Merge "Fix RTD: bullet lists not rendering correctly"
diff --git a/Dockerfile b/Dockerfile
index 79c6380..4dd4a46 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,7 +17,25 @@
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
-FROM openjdk:17-jdk-slim
+FROM openjdk:17-jdk as jre-build
+
+RUN $JAVA_HOME/bin/jlink \
+--verbose \
+--add-modules ALL-MODULE-PATH \
+--strip-debug \
+--no-man-pages \
+--no-header-files \
+--compress=2 \
+--output /customjre
+
+# Use debian base image (same as openjdk uses)
+FROM debian:11-slim
+
+ENV JAVA_HOME=/jre
+ENV PATH="${JAVA_HOME}/bin:${PATH}"
+
+#copy JRE from the base image
+COPY --from=jre-build /customjre $JAVA_HOME
ARG JAR
@@ -44,7 +62,7 @@
USER ${user}
-CMD ["java", "-jar", "/opt/app/information-coordinator-service/information-coordinator-service.jar"]
+CMD ["/jre/bin/java", "-jar", "/opt/app/information-coordinator-service/information-coordinator-service.jar"]
diff --git a/api/ics-api.json b/api/ics-api.json
index db6d45e..cd3b61b 100644
--- a/api/ics-api.json
+++ b/api/ics-api.json
@@ -374,6 +374,20 @@
}},
"openapi": "3.0.1",
"paths": {
+ "/example-authz-check": {"post": {
+ "summary": "Request for access authorization.",
+ "requestBody": {
+ "content": {"application/json": {"schema": {"$ref": "#/components/schemas/subscription_authorization"}}},
+ "required": true
+ },
+ "description": "The authorization function decides if access is granted.",
+ "operationId": "subscriptionAuth",
+ "responses": {"200": {
+ "description": "OK",
+ "content": {"application/json": {"schema": {"$ref": "#/components/schemas/authorization_result"}}}
+ }},
+ "tags": ["Authorization API"]
+ }},
"/data-producer/v1/info-types": {"get": {
"summary": "Info Type identifiers",
"operationId": "getInfoTypdentifiers",
@@ -1359,20 +1373,6 @@
}],
"tags": ["Data producer (registration)"]
}},
- "/example-subscription-auth": {"post": {
- "summary": "Request for access authorization.",
- "requestBody": {
- "content": {"application/json": {"schema": {"$ref": "#/components/schemas/subscription_authorization"}}},
- "required": true
- },
- "description": "The authorization function decides if access is granted.",
- "operationId": "subscriptionAuth",
- "responses": {"200": {
- "description": "OK",
- "content": {"application/json": {"schema": {"$ref": "#/components/schemas/authorization_result"}}}
- }},
- "tags": ["Authorization API"]
- }},
"/actuator/heapdump": {"get": {
"summary": "Actuator web endpoint 'heapdump'",
"operationId": "heapdump",
diff --git a/api/ics-api.yaml b/api/ics-api.yaml
index e7a0629..4a8d3bd 100644
--- a/api/ics-api.yaml
+++ b/api/ics-api.yaml
@@ -53,6 +53,26 @@
description: API used for authorization of information job access (this is provided
by an authorization producer such as OPA)
paths:
+ /example-authz-check:
+ post:
+ tags:
+ - Authorization API
+ summary: Request for access authorization.
+ description: The authorization function decides if access is granted.
+ operationId: subscriptionAuth
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/subscription_authorization'
+ required: true
+ responses:
+ 200:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/authorization_result'
/data-producer/v1/info-types:
get:
tags:
@@ -1326,26 +1346,6 @@
application/json:
schema:
$ref: '#/components/schemas/ProblemDetails'
- /example-subscription-auth:
- post:
- tags:
- - Authorization API
- summary: Request for access authorization.
- description: The authorization function decides if access is granted.
- operationId: subscriptionAuth
- requestBody:
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/subscription_authorization'
- required: true
- responses:
- 200:
- description: OK
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/authorization_result'
/actuator/heapdump:
get:
tags:
diff --git a/config/application.yaml b/config/application.yaml
index 345b3fd..966c15d 100644
--- a/config/application.yaml
+++ b/config/application.yaml
@@ -72,7 +72,8 @@
vardata-directory: /var/information-coordinator-service
# If the file name is empty, no authorization token is used
auth-token-file:
- # A URL to a REST based service that provides authorization. This can for instance be Open Policy Agent, OPA
+ # A URL to authorization provider such as OPA. Each time a information job is accessed, a call to this
+ # authorization provider is done for access control. If this is empty, no fine grained access control is done.
info-job-authorization-agent:
# S3 object store usage is enabled by defining the bucket to use. This will override the vardata-directory parameter.
s3:
diff --git a/pom.xml b/pom.xml
index f7daeee..8df2782 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,12 +21,12 @@
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
- <version>3.0.2</version>
+ <version>3.0.4</version>
<relativePath />
</parent>
<groupId>org.o-ran-sc.nonrtric.plt</groupId>
@@ -57,6 +57,7 @@
<sonar-maven-plugin.version>3.7.0.1746</sonar-maven-plugin.version>
<jacoco-maven-plugin.version>0.8.8</jacoco-maven-plugin.version>
<springdoc.version>2.0.2</springdoc.version>
+ <springdoc.openapi-ui.version>1.6.14</springdoc.openapi-ui.version>
<exec.skip>true</exec.skip>
</properties>
<dependencies>
@@ -68,7 +69,7 @@
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
- <version>${springdoc.version}</version>
+ <version>${springdoc.openapi-ui.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@@ -96,11 +97,6 @@
<artifactId>json</artifactId>
<version>${json.version}</version>
</dependency>
- <dependency>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- <scope>provided</scope>
- </dependency>
<!-- https://mvnrepository.com/artifact/com.github.erosb/everit-json-schema -->
<dependency>
<groupId>com.github.erosb</groupId>
@@ -128,13 +124,12 @@
<artifactId>s3</artifactId>
<version>2.17.292</version>
</dependency>
- <!-- TEST -->
<dependency>
- <groupId>org.springdoc</groupId>
- <artifactId>springdoc-openapi-ui</artifactId>
- <version>1.6.6</version>
- <scope>test</scope>
+ <groupId>org.projectlombok</groupId>
+ <artifactId>lombok</artifactId>
+ <scope>provided</scope>
</dependency>
+ <!-- TEST -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
@@ -288,7 +283,8 @@
<pullRegistry>${env.CONTAINER_PULL_REGISTRY}</pullRegistry>
<images>
<image>
- <name>o-ran-sc/nonrtric-plt-informationcoordinatorservice:${project.version}</name>
+ <name>
+ o-ran-sc/nonrtric-plt-informationcoordinatorservice:${project.version}</name>
<build>
<cleanup>try</cleanup>
<contextDir>${basedir}</contextDir>
@@ -315,7 +311,8 @@
<pushRegistry>${env.CONTAINER_PUSH_REGISTRY}</pushRegistry>
<images>
<image>
- <name>o-ran-sc/nonrtric-plt-informationcoordinatorservice:${project.version}</name>
+ <name>
+ o-ran-sc/nonrtric-plt-informationcoordinatorservice:${project.version}</name>
<build>
<contextDir>${basedir}</contextDir>
<dockerFile>Dockerfile</dockerFile>
diff --git a/src/main/java/org/oransc/ics/controllers/a1e/A1eController.java b/src/main/java/org/oransc/ics/controllers/a1e/A1eController.java
index 491e0dd..879d6d8 100644
--- a/src/main/java/org/oransc/ics/controllers/a1e/A1eController.java
+++ b/src/main/java/org/oransc/ics/controllers/a1e/A1eController.java
@@ -202,7 +202,7 @@
@RequestHeader Map<String, String> headers) {
return this.infoJobs.getJobMono(eiJobId)
- .flatMap(job -> authorization.authorizeDataJob(headers, job, AccessType.READ)) //
+ .flatMap(job -> authorization.doAccessControl(headers, job, AccessType.READ)) //
.map(job -> new ResponseEntity<Object>(gson.toJson(toEiJobInfo(job)), HttpStatus.OK))
.onErrorResume(ErrorResponse::createMono);
}
@@ -258,7 +258,7 @@
@RequestHeader Map<String, String> headers) {
return this.infoJobs.getJobMono(eiJobId)
- .flatMap(job -> authorization.authorizeDataJob(headers, job, AccessType.WRITE)) //
+ .flatMap(job -> authorization.doAccessControl(headers, job, AccessType.WRITE)) //
.doOnNext(job -> this.infoJobs.remove(job, this.infoProducers))
.map(x -> new ResponseEntity<>(HttpStatus.NO_CONTENT)).onErrorResume(ErrorResponse::createMono);
}
@@ -299,7 +299,7 @@
try {
InfoType eiType = this.infoTypes.getCompatibleType(eiJobObject.eiTypeId);
- return authorization.authorizeDataJob(headers, eiType, eiJobObject.jobDefinition, AccessType.WRITE) //
+ return authorization.doAccessControl(headers, eiType, eiJobObject.jobDefinition, AccessType.WRITE) //
.flatMap(x -> validatePutEiJob(eiJobId, eiType, eiJobObject)) //
.flatMap(job -> startEiJob(job, eiType)) //
.doOnNext(newEiJob -> this.infoJobs.put(newEiJob)) //
diff --git a/src/main/java/org/oransc/ics/controllers/authorization/AuthorizationCheck.java b/src/main/java/org/oransc/ics/controllers/authorization/AuthorizationCheck.java
index 14b0291..dde7104 100644
--- a/src/main/java/org/oransc/ics/controllers/authorization/AuthorizationCheck.java
+++ b/src/main/java/org/oransc/ics/controllers/authorization/AuthorizationCheck.java
@@ -56,12 +56,12 @@
this.restClient = restClientFactory.createRestClientUseHttpProxy("");
}
- public Mono<InfoJob> authorizeDataJob(Map<String, String> receivedHttpHeaders, InfoJob job, AccessType accessType) {
- return authorizeDataJob(receivedHttpHeaders, job.getType(), job.getJobData(), accessType) //
+ public Mono<InfoJob> doAccessControl(Map<String, String> receivedHttpHeaders, InfoJob job, AccessType accessType) {
+ return doAccessControl(receivedHttpHeaders, job.getType(), job.getJobData(), accessType) //
.map(x -> job);
}
- public Mono<InfoType> authorizeDataJob(Map<String, String> receivedHttpHeaders, InfoType type, Object jobDefinition,
+ public Mono<InfoType> doAccessControl(Map<String, String> receivedHttpHeaders, InfoType type, Object jobDefinition,
AccessType accessType) {
if (this.applicationConfig.getAuthAgentUrl().isEmpty()) {
return Mono.just(type);
diff --git a/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerController.java b/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerController.java
index cd557c1..b48ac35 100644
--- a/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerController.java
+++ b/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerController.java
@@ -205,7 +205,7 @@
return Flux.fromIterable(this.infoJobs.getJobsForOwner(owner))
.doOnNext(job -> logger.debug("DELETE info jobs, id: {}, type: {}, owner: {}", job.getId(),
job.getType().getId(), owner))
- .flatMap(job -> this.authorization.authorizeDataJob(headers, job, AccessType.WRITE)) //
+ .flatMap(job -> this.authorization.doAccessControl(headers, job, AccessType.WRITE)) //
.doOnNext(job -> this.infoJobs.remove(job, this.infoProducers)) //
.collectList() //
.map(l -> new ResponseEntity<>(HttpStatus.NO_CONTENT)) //
@@ -231,7 +231,7 @@
logger.debug("GET info job, id: {}", infoJobId);
return this.infoJobs.getJobMono(infoJobId) //
- .flatMap(job -> authorization.authorizeDataJob(headers, job, AccessType.READ)) //
+ .flatMap(job -> authorization.doAccessControl(headers, job, AccessType.READ)) //
.map(job -> new ResponseEntity<Object>(gson.toJson(toInfoJobInfo(job)), HttpStatus.OK)) //
.onErrorResume(ErrorResponse::createMono);
}
@@ -294,7 +294,7 @@
logger.debug("DELETE info job, id: {}", jobId);
return this.infoJobs.getJobMono(jobId) //
- .flatMap(job -> authorization.authorizeDataJob(headers, job, AccessType.WRITE)) //
+ .flatMap(job -> authorization.doAccessControl(headers, job, AccessType.WRITE)) //
.doOnNext(job -> this.infoJobs.remove(job, this.infoProducers)) //
.map(job -> new ResponseEntity<>(HttpStatus.NO_CONTENT)) //
.onErrorResume(ErrorResponse::createMono);
@@ -339,7 +339,7 @@
InfoType infoType = this.infoTypes.getCompatibleType(informationJobObject.infoTypeId);
return authorization
- .authorizeDataJob(headers, infoType, informationJobObject.jobDefinition, AccessType.WRITE) //
+ .doAccessControl(headers, infoType, informationJobObject.jobDefinition, AccessType.WRITE) //
.flatMap(x -> validatePutInfoJob(jobId, infoType, informationJobObject)) //
.flatMap(job -> startInfoSubscriptionJob(job, infoType)) //
.doOnNext(this.infoJobs::put) //
diff --git a/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerJobInfo.java b/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerJobInfo.java
index 4495530..62483d0 100644
--- a/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerJobInfo.java
+++ b/src/main/java/org/oransc/ics/controllers/r1consumer/ConsumerJobInfo.java
@@ -50,7 +50,7 @@
@Schema(name = "job_result_uri", description = "The target URI of the subscribed information", required = true)
@SerializedName("job_result_uri")
- @JsonProperty(value = "job_result_uri", required = true)
+ @JsonProperty(value = "job_result_uri", required = false)
public String jobResultUri = "";
@Schema(
diff --git a/src/test/java/org/oransc/ics/ApplicationTest.java b/src/test/java/org/oransc/ics/ApplicationTest.java
index 8ddba05..3d8a95b 100644
--- a/src/test/java/org/oransc/ics/ApplicationTest.java
+++ b/src/test/java/org/oransc/ics/ApplicationTest.java
@@ -122,7 +122,7 @@
private final String TYPE_ID = "typeId_1.9.9";
private final String PRODUCER_ID = "producerId";
private final String EI_JOB_PROPERTY = "\"property1\"";
- private final String EI_JOB_ID = "jobId";
+ private final String JOB_ID = "jobId";
@Autowired
ApplicationContext context;
@@ -191,6 +191,7 @@
this.securityContext.setAuthTokenFilePath(null);
this.applicationConfig.setAuthAgentUrl("");
this.openPolicyAgentSimulatorController.getTestResults().reset();
+ this.applicationConfig.setAuthAgentUrl(baseUrl() + OpenPolicyAgentSimulatorController.SUBSCRIPTION_AUTH_URL);
}
@AfterEach
@@ -491,7 +492,7 @@
InfoJob job = this.infoJobs.getJob("jobId");
assertThat(job.getOwner()).isEqualTo("owner");
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ verifyJobStatus(JOB_ID, "ENABLED");
}
@Test
@@ -510,8 +511,8 @@
putInfoProducerWithOneType(REG_TYPE_ID4, REG_TYPE_ID4);
putInfoProducerWithOneType(REG_TYPE_ID5, REG_TYPE_ID5);
- String url = A1eConsts.API_ROOT + "/eijobs/" + EI_JOB_ID;
- String body = gson.toJson(eiJobInfo(PUT_TYPE_ID, EI_JOB_ID));
+ String url = A1eConsts.API_ROOT + "/eijobs/" + JOB_ID;
+ String body = gson.toJson(eiJobInfo(PUT_TYPE_ID, JOB_ID));
ResponseEntity<String> resp = restClient().putForEntity(url, body).block();
assertThat(this.infoJobs.size()).isEqualTo(1);
assertThat(this.infoJobs.getJobs().iterator().next().getType().getId()).isEqualTo(REG_TYPE_ID1);
@@ -529,14 +530,14 @@
final String REG_TYPE_ID1 = "type_1.5.0"; // Compatible
putInfoProducerWithOneType(REG_TYPE_ID1, REG_TYPE_ID1);
- String body = gson.toJson(eiJobInfo("junkTypeId", EI_JOB_ID));
+ String body = gson.toJson(eiJobInfo("junkTypeId", JOB_ID));
String url = A1eConsts.API_ROOT + "/eijobs/jobId";
testErrorCode(restClient().put(url, body), HttpStatus.NOT_FOUND, "not found");
- url = A1eConsts.API_ROOT + "/eijobs/" + EI_JOB_ID;
+ url = A1eConsts.API_ROOT + "/eijobs/" + JOB_ID;
final String PUT_TYPE_ERROR_ID = "type_1.1";
- body = gson.toJson(eiJobInfo(PUT_TYPE_ERROR_ID, EI_JOB_ID));
+ body = gson.toJson(eiJobInfo(PUT_TYPE_ERROR_ID, JOB_ID));
testErrorCode(restClient().put(url, body), HttpStatus.NOT_FOUND, "not found");
}
@@ -561,7 +562,7 @@
InfoJob job = this.infoJobs.getJob("jobId");
assertThat(job.getOwner()).isEqualTo("owner");
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ verifyJobStatus(JOB_ID, "ENABLED");
body = gson.toJson(consumerJobInfo("junkTypeId", "jobId", ""));
testErrorCode(restClient().put(url, body), HttpStatus.NOT_FOUND, "not found");
@@ -603,7 +604,7 @@
// the principles for backwards compability.
assertThat(request.typeId.equals(REG_TYPE_ID1) || request.typeId.equals(REG_TYPE_ID2)).isTrue();
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ verifyJobStatus(JOB_ID, "ENABLED");
// Test update job
resp = restClient().putForEntity(url, body).block();
@@ -717,7 +718,7 @@
void producerDeleteTypeExistingJob() throws Exception {
putInfoType(TYPE_ID);
String url = ProducerConsts.API_ROOT + "/info-types/" + TYPE_ID;
- putInfoJob(TYPE_ID, EI_JOB_ID);
+ putInfoJob(TYPE_ID, JOB_ID);
restClient().delete(url).block();
assertThat(this.infoTypes.size()).isZero();
@@ -728,7 +729,7 @@
@Test
void producerPutProducerWithOneType_rejecting() throws Exception {
putInfoProducerWithOneTypeRejecting("simulateProducerError", TYPE_ID);
- String url = A1eConsts.API_ROOT + "/eijobs/" + EI_JOB_ID;
+ String url = A1eConsts.API_ROOT + "/eijobs/" + JOB_ID;
String body = gson.toJson(eiJobInfo());
restClient().put(url, body).block();
@@ -737,7 +738,7 @@
await().untilAsserted(() -> assertThat(simulatorResults.noOfRejectedCreate).isEqualTo(2));
assertThat(simulatorResults.noOfRejectedCreate).isEqualTo(2);
- verifyJobStatus(EI_JOB_ID, "DISABLED");
+ verifyJobStatus(JOB_ID, "DISABLED");
}
@Test
@@ -898,18 +899,18 @@
// Create a job
putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
- putInfoJob(TYPE_ID, EI_JOB_ID);
+ putInfoJob(TYPE_ID, JOB_ID);
// change the type for the producer, the job shall be disabled
putInfoProducerWithOneType(PRODUCER_ID, "junk");
- verifyJobStatus(EI_JOB_ID, "DISABLED");
+ verifyJobStatus(JOB_ID, "DISABLED");
A1eCallbacksSimulatorController.TestResults consumerCalls = this.a1eCallbacksSimulator.getTestResults();
await().untilAsserted(() -> assertThat(consumerCalls.eiJobStatusCallbacks).hasSize(1));
assertThat(consumerCalls.eiJobStatusCallbacks.get(0).state)
.isEqualTo(A1eEiJobStatus.EiJobStatusValues.DISABLED);
putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ verifyJobStatus(JOB_ID, "ENABLED");
await().untilAsserted(() -> assertThat(consumerCalls.eiJobStatusCallbacks).hasSize(2));
assertThat(consumerCalls.eiJobStatusCallbacks.get(1).state).isEqualTo(A1eEiJobStatus.EiJobStatusValues.ENABLED);
}
@@ -951,14 +952,14 @@
{
// Create a job
putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
- putInfoJob(TYPE_ID, EI_JOB_ID);
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ putInfoJob(TYPE_ID, JOB_ID);
+ verifyJobStatus(JOB_ID, "ENABLED");
deleteInfoProducer(PRODUCER_ID);
// A Job disabled status notification shall now be received
await().untilAsserted(() -> assertThat(consumerResults.eiJobStatusCallbacks).hasSize(1));
assertThat(consumerResults.eiJobStatusCallbacks.get(0).state)
.isEqualTo(A1eEiJobStatus.EiJobStatusValues.DISABLED);
- verifyJobStatus(EI_JOB_ID, "DISABLED");
+ verifyJobStatus(JOB_ID, "DISABLED");
}
assertThat(this.infoProducers.size()).isEqualTo(1);
@@ -983,7 +984,7 @@
await().untilAsserted(() -> assertThat(consumerResults.eiJobStatusCallbacks).hasSize(2));
assertThat(consumerResults.eiJobStatusCallbacks.get(1).state)
.isEqualTo(A1eEiJobStatus.EiJobStatusValues.ENABLED);
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ verifyJobStatus(JOB_ID, "ENABLED");
}
@Test
@@ -992,15 +993,15 @@
// suceeded
putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
- putInfoJob(TYPE_ID, EI_JOB_ID);
+ putInfoJob(TYPE_ID, JOB_ID);
InfoProducer producer = this.infoProducers.getProducer(PRODUCER_ID);
- InfoJob job = this.infoJobs.getJob(EI_JOB_ID);
+ InfoJob job = this.infoJobs.getJob(JOB_ID);
// Pretend that the producer did reject the job and the a DISABLED notification
// is sent for the job
producer.setJobDisabled(job);
job.setLastReportedStatus(false);
- verifyJobStatus(EI_JOB_ID, "DISABLED");
+ verifyJobStatus(JOB_ID, "DISABLED");
// Run the supervision and wait for the job to get started in the producer
this.producerSupervision.createTask().blockLast();
@@ -1008,7 +1009,7 @@
await().untilAsserted(() -> assertThat(consumerResults.eiJobStatusCallbacks).hasSize(1));
assertThat(consumerResults.eiJobStatusCallbacks.get(0).state)
.isEqualTo(A1eEiJobStatus.EiJobStatusValues.ENABLED);
- verifyJobStatus(EI_JOB_ID, "ENABLED");
+ verifyJobStatus(JOB_ID, "ENABLED");
}
@Test
@@ -1228,7 +1229,7 @@
}
@Test
- void testAuthorization() throws Exception {
+ void testFineGrainedAuthorizationCheck() throws Exception {
this.applicationConfig.setAuthAgentUrl(baseUrl() + OpenPolicyAgentSimulatorController.SUBSCRIPTION_AUTH_URL);
final String AUTH_TOKEN = "testToken";
Path authFile = Files.createTempFile("icsTestAuthToken", ".txt");
@@ -1246,16 +1247,65 @@
assertThat(authRequest.getInput().getAccessType()).isEqualTo(AccessType.WRITE);
assertThat(authRequest.getInput().getInfoTypeId()).isEqualTo(TYPE_ID);
assertThat(authRequest.getInput().getAuthToken()).isEqualTo(AUTH_TOKEN);
+ }
+
+ @Test
+ void testFineGrainedAuthorizationCheckRejections() throws Exception {
+ putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
+ putInfoJob(TYPE_ID, JOB_ID);
// Test rejection from OPA
this.applicationConfig
.setAuthAgentUrl(baseUrl() + OpenPolicyAgentSimulatorController.SUBSCRIPTION_REJECT_AUTH_URL);
+ var testResults = openPolicyAgentSimulatorController.getTestResults();
- String url = ConsumerConsts.API_ROOT + "/info-jobs/jobId";
+ // R1
+ String url = ConsumerConsts.API_ROOT + "/info-jobs/" + JOB_ID;
testErrorCode(restClient().delete(url), HttpStatus.UNAUTHORIZED, "Not authorized");
assertThat(testResults.receivedRequests).hasSize(2);
- authRequest = testResults.receivedRequests.get(1);
+ SubscriptionAuthRequest authRequest = testResults.receivedRequests.get(1);
assertThat(authRequest.getInput().getAccessType()).isEqualTo(AccessType.WRITE);
+
+ String body = gson.toJson(consumerJobInfo(TYPE_ID, JOB_ID, "owner"));
+ testErrorCode(restClient().put(url, body), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ testErrorCode(restClient().get(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ // A1-E
+ url = A1eConsts.API_ROOT + "/eijobs/" + JOB_ID;
+ testErrorCode(restClient().get(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ testErrorCode(restClient().delete(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ body = gson.toJson(eiJobInfo(TYPE_ID, JOB_ID, "owner"));
+ testErrorCode(restClient().put(url, body), HttpStatus.UNAUTHORIZED, "Not authorized");
+ }
+
+ @Test
+ void testFineGrainedAuthorizationCheckRejections_OPA_UNAVALIABLE() throws Exception {
+ putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
+ putInfoJob(TYPE_ID, JOB_ID);
+
+ // Test rejection from OPA
+ this.applicationConfig.setAuthAgentUrl("junk");
+
+ // R1
+ String url = ConsumerConsts.API_ROOT + "/info-jobs/" + JOB_ID;
+ testErrorCode(restClient().delete(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ String body = gson.toJson(consumerJobInfo(TYPE_ID, JOB_ID, "owner"));
+ testErrorCode(restClient().put(url, body), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ testErrorCode(restClient().get(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ // A1-E
+ url = A1eConsts.API_ROOT + "/eijobs/" + JOB_ID;
+ testErrorCode(restClient().get(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ testErrorCode(restClient().delete(url), HttpStatus.UNAUTHORIZED, "Not authorized");
+
+ body = gson.toJson(eiJobInfo(TYPE_ID, JOB_ID, "owner"));
+ testErrorCode(restClient().put(url, body), HttpStatus.UNAUTHORIZED, "Not authorized");
}
@Test
@@ -1344,7 +1394,7 @@
}
private ConsumerJobInfo consumerJobInfo() throws JsonMappingException, JsonProcessingException {
- return consumerJobInfo(TYPE_ID, EI_JOB_ID, "owner");
+ return consumerJobInfo(TYPE_ID, JOB_ID, "owner");
}
ConsumerJobInfo consumerJobInfo(String typeId, String infoJobId, String owner)
@@ -1354,7 +1404,7 @@
}
private A1eEiJobInfo eiJobInfo() throws Exception {
- return eiJobInfo(TYPE_ID, EI_JOB_ID);
+ return eiJobInfo(TYPE_ID, JOB_ID);
}
A1eEiJobInfo eiJobInfo(String typeId, String infoJobId) throws Exception {
diff --git a/src/test/java/org/oransc/ics/MockInformationService.java b/src/test/java/org/oransc/ics/MockInformationService.java
index caff3e2..a2ce52b 100644
--- a/src/test/java/org/oransc/ics/MockInformationService.java
+++ b/src/test/java/org/oransc/ics/MockInformationService.java
@@ -21,8 +21,11 @@
package org.oransc.ics;
import org.junit.jupiter.api.Test;
+import org.oransc.ics.repository.InfoJobs;
+import org.oransc.ics.repository.InfoTypes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.server.LocalServerPort;
@@ -42,12 +45,26 @@
@LocalServerPort
private int port;
+ @Autowired
+ InfoTypes infoTypes;
+
+ @Autowired
+ InfoJobs infoJobs;
+
@Test
@SuppressWarnings("squid:S2699")
void runMock() throws Exception {
logger.warn("**************** Keeping server alive! " + this.port);
synchronized (this) {
- this.wait();
+ while (true) {
+ System.out.println("**** Types *** ");
+ this.infoTypes.getAllInfoTypes().forEach(type -> System.out.println(" " + type.getId()));
+ System.out.println("**** Jobs *** ");
+ this.infoJobs.getJobs()
+ .forEach(job -> System.out.println(" id: " + job.getId() + ", type:" + job.getType().getId()));
+ Thread.sleep(1000 * 60);
+
+ }
}
}
}
diff --git a/src/test/java/org/oransc/ics/controller/OpenPolicyAgentSimulatorController.java b/src/test/java/org/oransc/ics/controller/OpenPolicyAgentSimulatorController.java
index 89b23c2..f711ca9 100644
--- a/src/test/java/org/oransc/ics/controller/OpenPolicyAgentSimulatorController.java
+++ b/src/test/java/org/oransc/ics/controller/OpenPolicyAgentSimulatorController.java
@@ -59,8 +59,8 @@
private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
- public static final String SUBSCRIPTION_AUTH_URL = "/example-subscription-auth";
- public static final String SUBSCRIPTION_REJECT_AUTH_URL = "/example-subscription-auth-reject";
+ public static final String SUBSCRIPTION_AUTH_URL = "/example-authz-check";
+ public static final String SUBSCRIPTION_REJECT_AUTH_URL = "/example-authz-check-reject";
public static class TestResults {
@@ -93,7 +93,7 @@
public ResponseEntity<Object> subscriptionAuth( //
@RequestHeader Map<String, String> headers, //
@RequestBody SubscriptionAuthRequest request) {
- logger.info("Auth {}", request);
+ logger.debug("Auth {}", request);
testResults.receivedRequests.add(request);
String res = gson.toJson(AuthorizationResult.builder().result(true).build());
@@ -112,7 +112,7 @@
public ResponseEntity<Object> subscriptionAuthReject( //
@RequestHeader Map<String, String> headers, //
@RequestBody SubscriptionAuthRequest request) {
- logger.info("Auth Reject {}", request);
+ logger.debug("Auth Reject {}", request);
testResults.receivedRequests.add(request);
String res = gson.toJson(AuthorizationResult.builder().result(false).build());
return new ResponseEntity<>(res, HttpStatus.OK);