There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Commit b3ecf227 authored by harshit aggarwal's avatar harshit aggarwal
Browse files

Adding UT's

parent e6ff4201
Pipeline #9956 failed with stage
in 1 minute and 50 seconds
......@@ -181,7 +181,7 @@
<artifactId>springfox-swagger-ui</artifactId>
<version>${springfox-version}</version>
</dependency>
</dependencies>
</dependencies>
<build>
<plugins>
......
......@@ -59,32 +59,32 @@ public class AzureBootstrapConfig {
@Value("${azure.graph-api.version}")
private String graphApiVersion ;
private String appDevSpObjectId;
private String appDevSpId;
@Autowired
private SecretClient secretClient;
@PostConstruct
public void setAppDevSpObjectId() {
appDevSpObjectId = getKeyVaultSecret(secretClient,"app-dev-sp-object-id");
public void setAppDevSpId() {
appDevSpId = getKeyVaultSecret("app-dev-sp-id");
}
@Bean
@Named("APP_DEV_SP_TENANT_ID")
public String appDevSpTenantId(SecretClient kv) {
return getKeyVaultSecret(kv, "app-dev-sp-tenant-id");
public String appDevSpTenantId() {
return getKeyVaultSecret("app-dev-sp-tenant-id");
}
@Bean
@Named("APP_DEV_SP_USERNAME")
public String appDevSpUsername(SecretClient kv) {
return getKeyVaultSecret(kv, "app-dev-sp-username");
public String appDevSpUsername() {
return getKeyVaultSecret("app-dev-sp-username");
}
@Bean
@Named("APP_DEV_SP_PASSWORD")
public String appDevSpPassword(SecretClient kv) {
return getKeyVaultSecret(kv, "app-dev-sp-password");
public String appDevSpPassword() {
return getKeyVaultSecret("app-dev-sp-password");
}
@Bean
......@@ -137,18 +137,18 @@ public class AzureBootstrapConfig {
@Bean
@Named("COSMOS_ENDPOINT")
public String cosmosEndpoint(SecretClient kv) {
return getKeyVaultSecret(kv, "cosmos-endpoint");
public String cosmosEndpoint() {
return getKeyVaultSecret("cosmos-endpoint");
}
@Bean
@Named("COSMOS_KEY")
public String cosmosKey(SecretClient kv) {
return getKeyVaultSecret(kv, "cosmos-primary-key");
public String cosmosKey() {
return getKeyVaultSecret("cosmos-primary-key");
}
String getKeyVaultSecret(SecretClient kv, String secretName) {
KeyVaultSecret secret = kv.getSecret(secretName);
String getKeyVaultSecret(String secretName) {
KeyVaultSecret secret = secretClient.getSecret(secretName);
if (secret == null) {
throw new IllegalStateException(String.format("No secret found with name %s", secretName));
}
......
......@@ -244,26 +244,23 @@ public class EntitlementsAzure
String oid = authenticationContext.getOid();
String[] userTenantGroups = userInfoRepository.getTenantGroups(oid, headers.getPartitionId());
// String[] userTenantGroups;
// if(oid.equals(azureBootstrapConfig.getAppDevSpObjectId())) {
// try {
// Optional<TenantInfoDoc> result = groupInfoRepository.findTenantInfo(headers.getPartitionId());
// if(!result.isPresent()) {
// throw new AppException(HttpStatus.SC_NOT_FOUND, "tenant not found", "the tenant does not exist");
// }
// userTenantGroups = result.get().getGroups();
// }
// catch (AppException exception) {
// throw new AppException(exception.getError().getCode(), exception.getError().getReason(), exception.getError().getMessage());
// }
// }
// else {
// userTenantGroups = userInfoRepository.getTenantGroups(oid, headers.getPartitionId());
// }
String[] userTenantGroups;
if(oid.equals(azureBootstrapConfig.getAppDevSpId())) {
try {
Optional<TenantInfoDoc> result = groupInfoRepository.findTenantInfo(headers.getPartitionId());
if(!result.isPresent()) {
throw new AppException(HttpStatus.SC_NOT_FOUND, "tenant not found", String.format("Tenant with name %s does not exist", headers.getPartitionId()));
}
userTenantGroups = result.get().getGroups();
}
catch (AppException exception) {
throw new AppException(exception.getError().getCode(), exception.getError().getReason(), exception.getError().getMessage());
}
}
else {
userTenantGroups = userInfoRepository.getTenantGroups(oid, headers.getPartitionId());
}
List<GroupInfo> groupInfoList = new ArrayList();
......
......@@ -26,8 +26,10 @@ import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.opengroup.osdu.azure.entitlements.di.AzureBootstrapConfig;
import org.opengroup.osdu.azure.entitlements.dto.CreateGroupRequest;
import org.opengroup.osdu.azure.entitlements.graph.IGraphService;
import org.opengroup.osdu.azure.entitlements.model.TenantInfoDoc;
import org.opengroup.osdu.azure.entitlements.model.UserTenantItem;
import org.opengroup.osdu.azure.entitlements.repository.GroupInfoRepository;
import org.opengroup.osdu.azure.entitlements.model.UserInfoDoc;
......@@ -43,6 +45,8 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.Optional;
import static org.junit.Assert.assertEquals;
import static org.mockito.AdditionalMatchers.aryEq;
import static org.mockito.ArgumentMatchers.eq;
......@@ -72,6 +76,9 @@ public class EntitlementsAzureTests {
@Mock
private IGraphService graphService;
@Mock
private AzureBootstrapConfig azureBootstrapConfig;
@InjectMocks
private EntitlementsAzure sut;
......@@ -176,6 +183,50 @@ public class EntitlementsAzureTests {
assertEquals(groups.getGroup(TestUtils.getGroup()).getEmail(), String.format("%s@%s.%s", TestUtils.getGroup(), TestUtils.getTenantName(), TestUtils.getDomain()));
}
@Test
public void givenRootServicePrincipalInJwtButTenantNotPresent_whenGetGroups_thenError() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
when(groupInfoRepository.findTenantInfo(TestUtils.getTenantName())).thenReturn(Optional.empty());
when(azureBootstrapConfig.getAppDevSpId()).thenReturn(TestUtils.getOid());
//no email in header
when(dpsHeaders.getPartitionId()).thenReturn(TestUtils.getTenantName());
try {
sut.getGroups();
}
catch (AppException exception) {
assertEquals(exception.getError().getCode(), HttpStatus.SC_NOT_FOUND);
assertEquals(exception.getError().getReason(), "tenant not found");
assertEquals(exception.getError().getMessage(), String.format("Tenant with name %s does not exist", TestUtils.getTenantName()));
}
}
@Test
public void givenRootServicePrincipalInJwt_whenGetGroups_thenReturnGroups() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
TenantInfoDoc result = new TenantInfoDoc();
result.setGroups(new String[]{TestUtils.getGroup()});
when(groupInfoRepository.findTenantInfo(TestUtils.getTenantName())).thenReturn(Optional.of(result));
when(azureBootstrapConfig.getAppDevSpId()).thenReturn(TestUtils.getOid());
//no email in header
when(dpsHeaders.getPartitionId()).thenReturn(TestUtils.getTenantName());
Groups groups = sut.getGroups();
assertEquals(groups.getDesId(), TestUtils.getAppId());
assertEquals(groups.getGroups().size(), 1);
assertEquals(groups.getGroup(TestUtils.getGroup()).getName(), TestUtils.getGroup());
assertEquals(groups.getGroup(TestUtils.getGroup()).getEmail(), String.format("%s@%s.%s", TestUtils.getGroup(), TestUtils.getTenantName(), TestUtils.getDomain()));
}
@Test
public void givenMismatchUpnInHeaderAndJwt_whenCreateProfile_thenError() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
......
......@@ -16,54 +16,63 @@ package org.opengroup.osdu.azure.entitlements.di;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.doReturn;
public class AzureBootstrapConfigTest {
private AzureBootstrapConfig bootstrapConfig = new AzureBootstrapConfig(Mockito.mock(SecretClient.class));
private SecretClient kv = Mockito.mock(SecretClient.class);
@InjectMocks
private AzureBootstrapConfig bootstrapConfig;
@Mock
private SecretClient secretClient;
@Mock
private KeyVaultSecret keyVaultSecret;
@Before
public void initMocks(){
MockitoAnnotations.initMocks(this);
}
@Test(expected = IllegalStateException.class)
public void kvSecret_checksForNullResponse() {
// the null response is the default behavior, but its included here
// to be explicit
doReturn(null).when(kv).getSecret("secret-name");
bootstrapConfig.getKeyVaultSecret(kv, "secret-name");
// the null response is the default behavior, but its included here to be explicit
doReturn(null).when(secretClient).getSecret("secret-name");
bootstrapConfig.getKeyVaultSecret("secret-name");
}
@Test(expected = IllegalStateException.class)
public void kvSecret_checksForNullValueWithinResponse() {
KeyVaultSecret secret = Mockito.mock(KeyVaultSecret.class);
// the null response is the default behavior, but its included here
// to be explicit
doReturn(null).when(secret).getValue();
doReturn(secret).when(kv).getSecret("secret-name");
// the null response is the default behavior, but its included here to be explicit
doReturn(null).when(keyVaultSecret).getValue();
doReturn(keyVaultSecret).when(secretClient).getSecret("secret-name");
bootstrapConfig.getKeyVaultSecret(kv, "secret-name");
bootstrapConfig.getKeyVaultSecret("secret-name");
}
@Test
public void config_returnsCorrectSecret_cosmosKey() {
KeyVaultSecret secret = Mockito.mock(KeyVaultSecret.class);
doReturn("cosmos-key-secret").when(secret).getValue();
doReturn(secret).when(kv).getSecret("cosmos-primary-key");
doReturn("cosmos-key-secret").when(keyVaultSecret).getValue();
doReturn(keyVaultSecret).when(secretClient).getSecret("cosmos-primary-key");
String secretValue = bootstrapConfig.cosmosKey(kv);
String secretValue = bootstrapConfig.cosmosKey();
assertEquals("Secret value was incorrect", "cosmos-key-secret", secretValue);
}
@Test
public void config_returnsCorrectSecret_cosmosEndpoint() {
KeyVaultSecret secret = Mockito.mock(KeyVaultSecret.class);
doReturn("cosmos-endpoint-secret").when(secret).getValue();
doReturn(secret).when(kv).getSecret("cosmos-endpoint");
doReturn("cosmos-endpoint-secret").when(keyVaultSecret).getValue();
doReturn(keyVaultSecret).when(secretClient).getSecret("cosmos-endpoint");
String secretValue = bootstrapConfig.cosmosEndpoint(kv);
String secretValue = bootstrapConfig.cosmosEndpoint();
assertEquals("Secret value was incorrect", "cosmos-endpoint-secret", secretValue);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment