + void loadArtifactBinaryPermissionCheck() { + assertPermissions(() -> artifactManagement.loadArtifactBinary("sha1", 1L, false), List.of(SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT)); + } + +} \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ConfirmationManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ConfirmationManagementSecurityTest.java new file mode 100644 index 000000000..cdddb9ef9 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ConfirmationManagementSecurityTest.java @@ -0,0 +1,74 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - ConfirmationManagement") +@Story("SecurityTests ConfirmationManagement") +class ConfirmationManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ConfirmationManagement#findActiveActionsWaitingConfirmation() method") + void findActiveActionsWaitingConfirmationPermissionsCheck() { + assertPermissions(() -> confirmationManagement.findActiveActionsWaitingConfirmation("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ConfirmationManagement#activateAutoConfirmation() method") + void activateAutoConfirmationPermissionsCheck() { + assertPermissions(() -> confirmationManagement.activateAutoConfirmation("controllerId", "initiator", "remark"), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ConfirmationManagement#getStatus() method") + void getStatusPermissionsCheck() { + assertPermissions(() -> confirmationManagement.getStatus("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ConfirmationManagement#autoConfirmActiveActions() method") + void autoConfirmActiveActionsPermissionsCheck() { + assertPermissions(() -> confirmationManagement.autoConfirmActiveActions("controllerId"), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ConfirmationManagement#confirmAction() method") + void confirmActionPermissionsCheck() { + assertPermissions(() -> confirmationManagement.confirmAction(1L, null, null), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ConfirmationManagement#denyAction() method") + void denyActionPermissionsCheck() { + assertPermissions(() -> confirmationManagement.denyAction(1L, null, null), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ConfirmationManagement#deactivateAutoConfirmation() method") + void deactivateAutoConfirmationPermissionsCheck() { + assertPermissions(() -> { + confirmationManagement.deactivateAutoConfirmation("controllerId"); + return null; + }, List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + +} \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ControllerManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ControllerManagementSecurityTest.java new file mode 100644 index 000000000..9bd9c58bc --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/ControllerManagementSecurityTest.java @@ -0,0 +1,238 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.net.URI; +import java.util.List; +import java.util.Map; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; +import org.springframework.data.domain.Pageable; + +@Feature("SecurityTests - ControllerManagement") +@Story("SecurityTests ControllerManagement") +class ControllerManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ControllerManagement#cancelActionStatus() method") + void addCancelActionStatusPermissionsCheck() { + assertPermissions(() -> controllerManagement.addCancelActionStatus(entityFactory.actionStatus().create(0L)), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getSoftwareModule() method") + void getSoftwareModulePermissionsCheck() { + assertPermissions(() -> controllerManagement.getSoftwareModule(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findTargetVisibleMetaDataBySoftwareModuleId() method") + void findTargetVisibleMetaDataBySoftwareModuleIdPermissionsCheck() { + assertPermissions(() -> controllerManagement.findTargetVisibleMetaDataBySoftwareModuleId(List.of(1L)), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#addInformationalActionStatus() method") + void addInformationalActionStatusPermissionsCheck() { + assertPermissions(() -> controllerManagement.addInformationalActionStatus(entityFactory.actionStatus().create(0L)), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#addUpdateActionStatus() method") + void addUpdateActionStatusPermissionsCheck() { + assertPermissions(() -> controllerManagement.addUpdateActionStatus(entityFactory.actionStatus().create(0L)), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findActiveActionWithHighestWeight() method") + void findActiveActionWithHighestWeightPermissionsCheck() { + assertPermissions(() -> controllerManagement.findActiveActionWithHighestWeight("controllerId"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findActiveActionsWithHighestWeight() method") + void findActiveActionsWithHighestWeightPermissionsCheck() { + assertPermissions(() -> controllerManagement.findActiveActionsWithHighestWeight("controllerId", 1), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findActionWithDetails() method") + void findActionWithDetailsPermissionsCheck() { + assertPermissions(() -> controllerManagement.findActionWithDetails(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findActionStatusByAction() method") + void findActionStatusByActionPermissionsCheck() { + assertPermissions(() -> controllerManagement.findActionStatusByAction(Pageable.unpaged(), 1L), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findOrRegisterTargetIfItDoesNotExist() method") + void findOrRegisterTargetIfItDoesNotExistPermissionsCheck() { + assertPermissions(() -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress")), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#findOrRegisterTargetIfItDoesNotExist() method") + void findOrRegisterTargetIfItDoesNotExistWithDetailsPermissionsCheck() { + assertPermissions( + () -> controllerManagement.findOrRegisterTargetIfItDoesNotExist("controllerId", URI.create("someaddress"), "name", "type"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getActionForDownloadByTargetAndSoftwareModule() method") + void getActionForDownloadByTargetAndSoftwareModulePermissionsCheck() { + assertPermissions(() -> controllerManagement.getActionForDownloadByTargetAndSoftwareModule("controllerId", 1L), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getPollingTime() method") + void getPollingTimePermissionsCheck() { + assertPermissions(() -> controllerManagement.getPollingTime(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getMinPollingTime() method") + void getMinPollingTimePermissionsCheck() { + assertPermissions(() -> controllerManagement.getMinPollingTime(), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getMaxPollingTime() method") + void getMaintenanceWindowPollCountPermissionsCheck() { + assertPermissions(() -> controllerManagement.getMaintenanceWindowPollCount(), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getPollingTimeForAction() method") + void getPollingTimeForActionPermissionsCheck() { + assertPermissions(() -> controllerManagement.getPollingTimeForAction(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#hasTargetArtifactAssigned() method") + void hasTargetArtifactAssignedPermissionsCheck() { + assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned("controllerId", "sha1Hash"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#hasTargetArtifactAssigned() method") + void hasTargetArtifactAssignedByIdPermissionsCheck() { + assertPermissions(() -> controllerManagement.hasTargetArtifactAssigned(1L, "sha1Hash"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#updateControllerAttributes() method") + void updateControllerAttributesPermissionsCheck() { + assertPermissions(() -> controllerManagement.updateControllerAttributes("controllerId", Map.of(), null), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getByControllerId() method") + void getByControllerIdPermissionsCheck() { + assertPermissions(() -> controllerManagement.getByControllerId("controllerId"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#get() method") + void getPermissionsCheck() { + assertPermissions(() -> controllerManagement.get(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getActionHistoryMessages() method") + void getActionHistoryMessagesPermissionsCheck() { + assertPermissions(() -> controllerManagement.getActionHistoryMessages(1L, 1), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#cancelAction() method") + void cancelActionPermissionsCheck() { + assertPermissions(() -> controllerManagement.cancelAction(1L), List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#updateActionExternalRef() method") + void updateActionExternalRefPermissionsCheck() { + assertPermissions(() -> { + controllerManagement.updateActionExternalRef(1L, "externalRef"); + return null; + }, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getActionByExternalRef() method") + void getActionByExternalRefPermissionsCheck() { + assertPermissions(() -> controllerManagement.getActionByExternalRef("externalRef"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#deleteExistingTarget() method") + void deleteExistingTargetPermissionsCheck() { + assertPermissions(() -> { + controllerManagement.deleteExistingTarget("controllerId"); + return null; + }, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#getInstalledActionByTarget() method") + void getInstalledActionByTargetPermissionsCheck() { + assertPermissions(() -> controllerManagement.getInstalledActionByTarget("controllerId"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#activateAutoConfirmation() method") + void activateAutoConfirmationPermissionsCheck() { + assertPermissions(() -> controllerManagement.activateAutoConfirmation("controllerId", "initiator", "remark"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#deactivateAutoConfirmation() method") + void deactivateAutoConfirmationPermissionsCheck() { + assertPermissions(() -> { + controllerManagement.deactivateAutoConfirmation("controllerId"); + return null; + }, List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + + @Test + @Description("Tests ControllerManagement#updateOfflineAssignedVersion() method") + void updateOfflineAssignedVersionPermissionsCheck() { + assertPermissions(() -> controllerManagement.updateOfflineAssignedVersion("controllerId", "distributionName", "version"), + List.of(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE)); + } + +} \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DeploymentManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DeploymentManagementSecurityTest.java new file mode 100644 index 000000000..37b53e3cf --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DeploymentManagementSecurityTest.java @@ -0,0 +1,239 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; +import java.util.Set; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.eclipse.hawkbit.repository.model.Action; +import org.eclipse.hawkbit.repository.model.DeploymentRequest; +import org.eclipse.hawkbit.repository.model.DistributionSetInvalidation; +import org.junit.jupiter.api.Test; +import org.springframework.data.domain.Pageable; + +@Feature("SecurityTests - DeploymentManagement") +@Story("SecurityTests DeploymentManagement") +class DeploymentManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignDistributionSetsPermissionsCheck() { + assertPermissions(() -> deploymentManagement.assignDistributionSets( + List.of(new DeploymentRequest("controllerId", 1L, Action.ActionType.SOFT, 1L, 1, "maintenanceSchedule", + "maintenanceWindowDuration", "maintenanceWindowTimeZone", true))), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignDistributionSetsWithInitiatedByPermissionsCheck() { + assertPermissions(() -> deploymentManagement.assignDistributionSets("initiator", + List.of(new DeploymentRequest("controllerId", 1L, Action.ActionType.SOFT, 1L, 1, "maintenanceSchedule", + "maintenanceWindowDuration", "maintenanceWindowTimeZone", true)), "message"), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void offlineAssignedDistributionSetsPermissionsCheck() { + assertPermissions(() -> deploymentManagement.offlineAssignedDistributionSets(List.of()), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void offlineAssignedDistributionSetsWithInitiatedByPermissionsCheck() { + assertPermissions(() -> deploymentManagement.offlineAssignedDistributionSets(List.of(), "initiator"), + List.of(SpPermission.READ_REPOSITORY, SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void cancelActionPermissionsCheck() { + assertPermissions(() -> deploymentManagement.cancelAction(1L), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countActionsByTargetWithFilterPermissionsCheck() { + assertPermissions(() -> deploymentManagement.countActionsByTarget("rsqlParam", "controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countActionsByTargetPermissionsCheck() { + assertPermissions(() -> deploymentManagement.countActionsByTarget("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countActionsAllPermissionsCheck() { + assertPermissions(() -> deploymentManagement.countActionsAll(), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countActionsPermissionsCheck() { + assertPermissions(() -> deploymentManagement.countActions("id==1"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActionPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findAction(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + void findActionsAllPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActionsAll(Pageable.unpaged()), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActionsPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActions("id==1", Pageable.unpaged()), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActionsByTargetPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActionsByTarget("rsql==param", "controllerId", Pageable.unpaged()), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActionsByTargetWithControllerIdPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActionsByTarget("controllerId", Pageable.unpaged()), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActionStatusByActionPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActionStatusByAction(Pageable.unpaged(), 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countActionStatusByActionPermissionsCheck() { + assertPermissions(() -> deploymentManagement.countActionStatusByAction(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMessagesByActionStatusIdPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findMessagesByActionStatusId(PAGE, 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActionWithDetailsPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActionWithDetails(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActiveActionsByTargetPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActiveActionsByTarget(Pageable.unpaged(), "controllerId"), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findInActiveActionsByTargetPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findInActiveActionsByTarget(Pageable.unpaged(), "controllerId"), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActiveActionsWithHighestWeightPermissionsCheck() { + assertPermissions(() -> deploymentManagement.findActiveActionsWithHighestWeight("controllerId", 1), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void forceQuitActionPermissionsCheck() { + assertPermissions(() -> deploymentManagement.forceQuitAction(1L), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void forceTargetActionPermissionsCheck() { + assertPermissions(() -> deploymentManagement.forceTargetAction(1L), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void cancelInactiveScheduledActionsForTargetsPermissionsCheck() { + assertPermissions(() -> { + deploymentManagement.cancelInactiveScheduledActionsForTargets(List.of(1L)); + return null; + }, List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void startScheduledActionsByRolloutGroupParentPermissionsCheck() { + assertPermissions(() -> { + deploymentManagement.startScheduledActionsByRolloutGroupParent(1L, 1L, 1L); + return null; + }, List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void startScheduledActionsPermissionsCheck() { + assertPermissions(() -> { + deploymentManagement.startScheduledActions(List.of()); + return null; + }, List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getAssignedDistributionSetPermissionsCheck() { + assertPermissions(() -> deploymentManagement.getAssignedDistributionSet("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getInstalledDistributionSetPermissionsCheck() { + assertPermissions(() -> deploymentManagement.getInstalledDistributionSet("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteActionsByStatusAndLastModifiedBeforePermissionsCheck() { + assertPermissions(() -> deploymentManagement.deleteActionsByStatusAndLastModifiedBefore(Set.of(Action.Status.CANCELED), 1L), + List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void hasPendingCancellationsPermissionsCheck() { + assertPermissions(() -> deploymentManagement.hasPendingCancellations(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void cancelActionsForDistributionSetPermissionsCheck() { + assertPermissions(() -> { + deploymentManagement.cancelActionsForDistributionSet(DistributionSetInvalidation.CancelationType.FORCE, + entityFactory.distributionSet().create().build()); + return null; + }, List.of(SpPermission.UPDATE_TARGET)); + } +} \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetManagementSecurityTest.java new file mode 100644 index 000000000..8dbede46e --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetManagementSecurityTest.java @@ -0,0 +1,252 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.RepositoryManagement; +import org.eclipse.hawkbit.repository.builder.DistributionSetCreate; +import org.eclipse.hawkbit.repository.builder.DistributionSetUpdate; +import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest; +import org.eclipse.hawkbit.repository.model.DistributionSet; +import org.eclipse.hawkbit.repository.model.DistributionSetFilter; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - DistributionSetManagement") +@Story("SecurityTests DistributionSetManagement") +class DistributionSetManagementSecurityTest + extends AbstractRepositoryManagementSecurityTest { + + @Override + protected RepositoryManagement getRepositoryManagement() { + return distributionSetManagement; + } + + @Override + protected DistributionSetCreate getCreateObject() { + return entityFactory.distributionSet().create().name("name").version("1.0.0").type("type"); + } + + @Override + protected DistributionSetUpdate getUpdateObject() { + return entityFactory.distributionSet().update(0L).name("a new name") + .description("a new description").version("a new version").requiredMigrationStep(true); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + public void assignSoftwareModulesPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.assignSoftwareModules(1L, List.of(1L)), List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignTagPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.assignTag(List.of(1L), 1L), + List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests that the method throws InsufficientPermissionException when the user does not have the correct permission") + void unassignTagPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.unassignTag(List.of(1L), 1L), + List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createMetaDataPermissionsCheck() { + assertPermissions( + () -> distributionSetManagement.createMetaData(1L, List.of(entityFactory.generateTargetMetadata("key", "value"))), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteMetaDataPermissionsCheck() { + assertPermissions(() -> { + distributionSetManagement.deleteMetaData(1L, "key"); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void lockPermissionsCheck() { + assertPermissions(() -> { + distributionSetManagement.lock(1L); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unlockPermissionsCheck() { + assertPermissions(() -> { + distributionSetManagement.unlock(1L); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByActionPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getByAction(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getWithDetailsPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getWithDetails(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNameAndVersionPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getByNameAndVersion("name", "version"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getValidAndCompletePermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getValidAndComplete(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getValidPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getValid(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getOrElseThrowExceptionPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getOrElseThrowException(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataByDistributionSetIdPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.findMetaDataByDistributionSetId(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countMetaDataByDistributionSetIdPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countMetaDataByDistributionSetId(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataByDistributionSetIdAndRsqlPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.findMetaDataByDistributionSetIdAndRsql(PAGE, 1L, "rsql"), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByCompletedPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.findByCompleted(PAGE, true), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByCompletedPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countByCompleted(true), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByDistributionSetFilterPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.findByDistributionSetFilter(PAGE, DistributionSetFilter.builder().build()), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByDistributionSetFilterPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countByDistributionSetFilter(DistributionSetFilter.builder().build()), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTagPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.findByTag(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlAndTagPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.findByRsqlAndTag(PAGE, "rsql", 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getMetaDataByDistributionSetIdPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.getMetaDataByDistributionSetId(1L, "key"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void isInUsePermissionsCheck() { + assertPermissions(() -> distributionSetManagement.isInUse(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unassignSoftwareModulePermissionsCheck() { + assertPermissions(() -> distributionSetManagement.unassignSoftwareModule(1L, 1L), List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updateMetaDataPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.updateMetaData(1L, entityFactory.generateDsMetadata("key", "value")), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByTypeIdPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countByTypeId(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countRolloutsByStatusForDistributionSetPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countRolloutsByStatusForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countActionsByStatusForDistributionSetPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countActionsByStatusForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countAutoAssignmentsForDistributionSetPermissionsCheck() { + assertPermissions(() -> distributionSetManagement.countAutoAssignmentsForDistributionSet(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void invalidatePermissionsCheck() { + assertPermissions(() -> { + distributionSetManagement.invalidate(entityFactory.distributionSet().create().name("name").version("1.0").type("type").build()); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY, SpPermission.READ_REPOSITORY)); + } +} \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetTagManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetTagManagementSecurityTest.java new file mode 100644 index 000000000..3f091179c --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetTagManagementSecurityTest.java @@ -0,0 +1,67 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.RepositoryManagement; +import org.eclipse.hawkbit.repository.builder.TagCreate; +import org.eclipse.hawkbit.repository.builder.TagUpdate; +import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest; +import org.eclipse.hawkbit.repository.model.DistributionSetTag; +import org.junit.jupiter.api.Test; +import org.springframework.data.domain.Pageable; + +@Feature("SecurityTests - DistributionSetTagManagement") +@Story("SecurityTests DistributionSetTagManagement") +public class DistributionSetTagManagementSecurityTest + extends AbstractRepositoryManagementSecurityTest { + + @Override + protected RepositoryManagement getRepositoryManagement() { + return distributionSetTagManagement; + } + + @Override + protected TagCreate getCreateObject() { + return entityFactory.tag().create().name("tag"); + } + + @Override + protected TagUpdate getUpdateObject() { + return entityFactory.tag().update(1L).name("tag"); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNameWitPermissionWorks() { + assertPermissions(() -> distributionSetTagManagement.getByName("tagName"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByDistributionSetPermissionsCheck() { + assertPermissions(() -> distributionSetTagManagement.findByDistributionSet(Pageable.unpaged(), 1L), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteDistributionSetTagPermissionsCheck() { + assertPermissions(() -> { + distributionSetTagManagement.delete("tagName"); + return null; + }, List.of(SpPermission.DELETE_REPOSITORY)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetTypeManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetTypeManagementSecurityTest.java new file mode 100644 index 000000000..d3d0596e9 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/DistributionSetTypeManagementSecurityTest.java @@ -0,0 +1,76 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.RepositoryManagement; +import org.eclipse.hawkbit.repository.builder.DistributionSetTypeCreate; +import org.eclipse.hawkbit.repository.builder.DistributionSetTypeUpdate; +import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest; +import org.eclipse.hawkbit.repository.model.DistributionSetType; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - DistributionSetTypeManagement") +@Story("SecurityTests DistributionSetTypeManagement") +public class DistributionSetTypeManagementSecurityTest + extends AbstractRepositoryManagementSecurityTest { + + @Override + protected RepositoryManagement getRepositoryManagement() { + return distributionSetTypeManagement; + } + + @Override + protected DistributionSetTypeCreate getCreateObject() { + return entityFactory.distributionSetType().create().key("key").name("name"); + } + + @Override + protected DistributionSetTypeUpdate getUpdateObject() { + return entityFactory.distributionSetType().update(1L).description("description"); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByKeyPermissionsCheck() { + assertPermissions(() -> distributionSetTypeManagement.getByKey("key"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNamePermissionsCheck() { + assertPermissions(() -> distributionSetTypeManagement.getByName("name"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignOptionalSoftwareModuleTypesPermissionsCheck() { + assertPermissions(() -> distributionSetTypeManagement.assignOptionalSoftwareModuleTypes(1L, List.of(1L)), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignMandatorySoftwareModuleTypesPermissionsCheck() { + assertPermissions(() -> distributionSetTypeManagement.assignMandatorySoftwareModuleTypes(1L, List.of(1L)), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unassignSoftwareModuleTypePermissionsCheck() { + assertPermissions(() -> distributionSetTypeManagement.unassignSoftwareModuleType(1L, 1L), List.of(SpPermission.UPDATE_REPOSITORY)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/RolloutGroupManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/RolloutGroupManagementSecurityTest.java new file mode 100644 index 000000000..9fe8e9e70 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/RolloutGroupManagementSecurityTest.java @@ -0,0 +1,87 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - RolloutGroupManagement") +@Story("SecurityTests RolloutGroupManagement") +public class RolloutGroupManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.get(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.getWithDetailedStatus(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRolloutPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.countByRollout(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countTargetsOfRolloutsGroupPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.countTargetsOfRolloutsGroup(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRolloutPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findByRollout(1L, PAGE), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRolloutAndRsqlPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsql(1L, "name==*", PAGE), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findTargetsOfRolloutGroupPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findTargetsOfRolloutGroup(1L, PAGE), + List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findTargetsOfRolloutGroupByRsqlPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findTargetsOfRolloutGroupByRsql(PAGE, 1L, "name==*"), + List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRolloutAndRsqlWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsqlWithDetailedStatus(1L, "name==*", PAGE), + List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRolloutWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findByRolloutWithDetailedStatus(1L, PAGE), List.of(SpPermission.READ_ROLLOUT)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/RolloutManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/RolloutManagementSecurityTest.java new file mode 100644 index 000000000..48677b9cd --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/RolloutManagementSecurityTest.java @@ -0,0 +1,228 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import jakarta.validation.ConstraintDeclarationException; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.builder.DistributionSetCreate; +import org.eclipse.hawkbit.repository.builder.DistributionSetTypeCreate; +import org.eclipse.hawkbit.repository.builder.DynamicRolloutGroupTemplate; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.eclipse.hawkbit.repository.model.DistributionSet; +import org.eclipse.hawkbit.repository.model.Rollout; +import org.eclipse.hawkbit.repository.model.RolloutGroupConditionBuilder; +import org.eclipse.hawkbit.repository.test.util.WithUser; +import org.junit.jupiter.api.Test; +import org.springframework.data.domain.PageImpl; + +@Slf4j +@Feature("SecurityTests - RolloutManagement") +@Story("SecurityTests RolloutManagement") +public class RolloutManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getPermissionsCheck() { + assertPermissions(() -> rolloutManagement.get(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNamePermissionsCheck() { + assertPermissions(() -> rolloutManagement.getByName("name"), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutManagement.getWithDetailedStatus(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void approveOrDenyPermissionsCheck() { + assertPermissions(() -> rolloutManagement.approveOrDeny(1L, Rollout.ApprovalDecision.APPROVED), List.of(SpPermission.APPROVE_ROLLOUT)); + assertPermissions(() -> rolloutManagement.approveOrDeny(1L, Rollout.ApprovalDecision.APPROVED, "comment"), + List.of(SpPermission.APPROVE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void pauseRolloutPermissionsCheck() { + assertPermissions(() -> { + rolloutManagement.pauseRollout(1L); + return null; + }, List.of(SpPermission.HANDLE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void resumeRolloutPermissionsCheck() { + assertPermissions(() -> { + rolloutManagement.resumeRollout(1L); + return null; + }, List.of(SpPermission.HANDLE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findActiveRolloutsPermissionsCheck() { + assertPermissions(() -> rolloutManagement.findActiveRollouts(), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void cancelRolloutsForDistributionSetPermissionsCheck() { + final DistributionSetTypeCreate key = entityFactory.distributionSetType().create().name("type").key("type"); + distributionSetTypeManagement.create(key); + final DistributionSetCreate dsCreate = entityFactory.distributionSet().create().name("name").version("1.0.0").type("type"); + final DistributionSet ds = distributionSetManagement.create(dsCreate); + assertPermissions(() -> { + rolloutManagement.cancelRolloutsForDistributionSet(ds); + return null; + }, List.of(SpPermission.UPDATE_ROLLOUT, SpPermission.READ_REPOSITORY, SpPermission.CREATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countPermissionsCheck() { + assertPermissions(() -> rolloutManagement.count(), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByDistributionSetIdAndRolloutIsStoppablePermissionsCheck() { + assertPermissions(() -> rolloutManagement.countByDistributionSetIdAndRolloutIsStoppable(1L), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByFiltersPermissionsCheck() { + assertPermissions(() -> rolloutManagement.countByFilters("searchFilter"), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createPermissionsCheck() { + assertPermissions(() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), 1, false, + new RolloutGroupConditionBuilder().withDefaults().build()), List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY)); + assertPermissions(() -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), 1, false, + new RolloutGroupConditionBuilder().withDefaults().build(), DynamicRolloutGroupTemplate.builder().build()), + List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY)); + assertPermissions( + () -> rolloutManagement.create(entityFactory.rollout().create().distributionSetId(1L), + List.of(entityFactory.rolloutGroup().create()), + new RolloutGroupConditionBuilder().withDefaults().build()), + List.of(SpPermission.CREATE_ROLLOUT, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findAllPermissionsCheck() { + assertPermissions(() -> rolloutManagement.findAll(PAGE, false), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlPermissionsCheck() { + assertPermissions(() -> rolloutManagement.findByRsql(PAGE, "id==1", false), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findAllWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutManagement.findAllWithDetailedStatus(PAGE, false), List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByFiltersWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutManagement.findByFiltersWithDetailedStatus(PAGE, "searchFilter", false), + List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void setRolloutStatusDetailsPermissionsCheck() { + assertPermissions(() -> { + rolloutManagement.setRolloutStatusDetails(new PageImpl<>(List.of(entityFactory.rollout().create().distributionSetId(1L).build()))); + return null; + }, List.of(SpPermission.UPDATE_ROLLOUT, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void startPermissionsCheck() { + assertPermissions(() -> rolloutManagement.start(1L), List.of(SpPermission.HANDLE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updatePermissionsCheck() { + assertPermissions(() -> rolloutManagement.update(entityFactory.rollout().update(1L)), List.of(SpPermission.UPDATE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deletePermissionsCheck() { + assertPermissions(() -> { + rolloutManagement.delete(1L); + return null; + }, List.of(SpPermission.DELETE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void triggerNextGroupPermissionsCheck() { + assertPermissions(() -> { + rolloutManagement.triggerNextGroup(1L); + return null; + }, List.of(SpPermission.UPDATE_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") +// @WithUser(principal = "user", authorities = { SpPermission.CREATE_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.READ_ROLLOUT, +// SpPermission.READ_TARGET }) + void validateTargetsInGroupsPermissionsCheck() { + try { + assertPermissions( + () -> rolloutManagement.validateTargetsInGroups(List.of(entityFactory.rolloutGroup().create()), "name==dummy", 1L, 1L), + List.of(SpPermission.READ_ROLLOUT, SpPermission.READ_TARGET)); + } catch (Error e) { + if (e.getCause() instanceof ConstraintDeclarationException) { + log.info("ConstraintDeclarationException thrown expected"); + } else { + throw e; + } + } + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + @WithUser(principal = "user", authorities = { SpPermission.READ_ROLLOUT }) + void findByRolloutAndRsqlWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findByRolloutAndRsqlWithDetailedStatus(1L, "name==*", PAGE), + List.of(SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRolloutWithDetailedStatusPermissionsCheck() { + assertPermissions(() -> rolloutGroupManagement.findByRolloutWithDetailedStatus(1L, PAGE), List.of(SpPermission.READ_ROLLOUT)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SoftwareManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SoftwareManagementSecurityTest.java new file mode 100644 index 000000000..be1ebf441 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SoftwareManagementSecurityTest.java @@ -0,0 +1,158 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.RepositoryManagement; +import org.eclipse.hawkbit.repository.builder.SoftwareModuleCreate; +import org.eclipse.hawkbit.repository.builder.SoftwareModuleUpdate; +import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest; +import org.eclipse.hawkbit.repository.model.SoftwareModule; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - SoftwareManagement") +@Story("SecurityTests SoftwareManagement") +public class SoftwareManagementSecurityTest + extends AbstractRepositoryManagementSecurityTest { + + @Override + protected RepositoryManagement getRepositoryManagement() { + return softwareModuleManagement; + } + + @Override + protected SoftwareModuleCreate getCreateObject() { + return entityFactory.softwareModule().create().name("name").version("version").type("type"); + } + + @Override + protected SoftwareModuleUpdate getUpdateObject() { + return entityFactory.softwareModule().update(1L).locked(true); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createMetaDataPermissionsCheck() { + assertPermissions( + () -> softwareModuleManagement.createMetaData(entityFactory.softwareModuleMetadata().create(1L).key("key").value("value")), + List.of(SpPermission.UPDATE_REPOSITORY)); + assertPermissions(() -> softwareModuleManagement.createMetaData( + List.of(entityFactory.softwareModuleMetadata().create(1L).key("key").value("value"))), List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteMetaDataPermissionsCheck() { + assertPermissions(() -> { + softwareModuleManagement.deleteMetaData(1L, "key"); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByAssignedToPermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findByAssignedTo(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByAssignedToPermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.countByAssignedTo(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTextAndTypePermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findByTextAndType(PAGE, "text", 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + void getByNameAndVersionAndTypePermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.getByNameAndVersionAndType("name", "version", 1L), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getMetaDataBySoftwareModuleIdPermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.getMetaDataBySoftwareModuleId(1L, "key"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataBySoftwareModuleIdPermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleId(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countMetaDataBySoftwareModuleIdPermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.countMetaDataBySoftwareModuleId(1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataBySoftwareModuleIdAndTargetVisiblePermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleIdAndTargetVisible(PAGE, 1L), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataByRsqlPermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findMetaDataByRsql(PAGE, 1L, "key==value"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTypePermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findByType(PAGE, 1L), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void lockPermissionsCheck() { + assertPermissions(() -> { + softwareModuleManagement.lock(1L); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unlockPermissionsCheck() { + assertPermissions(() -> { + softwareModuleManagement.unlock(1L); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updateMetaDataPermissionsCheck() { + assertPermissions( + () -> softwareModuleManagement.updateMetaData(entityFactory.softwareModuleMetadata().update(1L, "key").value("value")), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataBySoftwareModuleIdsAndTargetVisiblePermissionsCheck() { + assertPermissions(() -> softwareModuleManagement.findMetaDataBySoftwareModuleIdsAndTargetVisible(List.of(1L)), + List.of(SpPermission.READ_REPOSITORY)); + } + +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SoftwareModuleTypeManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SoftwareModuleTypeManagementSecurityTest.java new file mode 100644 index 000000000..101315269 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SoftwareModuleTypeManagementSecurityTest.java @@ -0,0 +1,57 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.RepositoryManagement; +import org.eclipse.hawkbit.repository.builder.SoftwareModuleTypeCreate; +import org.eclipse.hawkbit.repository.builder.SoftwareModuleTypeUpdate; +import org.eclipse.hawkbit.repository.jpa.AbstractRepositoryManagementSecurityTest; +import org.eclipse.hawkbit.repository.model.SoftwareModuleType; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - SoftwareModuleTypeManagement") +@Story("SecurityTests SoftwareModuleTypeManagement") +public class SoftwareModuleTypeManagementSecurityTest + extends AbstractRepositoryManagementSecurityTest { + + @Override + protected RepositoryManagement getRepositoryManagement() { + return softwareModuleTypeManagement; + } + + @Override + protected SoftwareModuleTypeCreate getCreateObject() { + return entityFactory.softwareModuleType().create().key("key").name("name"); + } + + @Override + protected SoftwareModuleTypeUpdate getUpdateObject() { + return entityFactory.softwareModuleType().update(1L).description("description"); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByKeyPermissionsCheck() { + assertPermissions(() -> softwareModuleTypeManagement.getByKey("key"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNamePermissionsCheck() { + assertPermissions(() -> softwareModuleTypeManagement.getByName("name"), List.of(SpPermission.READ_REPOSITORY)); + } + +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementSecurityTest.java new file mode 100644 index 000000000..8c4178ad4 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/SystemManagementSecurityTest.java @@ -0,0 +1,86 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; + +@Slf4j +@Feature("SecurityTests - SystemManagement") +@Story("SecurityTests SystemManagement") +public class SystemManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findTenantsPermissionWorks() { + assertPermissions(() -> systemManagement.findTenants(PAGE), List.of(SpPermission.SYSTEM_ADMIN)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteTenantPermissionsCheck() { + assertPermissions(() -> { + systemManagement.deleteTenant("tenant"); + return null; + }, List.of(SpPermission.SYSTEM_ADMIN)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void forEachTenantTenantPermissionsCheck() { + assertPermissions(() -> { + systemManagement.forEachTenant(log::info); + return null; + }, List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getSystemUsageStatisticsWithTenantsPermissionsCheck() { + assertPermissions(() -> systemManagement.getSystemUsageStatisticsWithTenants(), List.of(SpPermission.SYSTEM_ADMIN)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getSystemUsageStatisticsPermissionsCheck() { + assertPermissions(() -> systemManagement.getSystemUsageStatistics(), List.of(SpPermission.SYSTEM_ADMIN)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getTenantMetadataPermissionsCheck() { + assertPermissions(() -> systemManagement.getTenantMetadata(), List.of(SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.READ_TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getTenantMetadataByTenantPermissionsCheck() { + assertPermissions(() -> systemManagement.getTenantMetadata(1L), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createTenantMetadataPermissionsCheck() { + assertPermissions(() -> systemManagement.createTenantMetadata("tenant"), List.of(SpPermission.SpringEvalExpressions.SYSTEM_ROLE)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updateTenantMetadataPermissionsCheck() { + assertPermissions(() -> systemManagement.updateTenantMetadata(1L), List.of(SpPermission.TENANT_CONFIGURATION)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetFilterQueryManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetFilterQueryManagementSecurityTest.java new file mode 100644 index 000000000..79dd06140 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetFilterQueryManagementSecurityTest.java @@ -0,0 +1,146 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; + +@Feature("SecurityTests - TargetFilterQueryManagement") +@Story("SecurityTests TargetFilterQueryManagement") +public class TargetFilterQueryManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createPermissionsCheck() { + assertPermissions( + () -> targetFilterQueryManagement.create(entityFactory.targetFilterQuery().create().name("name").query("controllerId==id")), + List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deletePermissionsCheck() { + assertPermissions(() -> { + targetFilterQueryManagement.delete(1L); + return null; + }, List.of(SpPermission.DELETE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void verifyTargetFilterQuerySyntaxPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.verifyTargetFilterQuerySyntax("controllerId==id"), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findAllPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.count(), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByAutoAssignDistributionSetIdPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.countByAutoAssignDistributionSetId(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByNamePermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findByName(PAGE, "filterName"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByNamePermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.countByName("filterName"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findByRsql(PAGE, "name==id"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByQueryPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findByQuery(PAGE, "controllerId==id"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByAutoAssignDistributionSetIdPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findByAutoAssignDistributionSetId(PAGE, 1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByAutoAssignDSAndRsqlPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findByAutoAssignDSAndRsql(PAGE, 1L, "rsqlParam"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findWithAutoAssignDSPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.findWithAutoAssignDS(PAGE), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getTargetFilterQueryByIdPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.get(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getTargetFilterQueryByNamePermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.getByName("filterName"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updatePermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.update(entityFactory.targetFilterQuery().update(1L)), + List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updateAutoAssignDSPermissionsCheck() { + assertPermissions(() -> targetFilterQueryManagement.updateAutoAssignDS(new AutoAssignDistributionSetUpdate(1L).weight(1)), + List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void cancelAutoAssignmentForDistributionSetPermissionsCheck() { + assertPermissions(() -> { + targetFilterQueryManagement.cancelAutoAssignmentForDistributionSet(1L); + return null; + }, List.of(SpPermission.UPDATE_TARGET)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementSecurityTest.java new file mode 100644 index 000000000..a68bc0ca7 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetManagementSecurityTest.java @@ -0,0 +1,439 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.FilterParams; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.eclipse.hawkbit.repository.model.TargetUpdateStatus; +import org.eclipse.hawkbit.repository.test.util.WithUser; +import org.junit.jupiter.api.Test; + +@Slf4j +@Feature("SecurityTests - TargetManagement") +@Story("SecurityTests TargetManagement") +public class TargetManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByAssignedDistributionSetPermissionsCheck() { + assertPermissions(() -> targetManagement.countByAssignedDistributionSet(1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByFiltersPermissionsCheck() { + assertPermissions(() -> targetManagement.countByFilters(new FilterParams(null, null, null, null, null, null)), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByInstalledDistributionSetPermissionsCheck() { + assertPermissions(() -> targetManagement.countByInstalledDistributionSet(1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void existsByInstalledOrAssignedDistributionSetPermissionsCheck() { + assertPermissions(() -> targetManagement.existsByInstalledOrAssignedDistributionSet(1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRsqlPermissionsCheck() { + assertPermissions(() -> targetManagement.countByRsql("controllerId==id"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRsqlAndUpdatablePermissionsCheck() { + assertPermissions(() -> targetManagement.countByRsqlAndUpdatable("controllerId==id"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRsqlAndCompatiblePermissionsCheck() { + assertPermissions(() -> targetManagement.countByRsqlAndCompatible("controllerId==id", 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRsqlAndCompatibleAndUpdatablePermissionsCheck() { + assertPermissions(() -> targetManagement.countByRsqlAndCompatibleAndUpdatable("controllerId==id", 1L), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByFailedInRolloutPermissionsCheck() { + assertPermissions(() -> targetManagement.countByFailedInRollout("1", 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countPermissionsCheck() { + assertPermissions(() -> targetManagement.count(), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createPermissionsCheck() { + assertPermissions(() -> targetManagement.create(entityFactory.target().create().controllerId("controller").name("name")), + List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createCollectionPermissionsCheck() { + assertPermissions(() -> targetManagement.create(List.of(entityFactory.target().create().controllerId("controller").name("name"))), + List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deletePermissionsCheck() { + assertPermissions(() -> { + targetManagement.delete(List.of(1L)); + return null; + }, List.of(SpPermission.DELETE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteByControllerIDPermissionsCheck() { + assertPermissions(() -> { + targetManagement.deleteByControllerID("controllerId"); + return null; + }, List.of(SpPermission.DELETE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByTargetFilterQueryPermissionsCheck() { + assertPermissions(() -> targetManagement.countByTargetFilterQuery(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatablePermissionsCheck() { + assertPermissions(() -> targetManagement.findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(PAGE, 1L, "controllerId==id"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRsqlAndNonDSAndCompatibleAndUpdatablePermissionsCheck() { + assertPermissions(() -> targetManagement.countByRsqlAndNonDSAndCompatibleAndUpdatable(1L, "controllerId==id"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatablePermissionsCheck() { + assertPermissions( + () -> targetManagement.findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatable(PAGE, List.of(1L), + "controllerId==id", + entityFactory.distributionSetType().create().build()), List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByActionsInRolloutGroupPermissionsCheck() { + assertPermissions(() -> targetManagement.countByActionsInRolloutGroup(1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatablePermissionsCheck() { + assertPermissions(() -> targetManagement.countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(List.of(1L), "controllerId==id", + entityFactory.distributionSetType().create().build()), List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByFailedRolloutAndNotInRolloutGroupsPermissionsCheck() { + assertPermissions(() -> targetManagement.findByFailedRolloutAndNotInRolloutGroups(PAGE, List.of(1L), "1"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByFailedRolloutAndNotInRolloutGroupsPermissionsCheck() { + assertPermissions(() -> targetManagement.countByFailedRolloutAndNotInRolloutGroups(List.of(1L), "1"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_ROLLOUT)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByInRolloutGroupWithoutActionPermissionsCheck() { + assertPermissions(() -> targetManagement.findByInRolloutGroupWithoutAction(PAGE, 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByAssignedDistributionSetPermissionsCheck() { + assertPermissions(() -> targetManagement.findByAssignedDistributionSet(PAGE, 1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByAssignedDistributionSetAndRsqlPermissionsCheck() { + assertPermissions(() -> targetManagement.findByAssignedDistributionSetAndRsql(PAGE, 1L, "controllerId==id"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByControllerCollectionIDPermissionsCheck() { + assertPermissions(() -> targetManagement.getByControllerID(List.of("controllerId")), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByControllerIDPermissionsCheck() { + assertPermissions(() -> targetManagement.getByControllerID("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByFiltersPermissionsCheck() { + assertPermissions(() -> targetManagement.findByFilters(PAGE, new FilterParams(null, null, null, null, null, null)), + List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByInstalledDistributionSetPermissionsCheck() { + assertPermissions(() -> targetManagement.findByInstalledDistributionSet(PAGE, 1L), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByInstalledDistributionSetAndRsqlPermissionsCheck() { + assertPermissions(() -> targetManagement.findByInstalledDistributionSetAndRsql(PAGE, 1L, "controllerId==id"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByUpdateStatusPermissionsCheck() { + assertPermissions(() -> targetManagement.findByUpdateStatus(PAGE, TargetUpdateStatus.IN_SYNC), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findAllPermissionsCheck() { + assertPermissions(() -> targetManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlPermissionsCheck() { + assertPermissions(() -> targetManagement.findByRsql(PAGE, "controllerId==id"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTargetFilterQueryPermissionsCheck() { + assertPermissions(() -> targetManagement.findByTargetFilterQuery(PAGE, 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByTagPermissionsCheck() { + assertPermissions(() -> targetManagement.findByTag(PAGE, 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlAndTagPermissionsCheck() { + assertPermissions(() -> targetManagement.findByRsqlAndTag(PAGE, "controllerId==id", 1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignTypePermissionsCheck() { + assertPermissions(() -> targetManagement.assignType(List.of("controllerId"), 1L), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unassignTypeByIdPermissionsCheck() { + assertPermissions(() -> targetManagement.unassignType("controllerId"), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignTagWithHandlerPermissionsCheck() { + assertPermissions(() -> targetManagement.assignTag(List.of("controllerId"), 1L, strings -> {}), + List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignTagPermissionsCheck() { + assertPermissions(() -> targetManagement.assignTag(List.of("controllerId"), 1L), + List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unassignTagPermissionsCheck() { + assertPermissions(() -> targetManagement.unassignTag(List.of("controllerId"), 1L), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unassignTagWithHandlerPermissionsCheck() { + assertPermissions(() -> targetManagement.unassignTag(List.of("controllerId"), 1L, strings -> {}), + List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void unassignTypePermissionsCheck() { + assertPermissions(() -> targetManagement.unassignType(List.of("controllerId")), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignTypeByIdPermissionsCheck() { + assertPermissions(() -> targetManagement.assignType("controllerId", 1L), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updatePermissionsCheck() { + assertPermissions(() -> targetManagement.update(entityFactory.target().update("controllerId")), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getPermissionsCheck() { + assertPermissions(() -> targetManagement.get(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getCollectionPermissionsCheck() { + assertPermissions(() -> targetManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getControllerAttributesPermissionsCheck() { + assertPermissions(() -> targetManagement.getControllerAttributes("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void requestControllerAttributesPermissionsCheck() { + assertPermissions(() -> { + targetManagement.requestControllerAttributes("controllerId"); + return null; + }, List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void isControllerAttributesRequestedPermissionsCheck() { + assertPermissions(() -> targetManagement.isControllerAttributesRequested("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByControllerAttributesRequestedPermissionsCheck() { + assertPermissions(() -> targetManagement.findByControllerAttributesRequested(PAGE), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void existsByControllerIdPermissionsCheck() { + assertPermissions(() -> targetManagement.existsByControllerId("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatablePermissionsCheck() { + assertPermissions( + () -> targetManagement.isTargetMatchingQueryAndDSNotAssignedAndCompatibleAndUpdatable("controllerId", 1L, "controllerId==id"), + List.of(SpPermission.READ_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getTagsByControllerIdPermissionsCheck() { + assertPermissions(() -> targetManagement.getTagsByControllerId("controllerId"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createMetaDataPermissionsCheck() { + assertPermissions( + () -> targetManagement.createMetaData("controllerId", List.of(entityFactory.generateTargetMetadata("key", "value"))), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteMetaDataPermissionsCheck() { + assertPermissions(() -> { + targetManagement.deleteMetaData("controllerId", "key"); + return null; + }, List.of(SpPermission.UPDATE_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countMetaDataByControllerIdPermissionsCheck() { + assertPermissions(() -> targetManagement.countMetaDataByControllerId("controllerId"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataByControllerIdAndRsqlPermissionsCheck() { + assertPermissions(() -> targetManagement.findMetaDataByControllerIdAndRsql(PAGE, "controllerId", "controllerId==id"), + List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getMetaDataByControllerIdPermissionsCheck() { + assertPermissions(() -> targetManagement.getMetaDataByControllerId("controllerId", "key"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findMetaDataByControllerIdPermissionsCheck() { + assertPermissions(() -> targetManagement.findMetaDataByControllerId(PAGE, "controllerId"), List.of(SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + @WithUser(principal = "user", authorities = { SpPermission.UPDATE_REPOSITORY }) + void updateMetadataPermissionsCheck() { + assertPermissions(() -> targetManagement.updateMetadata("controllerId", entityFactory.generateTargetMetadata("key", "value")), + List.of(SpPermission.UPDATE_REPOSITORY)); + } + +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetTagManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetTagManagementSecurityTest.java new file mode 100644 index 000000000..6cc950594 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetTagManagementSecurityTest.java @@ -0,0 +1,90 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; + +@Slf4j +@Feature("SecurityTests - TargetTagManagement") +@Story("SecurityTests TargetTagManagement") +public class TargetTagManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countPermissionsCheck() { + assertPermissions(() -> targetTagManagement.count(), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createPermissionsCheck() { + assertPermissions(() -> targetTagManagement.create(entityFactory.tag().create().name("name")), List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createCollectionPermissionsCheck() { + assertPermissions(() -> targetTagManagement.create(List.of(entityFactory.tag().create().name("name"))), + List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deletePermissionsCheck() { + assertPermissions(() -> { + targetTagManagement.delete("tag"); + return null; + }, List.of(SpPermission.DELETE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findAllPermissionsCheck() { + assertPermissions(() -> targetTagManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlPermissionsCheck() { + assertPermissions(() -> targetTagManagement.findByRsql(PAGE, "name==tag"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNamePermissionsCheck() { + assertPermissions(() -> targetTagManagement.getByName("tag"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getPermissionsCheck() { + assertPermissions(() -> targetTagManagement.get(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getCollectionPermissionsCheck() { + assertPermissions(() -> targetTagManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updatePermissionsCheck() { + assertPermissions(() -> targetTagManagement.update(entityFactory.tag().update(1L)), List.of(SpPermission.UPDATE_TARGET)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetTypeManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetTypeManagementSecurityTest.java new file mode 100644 index 000000000..c43d43dfb --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TargetTypeManagementSecurityTest.java @@ -0,0 +1,126 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.eclipse.hawkbit.repository.test.util.WithUser; +import org.junit.jupiter.api.Test; + +@Slf4j +@Feature("SecurityTests - TargetTypeManagement") +@Story("SecurityTests TargetTypeManagement") +public class TargetTypeManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByKeyPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.getByKey("key"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getByNamePermissionsCheck() { + assertPermissions(() -> targetTypeManagement.getByName("name"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.count(), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void countByNamePermissionsCheck() { + assertPermissions(() -> targetTypeManagement.countByName("name"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.create(entityFactory.targetType().create().name("name")), + List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void createCollectionPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.create(List.of(entityFactory.targetType().create().name("name"))), + List.of(SpPermission.CREATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deletePermissionsCheck() { + assertPermissions(() -> { + targetTypeManagement.delete(1L); + return null; + }, List.of(SpPermission.DELETE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findAllPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.findAll(PAGE), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByRsqlPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.findByRsql(PAGE, "name==tag"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void findByNamePermissionsCheck() { + assertPermissions(() -> targetTypeManagement.findByName(PAGE, "name"), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.get(1L), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getCollectionPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.get(List.of(1L)), List.of(SpPermission.READ_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void updatePermissionsCheck() { + assertPermissions(() -> targetTypeManagement.update(entityFactory.targetType().update(1L)), List.of(SpPermission.UPDATE_TARGET)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void assignCompatibleDistributionSetTypesPermissionsCheck() { + assertPermissions(() -> targetTypeManagement.assignCompatibleDistributionSetTypes(1L, List.of(1L)), + List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + @WithUser(principal = "user", authorities = { SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY }) + void unassignDistributionSetTypePermissionsCheck() { + assertPermissions(() -> targetTypeManagement.unassignDistributionSetType(1L, 1L), + List.of(SpPermission.UPDATE_TARGET, SpPermission.READ_REPOSITORY)); + } + +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TenantConfigurationManagementSecurityTest.java b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TenantConfigurationManagementSecurityTest.java new file mode 100644 index 000000000..a2be35362 --- /dev/null +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/management/TenantConfigurationManagementSecurityTest.java @@ -0,0 +1,77 @@ +/** + * Copyright (c) 2022 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.repository.jpa.management; + +import java.util.List; +import java.util.Map; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.jpa.AbstractJpaIntegrationTest; +import org.junit.jupiter.api.Test; + +@Slf4j +@Feature("SecurityTests - TargetManagement") +@Story("SecurityTests TargetManagement") +public class TenantConfigurationManagementSecurityTest extends AbstractJpaIntegrationTest { + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void addOrUpdateConfigurationPermissionsCheck() { + assertPermissions(() -> tenantConfigurationManagement.addOrUpdateConfiguration("authentication.header.enabled", true), + List.of(SpPermission.TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void addOrUpdateConfigurationWithMapPermissionsCheck() { + assertPermissions(() -> tenantConfigurationManagement.addOrUpdateConfiguration(Map.of("authentication.header.enabled", true)), + List.of(SpPermission.TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void deleteConfigurationPermissionsCheck() { + assertPermissions(() -> { + tenantConfigurationManagement.deleteConfiguration("authentication.header.enabled"); + return null; + }, List.of(SpPermission.TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getConfigurationValuePermissionsCheck() { + assertPermissions(() -> tenantConfigurationManagement.getConfigurationValue("authentication.header.enabled"), + List.of(SpPermission.READ_TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getConfigurationValueWithTypePermissionsCheck() { + assertPermissions(() -> tenantConfigurationManagement.getConfigurationValue("authentication.header.enabled", Boolean.class), + List.of(SpPermission.READ_TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void getGlobalConfigurationValuePermissionsCheck() { + assertPermissions(() -> tenantConfigurationManagement.getGlobalConfigurationValue("authentication.header.enabled", Boolean.class), + List.of(SpPermission.READ_TENANT_CONFIGURATION)); + } + + @Test + @Description("Tests ManagementAPI PreAuthorized method with correct and insufficient permissions.") + void pollStatusResolverPermissionsCheck() { + assertPermissions(() -> tenantConfigurationManagement.pollStatusResolver(), List.of(SpPermission.READ_TARGET)); + } +} diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties b/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties index ab9117e80..d304609d7 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties @@ -15,6 +15,9 @@ logging.level.org.eclipse.persistence=ERROR spring.jpa.properties.eclipselink.logging.level=FINE spring.jpa.properties.eclipselink.logging.level.sql=FINE spring.jpa.properties.eclipselink.logging.parameters=true +#logging.level.org.springframework.security=TRACE +#logging.level.org.springframework.aop=TRACE +#spring.aop.proxy-target-class=true #hibernate.generate_statistics=true #logging.level.org.hibernate.SQL=TRACE