From bab45ff50bbfec584d6349cbf609a8bbbcaf4a4f Mon Sep 17 00:00:00 2001
From: "Riabokon Stanislav(EPAM)[GCP]" <stanislav_riabokon@epam.com>
Date: Fri, 9 Dec 2022 16:21:59 +0000
Subject: [PATCH] Partition admin accounts for POST requests (GONRG-5892)
---
provider/partition-gcp/README.md | 2 +-
provider/partition-gcp/docs/anthos/README.md | 18 +++-
provider/partition-gcp/docs/gcp/README.md | 34 ++++---
.../gcp/config/PropertiesConfiguration.java | 57 ++++--------
.../security/AnthosAuthorizationService.java | 27 +++---
.../gcp/security/GcpAuthorizationService.java | 88 +++----------------
.../main/resources/application-gcp.properties | 2 -
.../src/main/resources/application.properties | 2 +-
.../security/GcpAuthorizationServiceTest.java | 22 ++---
.../partition/api/TestCreatePartition.java | 43 ++++++++-
.../partition/api/TestDeletePartition.java | 41 ++++++++-
.../partition/api/TestGetPartitionById.java | 40 ++++++++-
.../partition/api/TestListPartitions.java | 40 ++++++++-
.../partition/api/TestUpdatePartition.java | 40 ++++++++-
14 files changed, 289 insertions(+), 167 deletions(-)
diff --git a/provider/partition-gcp/README.md b/provider/partition-gcp/README.md
index fa98a128c..801a4c87a 100644
--- a/provider/partition-gcp/README.md
+++ b/provider/partition-gcp/README.md
@@ -137,7 +137,7 @@ Partition Service is compatible with App Engine Flexible Environment and Cloud R
* To deploy into App Engine, please, use this documentation:
https://cloud.google.com/appengine/docs/flexible/java/quickstart
-## Licence
+## License
Copyright © Google LLC
Copyright © EPAM Systems
diff --git a/provider/partition-gcp/docs/anthos/README.md b/provider/partition-gcp/docs/anthos/README.md
index 477d62f01..3f3930f61 100644
--- a/provider/partition-gcp/docs/anthos/README.md
+++ b/provider/partition-gcp/docs/anthos/README.md
@@ -67,4 +67,20 @@ Execute following command to build code and run all the integration tests:
# Note: this assumes that the environment variables for integration tests as outlined
# above are already exported in your environment.
$ (cd testing/partition-test-anthos/ && mvn clean test)
-```
\ No newline at end of file
+```
+
+## License
+Copyright © Google LLC
+Copyright © EPAM Systems
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/provider/partition-gcp/docs/gcp/README.md b/provider/partition-gcp/docs/gcp/README.md
index 515e0e071..350f37954 100644
--- a/provider/partition-gcp/docs/gcp/README.md
+++ b/provider/partition-gcp/docs/gcp/README.md
@@ -9,8 +9,7 @@ Must have:
| name | value | description | sensitive? | source |
| --- | --- | --- | --- | --- |
| `SPRING_PROFILES_ACTIVE` | ex `gcp` | Spring profile that activate default configuration for Google Cloud environment | false | - |
-| `PARTITION_ADMIN_ACCOUNTS` | ex `user` | Elasticsearch user, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service | yes | - |
-| `GOOGLE_CLOUD_PROJECT` | ex `password` | Elasticsearch password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service | false | - |
+| `GOOGLE_CLOUD_PROJECT` | ex `google` | Google Cloud Project Id| false | https://console.cloud.google.com/ |
Defined in default application property file but possible to override:
@@ -21,7 +20,6 @@ Defined in default application property file but possible to override:
| `SERVER_SERVLET_CONTEXPATH` | `/api/partition/v1` | Servlet context path | no | - |
| `PARTITION_PROPERTY_KIND` | ex `PartitionProperty` | Kind name to store the properties. | no | - |
| `PARTITION_NAMESPACE` | ex `partition` | Namespace for database. | no | - |
-| `SERVICE_ACCOUNT_TAIL` | `****` |By default Partition service while authenticating the request, verifies that the email in provided token belongs to a service account from a specific project by email tail `<GOOGLE_CLOUD_PROJECT> + .iam.gserviceaccount.com`, this behavior can be changed with this variable, you may specify which email tail exactly expected.| no | - |
These variables define service behavior, and are used to switch between `anthos` or `gcp` environments, their overriding and usage in mixed mode was not tested.
Usage of spring profiles is preferred.
@@ -29,13 +27,6 @@ Usage of spring profiles is preferred.
| `OSMDRIVER` | ex `postgres` or `datastore` | Osm driver mode that defines which storage will be used | no | - |
| `ENVIRONMENT` | `gcp` or `anthos` | If `anthos` then authorization is disabled | no | - |
-## Google Cloud service account configuration :
-TBD
-
-| Required roles |
-| --- |
-| - |
-
### Running E2E Tests
You will need to have the following environment variables defined.
@@ -57,3 +48,26 @@ Execute following command to build code and run all the integration tests:
# above are already exported in your environment.
$ (cd testing/partition-test-gcp/ && mvn clean test)
```
+
+## Google Cloud service account configuration :
+TBD
+
+| Required roles |
+| --- |
+| - |
+
+## License
+Copyright © Google LLC
+Copyright © EPAM Systems
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/config/PropertiesConfiguration.java b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/config/PropertiesConfiguration.java
index 639ae3fb3..f8f8a4452 100644
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/config/PropertiesConfiguration.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/config/PropertiesConfiguration.java
@@ -1,57 +1,38 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
package org.opengroup.osdu.partition.provider.gcp.config;
-import java.util.List;
-import java.util.Objects;
-import javax.annotation.PostConstruct;
-import lombok.Getter;
-import lombok.Setter;
+import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties
-@Getter
-@Setter
+@Data
public class PropertiesConfiguration {
- private String googleAudiences;
+ private String googleCloudProject;
- private List<String> partitionAdminAccounts;
+ private int cacheExpiration;
- private String googleCloudProject;
+ private int cacheMaxSize;
- private int cacheExpiration;
-
- private int cacheMaxSize;
-
- private String serviceAccountTail;
-
- private String partitionPropertyKind;
-
- private String partitionNamespace;
-
- @PostConstruct
- public void setUp() {
- if (Objects.isNull(serviceAccountTail) || serviceAccountTail.isEmpty()) {
- this.serviceAccountTail = googleCloudProject + ".iam.gserviceaccount.com";
- }
- }
+ private String partitionPropertyKind;
+ private String partitionNamespace;
}
diff --git a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AnthosAuthorizationService.java b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AnthosAuthorizationService.java
index 68913008c..45bf75ee9 100644
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AnthosAuthorizationService.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AnthosAuthorizationService.java
@@ -1,27 +1,29 @@
/*
- Copyright 2002-2022 Google LLC
- Copyright 2002-2022 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
package org.opengroup.osdu.partition.provider.gcp.security;
+import lombok.extern.slf4j.Slf4j;
import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
+@Slf4j
@Component
@RequestScope
@ConditionalOnProperty(name = "environment", havingValue = "anthos")
@@ -29,6 +31,7 @@ public class AnthosAuthorizationService implements IAuthorizationService {
@Override
public boolean isDomainAdminServiceAccount() {
+ log.debug("Authorization/Authentication is on an infrastructure level.");
return true;
}
}
diff --git a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationService.java b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationService.java
index 39422914e..ed33f515c 100644
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationService.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationService.java
@@ -1,32 +1,23 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
package org.opengroup.osdu.partition.provider.gcp.security;
-import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
-import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
-import java.util.List;
-import java.util.Objects;
-import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.opengroup.osdu.core.common.model.http.AppException;
-import org.opengroup.osdu.core.common.model.http.DpsHeaders;
-import org.opengroup.osdu.partition.provider.gcp.config.PropertiesConfiguration;
import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;
@@ -35,62 +26,11 @@ import org.springframework.web.context.annotation.RequestScope;
@Slf4j
@Component
@RequestScope
-@RequiredArgsConstructor
@ConditionalOnProperty(name = "environment", havingValue = "gcp")
public class GcpAuthorizationService implements IAuthorizationService {
-
- private final PropertiesConfiguration configuration;
-
- private final DpsHeaders headers;
-
- private final GoogleIdTokenVerifier verifier;
-
@Override
public boolean isDomainAdminServiceAccount() {
- if (Objects.isNull(headers.getAuthorization()) || headers.getAuthorization().isEmpty()) {
- throw AppException.createUnauthorized("No JWT token. Access is Forbidden");
- }
- String email = null;
- try {
- String authorization = headers.getAuthorization().replace("Bearer ", "");
- GoogleIdToken googleIdToken = verifier.verify(authorization);
- if (Objects.isNull(googleIdToken)) {
- log.warn("Not valid token provided");
- throw AppException.createUnauthorized("Unauthorized. The JWT token could not be validated");
- }
- email = googleIdToken.getPayload().getEmail();
- List<String> partitionAdminAccounts = configuration.getPartitionAdminAccounts();
- if (Objects.nonNull(partitionAdminAccounts) && !partitionAdminAccounts.isEmpty()) {
- return isAllowedAccount(email);
- } else {
- if (StringUtils.endsWith(email, configuration.getServiceAccountTail())) {
- return true;
- } else {
- throw AppException.createUnauthorized(
- String.format("Unauthorized. The user %s is not Service Principal", email));
- }
- }
- } catch (AppException e){
- throw e;
- } catch (Exception ex) {
- log.warn(String.format("User %s unauthorized. %s.", email, ex));
- throw AppException.createUnauthorized("Unauthorized. The JWT token could not be validated");
- }
- }
-
- private boolean isAllowedAccount(String accountEmail) {
- for (String partitionAdmin : configuration.getPartitionAdminAccounts()) {
- if (partitionAdmin.equals(accountEmail)) {
- return true;
- }
-
- if (StringUtils.endsWith(accountEmail, configuration.getServiceAccountTail())) {
- if (StringUtils.startsWith(accountEmail, partitionAdmin)) {
- return true;
- }
- }
- }
- throw AppException
- .createUnauthorized(String.format("Unauthorized. The user %s is untrusted.", accountEmail));
+ log.debug("Authorization/Authentication is on an infrastructure level.");
+ return true;
}
}
diff --git a/provider/partition-gcp/src/main/resources/application-gcp.properties b/provider/partition-gcp/src/main/resources/application-gcp.properties
index 3828f9401..c3264888c 100644
--- a/provider/partition-gcp/src/main/resources/application-gcp.properties
+++ b/provider/partition-gcp/src/main/resources/application-gcp.properties
@@ -17,6 +17,4 @@
osmDriver=datastore
environment=gcp
-partition-admin-accounts=${PARTITION_ADMIN_ACCOUNTS}
google-cloud-project=${GOOGLE_CLOUD_PROJECT}
-google-audiences=${GOOGLE_AUDIENCES}
diff --git a/provider/partition-gcp/src/main/resources/application.properties b/provider/partition-gcp/src/main/resources/application.properties
index 548f12fb6..4e074376b 100644
--- a/provider/partition-gcp/src/main/resources/application.properties
+++ b/provider/partition-gcp/src/main/resources/application.properties
@@ -24,7 +24,7 @@ management.health.diskspace.enabled=false
ACCEPT_HTTP=true
#logging configuration
-logging.level.org.springframework.web=${LOG_LEVEL:DEBUG}
+logging.level.org.springframework.web=${LOG_LEVEL:INFO}
LOG_PREFIX=partition
#cache config
diff --git a/provider/partition-gcp/src/test/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationServiceTest.java b/provider/partition-gcp/src/test/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationServiceTest.java
index fc22d404c..91e6838e9 100644
--- a/provider/partition-gcp/src/test/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationServiceTest.java
+++ b/provider/partition-gcp/src/test/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationServiceTest.java
@@ -1,6 +1,6 @@
/*
- * Copyright 2021 Google LLC
- * Copyright 2021 EPAM Systems, Inc
+ * Copyright 2020-2022 Google LLC
+ * Copyright 2020-2022 EPAM Systems, Inc
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -39,7 +39,6 @@ import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
-import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.partition.provider.gcp.config.PropertiesConfiguration;
@@ -92,8 +91,6 @@ public class GcpAuthorizationServiceTest {
@Before
public void setUp() throws GeneralSecurityException, IOException {
MockitoAnnotations.initMocks(this);
- when(configuration.getPartitionAdminAccounts()).thenReturn(partitionAdminAccounts);
- when(configuration.getServiceAccountTail()).thenReturn(serviceAccountTail);
when(headers.getAuthorization()).thenReturn(token);
when(verifier.verify(token)).thenReturn(googleIdToken);
when(googleIdToken.getPayload()).thenReturn(payload);
@@ -106,22 +103,15 @@ public class GcpAuthorizationServiceTest {
assertTrue(gcpAuthorizationService.isDomainAdminServiceAccount());
}
- @Test(expected = AppException.class)
- public void testNotProvidedInConfigAdminAccountShouldThrowException() {
- payload.setEmail("user@google.com");
- gcpAuthorizationService.isDomainAdminServiceAccount();
- }
-
@Theory
public void testProvidedInConfigPatternShouldReturnTrue(@FromDataPoints("VALID_ACCOUNTS") String account) {
payload.setEmail(account);
assertTrue(gcpAuthorizationService.isDomainAdminServiceAccount());
}
- @Theory
- public void testNotProvidedInConfigPatternShouldReturnTrue(@FromDataPoints("NOT_VALID_ACCOUNTS") String account) {
- exceptionRule.expect(AppException.class);
- payload.setEmail(account);
- gcpAuthorizationService.isDomainAdminServiceAccount();
+ @Test
+ public void testProvidedOtherUserShouldReturnTrue() {
+ payload.setEmail("userTest@other-project-id.iam.gserviceaccount.com");
+ assertTrue(gcpAuthorizationService.isDomainAdminServiceAccount());
}
}
\ No newline at end of file
diff --git a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java
index 29ef5ced9..000c5c644 100644
--- a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java
+++ b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java
@@ -1,6 +1,6 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -17,14 +17,16 @@
package org.opengroup.osdu.partition.api;
-import static org.junit.Assert.assertEquals;
-
import com.sun.jersey.api.client.ClientResponse;
+import lombok.extern.slf4j.Slf4j;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.opengroup.osdu.partition.util.GCPTestUtils;
+import static org.junit.Assert.assertEquals;
+
+@Slf4j
public class TestCreatePartition extends CreatePartitionTest {
@Override
@@ -49,4 +51,37 @@ public class TestCreatePartition extends CreatePartitionTest {
testUtils.getAccessToken());
assertEquals(400, response.getStatus());
}
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_makingHttpRequestWithoutToken() throws Exception {
+ ClientResponse response = descriptor.run(getId(), "");
+ log.info(
+ "Test should_return401_when_makingHttpRequestWithoutToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
+ ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_accessingWithCredentialsWithoutPermission has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_noAccessToken() throws Exception {
+ ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_noAccessToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
}
diff --git a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java
index 5439cda73..32ad7a91f 100644
--- a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java
+++ b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java
@@ -1,6 +1,6 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -17,10 +17,14 @@
package org.opengroup.osdu.partition.api;
+import com.sun.jersey.api.client.ClientResponse;
+import lombok.extern.slf4j.Slf4j;
import org.junit.After;
import org.junit.Before;
+import org.junit.Test;
import org.opengroup.osdu.partition.util.GCPTestUtils;
+@Slf4j
public class TestDeletePartition extends DeletePartitionTest {
@Override
@@ -35,4 +39,37 @@ public class TestDeletePartition extends DeletePartitionTest {
deleteResource();
this.testUtils = null;
}
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_makingHttpRequestWithoutToken() throws Exception {
+ ClientResponse response = descriptor.run(getId(), "");
+ log.info(
+ "Test should_return401_when_makingHttpRequestWithoutToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
+ ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_accessingWithCredentialsWithoutPermission has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_noAccessToken() throws Exception {
+ ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_noAccessToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
}
diff --git a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java
index 86dc555d6..aac93cd91 100644
--- a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java
+++ b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java
@@ -1,6 +1,6 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -18,11 +18,14 @@
package org.opengroup.osdu.partition.api;
import com.sun.jersey.api.client.ClientResponse;
+import lombok.extern.slf4j.Slf4j;
import org.junit.After;
import org.junit.Before;
+import org.junit.Test;
import org.opengroup.osdu.partition.api.descriptor.DeletePartitionDescriptor;
import org.opengroup.osdu.partition.util.GCPTestUtils;
+@Slf4j
public class TestGetPartitionById extends GetPartitionByIdApitTest {
@Override
@@ -44,4 +47,37 @@ public class TestGetPartitionById extends GetPartitionByIdApitTest {
deletePartitionDes.setPartitionId(getId());
ClientResponse response = deletePartitionDes.run(getId(), this.testUtils.getAccessToken());
}
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_makingHttpRequestWithoutToken() throws Exception {
+ ClientResponse response = descriptor.run(getId(), "");
+ log.info(
+ "Test should_return401_when_makingHttpRequestWithoutToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
+ ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_accessingWithCredentialsWithoutPermission has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_noAccessToken() throws Exception {
+ ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_noAccessToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
}
diff --git a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java
index ea0c03449..db0d371f5 100644
--- a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java
+++ b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java
@@ -1,6 +1,6 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -18,11 +18,14 @@
package org.opengroup.osdu.partition.api;
import com.sun.jersey.api.client.ClientResponse;
+import lombok.extern.slf4j.Slf4j;
import org.junit.After;
import org.junit.Before;
+import org.junit.Test;
import org.opengroup.osdu.partition.api.descriptor.DeletePartitionDescriptor;
import org.opengroup.osdu.partition.util.GCPTestUtils;
+@Slf4j
public class TestListPartitions extends ListPartitionsApitTest {
@Override
@@ -44,4 +47,37 @@ public class TestListPartitions extends ListPartitionsApitTest {
deletePartitionDes.setPartitionId(getId());
ClientResponse response = deletePartitionDes.run(getId(), this.testUtils.getAccessToken());
}
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_makingHttpRequestWithoutToken() throws Exception {
+ ClientResponse response = descriptor.run(getId(), "");
+ log.info(
+ "Test should_return401_when_makingHttpRequestWithoutToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
+ ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_accessingWithCredentialsWithoutPermission has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_noAccessToken() throws Exception {
+ ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_noAccessToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
}
diff --git a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java
index 24b7964aa..d4a593cce 100644
--- a/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java
+++ b/testing/partition-test-gcp/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java
@@ -1,6 +1,6 @@
/*
- Copyright 2002-2021 Google LLC
- Copyright 2002-2021 EPAM Systems, Inc
+ Copyright 2002-2022 Google LLC
+ Copyright 2002-2022 EPAM Systems, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -18,11 +18,14 @@
package org.opengroup.osdu.partition.api;
import com.sun.jersey.api.client.ClientResponse;
+import lombok.extern.slf4j.Slf4j;
import org.junit.After;
import org.junit.Before;
+import org.junit.Test;
import org.opengroup.osdu.partition.api.descriptor.DeletePartitionDescriptor;
import org.opengroup.osdu.partition.util.GCPTestUtils;
+@Slf4j
public class TestUpdatePartition extends UpdatePartitionTest {
@Override
@@ -44,4 +47,37 @@ public class TestUpdatePartition extends UpdatePartitionTest {
deletePartitionDes.setPartitionId(getId());
ClientResponse response = deletePartitionDes.run(getId(), this.testUtils.getAccessToken());
}
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_makingHttpRequestWithoutToken() throws Exception {
+ ClientResponse response = descriptor.run(getId(), "");
+ log.info(
+ "Test should_return401_when_makingHttpRequestWithoutToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
+ ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_accessingWithCredentialsWithoutPermission has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
+
+ // Test depends on an infrastructure level.
+ @Override
+ @Test
+ public void should_return401_when_noAccessToken() throws Exception {
+ ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
+ log.info(
+ "Test should_return401_when_noAccessToken has a response code = {}."
+ + "This test depends on an infrastructure level.",
+ response.getStatus());
+ }
}
--
GitLab