nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/SecureNiFiRegistryClientIT.java - nifi-registry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.registry.web.api;

 import org.apache.nifi.registry.NiFiRegistryTestApiApplication;
 import org.apache.nifi.registry.authorization.Permissions;
 import org.apache.nifi.registry.bucket.Bucket;
 import org.apache.nifi.registry.client.BucketClient;
 import org.apache.nifi.registry.client.FlowClient;
 import org.apache.nifi.registry.client.FlowSnapshotClient;
 import org.apache.nifi.registry.client.NiFiRegistryClient;
 import org.apache.nifi.registry.client.NiFiRegistryClientConfig;
 import org.apache.nifi.registry.client.NiFiRegistryException;
 import org.apache.nifi.registry.client.UserClient;
 import org.apache.nifi.registry.client.impl.JerseyNiFiRegistryClient;
 import org.apache.nifi.registry.flow.VersionedFlow;
 import org.apache.nifi.registry.flow.VersionedFlowSnapshot;
 import org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata;
 import org.apache.nifi.registry.flow.VersionedProcessGroup;
 import org.apache.nifi.registry.authorization.CurrentUser;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.annotation.Import;
 import org.springframework.test.context.jdbc.Sql;
 import org.springframework.test.context.junit4.SpringRunner;

 import javax.ws.rs.ForbiddenException;
 import java.io.IOException;
 import java.util.List;

 @RunWith(SpringRunner.class)
 @SpringBootTest(
         classes = NiFiRegistryTestApiApplication.class,
         webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
         properties = "spring.profiles.include=ITSecureFile")
 @Import(SecureITClientConfiguration.class)
 @Sql(executionPhase = Sql.ExecutionPhase.BEFORE_TEST_METHOD, scripts = {"classpath:db/clearDB.sql", "classpath:db/FlowsIT.sql"})
 public class SecureNiFiRegistryClientIT extends IntegrationTestBase {

     static final Logger LOGGER = LoggerFactory.getLogger(SecureNiFiRegistryClientIT.class);

     private NiFiRegistryClient client;

     @Before
     public void setup() {
         final String baseUrl = createBaseURL();
         LOGGER.info("Using base url = " + baseUrl);

         final NiFiRegistryClientConfig clientConfig = createClientConfig(baseUrl);
         Assert.assertNotNull(clientConfig);

         final NiFiRegistryClient client = new JerseyNiFiRegistryClient.Builder()
                 .config(clientConfig)
                 .build();
         Assert.assertNotNull(client);
         this.client = client;
     }

     @After
     public void teardown() {
         try {
             client.close();
         } catch (Exception e) {

         }
     }

     @Test
     public void testGetAccessStatus() throws IOException, NiFiRegistryException {
         final UserClient userClient = client.getUserClient();
         final CurrentUser currentUser = userClient.getAccessStatus();
         Assert.assertEquals("CN=user1, OU=nifi", currentUser.getIdentity());
         Assert.assertFalse(currentUser.isAnonymous());
         Assert.assertNotNull(currentUser.getResourcePermissions());
         Permissions fullAccess = new Permissions().withCanRead(true).withCanWrite(true).withCanDelete(true);
         Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getAnyTopLevelResource());
         Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getBuckets());
         Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getTenants());
         Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getPolicies());
         Assert.assertEquals(new Permissions().withCanWrite(true).withCanRead(true).withCanDelete(true), currentUser.getResourcePermissions().getProxy());
     }

     @Test
     public void testCrudOperations() throws IOException, NiFiRegistryException {
         final Bucket bucket = new Bucket();
         bucket.setName("Bucket 1 " + System.currentTimeMillis());
         bucket.setDescription("This is bucket 1");

         final BucketClient bucketClient = client.getBucketClient();
         final Bucket createdBucket = bucketClient.create(bucket);
         Assert.assertNotNull(createdBucket);
         Assert.assertNotNull(createdBucket.getIdentifier());

         final List<Bucket> buckets = bucketClient.getAll();
         Assert.assertEquals(4, buckets.size());

         final VersionedFlow flow = new VersionedFlow();
         flow.setBucketIdentifier(createdBucket.getIdentifier());
         flow.setName("Flow 1 - " + System.currentTimeMillis());

         final FlowClient flowClient = client.getFlowClient();
         final VersionedFlow createdFlow = flowClient.create(flow);
         Assert.assertNotNull(createdFlow);
         Assert.assertNotNull(createdFlow.getIdentifier());

         final VersionedFlowSnapshotMetadata snapshotMetadata = new VersionedFlowSnapshotMetadata();
         snapshotMetadata.setBucketIdentifier(createdFlow.getBucketIdentifier());
         snapshotMetadata.setFlowIdentifier(createdFlow.getIdentifier());
         snapshotMetadata.setVersion(1);
         snapshotMetadata.setComments("This is snapshot #1");

         final VersionedProcessGroup rootProcessGroup = new VersionedProcessGroup();
         rootProcessGroup.setIdentifier("root-pg");
         rootProcessGroup.setName("Root Process Group");

         final VersionedFlowSnapshot snapshot = new VersionedFlowSnapshot();
         snapshot.setSnapshotMetadata(snapshotMetadata);
         snapshot.setFlowContents(rootProcessGroup);

         final FlowSnapshotClient snapshotClient = client.getFlowSnapshotClient();
         final VersionedFlowSnapshot createdSnapshot = snapshotClient.create(snapshot);
         Assert.assertNotNull(createdSnapshot);
         Assert.assertEquals("CN=user1, OU=nifi", createdSnapshot.getSnapshotMetadata().getAuthor());
     }

     @Test
     public void testGetAccessStatusWithProxiedEntity() throws IOException, NiFiRegistryException {
         final String proxiedEntity = "user2";
         final UserClient userClient = client.getUserClient(proxiedEntity);
         final CurrentUser status = userClient.getAccessStatus();
         Assert.assertEquals("user2", status.getIdentity());
         Assert.assertFalse(status.isAnonymous());
     }

     @Test
     public void testCreatedBucketWithProxiedEntity() throws IOException, NiFiRegistryException {
         final String proxiedEntity = "user2";
         final BucketClient bucketClient = client.getBucketClient(proxiedEntity);

         final Bucket bucket = new Bucket();
         bucket.setName("Bucket 1");
         bucket.setDescription("This is bucket 1");

         try {
             bucketClient.create(bucket);
             Assert.fail("Shouldn't have been able to create a bucket");
         } catch (Exception e) {

         }
     }

     @Test
     public void testDirectFlowAccess() throws IOException {
         // this user shouldn't have access to anything
         final String proxiedEntity = "CN=no-access, OU=nifi";

         final FlowClient proxiedFlowClient = client.getFlowClient(proxiedEntity);
         final FlowSnapshotClient proxiedFlowSnapshotClient = client.getFlowSnapshotClient(proxiedEntity);

         try {
             proxiedFlowClient.get("1");
             Assert.fail("Shouldn't have been able to retrieve flow");
         } catch (NiFiRegistryException e) {
             Assert.assertTrue(e.getCause()  instanceof ForbiddenException);
         }

         try {
             proxiedFlowSnapshotClient.getLatest("1");
             Assert.fail("Shouldn't have been able to retrieve flow");
         } catch (NiFiRegistryException e) {
             Assert.assertTrue(e.getCause()  instanceof ForbiddenException);
         }

         try {
             proxiedFlowSnapshotClient.getLatestMetadata("1");
             Assert.fail("Shouldn't have been able to retrieve flow");
         } catch (NiFiRegistryException e) {
             Assert.assertTrue(e.getCause()  instanceof ForbiddenException);
         }

         try {
             proxiedFlowSnapshotClient.get("1", 1);
             Assert.fail("Shouldn't have been able to retrieve flow");
         } catch (NiFiRegistryException e) {
             Assert.assertTrue(e.getCause()  instanceof ForbiddenException);
         }

         try {
             proxiedFlowSnapshotClient.getSnapshotMetadata("1");
             Assert.fail("Shouldn't have been able to retrieve flow");
         } catch (NiFiRegistryException e) {
             Assert.assertTrue(e.getCause()  instanceof ForbiddenException);
         }

     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.registry.web.api;

	import org.apache.nifi.registry.NiFiRegistryTestApiApplication;
	import org.apache.nifi.registry.authorization.Permissions;
	import org.apache.nifi.registry.bucket.Bucket;
	import org.apache.nifi.registry.client.BucketClient;
	import org.apache.nifi.registry.client.FlowClient;
	import org.apache.nifi.registry.client.FlowSnapshotClient;
	import org.apache.nifi.registry.client.NiFiRegistryClient;
	import org.apache.nifi.registry.client.NiFiRegistryClientConfig;
	import org.apache.nifi.registry.client.NiFiRegistryException;
	import org.apache.nifi.registry.client.UserClient;
	import org.apache.nifi.registry.client.impl.JerseyNiFiRegistryClient;
	import org.apache.nifi.registry.flow.VersionedFlow;
	import org.apache.nifi.registry.flow.VersionedFlowSnapshot;
	import org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata;
	import org.apache.nifi.registry.flow.VersionedProcessGroup;
	import org.apache.nifi.registry.authorization.CurrentUser;
	import org.junit.After;
	import org.junit.Assert;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.boot.test.context.SpringBootTest;
	import org.springframework.context.annotation.Import;
	import org.springframework.test.context.jdbc.Sql;
	import org.springframework.test.context.junit4.SpringRunner;

	import javax.ws.rs.ForbiddenException;
	import java.io.IOException;
	import java.util.List;

	@RunWith(SpringRunner.class)
	@SpringBootTest(
	classes = NiFiRegistryTestApiApplication.class,
	webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
	properties = "spring.profiles.include=ITSecureFile")
	@Import(SecureITClientConfiguration.class)
	@Sql(executionPhase = Sql.ExecutionPhase.BEFORE_TEST_METHOD, scripts = {"classpath:db/clearDB.sql", "classpath:db/FlowsIT.sql"})
	public class SecureNiFiRegistryClientIT extends IntegrationTestBase {

	static final Logger LOGGER = LoggerFactory.getLogger(SecureNiFiRegistryClientIT.class);

	private NiFiRegistryClient client;

	@Before
	public void setup() {
	final String baseUrl = createBaseURL();
	LOGGER.info("Using base url = " + baseUrl);

	final NiFiRegistryClientConfig clientConfig = createClientConfig(baseUrl);
	Assert.assertNotNull(clientConfig);

	final NiFiRegistryClient client = new JerseyNiFiRegistryClient.Builder()
	.config(clientConfig)
	.build();
	Assert.assertNotNull(client);
	this.client = client;
	}

	@After
	public void teardown() {
	try {
	client.close();
	} catch (Exception e) {

	}
	}

	@Test
	public void testGetAccessStatus() throws IOException, NiFiRegistryException {
	final UserClient userClient = client.getUserClient();
	final CurrentUser currentUser = userClient.getAccessStatus();
	Assert.assertEquals("CN=user1, OU=nifi", currentUser.getIdentity());
	Assert.assertFalse(currentUser.isAnonymous());
	Assert.assertNotNull(currentUser.getResourcePermissions());
	Permissions fullAccess = new Permissions().withCanRead(true).withCanWrite(true).withCanDelete(true);
	Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getAnyTopLevelResource());
	Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getBuckets());
	Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getTenants());
	Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getPolicies());
	Assert.assertEquals(new Permissions().withCanWrite(true).withCanRead(true).withCanDelete(true), currentUser.getResourcePermissions().getProxy());
	}

	@Test
	public void testCrudOperations() throws IOException, NiFiRegistryException {
	final Bucket bucket = new Bucket();
	bucket.setName("Bucket 1 " + System.currentTimeMillis());
	bucket.setDescription("This is bucket 1");

	final BucketClient bucketClient = client.getBucketClient();
	final Bucket createdBucket = bucketClient.create(bucket);
	Assert.assertNotNull(createdBucket);
	Assert.assertNotNull(createdBucket.getIdentifier());

	final List<Bucket> buckets = bucketClient.getAll();
	Assert.assertEquals(4, buckets.size());

	final VersionedFlow flow = new VersionedFlow();
	flow.setBucketIdentifier(createdBucket.getIdentifier());
	flow.setName("Flow 1 - " + System.currentTimeMillis());

	final FlowClient flowClient = client.getFlowClient();
	final VersionedFlow createdFlow = flowClient.create(flow);
	Assert.assertNotNull(createdFlow);
	Assert.assertNotNull(createdFlow.getIdentifier());

	final VersionedFlowSnapshotMetadata snapshotMetadata = new VersionedFlowSnapshotMetadata();
	snapshotMetadata.setBucketIdentifier(createdFlow.getBucketIdentifier());
	snapshotMetadata.setFlowIdentifier(createdFlow.getIdentifier());
	snapshotMetadata.setVersion(1);
	snapshotMetadata.setComments("This is snapshot #1");

	final VersionedProcessGroup rootProcessGroup = new VersionedProcessGroup();
	rootProcessGroup.setIdentifier("root-pg");
	rootProcessGroup.setName("Root Process Group");

	final VersionedFlowSnapshot snapshot = new VersionedFlowSnapshot();
	snapshot.setSnapshotMetadata(snapshotMetadata);
	snapshot.setFlowContents(rootProcessGroup);

	final FlowSnapshotClient snapshotClient = client.getFlowSnapshotClient();
	final VersionedFlowSnapshot createdSnapshot = snapshotClient.create(snapshot);
	Assert.assertNotNull(createdSnapshot);
	Assert.assertEquals("CN=user1, OU=nifi", createdSnapshot.getSnapshotMetadata().getAuthor());
	}

	@Test
	public void testGetAccessStatusWithProxiedEntity() throws IOException, NiFiRegistryException {
	final String proxiedEntity = "user2";
	final UserClient userClient = client.getUserClient(proxiedEntity);
	final CurrentUser status = userClient.getAccessStatus();
	Assert.assertEquals("user2", status.getIdentity());
	Assert.assertFalse(status.isAnonymous());
	}

	@Test
	public void testCreatedBucketWithProxiedEntity() throws IOException, NiFiRegistryException {
	final String proxiedEntity = "user2";
	final BucketClient bucketClient = client.getBucketClient(proxiedEntity);

	final Bucket bucket = new Bucket();
	bucket.setName("Bucket 1");
	bucket.setDescription("This is bucket 1");

	try {
	bucketClient.create(bucket);
	Assert.fail("Shouldn't have been able to create a bucket");
	} catch (Exception e) {

	}
	}

	@Test
	public void testDirectFlowAccess() throws IOException {
	// this user shouldn't have access to anything
	final String proxiedEntity = "CN=no-access, OU=nifi";

	final FlowClient proxiedFlowClient = client.getFlowClient(proxiedEntity);
	final FlowSnapshotClient proxiedFlowSnapshotClient = client.getFlowSnapshotClient(proxiedEntity);

	try {
	proxiedFlowClient.get("1");
	Assert.fail("Shouldn't have been able to retrieve flow");
	} catch (NiFiRegistryException e) {
	Assert.assertTrue(e.getCause() instanceof ForbiddenException);
	}

	try {
	proxiedFlowSnapshotClient.getLatest("1");
	Assert.fail("Shouldn't have been able to retrieve flow");
	} catch (NiFiRegistryException e) {
	Assert.assertTrue(e.getCause() instanceof ForbiddenException);
	}

	try {
	proxiedFlowSnapshotClient.getLatestMetadata("1");
	Assert.fail("Shouldn't have been able to retrieve flow");
	} catch (NiFiRegistryException e) {
	Assert.assertTrue(e.getCause() instanceof ForbiddenException);
	}

	try {
	proxiedFlowSnapshotClient.get("1", 1);
	Assert.fail("Shouldn't have been able to retrieve flow");
	} catch (NiFiRegistryException e) {
	Assert.assertTrue(e.getCause() instanceof ForbiddenException);
	}

	try {
	proxiedFlowSnapshotClient.getSnapshotMetadata("1");
	Assert.fail("Shouldn't have been able to retrieve flow");
	} catch (NiFiRegistryException e) {
	Assert.assertTrue(e.getCause() instanceof ForbiddenException);
	}

	}

	}