broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/AclRulePredicatesTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.qpid.server.security.access.config;

import static org.apache.qpid.server.security.access.config.ObjectProperties.Property.ATTRIBUTES;
import static org.apache.qpid.server.security.access.config.ObjectProperties.Property.CLASS;
import static org.apache.qpid.server.security.access.config.ObjectProperties.Property.CONNECTION_LIMIT;
import static org.apache.qpid.server.security.access.config.ObjectProperties.Property.FROM_HOSTNAME;
import static org.apache.qpid.server.security.access.config.ObjectProperties.Property.FROM_NETWORK;
import static org.apache.qpid.server.security.access.config.ObjectProperties.Property.NAME;
import static org.hamcrest.CoreMatchers.allOf;
import static org.hamcrest.collection.IsMapContaining.hasEntry;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;

import java.util.Map;
import java.util.Set;

import org.junit.Before;
import org.junit.Test;
import org.mockito.internal.util.collections.Sets;

import org.apache.qpid.server.security.access.firewall.FirewallRule;
import org.apache.qpid.server.security.access.firewall.FirewallRuleFactory;
import org.apache.qpid.test.utils.UnitTestBase;

public class AclRulePredicatesTest extends UnitTestBase
{
    private AclRulePredicates _aclRulePredicates = new AclRulePredicates();
    private FirewallRuleFactory _firewallRuleFactory = mock(FirewallRuleFactory.class);

    @Before
    public void setUp() throws Exception
    {
        _aclRulePredicates.setFirewallRuleFactory(_firewallRuleFactory);

        when(_firewallRuleFactory.createForHostname(any())).thenReturn(mock(FirewallRule.class));
        when(_firewallRuleFactory.createForNetwork(any())).thenReturn(mock(FirewallRule.class));
    }

    @Test
    public void testParse()
    {
        String name = "name";
        String className = "class";

        _aclRulePredicates.parse(NAME.name(), name);
        _aclRulePredicates.parse(CLASS.name(), className);

        assertEquals(name, _aclRulePredicates.getObjectProperties().get(NAME));
        assertEquals(className, _aclRulePredicates.getObjectProperties().get(CLASS));
    }

    @Test
    public void testParseHostnameFirewallRule()
    {
        String hostname = "hostname1,hostname2";
        _aclRulePredicates.parse(FROM_HOSTNAME.name(), hostname);

        verify(_firewallRuleFactory).createForHostname(new String[] {"hostname1", "hostname2"});
    }

    @Test
    public void testParseNetworkFirewallRule()
    {
        _aclRulePredicates.setFirewallRuleFactory(_firewallRuleFactory);

        String networks = "network1,network2";
        _aclRulePredicates.parse(FROM_NETWORK.name(), networks);

        verify(_firewallRuleFactory).createForNetwork(new String[] {"network1", "network2"});
    }

    @Test
    public void testParseThrowsExceptionIfBothHostnameAndNetworkSpecified()
    {
        _aclRulePredicates.parse(FROM_NETWORK.name(), "network1,network2");
        try
        {
            _aclRulePredicates.parse(FROM_HOSTNAME.name(), "hostname1,hostname2");
            fail("Exception not thrown");
        }
        catch(IllegalStateException e)
        {
            // pass
        }
    }

    @Test
    public void testParseAttributesRule()
    {
        String attributes = "attribute1,attribute2";
        _aclRulePredicates.parse(ATTRIBUTES.name(), attributes);

        final Set<String> attributesSet = Sets.newSet(attributes.split(","));
        assertEquals("Unexpected attributes",
                            attributesSet,
                            _aclRulePredicates.getObjectProperties().getAttributeNames());

    }

    @Test
    public void testGetParsedProperties()
    {
        _aclRulePredicates.parse(ATTRIBUTES.name(), "attribute1,attribute2");
        _aclRulePredicates.parse(FROM_NETWORK.name(), "network1,network2");
        _aclRulePredicates.parse(CONNECTION_LIMIT.name(), "20");

        final Map<ObjectProperties.Property, String> properties = _aclRulePredicates.getParsedProperties();

        assertThat(properties, allOf(hasEntry(ATTRIBUTES, "attribute1,attribute2"),
                                     hasEntry(FROM_NETWORK, "network1,network2"),
                                     hasEntry(CONNECTION_LIMIT, "20")));
    }
}