-
Notifications
You must be signed in to change notification settings - Fork 215
/
CreationRestrictionPreEnforcerTest.java
99 lines (80 loc) · 3.56 KB
/
CreationRestrictionPreEnforcerTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/*
* Copyright (c) 2022 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.policies.enforcement.pre;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.Arrays;
import java.util.Map;
import org.eclipse.ditto.base.model.auth.AuthorizationContext;
import org.eclipse.ditto.base.model.auth.AuthorizationSubject;
import org.eclipse.ditto.base.model.auth.DittoAuthorizationContextType;
import org.eclipse.ditto.base.model.entity.type.EntityType;
import org.eclipse.ditto.base.model.headers.DittoHeaderDefinition;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.policies.model.PolicyConstants;
import org.junit.jupiter.api.Test;
import com.typesafe.config.ConfigFactory;
import akka.actor.ActorSystem;
public final class CreationRestrictionPreEnforcerTest {
private static CreationRestrictionPreEnforcer load(final String basename) {
var config = ConfigFactory.load(basename);
final ActorSystem actorSystem = ActorSystem.create(CreationRestrictionPreEnforcerTest.class.getSimpleName(),
config);
return new CreationRestrictionPreEnforcer(actorSystem, config);
}
private static DittoHeaders identity(final String... subjects) {
var authCtx = AuthorizationContext.newInstance(DittoAuthorizationContextType.JWT,
Arrays.stream(subjects).map(AuthorizationSubject::newInstance).toList()
);
return DittoHeaders.of(Map.of(DittoHeaderDefinition.AUTHORIZATION_CONTEXT.getKey(), authCtx.toJsonString()));
}
@Test
public void testDefault() {
var enforcer = load("entity-creation/default");
testCanCreate(enforcer,
PolicyConstants.ENTITY_TYPE, "ns1", identity("keycloak:some-user"),
true);
testCanCreate(enforcer,
EntityType.of("thing"), "ns1", identity("keycloak:some-user"),
true);
}
@Test
public void testRestricted() {
var enforcer = load("entity-creation/restricted1");
testCanCreate(enforcer,
PolicyConstants.ENTITY_TYPE, "ns1", identity("keycloak:some-user"),
false);
testCanCreate(enforcer,
EntityType.of("thing"), "ns1", identity("keycloak:some-user"),
false);
testCanCreate(enforcer,
PolicyConstants.ENTITY_TYPE, "ns1", identity("keycloak:some-admin"),
false);
testCanCreate(enforcer,
EntityType.of("thing"), "ns1", identity("keycloak:some-admin"),
true);
testCanCreate(enforcer,
PolicyConstants.ENTITY_TYPE, "some-ns-1", identity("keycloak:some-user"),
true);
testCanCreate(enforcer,
EntityType.of("thing"), "some-ns-1", identity("keycloak:some-user"),
false);
}
private void testCanCreate(final CreationRestrictionPreEnforcer enforcer, final EntityType type,
final String namespace, final DittoHeaders headers, boolean expectedOutcome) {
assertEquals(expectedOutcome, enforcer.canCreate(new CreationRestrictionPreEnforcer.Context(
type.toString(),
namespace,
headers
)));
}
}