Code Review / nonrtric / plt / sme.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
NONRTRIC-946: Servicemanager - mock kong and capif as library
[nonrtric/plt/sme.git] / capifcore / internal / securityservice / security_test.go
diff --git a/capifcore/internal/securityservice/security_test.go b/capifcore/internal/securityservice/security_test.go
index 1abb8ae..ea0fbe6 100644 (file)
--- a/capifcore/internal/securityservice/security_test.go
+++ b/capifcore/internal/securityservice/security_test.go
@@ -66,7 +66,7 @@ func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
                Scope:       "3gpp#aefIdpath",
        }
        accessMgmMock := keycloackmocks.AccessManagement{}
-       accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, nil)
+       accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("map[string][]string")).Return(jwt, nil)
 
        requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
 
@@ -94,7 +94,7 @@ func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
        invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
        serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
        publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
-       accessMgmMock.AssertCalled(t, "GetToken", clientId, clientSecret, "3gpp#"+aefId+":"+path, "invokerrealm")
+       accessMgmMock.AssertNumberOfCalls(t, "GetToken", 1)
 }
 
 func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
@@ -213,7 +213,7 @@ func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
 
        jwt := keycloak.Jwttoken{}
        accessMgmMock := keycloackmocks.AccessManagement{}
-       accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, errors.New("invalid_credentials"))
+       accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("map[string][]string")).Return(jwt, errors.New("invalid_credentials"))
 
        requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
 
@@ -239,7 +239,7 @@ func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
        invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
        serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
        publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
-       accessMgmMock.AssertCalled(t, "GetToken", clientId, clientSecret, "3gpp#"+aefId+":"+path, "invokerrealm")
+       accessMgmMock.AssertNumberOfCalls(t, "GetToken", 1)
 }
 
 func TestPutTrustedInvokerSuccessfully(t *testing.T) {
@@ -282,7 +282,6 @@ func TestPutTrustedInvokerSuccessfully(t *testing.T) {
                assert.Equal(t, *security.SelSecurityMethod, publishserviceapi.SecurityMethodPKI)
        }
        invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
-
 }
 
 func TestPutTrustedInkoverNotRegistered(t *testing.T) {
@@ -379,7 +378,6 @@ func TestPutTrustedInvokerInterfaceDetailsNotNil(t *testing.T) {
                assert.Equal(t, publishserviceapi.SecurityMethodPSK, *security.SelSecurityMethod)
        }
        invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
-
 }
 
 func TestPutTrustedInvokerNotFoundSecurityMethod(t *testing.T) {
@@ -399,7 +397,10 @@ func TestPutTrustedInvokerNotFoundSecurityMethod(t *testing.T) {
        publishRegisterMock := publishmocks.PublishRegister{}
        publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
 
-       requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+       accessMgmMock := keycloackmocks.AccessManagement{}
+       accessMgmMock.On("AddClient", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(nil)
+
+       requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
 
        invokerId := "invokerId"
        serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
@@ -488,6 +489,108 @@ func TestGetSecurityContextByInvokerId(t *testing.T) {
        }
 }
 
+func TestUpdateTrustedInvoker(t *testing.T) {
+
+       requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
+
+       aefId := "aefId"
+       apiId := "apiId"
+       invokerId := "invokerId"
+       serviceSecurityTest := getServiceSecurity(aefId, apiId)
+       serviceSecurityTest.SecurityInfo[0].ApiId = &apiId
+       securityUnderTest.trustedInvokers[invokerId] = serviceSecurityTest
+
+       // Update the service security with valid invoker, should return 200 with updated service security
+       newNotifURL := "http://golang.org/"
+       serviceSecurityTest.NotificationDestination = common29122.Uri(newNotifURL)
+       result := testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/update").WithJsonBody(serviceSecurityTest).Go(t, requestHandler)
+
+       var resultResponse securityapi.ServiceSecurity
+       assert.Equal(t, http.StatusOK, result.Code())
+       err := result.UnmarshalBodyToObject(&resultResponse)
+       assert.NoError(t, err, "error unmarshaling response")
+       assert.Equal(t, newNotifURL, string(resultResponse.NotificationDestination))
+
+       // Update with a service security missing required NotificationDestination, should get 400 with problem details
+       invalidServiceSecurity := securityapi.ServiceSecurity{
+               SecurityInfo: []securityapi.SecurityInformation{
+                       {
+                               AefId: &aefId,
+                               ApiId: &apiId,
+                               PrefSecurityMethods: []publishserviceapi.SecurityMethod{
+                                       publishserviceapi.SecurityMethodOAUTH,
+                               },
+                       },
+               },
+       }
+
+       result = testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/update").WithJsonBody(invalidServiceSecurity).Go(t, requestHandler)
+
+       assert.Equal(t, http.StatusBadRequest, result.Code())
+       var problemDetails common29122.ProblemDetails
+       err = result.UnmarshalBodyToObject(&problemDetails)
+       assert.NoError(t, err, "error unmarshaling response")
+       assert.Equal(t, http.StatusBadRequest, *problemDetails.Status)
+       assert.Contains(t, *problemDetails.Cause, "missing")
+       assert.Contains(t, *problemDetails.Cause, "notificationDestination")
+
+       // Update a service security that has not been registered, should get 404 with problem details
+       missingId := "1"
+       result = testutil.NewRequest().Post("/trustedInvokers/"+missingId+"/update").WithJsonBody(serviceSecurityTest).Go(t, requestHandler)
+
+       assert.Equal(t, http.StatusNotFound, result.Code())
+       err = result.UnmarshalBodyToObject(&problemDetails)
+       assert.NoError(t, err, "error unmarshaling response")
+       assert.Equal(t, http.StatusNotFound, *problemDetails.Status)
+       assert.Contains(t, *problemDetails.Cause, "not register")
+       assert.Contains(t, *problemDetails.Cause, "trusted invoker")
+}
+
+func TestRevokeAuthorizationToInvoker(t *testing.T) {
+       aefId := "aefId"
+       apiId := "apiId"
+       invokerId := "invokerId"
+
+       notification := securityapi.SecurityNotification{
+               AefId:        &aefId,
+               ApiInvokerId: invokerId,
+               ApiIds:       []string{apiId},
+               Cause:        securityapi.CauseUNEXPECTEDREASON,
+       }
+
+       requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
+
+       serviceSecurityTest := getServiceSecurity(aefId, apiId)
+       serviceSecurityTest.SecurityInfo[0].ApiId = &apiId
+
+       apiIdTwo := "apiIdTwo"
+       secInfo := securityapi.SecurityInformation{
+               AefId: &aefId,
+               ApiId: &apiIdTwo,
+               PrefSecurityMethods: []publishserviceapi.SecurityMethod{
+                       publishserviceapi.SecurityMethodPKI,
+               },
+       }
+
+       serviceSecurityTest.SecurityInfo = append(serviceSecurityTest.SecurityInfo, secInfo)
+
+       securityUnderTest.trustedInvokers[invokerId] = serviceSecurityTest
+
+       // Revoke apiId
+       result := testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/delete").WithJsonBody(notification).Go(t, requestHandler)
+
+       assert.Equal(t, http.StatusNoContent, result.Code())
+       assert.Equal(t, 1, len(securityUnderTest.trustedInvokers[invokerId].SecurityInfo))
+
+       notification.ApiIds = []string{apiIdTwo}
+       // Revoke apiIdTwo
+       result = testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/delete").WithJsonBody(notification).Go(t, requestHandler)
+
+       assert.Equal(t, http.StatusNoContent, result.Code())
+       _, ok := securityUnderTest.trustedInvokers[invokerId]
+       assert.False(t, ok)
+}
+
 func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) (*echo.Echo, *Security) {
        swagger, err := securityapi.GetSwagger()
        if err != nil {
"nonrtric_plt_sme"