Skip to content
Permalink
Browse files
Merge pull request #8 from myrle-krantz/develop
Initialization via permitted-feign-client.
  • Loading branch information
myrle-krantz committed May 3, 2017
2 parents 580c553 + 3d4ce1c commit 436640bce6a6511a0366502c212e7c68721f97db
Showing 10 changed files with 261 additions and 100 deletions.
@@ -16,20 +16,17 @@
package io.mifos.provisioner.tenant;


import io.mifos.core.test.env.TestEnvironment;
import io.mifos.provisioner.api.v1.domain.CassandraConnectionInfo;
import io.mifos.provisioner.api.v1.domain.DatabaseConnectionInfo;
import io.mifos.provisioner.api.v1.domain.Tenant;

class Fixture {

private static Tenant compTestTenant = new Tenant();

static final String TENANT_IDENTIFIER = "comp-test";

static final String TENANT_NAME = "Comp Test";

static {
compTestTenant.setIdentifier(TENANT_IDENTIFIER);
static Tenant getCompTestTenant() {
final Tenant compTestTenant = new Tenant();
compTestTenant.setIdentifier(TestEnvironment.getRandomTenantName());
compTestTenant.setName(TENANT_NAME);
compTestTenant.setDescription("Component Test Tenant");

@@ -49,9 +46,7 @@ class Fixture {
databaseConnectionInfo.setPort("3306");
databaseConnectionInfo.setUser("root");
databaseConnectionInfo.setPassword("mysql");
}

static Tenant getCompTestTenant() {
return compTestTenant;
}
}
@@ -16,6 +16,7 @@
package io.mifos.provisioner.tenant;

import io.mifos.anubis.api.v1.client.Anubis;
import io.mifos.anubis.api.v1.domain.AllowedOperation;
import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
import io.mifos.anubis.api.v1.domain.PermittableEndpoint;
import io.mifos.anubis.api.v1.domain.Signature;
@@ -29,7 +30,11 @@
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.core.test.env.TestEnvironment;
import io.mifos.identity.api.v1.client.IdentityManager;
import io.mifos.identity.api.v1.domain.CallEndpointSet;
import io.mifos.identity.api.v1.domain.Permission;
import io.mifos.identity.api.v1.domain.PermittableGroup;
import io.mifos.permittedfeignclient.api.v1.client.ApplicationPermissionRequirements;
import io.mifos.permittedfeignclient.api.v1.domain.ApplicationPermission;
import io.mifos.provisioner.ProvisionerCassandraInitializer;
import io.mifos.provisioner.ProvisionerMariaDBInitializer;
import io.mifos.provisioner.api.v1.client.Provisioner;
@@ -175,18 +180,24 @@ private class VerifyIsisInitializeContext implements Answer<ApplicationSignature
private final String keyTimestamp;
private final BigInteger modulus;
private final BigInteger exponent;
private final String tenantIdentifier;

private boolean validSecurityContext = false;

VerifyIsisInitializeContext(final String keyTimestamp, final BigInteger modulus, final BigInteger exponent) {
VerifyIsisInitializeContext(
final String keyTimestamp,
final BigInteger modulus,
final BigInteger exponent,
final String tenantIdentifier) {
this.keyTimestamp = keyTimestamp;
this.modulus = modulus;
this.exponent = exponent;
this.tenantIdentifier = tenantIdentifier;
}

@Override
public ApplicationSignatureSet answer(final InvocationOnMock invocation) throws Throwable {
validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext("identity", "1", Fixture.TENANT_IDENTIFIER);
validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext("identity", "1", tenantIdentifier);

final Signature fakeSignature = new Signature();
fakeSignature.setPublicKeyMod(modulus);
@@ -209,14 +220,16 @@ private class VerifyAnubisInitializeContext implements Answer<Void> {

private boolean validSecurityContext = false;
final private String target;
private final String tenantIdentifier;

private VerifyAnubisInitializeContext(final String target) {
private VerifyAnubisInitializeContext(final String target, String tenantIdentifier) {
this.target = target;
this.tenantIdentifier = tenantIdentifier;
}

@Override
public Void answer(final InvocationOnMock invocation) throws Throwable {
validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext(target, "1", Fixture.TENANT_IDENTIFIER);
validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext(target, "1", tenantIdentifier);
return null;
}

@@ -227,22 +240,26 @@ boolean isValidSecurityContext() {

private class VerifyCreateSignatureSetContext implements Answer<ApplicationSignatureSet> {

private final RsaKeyPairFactory.KeyPairHolder answer;
private boolean validSecurityContext = false;
final private String target;
private final String tenantIdentifier;

private VerifyCreateSignatureSetContext(final String target) {
private VerifyCreateSignatureSetContext(final RsaKeyPairFactory.KeyPairHolder answer, final String target, final String tenantIdentifier) {
this.answer = answer;
this.target = target;
this.tenantIdentifier = tenantIdentifier;
}

@Override
public ApplicationSignatureSet answer(final InvocationOnMock invocation) throws Throwable {
final String timestamp = invocation.getArgumentAt(0, String.class);
final Signature identityManagerSignature = invocation.getArgumentAt(1, Signature.class);
validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext(target, "1", Fixture.TENANT_IDENTIFIER);
final RsaKeyPairFactory.KeyPairHolder keys = RsaKeyPairFactory.createKeyPair();
validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext(target, "1", tenantIdentifier);

return new ApplicationSignatureSet(
timestamp,
new Signature(keys.getPublicKeyMod(), keys.getPublicKeyExp()),
new Signature(answer.getPublicKeyMod(), answer.getPublicKeyExp()),
identityManagerSignature);
}

@@ -256,14 +273,39 @@ private class VerifyAnubisPermittablesContext implements Answer<List<Permittable

private boolean validSecurityContext = false;
private final List<PermittableEndpoint> answer;
private final String tenantIdentifier;

private VerifyAnubisPermittablesContext(final List<PermittableEndpoint> answer) {
private VerifyAnubisPermittablesContext(final List<PermittableEndpoint> answer, final String tenantIdentifier) {
this.answer = answer;
this.tenantIdentifier = tenantIdentifier;
}

@Override
public List<PermittableEndpoint> answer(final InvocationOnMock invocation) throws Throwable {
validSecurityContext = systemSecurityEnvironment.isValidGuestSecurityContext(Fixture.TENANT_IDENTIFIER);
validSecurityContext = systemSecurityEnvironment.isValidGuestSecurityContext(tenantIdentifier);
return answer;
}

boolean isValidSecurityContext() {
return validSecurityContext;
}
}


private class VerifyAnputRequiredPermissionsContext implements Answer<List<ApplicationPermission>> {

private boolean validSecurityContext = false;
private final List<ApplicationPermission> answer;
private final String tenantIdentifier;

private VerifyAnputRequiredPermissionsContext(final List<ApplicationPermission> answer, final String tenantIdentifier) {
this.answer = answer;
this.tenantIdentifier = tenantIdentifier;
}

@Override
public List<ApplicationPermission> answer(final InvocationOnMock invocation) throws Throwable {
validSecurityContext = systemSecurityEnvironment.isValidGuestSecurityContext(tenantIdentifier);
return answer;
}

@@ -298,16 +340,16 @@ public void testTenantApplicationAssignment() throws InterruptedException {
when(applicationCallContextProviderSpy.getApplication(IdentityManager.class, "http://xyz.identity:2020/v1")).thenReturn(identityServiceMock);

final VerifyIsisInitializeContext verifyInitializeContextAndReturnSignature;
try (final AutoTenantContext ignored = new AutoTenantContext(Fixture.TENANT_IDENTIFIER)) {
try (final AutoTenantContext ignored = new AutoTenantContext(tenant.getIdentifier())) {
verifyInitializeContextAndReturnSignature = new VerifyIsisInitializeContext(
systemSecurityEnvironment.tenantKeyTimestamp(),
systemSecurityEnvironment.tenantPublicKey().getModulus(),
systemSecurityEnvironment.tenantPublicKey().getPublicExponent());
systemSecurityEnvironment.tenantPublicKey().getPublicExponent(), tenant.getIdentifier());
}
doAnswer(verifyInitializeContextAndReturnSignature).when(identityServiceMock).initialize(anyString());

final TokenChecker tokenChecker = new TokenChecker();
doAnswer(tokenChecker).when(tokenProviderSpy).createToken(Fixture.TENANT_IDENTIFIER, "identity-v1", 2L, TimeUnit.MINUTES);
doAnswer(tokenChecker).when(tokenProviderSpy).createToken(tenant.getIdentifier(), "identity-v1", 2L, TimeUnit.MINUTES);

{
final IdentityManagerInitialization identityServiceAdminInitialization
@@ -318,7 +360,7 @@ public void testTenantApplicationAssignment() throws InterruptedException {
Assert.assertNotNull(identityServiceAdminInitialization.getAdminPassword());
}

verify(applicationCallContextProviderSpy, atMost(2)).getApplicationCallContext(Fixture.TENANT_IDENTIFIER, "identity-v1");
verify(applicationCallContextProviderSpy, atMost(2)).getApplicationCallContext(tenant.getIdentifier(), "identity-v1");


//Create horus application.
@@ -338,38 +380,60 @@ public void testTenantApplicationAssignment() throws InterruptedException {
final Anubis anubisMock = Mockito.mock(Anubis.class);
when(applicationCallContextProviderSpy.getApplication(Anubis.class, "http://xyz.office:2021/v1")).thenReturn(anubisMock);

final ApplicationPermissionRequirements anputMock = Mockito.mock(ApplicationPermissionRequirements.class);
when(applicationCallContextProviderSpy.getApplication(ApplicationPermissionRequirements.class, "http://xyz.office:2021/v1")).thenReturn(anputMock);

final RsaKeyPairFactory.KeyPairHolder keysInApplicationSignature = RsaKeyPairFactory.createKeyPair();

final PermittableEndpoint xxPermittableEndpoint = new PermittableEndpoint("/x/y", "POST", "x");
final PermittableEndpoint xyPermittableEndpoint = new PermittableEndpoint("/y/z", "POST", "x");
final PermittableEndpoint xyGetPermittableEndpoint = new PermittableEndpoint("/y/z", "GET", "x");
final PermittableEndpoint mPermittableEndpoint = new PermittableEndpoint("/m/n", "GET", "m");

final ApplicationPermission forFooPermission = new ApplicationPermission("forPurposeFoo", new Permission("x", AllowedOperation.ALL));
final ApplicationPermission forBarPermission = new ApplicationPermission("forPurposeBar", new Permission("m", Collections.singleton(AllowedOperation.READ)));

final VerifyAnubisInitializeContext verifyAnubisInitializeContext;
final VerifyCreateSignatureSetContext verifyCreateSignatureSetContext;
final VerifyAnubisPermittablesContext verifyAnubisPermittablesContext;
try (final AutoTenantContext ignored = new AutoTenantContext(Fixture.TENANT_IDENTIFIER)) {
verifyAnubisInitializeContext = new VerifyAnubisInitializeContext("office");
verifyCreateSignatureSetContext = new VerifyCreateSignatureSetContext("office");
verifyAnubisPermittablesContext = new VerifyAnubisPermittablesContext(Arrays.asList(xxPermittableEndpoint, xxPermittableEndpoint, xyPermittableEndpoint, xyGetPermittableEndpoint, mPermittableEndpoint));
final VerifyAnputRequiredPermissionsContext verifyAnputRequiredPermissionsContext;
try (final AutoTenantContext ignored = new AutoTenantContext(tenant.getIdentifier())) {
verifyAnubisInitializeContext = new VerifyAnubisInitializeContext("office", tenant.getIdentifier());
verifyCreateSignatureSetContext = new VerifyCreateSignatureSetContext(keysInApplicationSignature, "office", tenant.getIdentifier());
verifyAnubisPermittablesContext = new VerifyAnubisPermittablesContext(Arrays.asList(xxPermittableEndpoint, xxPermittableEndpoint, xyPermittableEndpoint, xyGetPermittableEndpoint, mPermittableEndpoint), tenant.getIdentifier());
verifyAnputRequiredPermissionsContext = new VerifyAnputRequiredPermissionsContext(Arrays.asList(forFooPermission, forBarPermission), tenant.getIdentifier());
}
doAnswer(verifyAnubisInitializeContext).when(anubisMock).initializeResources();
doAnswer(verifyCreateSignatureSetContext).when(anubisMock).createSignatureSet(anyString(), anyObject());
doAnswer(verifyAnubisPermittablesContext).when(anubisMock).getPermittableEndpoints();
doAnswer(verifyAnputRequiredPermissionsContext).when(anputMock).getRequiredPermissions();


{
provisioner.assignApplications(tenant.getIdentifier(), Collections.singletonList(officeAssigned));
Thread.sleep(500L); //Application assigning is asynchronous.
Thread.sleep(1500L); //Application assigning is asynchronous and I have no message queue.
}

verify(applicationCallContextProviderSpy).getApplicationCallContext(Fixture.TENANT_IDENTIFIER, "office-v1");
verify(applicationCallContextProviderSpy).getApplicationCallContext(tenant.getIdentifier(), "office-v1");
verify(applicationCallContextProviderSpy, never()).getApplicationCallContext(eq(Fixture.TENANT_NAME), Mockito.anyString());
verify(tokenProviderSpy).createToken(Fixture.TENANT_IDENTIFIER, "office-v1", 2L, TimeUnit.MINUTES);
verify(tokenProviderSpy).createToken(tenant.getIdentifier(), "office-v1", 2L, TimeUnit.MINUTES);

verify(identityServiceMock).createPermittableGroup(new PermittableGroup("x", Arrays.asList(xxPermittableEndpoint, xyPermittableEndpoint, xyGetPermittableEndpoint)));
verify(identityServiceMock).createPermittableGroup(new PermittableGroup("m", Collections.singletonList(mPermittableEndpoint)));
try (final AutoTenantContext ignored = new AutoTenantContext(tenant.getIdentifier())) {
verify(identityServiceMock).setApplicationSignature(
"office-v1",
systemSecurityEnvironment.tenantKeyTimestamp(),
new Signature(keysInApplicationSignature.getPublicKeyMod(), keysInApplicationSignature.getPublicKeyExp()));
verify(identityServiceMock).createPermittableGroup(new PermittableGroup("x", Arrays.asList(xxPermittableEndpoint, xyPermittableEndpoint, xyGetPermittableEndpoint)));
verify(identityServiceMock).createPermittableGroup(new PermittableGroup("m", Collections.singletonList(mPermittableEndpoint)));
verify(identityServiceMock).createApplicationPermission("office-v1", new Permission("x", AllowedOperation.ALL));
verify(identityServiceMock).createApplicationPermission("office-v1", new Permission("m", Collections.singleton(AllowedOperation.READ)));
verify(identityServiceMock).createApplicationCallEndpointSet("office-v1", new CallEndpointSet("forPurposeFoo", Collections.singletonList("x")));
verify(identityServiceMock).createApplicationCallEndpointSet("office-v1", new CallEndpointSet("forPurposeBar", Collections.singletonList("m")));
}

Assert.assertTrue(verifyAnubisInitializeContext.isValidSecurityContext());
Assert.assertTrue(verifyCreateSignatureSetContext.isValidSecurityContext());
Assert.assertTrue(verifyAnubisPermittablesContext.isValidSecurityContext());
Assert.assertTrue(verifyAnputRequiredPermissionsContext.isValidSecurityContext());
}
}
@@ -48,7 +48,6 @@ public void before()
@After
public void after() throws InterruptedException {
provisioner.deleteTenant(Fixture.getCompTestTenant().getIdentifier());
Thread.sleep(1200L);
autoSeshat.close();
}

@@ -33,6 +33,7 @@ dependencies {
[group: 'io.mifos.provisioner', name: 'api', version: project.version],
[group: 'io.mifos.anubis', name: 'library', version: versions.frameworkanubis],
[group: 'io.mifos.anubis', name: 'api', version: versions.frameworkanubis],
[group: 'io.mifos.permitted-feign-client', name: 'api', version: versions.frameworkanput],
[group: 'io.mifos.identity', name: 'api', version: versions.mifosidentityservice],
[group: 'com.google.code.gson', name: 'gson', version: versions.gson],
[group: 'io.mifos.core', name: 'api', version: versions.frameworkapi],
@@ -21,6 +21,7 @@
import com.datastax.driver.core.PlainTextAuthProvider;
import com.datastax.driver.core.ResultSet;
import com.datastax.driver.core.Session;
import com.datastax.driver.core.exceptions.AlreadyExistsException;
import com.datastax.driver.core.schemabuilder.SchemaBuilder;
import com.datastax.driver.mapping.Mapper;
import com.datastax.driver.mapping.MappingManager;
@@ -102,10 +103,15 @@ public void create(final @Nonnull TenantEntity tenant) {
throw ServiceException.conflict("Tenant {0} already exists!", tenant.getIdentifier());
}
final Session session = this.getCluster(tenant).connect();
session.execute("CREATE KEYSPACE " + tenant.getKeyspaceName() + " WITH REPLICATION = " +
ReplicationStrategyResolver.replicationStrategy(
tenant.getReplicationType(),
tenant.getReplicas()));
try {
session.execute("CREATE KEYSPACE " + tenant.getKeyspaceName() + " WITH REPLICATION = " +
ReplicationStrategyResolver.replicationStrategy(
tenant.getReplicationType(),
tenant.getReplicas()));
}
catch (final AlreadyExistsException e) {
throw ServiceException.conflict("Tenant {0} already exists!", tenant.getIdentifier());
}

final String createCommandSourceTable =
SchemaBuilder.createTable(tenant.getKeyspaceName(), "command_source")

0 comments on commit 436640b

Please sign in to comment.