labs/vcloud-director/src/test/java/org/jclouds/vcloud/director/v1_5/features/admin/UserClientLiveTest.java - jclouds - Git at Google

 /*
  * Licensed to jclouds, Inc. (jclouds) under one or more
  * contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  jclouds licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.jclouds.vcloud.director.v1_5.features.admin;

 import static com.google.common.base.Objects.equal;
 import static org.jclouds.vcloud.director.v1_5.VCloudDirectorLiveTestConstants.OBJ_FIELD_UPDATABLE;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.fail;
 import static org.testng.AssertJUnit.assertFalse;

 import java.net.URI;

 import org.jclouds.rest.AuthorizationException;
 import org.jclouds.vcloud.director.v1_5.VCloudDirectorException;
 import org.jclouds.vcloud.director.v1_5.domain.Checks;
 import org.jclouds.vcloud.director.v1_5.domain.Error;
 import org.jclouds.vcloud.director.v1_5.domain.OrgPasswordPolicySettings;
 import org.jclouds.vcloud.director.v1_5.domain.Reference;
 import org.jclouds.vcloud.director.v1_5.domain.Role.DefaultRoles;
 import org.jclouds.vcloud.director.v1_5.domain.SessionWithToken;
 import org.jclouds.vcloud.director.v1_5.domain.User;
 import org.jclouds.vcloud.director.v1_5.features.admin.AdminOrgClient;
 import org.jclouds.vcloud.director.v1_5.features.admin.UserClient;
 import org.jclouds.vcloud.director.v1_5.internal.BaseVCloudDirectorClientLiveTest;
 import org.jclouds.vcloud.director.v1_5.login.SessionClient;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;

 import com.google.common.collect.Iterables;

 /**
  * Tests live behavior of {@link UserClient}.
  *
  * @author danikov
  */
 @Test(groups = { "live", "admin", "adminUser" }, singleThreaded = true, testName = "UserClientLiveTest")
 public class UserClientLiveTest extends BaseVCloudDirectorClientLiveTest {

    public static final String USER = "admin user";

    /*
     * Convenience references to API clients.
     */
    UserClient userClient;

    /*
     * Shared state between dependant tests.
     */
    private Reference orgRef;
    private User user;

    @Override
    @BeforeClass(alwaysRun = true)
    public void setupRequiredClients() {
       userClient = adminContext.getApi().getUserClient();
       orgRef = Iterables.getFirst(context.getApi().getOrgClient().getOrgList().getOrgs(), null).toAdminReference(endpoint);
    }

    @AfterClass(alwaysRun = true)
    public void cleanUp() throws Exception {
       if (user != null) {
          try {
             userClient.deleteUser(user.getHref());
          } catch (VCloudDirectorException e) {
             // ignore; user probably already deleted
          }
       }
    }

    @Test(description = "POST /admin/org/{id}/users")
    public void testCreateUser() {
       User newUser = randomTestUser("testCreateUser");
       user = userClient.createUser(orgRef.getHref(), newUser);
       Checks.checkUser(newUser);
    }

    @Test(description = "GET /admin/user/{id}",
          dependsOnMethods = { "testCreateUser" })
    public void testGetUser() {
       user = userClient.getUser(user.getHref());

       Checks.checkUser(user);
    }

    @Test(description = "PUT /admin/user/{id}",
          dependsOnMethods = { "testGetUser" })
    public void testUpdateUser() {
       User oldUser = user.toBuilder().build();
       User newUser = user.toBuilder()
          .fullName("new"+oldUser.getFullName())
          .emailAddress("new"+oldUser.getEmailAddress())
          .telephone("1-"+oldUser.getTelephone())
          .isEnabled(true)
          .im("new"+oldUser.getIM())
          .isAlertEnabled(true)
          .alertEmailPrefix("new"+oldUser.getAlertEmailPrefix())
          .alertEmail("new"+oldUser.getAlertEmail())
          .storedVmQuota(1)
          .deployedVmQuota(1)
          .password("newPassword")
          // TODO test setting other fields?
 //         .name("new"+oldUser.getName())
          .role(getRoleReferenceFor(DefaultRoles.AUTHOR))
          .build();

       userClient.updateUser(user.getHref(), newUser);
       user = userClient.getUser(user.getHref());

       Checks.checkUser(user);
       assertTrue(equal(user.getFullName(), newUser.getFullName()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "fullName"));
       assertTrue(equal(user.getEmailAddress(), newUser.getEmailAddress()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "emailAddress"));
       assertTrue(equal(user.getTelephone(), newUser.getTelephone()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "telephone"));
       assertTrue(equal(user.isEnabled(), newUser.isEnabled()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "isEnabled"));
       assertTrue(equal(user.getIM(), newUser.getIM()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "im"));
       assertTrue(equal(user.isAlertEnabled(), newUser.isAlertEnabled()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "isAlertEnabled"));
       assertTrue(equal(user.getAlertEmailPrefix(), newUser.getAlertEmailPrefix()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "alertEmailPrefix"));
       assertTrue(equal(user.getAlertEmail(), newUser.getAlertEmail()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "alertEmail"));
 //         assertTrue(equal(user.getRole(), newUser.getRole()),
 //               String.format(OBJ_FIELD_UPDATABLE, USER, "role"));
       assertTrue(equal(user.getStoredVmQuota(), newUser.getStoredVmQuota()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "storedVmQuota"));
       assertTrue(equal(user.getDeployedVmQuota(), newUser.getDeployedVmQuota()),
             String.format(OBJ_FIELD_UPDATABLE, USER, "deployedVmQuota"));

       // session client isn't typically exposed to the user, as it is implicit
       SessionClient sessionClient = context.utils().injector().getInstance(SessionClient.class);

       // Check the user can really login with the changed password
       // NOTE: the password is NOT returned in the User object returned from the server
       SessionWithToken sessionWithToken = sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "newPassword");
       assertNotNull(sessionWithToken.getToken());
       sessionClient.logoutSessionWithToken(sessionWithToken.getSession().getHref(), sessionWithToken.getToken());
    }

    @Test(description = "POST /admin/user/{id}/action/unlock", dependsOnMethods = { "testUpdateUser" })
    public void testUnlockUser() {
       // Need to know how many times to fail login to lock account
       AdminOrgClient adminOrgClient = adminContext.getApi().getOrgClient();
       OrgPasswordPolicySettings settingsToRevertTo = null;

       // session client isn't typically exposed to the user, as it is implicit
       SessionClient sessionClient = context.utils().injector().getInstance(SessionClient.class);

       OrgPasswordPolicySettings settings = adminOrgClient.getSettings(orgRef.getHref()).getPasswordPolicy();
       assertNotNull(settings);

       // Adjust account settings so we can lock the account - be careful to not set invalidLoginsBeforeLockout too low!
       if (!settings.isAccountLockoutEnabled()) {
          settingsToRevertTo = settings;
          settings = settings.toBuilder().accountLockoutEnabled(true).invalidLoginsBeforeLockout(5).build();
          settings = adminOrgClient.updatePasswordPolicy(orgRef.getHref(), settings);
       }

       assertTrue(settings.isAccountLockoutEnabled());

       for (int i=0; i<settings.getInvalidLoginsBeforeLockout()+1; i++) {
          try {
             sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "wrongpassword!");
             fail("Managed to login using the wrong password!");
          } catch(AuthorizationException ex) {
          }
       }

       user = userClient.getUser(user.getHref());
       assertTrue(user.isLocked());

       try {
          sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "newPassword");
          fail("Managed to login to locked account!");
       } catch(AuthorizationException ex) {
       }

       userClient.unlockUser(user.getHref());

       user = userClient.getUser(user.getHref());
       assertFalse(user.isLocked());

       // Double-check the user can now login again
       SessionWithToken sessionWithToken = sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "newPassword");
       assertNotNull(sessionWithToken.getToken());
       sessionClient.logoutSessionWithToken(sessionWithToken.getSession().getHref(), sessionWithToken.getToken());

       // Return account settings to the previous values, if necessary
       if (settingsToRevertTo != null) {
          adminOrgClient.updatePasswordPolicy(orgRef.getHref(), settingsToRevertTo);
       }
    }

    @Test(description = "DELETE /admin/user/{id}",
          dependsOnMethods = { "testCreateUser" } )
    public void testDeleteUser() {
       // Create a user to be deleted (so we remove dependencies on test ordering)
       User newUser = randomTestUser("testDeleteUser"+getTestDateTimeStamp());
       User userToBeDeleted = userClient.createUser(orgRef.getHref(), newUser);

       // Delete the user
       userClient.deleteUser(userToBeDeleted.getHref());

       // Confirm cannot no longer be accessed
       Error expected = Error.builder()
             .message("No access to entity \"(com.vmware.vcloud.entity.user:"+
                      userToBeDeleted.getId().substring("urn:vcloud:user:".length())+")\".")
             .majorErrorCode(403)
             .minorErrorCode("ACCESS_TO_RESOURCE_IS_FORBIDDEN")
             .build();

       try {
          userClient.getUser(userToBeDeleted.getHref());
          fail("Should give HTTP 403 error for accessing user after deleting it ("+userToBeDeleted+")");
       } catch (VCloudDirectorException vde) {
          assertEquals(vde.getError(), expected);
       }
    }
 }
	/*
	* Licensed to jclouds, Inc. (jclouds) under one or more
	* contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. jclouds licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.jclouds.vcloud.director.v1_5.features.admin;

	import static com.google.common.base.Objects.equal;
	import static org.jclouds.vcloud.director.v1_5.VCloudDirectorLiveTestConstants.OBJ_FIELD_UPDATABLE;
	import static org.testng.Assert.assertEquals;
	import static org.testng.Assert.assertNotNull;
	import static org.testng.Assert.assertTrue;
	import static org.testng.Assert.fail;
	import static org.testng.AssertJUnit.assertFalse;

	import java.net.URI;

	import org.jclouds.rest.AuthorizationException;
	import org.jclouds.vcloud.director.v1_5.VCloudDirectorException;
	import org.jclouds.vcloud.director.v1_5.domain.Checks;
	import org.jclouds.vcloud.director.v1_5.domain.Error;
	import org.jclouds.vcloud.director.v1_5.domain.OrgPasswordPolicySettings;
	import org.jclouds.vcloud.director.v1_5.domain.Reference;
	import org.jclouds.vcloud.director.v1_5.domain.Role.DefaultRoles;
	import org.jclouds.vcloud.director.v1_5.domain.SessionWithToken;
	import org.jclouds.vcloud.director.v1_5.domain.User;
	import org.jclouds.vcloud.director.v1_5.features.admin.AdminOrgClient;
	import org.jclouds.vcloud.director.v1_5.features.admin.UserClient;
	import org.jclouds.vcloud.director.v1_5.internal.BaseVCloudDirectorClientLiveTest;
	import org.jclouds.vcloud.director.v1_5.login.SessionClient;
	import org.testng.annotations.AfterClass;
	import org.testng.annotations.BeforeClass;
	import org.testng.annotations.Test;

	import com.google.common.collect.Iterables;

	/**
	* Tests live behavior of {@link UserClient}.
	*
	* @author danikov
	*/
	@Test(groups = { "live", "admin", "adminUser" }, singleThreaded = true, testName = "UserClientLiveTest")
	public class UserClientLiveTest extends BaseVCloudDirectorClientLiveTest {

	public static final String USER = "admin user";

	/*
	* Convenience references to API clients.
	*/
	UserClient userClient;

	/*
	* Shared state between dependant tests.
	*/
	private Reference orgRef;
	private User user;

	@Override
	@BeforeClass(alwaysRun = true)
	public void setupRequiredClients() {
	userClient = adminContext.getApi().getUserClient();
	orgRef = Iterables.getFirst(context.getApi().getOrgClient().getOrgList().getOrgs(), null).toAdminReference(endpoint);
	}

	@AfterClass(alwaysRun = true)
	public void cleanUp() throws Exception {
	if (user != null) {
	try {
	userClient.deleteUser(user.getHref());
	} catch (VCloudDirectorException e) {
	// ignore; user probably already deleted
	}
	}
	}

	@Test(description = "POST /admin/org/{id}/users")
	public void testCreateUser() {
	User newUser = randomTestUser("testCreateUser");
	user = userClient.createUser(orgRef.getHref(), newUser);
	Checks.checkUser(newUser);
	}

	@Test(description = "GET /admin/user/{id}",
	dependsOnMethods = { "testCreateUser" })
	public void testGetUser() {
	user = userClient.getUser(user.getHref());

	Checks.checkUser(user);
	}

	@Test(description = "PUT /admin/user/{id}",
	dependsOnMethods = { "testGetUser" })
	public void testUpdateUser() {
	User oldUser = user.toBuilder().build();
	User newUser = user.toBuilder()
	.fullName("new"+oldUser.getFullName())
	.emailAddress("new"+oldUser.getEmailAddress())
	.telephone("1-"+oldUser.getTelephone())
	.isEnabled(true)
	.im("new"+oldUser.getIM())
	.isAlertEnabled(true)
	.alertEmailPrefix("new"+oldUser.getAlertEmailPrefix())
	.alertEmail("new"+oldUser.getAlertEmail())
	.storedVmQuota(1)
	.deployedVmQuota(1)
	.password("newPassword")
	// TODO test setting other fields?
	// .name("new"+oldUser.getName())
	.role(getRoleReferenceFor(DefaultRoles.AUTHOR))
	.build();

	userClient.updateUser(user.getHref(), newUser);
	user = userClient.getUser(user.getHref());

	Checks.checkUser(user);
	assertTrue(equal(user.getFullName(), newUser.getFullName()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "fullName"));
	assertTrue(equal(user.getEmailAddress(), newUser.getEmailAddress()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "emailAddress"));
	assertTrue(equal(user.getTelephone(), newUser.getTelephone()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "telephone"));
	assertTrue(equal(user.isEnabled(), newUser.isEnabled()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "isEnabled"));
	assertTrue(equal(user.getIM(), newUser.getIM()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "im"));
	assertTrue(equal(user.isAlertEnabled(), newUser.isAlertEnabled()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "isAlertEnabled"));
	assertTrue(equal(user.getAlertEmailPrefix(), newUser.getAlertEmailPrefix()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "alertEmailPrefix"));
	assertTrue(equal(user.getAlertEmail(), newUser.getAlertEmail()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "alertEmail"));
	// assertTrue(equal(user.getRole(), newUser.getRole()),
	// String.format(OBJ_FIELD_UPDATABLE, USER, "role"));
	assertTrue(equal(user.getStoredVmQuota(), newUser.getStoredVmQuota()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "storedVmQuota"));
	assertTrue(equal(user.getDeployedVmQuota(), newUser.getDeployedVmQuota()),
	String.format(OBJ_FIELD_UPDATABLE, USER, "deployedVmQuota"));

	// session client isn't typically exposed to the user, as it is implicit
	SessionClient sessionClient = context.utils().injector().getInstance(SessionClient.class);

	// Check the user can really login with the changed password
	// NOTE: the password is NOT returned in the User object returned from the server
	SessionWithToken sessionWithToken = sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "newPassword");
	assertNotNull(sessionWithToken.getToken());
	sessionClient.logoutSessionWithToken(sessionWithToken.getSession().getHref(), sessionWithToken.getToken());
	}

	@Test(description = "POST /admin/user/{id}/action/unlock", dependsOnMethods = { "testUpdateUser" })
	public void testUnlockUser() {
	// Need to know how many times to fail login to lock account
	AdminOrgClient adminOrgClient = adminContext.getApi().getOrgClient();
	OrgPasswordPolicySettings settingsToRevertTo = null;

	// session client isn't typically exposed to the user, as it is implicit
	SessionClient sessionClient = context.utils().injector().getInstance(SessionClient.class);

	OrgPasswordPolicySettings settings = adminOrgClient.getSettings(orgRef.getHref()).getPasswordPolicy();
	assertNotNull(settings);

	// Adjust account settings so we can lock the account - be careful to not set invalidLoginsBeforeLockout too low!
	if (!settings.isAccountLockoutEnabled()) {
	settingsToRevertTo = settings;
	settings = settings.toBuilder().accountLockoutEnabled(true).invalidLoginsBeforeLockout(5).build();
	settings = adminOrgClient.updatePasswordPolicy(orgRef.getHref(), settings);
	}

	assertTrue(settings.isAccountLockoutEnabled());

	for (int i=0; i<settings.getInvalidLoginsBeforeLockout()+1; i++) {
	try {
	sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "wrongpassword!");
	fail("Managed to login using the wrong password!");
	} catch(AuthorizationException ex) {
	}
	}

	user = userClient.getUser(user.getHref());
	assertTrue(user.isLocked());

	try {
	sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "newPassword");
	fail("Managed to login to locked account!");
	} catch(AuthorizationException ex) {
	}

	userClient.unlockUser(user.getHref());

	user = userClient.getUser(user.getHref());
	assertFalse(user.isLocked());

	// Double-check the user can now login again
	SessionWithToken sessionWithToken = sessionClient.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), orgRef.getName(), "newPassword");
	assertNotNull(sessionWithToken.getToken());
	sessionClient.logoutSessionWithToken(sessionWithToken.getSession().getHref(), sessionWithToken.getToken());

	// Return account settings to the previous values, if necessary
	if (settingsToRevertTo != null) {
	adminOrgClient.updatePasswordPolicy(orgRef.getHref(), settingsToRevertTo);
	}
	}

	@Test(description = "DELETE /admin/user/{id}",
	dependsOnMethods = { "testCreateUser" } )
	public void testDeleteUser() {
	// Create a user to be deleted (so we remove dependencies on test ordering)
	User newUser = randomTestUser("testDeleteUser"+getTestDateTimeStamp());
	User userToBeDeleted = userClient.createUser(orgRef.getHref(), newUser);

	// Delete the user
	userClient.deleteUser(userToBeDeleted.getHref());

	// Confirm cannot no longer be accessed
	Error expected = Error.builder()
	.message("No access to entity \"(com.vmware.vcloud.entity.user:"+
	userToBeDeleted.getId().substring("urn:vcloud:user:".length())+")\".")
	.majorErrorCode(403)
	.minorErrorCode("ACCESS_TO_RESOURCE_IS_FORBIDDEN")
	.build();

	try {
	userClient.getUser(userToBeDeleted.getHref());
	fail("Should give HTTP 403 error for accessing user after deleting it ("+userToBeDeleted+")");
	} catch (VCloudDirectorException vde) {
	assertEquals(vde.getError(), expected);
	}
	}
	}