Merge branch 'anthos-int-test' into 'master'

Added int tests for Anthos

See merge request !215

devops/gcp/pipeline/override-stages.yml

@@ -8,10 +8,11 @@ osdu-gcp-test:
     REGISTER_BASE_URL: $OSDU_GCP_REGISTER_BASE_URL
 
 osdu-gcp-dev2-test:
-  variables:
-    ENVIRONMENT: $OSDU_GCP_ENVIRONMENT
-    REGISTER_BASE_URL: $OSDU_GCP_REGISTER_BASE_URL
+ variables:
+   ENVIRONMENT: $OSDU_GCP_ENVIRONMENT
+   REGISTER_BASE_URL: $OSDU_GCP_REGISTER_BASE_URL
 
-# FIXME when it is ready GONRG-5274
 osdu-gcp-anthos-test:
-  allow_failure: true
+  variables:
+    REGISTER_BASE_URL: $OSDU_GCP_REGISTER_BASE_URL
+    OSDU_GCP_VENDOR: anthos

pom.xml

@@ -148,7 +148,6 @@
 		<module>provider/notification-azure</module>
 		<module>provider/notification-ibm</module>
 		<module>provider/notification-aws</module>
-		<module>provider/notification-reference</module>
 	</modules>
 
 	<repositories>

provider/notification-gcp/README.md

@@ -115,55 +115,11 @@ cd provider/notification-gcp/ && mvn spring-boot:run -Dspring-boot.run.profiles=
 ```
 
 ## Testing
-Navigate to notification service's root folder and run all the tests:
 
-```bash
-# build + test + install core service code
-$ (cd notification-core/ && mvn clean install)
-```
-
-### Test the application
-
-After the service has started it should be accessible via a web browser by visiting [http://localhost:8080/api/notification/v1/swagger-ui.html](http://localhost:8080/swagger-ui.html). If the request does not fail, you can then run the integration tests.
-
-### Dependencies needed to run the integration tests 
-* Java 8
-* Maven
-* Values for the following environment variables in Config.java
-  
-| name | value | description | sensitive? | source |
-| ---  | ---   | ---         | ---        | ---    |
-| `DE_OPS_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already, also **Private key id** of this account must be set in Register service variable SUBSCRIBER_PRIVATE_KEY_ID  | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
-| `DE_ADMIN_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
-| `DE_EDITOR_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already  | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
-| `DE_NO_ACCESS_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
-| `ENVIRONMENT` | `dev` OR `local` OR `dev_gke`| Local for running locally with services url's predefined as http://localhost , Dev & Dev_Gke is configurable environment | no | - |
-| `HMAC_SECRET` | ex`7a786376626e` | String in hex , must match pattern ^[a-zA-Z0-9]{8,30}+$ & be in register variable SUBSCRIBER_SECRET | yes | - |
-| `REGISTER_BASE_URL` | `http://localhost:8081/api/register/v1` | Register service url | no | - |
-| `NOTIFICATION_BASE_URL` | `http://localhost:8080/api/notification/v1/` | Notification service url  | no | - |
-| `INTEGRATION_TEST_AUDIENCE` | `********` | Client application ID | yes | https://console.cloud.google.com/apis/credentials |
-| `CLIENT_TENANT` | ex `opendes` | Client tenant | no | - |
-| `OSDU_TENANT` | ex `osdu` | Osdu tenant | no | - |
-| `TOPIC_ID` | ex `records-changed` | PubSub topic id | no | https://console.cloud.google.com/cloudpubsub/topic |
-| `REGISTER_CUSTOM_PUSH_URL_HMAC` | ex `http://localhost:8081/api/register/v1/test/challenge/hmac-integration-test` | Register testing push url | no | - |
-
- **Entitlements configuration for integration accounts**
- 
-| DE_OPS_TESTER | DE_ADMIN_TESTER | DE_EDITOR_TESTER | DE_NO_ACCESS_TESTER | 
-| ---  | ---   | ---  | ---   |
-|notification.pubsub<br/>service.entitlements.user<br/>users<br/>users.datalake.ops</br>| service.entitlements.user<br/>users<br/>users.datalake.admins</br> | service.entitlements.user<br/>users<br/>users.datalake.editors</br> | service.entitlements.user<br/>users<br/>|
-
-Above variables should be configured in the release pipeline to run integration tests. You should also replace them with proper values if you wish to run tests locally.
-
-### Commands to run tests
-* Integration tests are refactored into two pieces: Core and Provider. Core contains business logic for tests and is a dependency for executing the tests from provider module. To build the core module, simply navigate to `notification-test-core` directory and run `mvn clean install`. This will build the core module
-* Next, to execute the integration tests, navigate to the provider module and execute `mvn test`
-```bash
-# (cd testing/notification-test-core/ && mvn clean install)
-# Note: this assumes that the environment variables for integration tests as outlined
-#       above are already exported in your environment.
-$ (cd testing/notification-test-gcp/ && mvn clean test)
-```
+#### Anthos:
+[Anthos Testing](docs/anthos/README.md)
+#### GCP:
+[Gcp Testing](docs/gcp/README.md)
 
 ## Tutorial
 

provider/notification-gcp/docs/anthos/README.md

@@ -43,6 +43,60 @@
 | OQMDRIVER | pubsub    | to activate **OQM** driver for **Google PubSub**        |
 | OQMDRIVER | rabbitmq  | to activate **OQM** driver for **Rabbit MQ**            |
 
+## Testing
+
+After the service has started it should be accessible via a web browser by visiting [http://localhost:8080/api/notification/v1/swagger-ui.html](http://localhost:8080/swagger-ui.html). If the request does not fail, you can then run the integration tests.
+
+### Dependencies needed to run the integration tests
+* Java 8
+* Maven
+* Values for the following environment variables in Config.java
+
+| name | value | description | sensitive? | source |
+| ---  | ---   | ---         | ---        | ---    |
+| `TEST_DE_OPS_OPENID_PROVIDER_CLIENT_ID` | `********` | Client Id for `DE_OPS_TESTER` | yes | -- |
+| `TEST_DE_OPS_OPENID_PROVIDER_CLIENT_SECRET` | `********` |  | Client secret for `DE_OPS_TESTER` | yes | -- |
+| `TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_ID` | `********` | Client Id for `DE_ADMIN_TESTER` | yes | -- |
+| `TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_SECRET` | `********` |  | Client secret for `DE_ADMIN_TESTER` | yes | -- |
+| `TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_ID` | `********` | Client Id for `DE_EDITOR_TESTER` | yes | -- |
+| `TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_SECRET` | `********` |  | Client secret for `DE_EDITOR_TESTER` | yes | -- |
+| `TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_ID` | `********` | Client Id for `DE_NO_ACCESS_TESTER` | yes | -- |
+| `TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_SECRET` | `********` |  | Client secret for `DE_NO_ACCESS_TESTER` | yes | -- |
+| `TEST_OPENID_PROVIDER_URL` | `https://keycloak.com/auth/realms/osdu` | OpenID provider url | yes | -- |
+| `ENVIRONMENT` | `dev` OR `local` OR `dev_gke`| Local for running locally with services url's predefined as http://localhost , Dev & Dev_Gke is configurable environment | no | - |
+| `HMAC_SECRET` | ex`7a786376626e` | String in hex , must match pattern ^[a-zA-Z0-9]{8,30}+$ & be in register variable SUBSCRIBER_SECRET | yes | - |
+| `REGISTER_BASE_URL` | `http://localhost:8081/api/register/v1` | Register service url | no | - |
+| `NOTIFICATION_BASE_URL` | `http://localhost:8080/api/notification/v1/` | Notification service url  | no | - |
+| `CLIENT_TENANT` | ex `opendes` | Client tenant | no | - |
+| `OSDU_TENANT` | ex `osdu` | osdu tenant | no | - |
+| `TOPIC_ID` | ex `records-changed` | PubSub topic id | no | https://console.cloud.google.com/cloudpubsub/topic |
+| `REGISTER_CUSTOM_PUSH_URL_HMAC` | ex `http://localhost:8081/api/register/v1/test/challenge/hmac-integration-test` | Register testing push url | no | - |
+
+**Entitlements configuration for integration accounts**
+
+| DE_OPS_TESTER | DE_ADMIN_TESTER | DE_EDITOR_TESTER | DE_NO_ACCESS_TESTER | 
+| ---  | ---   | ---  | ---   |
+|notification.pubsub<br/>service.entitlements.user<br/>users<br/>users.datalake.ops</br>| service.entitlements.user<br/>users<br/>users.datalake.admins</br> | service.entitlements.user<br/>users<br/>users.datalake.editors</br> | service.entitlements.user<br/>users<br/>|
+
+Above variables should be configured in the release pipeline to run integration tests. You should also replace them with proper values if you wish to run tests locally.
+
+### Commands to run tests
+* Integration tests are refactored into two pieces: Core and Provider. Core contains business logic for tests and is a dependency for executing the tests from provider module. To build the core module, simply navigate to `notification-test-core` directory and run `mvn clean install`. This will build the core module
+* Next, to execute the integration tests, navigate to the provider module and execute `mvn test`
+```bash
+# (cd testing/notification-test-core/ && mvn clean install)
+# Note: this assumes that the environment variables for integration tests as outlined
+#       above are already exported in your environment.
+$ (cd testing/notification-test-gcp/ && mvn clean test)
+```
+
+Navigate to notification service's root folder and run all the tests:
+
+```bash
+# build + test + install core service code
+$ (cd notification-core/ && mvn clean install)
+```
+
 ## Requirements for requests
 
 Record identifiers cannot contain a space character. At the same time, they may contain a % character, which, when
@@ -54,7 +108,7 @@ work-product-component--WellboreMarkerSet:3D%20Kirchhoff%20DepthMigration" (with
 you should url-encode it and request
 "osdu%3Awork-product-component--WellboreMarkerSet%3A3D%2520Kirchhoff%2520DepthMigration" instead.
 
-## Configuring mappers Datasources
+## Configuring mappers DataSources
 
 When using non-Google-Cloud-native technologies, property sets must be defined on the Partition service as part of
 PartitionInfo for each Tenant.
@@ -67,11 +121,11 @@ It can be overridden by:
 * through the Spring Boot property `oqm.rabbitmq.partition-properties-prefix`
 * environment variable `OQM_RABBITMQ_PARTITION_PROPERTIES_PREFIX``
 
-**Propertyset** (for two types of connection: messaging and admin operations):
+**PropertySet** (for two types of connection: messaging and admin operations):
 
 | Property | Description |
 | --- | --- |
-| oqm.rabbitmq.amqp.host | messaging hostnameorIP |
+| oqm.rabbitmq.amqp.host | messaging hostname orIP |
 | oqm.rabbitmq.amqp.port | - port |
 | oqm.rabbitmq.amqp.path | - path |
 | oqm.rabbitmq.amqp.username | - username |

provider/notification-gcp/docs/gcp/README.md

@@ -47,9 +47,61 @@ Also, the following IAM roles should be assigned to the service's Google service
 | Service Account Token Creator | To write yourself JWT for requesting neighbor microservices                   |
 | Pub/Sub Editor | To fetch available PubSub topics and subscriptions and be able to create them |
 
-## Pubsub configuration:
 
-At Pubsub should be created topic with name:
+## Testing
+
+After the service has started it should be accessible via a web browser by visiting [http://localhost:8080/api/notification/v1/swagger-ui.html](http://localhost:8080/swagger-ui.html). If the request does not fail, you can then run the integration tests.
+
+### Dependencies needed to run the integration tests
+* Java 8
+* Maven
+* Values for the following environment variables in Config.java
+
+| name | value | description | sensitive? | source |
+| ---  | ---   | ---         | ---        | ---    |
+| `DE_OPS_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already, also **Private key id** of this account must be set in Register service variable SUBSCRIBER_PRIVATE_KEY_ID  | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
+| `DE_ADMIN_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
+| `DE_EDITOR_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already  | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
+| `DE_NO_ACCESS_TESTER` | `*****` | Service account base64 encoded string for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
+| `ENVIRONMENT` | `dev` OR `local` OR `dev_gke`| Local for running locally with services url's predefined as http://localhost , Dev & Dev_Gke is configurable environment | no | - |
+| `HMAC_SECRET` | ex`7a786376626e` | String in hex , must match pattern ^[a-zA-Z0-9]{8,30}+$ & be in register variable SUBSCRIBER_SECRET | yes | - |
+| `REGISTER_BASE_URL` | `http://localhost:8081/api/register/v1` | Register service url | no | - |
+| `NOTIFICATION_BASE_URL` | `http://localhost:8080/api/notification/v1/` | Notification service url  | no | - |
+| `INTEGRATION_TEST_AUDIENCE` | `********` | Client application ID | yes | https://console.cloud.google.com/apis/credentials |
+| `CLIENT_TENANT` | ex `opendes` | Client tenant | no | - |
+| `OSDU_TENANT` | ex `osdu` | osdu tenant | no | - |
+| `TOPIC_ID` | ex `records-changed` | PubSub topic id | no | https://console.cloud.google.com/cloudpubsub/topic |
+| `REGISTER_CUSTOM_PUSH_URL_HMAC` | ex `http://localhost:8081/api/register/v1/test/challenge/hmac-integration-test` | Register testing push url | no | - |
+
+**Entitlements configuration for integration accounts**
+
+| DE_OPS_TESTER | DE_ADMIN_TESTER | DE_EDITOR_TESTER | DE_NO_ACCESS_TESTER | 
+| ---  | ---   | ---  | ---   |
+|notification.pubsub<br/>service.entitlements.user<br/>users<br/>users.datalake.ops</br>| service.entitlements.user<br/>users<br/>users.datalake.admins</br> | service.entitlements.user<br/>users<br/>users.datalake.editors</br> | service.entitlements.user<br/>users<br/>|
+
+Above variables should be configured in the release pipeline to run integration tests. You should also replace them with proper values if you wish to run tests locally.
+
+### Commands to run tests
+* Integration tests are refactored into two pieces: Core and Provider. Core contains business logic for tests and is a dependency for executing the tests from provider module. To build the core module, simply navigate to `notification-test-core` directory and run `mvn clean install`. This will build the core module
+* Next, to execute the integration tests, navigate to the provider module and execute `mvn test`
+* 
+```bash
+# (cd testing/notification-test-core/ && mvn clean install)
+# Note: this assumes that the environment variables for integration tests as outlined
+#       above are already exported in your environment.
+$ (cd testing/notification-test-gcp/ && mvn clean test)
+```
+
+Navigate to notification service's root folder and run all the tests:
+
+```bash
+# build + test + install core service code
+$ (cd notification-core/ && mvn clean install)
+```
+
+## PubSub configuration:
+
+At PubSub should be created topic with name:
 
 **name:** `register-subscriber-control`
 

provider/notification-gcp/src/main/java/org/opengroup/osdu/notification/provider/gcp/util/ServiceAccountJwtGcpClientImpl.java

@@ -32,7 +32,7 @@ public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient
 
     public String getIdToken(String tenantName) {
         log.info("Tenant name received for auth token is: {}", tenantName);
-        return tokenProvider.getIdToken();
+        return "Bearer " + tokenProvider.getIdToken();
     }
 }
 

provider/notification-gcp/src/main/resources/logback.xml

 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
-  <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
-  <property resource="application.properties" />
-  <logger name="org.opengroup.osdu" level="${LOG_LEVEL}"/>
-  <springProfile name="local">
-    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
-      <encoder>
-        <pattern>%yellow([%thread]) %highlight(| %-5level |) %green(%d) %cyan(| %logger{15} |) %highlight(%msg) %n</pattern>
-        <charset>utf8</charset>
-      </encoder>
-    </appender>
-    <root level="info">
-      <appender-ref ref="CONSOLE"/>
-    </root>
-  </springProfile>
+    <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
+    <property resource="application.properties" />
+    <logger name="org.opengroup.osdu" level="${LOG_LEVEL}"/>
+    <springProfile name="local">
+        <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+            <encoder>
+                <pattern>%yellow([%thread]) %highlight(| %-5level |) %green(%d) %cyan(| %logger{15} |) %highlight(%msg) %n</pattern>
+                <charset>utf8</charset>
+            </encoder>
+        </appender>
+        <root level="info">
+            <appender-ref ref="CONSOLE"/>
+        </root>
+    </springProfile>
 
-  <springProfile name="!local">
-    <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
-      <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
-        <layout class="ch.qos.logback.contrib.json.classic.JsonLayout">
-          <timestampFormat>yyyy-MM-dd HH:mm:ss.SSS</timestampFormat>
-          <timestampFormatTimezoneId>Etc/UTC</timestampFormatTimezoneId>
-          <appendLineSeparator>true</appendLineSeparator>
+    <springProfile name="!local">
+        <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+            <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                <layout class="ch.qos.logback.contrib.json.classic.JsonLayout">
+                    <timestampFormat>yyyy-MM-dd HH:mm:ss.SSS</timestampFormat>
+                    <timestampFormatTimezoneId>Etc/UTC</timestampFormatTimezoneId>
+                    <appendLineSeparator>true</appendLineSeparator>
 
-          <jsonFormatter class="org.opengroup.osdu.core.gcp.logging.formatter.GoogleJsonFormatter">
-            <prettyPrint>false</prettyPrint>
-          </jsonFormatter>
-        </layout>
-      </encoder>
-    </appender>
+                    <jsonFormatter class="org.opengroup.osdu.core.gcp.logging.formatter.GoogleJsonFormatter">
+                        <prettyPrint>false</prettyPrint>
+                    </jsonFormatter>
+                </layout>
+            </encoder>
+        </appender>
 
-    <root level="info">
-      <appender-ref ref="stdout"/>
-    </root>
-  </springProfile>
+        <root level="info">
+            <appender-ref ref="stdout"/>
+        </root>
+    </springProfile>
 
 </configuration>
\ No newline at end of file

testing/notification-test-anthos/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.opengroup.osdu</groupId>
+        <artifactId>os-notification-testing</artifactId>
+        <version>0.16.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>notification-test-anthos</artifactId>
+    <version>0.16.0-SNAPSHOT</version>
+    <name>notification-test-anthos</name>
+    <description>Integration tests Anthos for notification</description>
+    <packaging>jar</packaging>
+
+    <properties>
+        <java.version>8</java.version>
+        <maven.compiler.target>${java.version}</maven.compiler.target>
+        <maven.compiler.source>${java.version}</maven.compiler.source>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.opengroup.osdu.notification</groupId>
+            <artifactId>notification-test-core</artifactId>
+            <version>0.16.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opengroup.osdu</groupId>
+            <artifactId>os-core-common</artifactId>
+            <version>0.3.6</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.8</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opengroup.osdu</groupId>
+            <artifactId>core-test-lib-gcp</artifactId>
+            <version>0.0.2</version>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+        </dependency>
+        <dependency>
+            <groupId>com.nimbusds</groupId>
+            <artifactId>oauth2-oidc-sdk</artifactId>
+            <version>9.15</version>
+        </dependency>
+    </dependencies>
+
+</project>

testing/notification-test-anthos/src/test/java/org/opengroup/osdu/notification/api/TestPubSubEndpointGSA.java

+/*
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+package org.opengroup.osdu.notification.api;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import com.sun.jersey.api.client.ClientResponse;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.opengroup.osdu.notification.util.AnthosTestUtils;
+
+public class TestPubSubEndpointGSA extends PubsubEndpointGSATests {
+
+  private static final AnthosTestUtils gcpTestUtils = new AnthosTestUtils();
+
+
+  @BeforeClass
+  public static void classSetup() throws Exception {
+    PubsubEndpointGSATests.classSetup(gcpTestUtils.getOpsToken());
+  }
+
+  @AfterClass
+  public static void classTearDown() throws Exception {
+  }
+
+  @Before
+  @Override
+  public void setup() throws Exception {
+    this.testUtils = new AnthosTestUtils();
+  }
+
+  @After
+  @Override
+  public void tearDown() throws Exception {
+    this.testUtils = null;
+  }
+
+  @Override
+  @Test
+  public void should_return20X_when_usingCredentialsWithOpsPermission() throws Exception {
+    createResource();
+
+    try {
+      ClientResponse response = descriptor.run(getArg(), testUtils.getOpsToken());
+
+      assertEquals(error(response.getStatus() == 204 ? "" : response.getEntity(String.class)),
+          expectedOkResponseCode(), response.getStatus());
+      assertEquals("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH",
+          response.getHeaders().getFirst("Access-Control-Allow-Methods"));
+      assertEquals(
+          "access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey",
+          response.getHeaders().getFirst("Access-Control-Allow-Headers"));
+      assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
+      assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
+      assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
+      assertEquals("1; mode=block", response.getHeaders().getFirst("X-XSS-Protection"));
+      assertEquals("nosniff", response.getHeaders().getFirst("X-Content-Type-Options"));
+      assertEquals("no-cache, no-store, must-revalidate",
+          response.getHeaders().getFirst("Cache-Control"));
+      assertEquals("default-src 'self'", response.getHeaders().getFirst("Content-Security-Policy"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("max-age=31536000"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("includeSubDomains"));
+      assertEquals("0", response.getHeaders().getFirst("Expires"));
+    } finally {
+      deleteResource();
+    }
+  }
+}
\ No newline at end of file

testing/notification-test-anthos/src/test/java/org/opengroup/osdu/notification/api/TestPubSubEndpointHMAC.java

+/*
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+package org.opengroup.osdu.notification.api;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import com.sun.jersey.api.client.ClientResponse;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.opengroup.osdu.notification.util.AnthosTestUtils;
+
+public class TestPubSubEndpointHMAC extends PubsubEndpointHMACTests {
+
+  @BeforeClass
+  public static void classSetup() throws Exception {
+    PubsubEndpointHMACTests.classSetup();
+  }
+
+  @AfterClass
+  public static void classTearDown() throws Exception {
+  }
+
+  @Before
+  @Override
+  public void setup() throws Exception {
+    this.testUtils = new AnthosTestUtils();
+  }
+
+  @After
+  @Override
+  public void tearDown() throws Exception {
+    this.testUtils = null;
+  }
+
+  @Override
+  @Test
+  public void should_return20X_when_usingCredentialsWithOpsPermission() throws Exception {
+    createResource();
+
+    try {
+      ClientResponse response = descriptor.run(getArg(), testUtils.getOpsToken());
+
+      assertEquals(error(response.getStatus() == 204 ? "" : response.getEntity(String.class)),
+          expectedOkResponseCode(), response.getStatus());
+      assertEquals("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH",
+          response.getHeaders().getFirst("Access-Control-Allow-Methods"));
+      assertEquals(
+          "access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey",
+          response.getHeaders().getFirst("Access-Control-Allow-Headers"));
+      assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
+      assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
+      assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
+      assertEquals("1; mode=block", response.getHeaders().getFirst("X-XSS-Protection"));
+      assertEquals("nosniff", response.getHeaders().getFirst("X-Content-Type-Options"));
+      assertEquals("no-cache, no-store, must-revalidate",
+          response.getHeaders().getFirst("Cache-Control"));
+      assertEquals("default-src 'self'", response.getHeaders().getFirst("Content-Security-Policy"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("max-age=31536000"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("includeSubDomains"));
+      assertEquals("0", response.getHeaders().getFirst("Expires"));
+    } finally {
+      deleteResource();
+    }
+  }
+}
\ No newline at end of file

testing/notification-test-anthos/src/test/java/org/opengroup/osdu/notification/config/OpenIDProviderConfig.java

+/*
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+package org.opengroup.osdu.notification.config;
+
+import com.nimbusds.oauth2.sdk.http.HTTPRequest;
+import com.nimbusds.oauth2.sdk.http.HTTPResponse;
+import com.nimbusds.oauth2.sdk.id.Issuer;
+import com.nimbusds.openid.connect.sdk.op.OIDCProviderConfigurationRequest;
+import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class OpenIDProviderConfig {
+
+  private String opsClientId;
+  private String opsClientSecret;
+  private String adminClientId;
+  private String adminClientSecret;
+  private String editorClientId;
+  private String editorClientSecret;
+  private String noAccessClientId;
+  private String noAccessClientSecret;
+  private String url;
+  private final String[] scopes = {"openid"};
+  private static final OpenIDProviderConfig openIDProviderConfig = new OpenIDProviderConfig();
+  private static OIDCProviderMetadata providerMetadata;
+
+  public static OpenIDProviderConfig Instance() {
+    try {
+      openIDProviderConfig.opsClientId = System.getProperty("TEST_DE_OPS_OPENID_PROVIDER_CLIENT_ID",
+          System.getenv("TEST_DE_OPS_OPENID_PROVIDER_CLIENT_ID"));
+      openIDProviderConfig.opsClientSecret = System.getProperty(
+          "TEST_DE_OPS_OPENID_PROVIDER_CLIENT_SECRET",
+          System.getenv("TEST_DE_OPS_OPENID_PROVIDER_CLIENT_SECRET"));
+      log.info("ST F1 " +openIDProviderConfig.opsClientId + " " + openIDProviderConfig.opsClientSecret );
+
+
+      openIDProviderConfig.adminClientId = System.getProperty(
+          "TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_ID",
+          System.getenv("TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_ID"));
+      openIDProviderConfig.adminClientSecret = System.getProperty(
+          "TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_SECRET",
+          System.getenv("TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_SECRET"));
+
+      log.info("ST F2 " +openIDProviderConfig.adminClientId + " " + openIDProviderConfig.adminClientSecret );
+
+      openIDProviderConfig.editorClientId = System.getProperty(
+          "TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_ID",
+          System.getenv("TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_ID"));
+      openIDProviderConfig.editorClientSecret = System.getProperty(
+          "TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_SECRET",
+          System.getenv("TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_SECRET"));
+
+      log.info("ST F3 " +openIDProviderConfig.editorClientId + " " + openIDProviderConfig.editorClientSecret );
+
+      openIDProviderConfig.noAccessClientId = System.getProperty(
+          "TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_ID",
+          System.getenv("TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_ID"));
+      openIDProviderConfig.noAccessClientSecret = System.getProperty(
+          "TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_SECRET",
+          System.getenv("TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_SECRET"));
+
+      log.info("ST F4 " +openIDProviderConfig.noAccessClientId + " " + openIDProviderConfig.noAccessClientSecret );
+
+      openIDProviderConfig.url =
+          System.getProperty("TEST_OPENID_PROVIDER_URL", System.getenv("TEST_OPENID_PROVIDER_URL"));
+      Issuer issuer = new Issuer(openIDProviderConfig.url);
+      OIDCProviderConfigurationRequest request = new OIDCProviderConfigurationRequest(issuer);
+      HTTPRequest httpRequest = request.toHTTPRequest();
+      HTTPResponse httpResponse = httpRequest.send();
+      providerMetadata = OIDCProviderMetadata.parse(httpResponse.getContentAsJSONObject());
+    } catch (Exception e) {
+      throw new RuntimeException("Malformed token provider configuration", e);
+    }
+    return openIDProviderConfig;
+  }
+
+  public String getOpsClientId() {
+    return opsClientId;
+  }
+
+  public String getOpsClientSecret() {
+    return opsClientSecret;
+  }
+
+  public String getAdminClientId() {
+    return adminClientId;
+  }
+
+  public String getAdminClientSecret() {
+    return adminClientSecret;
+  }
+
+  public String getEditorClientId() {
+    return editorClientId;
+  }
+
+  public String getEditorClientSecret() {
+    return editorClientSecret;
+  }
+
+  public String getNoAccessClientId() {
+    return noAccessClientId;
+  }
+
+  public String getNoAccessClientSecret() {
+    return noAccessClientSecret;
+  }
+
+  public String getUrl() {
+    return url;
+  }
+
+  public String[] getScopes() {
+    return scopes;
+  }
+
+  public OIDCProviderMetadata getProviderMetadata() {
+    return providerMetadata;
+  }
+}
+

testing/notification-test-anthos/src/test/java/org/opengroup/osdu/notification/util/AnthosTestUtils.java

+/*
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+package org.opengroup.osdu.notification.util;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class AnthosTestUtils extends TestUtils {
+
+  private OpenIDTokenProvider tokenProvider = new OpenIDTokenProvider();
+
+  public AnthosTestUtils() {
+  }
+
+  @Override
+  public synchronized String getOpsToken() {
+    return "Bearer " + tokenProvider.getOpsAccessToken();
+  }
+
+  @Override
+  public synchronized String getAdminToken() {
+    return "Bearer " + tokenProvider.getAdminAccessToken();
+  }
+
+  @Override
+  public synchronized String getEditorToken() {
+    return "Bearer " + tokenProvider.getEditorAccessToken();
+  }
+
+  @Override
+  public synchronized String getNoAccessToken() {
+    return "Bearer " + tokenProvider.getNoAccessToken();
+  }
+}
\ No newline at end of file

testing/notification-test-anthos/src/test/java/org/opengroup/osdu/notification/util/OpenIDTokenProvider.java

+/*
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+package org.opengroup.osdu.notification.util;
+
+import com.nimbusds.oauth2.sdk.AuthorizationGrant;
+import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
+import com.nimbusds.oauth2.sdk.ParseException;
+import com.nimbusds.oauth2.sdk.Scope;
+import com.nimbusds.oauth2.sdk.TokenRequest;
+import com.nimbusds.oauth2.sdk.TokenResponse;
+import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
+import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
+import com.nimbusds.oauth2.sdk.auth.Secret;
+import com.nimbusds.oauth2.sdk.id.ClientID;
+import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
+import java.io.IOException;
+import java.net.URI;
+import java.util.Objects;
+import net.minidev.json.JSONObject;
+import org.opengroup.osdu.notification.config.OpenIDProviderConfig;
+
+public class OpenIDTokenProvider {
+
+  private static final OpenIDProviderConfig openIDProviderConfig = OpenIDProviderConfig.Instance();
+  private static final String ID_TOKEN = "id_token";
+  private final AuthorizationGrant clientGrant = new ClientCredentialsGrant();
+  private final URI tokenEndpointURI;
+  private final Scope scope;
+  private final ClientAuthentication opsClientAuthentication;
+  private final ClientAuthentication adminClientAuthentication;
+  private final ClientAuthentication editorClientAuthentication;
+  private final ClientAuthentication noAccessClientAuthentication;
+
+  public OpenIDTokenProvider() {
+    this.tokenEndpointURI = openIDProviderConfig.getProviderMetadata().getTokenEndpointURI();
+    this.scope = new Scope(openIDProviderConfig.getScopes());
+    this.opsClientAuthentication =
+        new ClientSecretBasic(
+            new ClientID(openIDProviderConfig.getOpsClientId()),
+            new Secret(openIDProviderConfig.getOpsClientSecret())
+        );
+    this.adminClientAuthentication =
+        new ClientSecretBasic(
+            new ClientID(openIDProviderConfig.getAdminClientId()),
+            new Secret(openIDProviderConfig.getAdminClientSecret())
+        );
+    this.editorClientAuthentication =
+        new ClientSecretBasic(
+            new ClientID(openIDProviderConfig.getEditorClientId()),
+            new Secret(openIDProviderConfig.getEditorClientSecret())
+        );
+    this.noAccessClientAuthentication =
+        new ClientSecretBasic(
+            new ClientID(openIDProviderConfig.getNoAccessClientId()),
+            new Secret(openIDProviderConfig.getNoAccessClientSecret())
+        );
+  }
+
+  public String getOpsAccessToken() {
+    try {
+      TokenRequest request =
+          new TokenRequest(this.tokenEndpointURI, this.opsClientAuthentication, this.clientGrant,
+              this.scope);
+      return requestToken(request);
+    } catch (ParseException | IOException e) {
+      throw new RuntimeException(
+          "Unable get credentials from TEST_DE_OPS_OPENID_PROVIDER_CLIENT_ID variables", e);
+    }
+  }
+
+  public String getAdminAccessToken() {
+    try {
+      TokenRequest request =
+          new TokenRequest(this.tokenEndpointURI, this.adminClientAuthentication, this.clientGrant,
+              this.scope);
+      return requestToken(request);
+    } catch (ParseException | IOException e) {
+      throw new RuntimeException(
+          "Unable get credentials from TEST_DE_ADMIN_OPENID_PROVIDER_CLIENT_ID variables", e);
+    }
+  }
+
+  public String getEditorAccessToken() {
+    try {
+      TokenRequest request =
+          new TokenRequest(this.tokenEndpointURI, this.editorClientAuthentication, this.clientGrant,
+              this.scope);
+      return requestToken(request);
+    } catch (ParseException | IOException e) {
+      throw new RuntimeException(
+          "Unable get credentials from TEST_DE_EDITOR_OPENID_PROVIDER_CLIENT_ID variables", e);
+    }
+  }
+
+  public String getNoAccessToken() {
+    try {
+      TokenRequest request =
+          new TokenRequest(this.tokenEndpointURI, this.noAccessClientAuthentication,
+              this.clientGrant, this.scope);
+      return requestToken(request);
+    } catch (ParseException | IOException e) {
+      throw new RuntimeException(
+          "Unable get credentials from TEST_NO_ACCESS_OPENID_PROVIDER_CLIENT_ID variables", e);
+    }
+  }
+
+  private String requestToken(TokenRequest tokenRequest) throws ParseException, IOException {
+
+    TokenResponse parse = OIDCTokenResponseParser.parse(tokenRequest.toHTTPRequest().send());
+
+    if (!parse.indicatesSuccess()) {
+      throw new RuntimeException("Unable get credentials variables");
+    }
+
+    JSONObject jsonObject = parse.toSuccessResponse().toJSONObject();
+    String idTokenValue = jsonObject.getAsString(ID_TOKEN);
+    if (Objects.isNull(idTokenValue) || idTokenValue.isEmpty()) {
+      throw new RuntimeException("Unable get credentials variables");
+    }
+    return idTokenValue;
+  }
+
+}

testing/notification-test-anthos/src/test/resources/logback-test.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
+  <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%yellow([%thread]) %highlight(| %-5level |) %green(%d) %cyan(| %logger{15} |) %highlight(%msg) %n</pattern>
+      <charset>utf8</charset>
+    </encoder>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="CONSOLE" />
+  </root>
+</configuration>

testing/pom.xml

@@ -35,6 +35,7 @@
 		<module>notification-test-gcp</module>
 		<module>notification-test-aws</module>
 		<module>notification-test-ibm</module>
+		<module>notification-test-anthos</module>
 	</modules>
 
 	<repositories>