From 63704e6a06ea90c89875212a7ba8513a1ef4462c Mon Sep 17 00:00:00 2001 From: ThorodanBrom Date: Tue, 27 Jun 2023 15:20:19 +0530 Subject: [PATCH 1/2] Update APD Management APIs - remove trustee role from all flows - Removed trustee association with APDs - `owner_id` removed from APD table - Removed all trustee operations on APD APIs - APDs can no longer be in PENDING state - removed from `ApdStatus` enum and DB enum - Updated tests - Updated integration test data - Removed pending APD, trustee and owner IDs from APD table API Changes ----------- - Create APD - Action performed by AAA admin only - APD is immediately in active state - Disable liveness check for APD - Update APD - Action performed by AAA admin only - Can make active -> inactive, inactive -> active - Remove dependency on PolicyService; AAA admin policy for trustee removed - List APD - Remove trustee flow --- .../iudx/aaa/server/apd/ApdServiceImpl.java | 198 ++------ .../java/iudx/aaa/server/apd/ApdVerticle.java | 7 +- .../java/iudx/aaa/server/apd/Constants.java | 24 +- .../iudx/aaa/server/apiserver/ApdInfoObj.java | 10 - .../iudx/aaa/server/apiserver/ApdStatus.java | 2 +- ...ing_state_and_remove_pending_from_enum.sql | 15 + .../V9__Remove_trustee_ID_from_APD_table.sql | 1 + .../java/iudx/aaa/server/apd/CallApdTest.java | 26 +- .../iudx/aaa/server/apd/CreateApdTest.java | 155 ++---- .../java/iudx/aaa/server/apd/ListApdTest.java | 284 +---------- .../iudx/aaa/server/apd/UpdateApdTest.java | 470 ++---------------- .../iudx/aaa/server/registration/Utils.java | 4 +- .../V1000__Add_Integration_Test_data.sql | 8 +- 13 files changed, 186 insertions(+), 1018 deletions(-) create mode 100644 src/main/resources/db/migration/V10__Delete_APDs_in_pending_state_and_remove_pending_from_enum.sql create mode 100644 src/main/resources/db/migration/V9__Remove_trustee_ID_from_APD_table.sql diff --git a/src/main/java/iudx/aaa/server/apd/ApdServiceImpl.java b/src/main/java/iudx/aaa/server/apd/ApdServiceImpl.java index a3fc9b19..9d4b7568 100644 --- a/src/main/java/iudx/aaa/server/apd/ApdServiceImpl.java +++ b/src/main/java/iudx/aaa/server/apd/ApdServiceImpl.java @@ -27,7 +27,6 @@ import static iudx.aaa.server.apd.Constants.ERR_DETAIL_EXISTING_DOMAIN; import static iudx.aaa.server.apd.Constants.ERR_DETAIL_INVALID_DOMAIN; import static iudx.aaa.server.apd.Constants.ERR_DETAIL_INVALID_UUID; -import static iudx.aaa.server.apd.Constants.ERR_DETAIL_NOT_TRUSTEE; import static iudx.aaa.server.apd.Constants.ERR_DETAIL_NO_ROLES_PUT; import static iudx.aaa.server.apd.Constants.ERR_DETAIL_NO_USER_PROFILE; import static iudx.aaa.server.apd.Constants.ERR_TITLE_CANT_CHANGE_APD_STATUS; @@ -37,7 +36,6 @@ import static iudx.aaa.server.apd.Constants.ERR_TITLE_INVALID_DOMAIN; import static iudx.aaa.server.apd.Constants.ERR_TITLE_INVALID_REQUEST; import static iudx.aaa.server.apd.Constants.ERR_TITLE_INVALID_REQUEST_ID; -import static iudx.aaa.server.apd.Constants.ERR_TITLE_NOT_TRUSTEE; import static iudx.aaa.server.apd.Constants.ERR_TITLE_NO_ROLES_PUT; import static iudx.aaa.server.apd.Constants.ERR_TITLE_NO_USER_PROFILE; import static iudx.aaa.server.apd.Constants.ERR_TITLE_POLICY_EVAL_FAILED; @@ -45,18 +43,14 @@ import static iudx.aaa.server.apd.Constants.GET_APDINFO_URL; import static iudx.aaa.server.apd.Constants.INTERNALERROR; import static iudx.aaa.server.apd.Constants.LIST_AUTH_QUERY; -import static iudx.aaa.server.apd.Constants.LIST_TRUSTEE_QUERY; import static iudx.aaa.server.apd.Constants.LIST_USER_QUERY; import static iudx.aaa.server.apd.Constants.NIL_UUID; import static iudx.aaa.server.apd.Constants.RESP_APD_ID; import static iudx.aaa.server.apd.Constants.RESP_APD_NAME; -import static iudx.aaa.server.apd.Constants.RESP_APD_OWNER; import static iudx.aaa.server.apd.Constants.RESP_APD_STATUS; import static iudx.aaa.server.apd.Constants.RESP_APD_URL; -import static iudx.aaa.server.apd.Constants.RESP_OWNER_USER_ID; import static iudx.aaa.server.apd.Constants.SQL_CHECK_ADMIN_OF_SERVER; import static iudx.aaa.server.apd.Constants.SQL_GET_APDS_BY_ID_ADMIN; -import static iudx.aaa.server.apd.Constants.SQL_GET_APDS_BY_ID_TRUSTEE; import static iudx.aaa.server.apd.Constants.SQL_GET_APD_URL_STATUS; import static iudx.aaa.server.apd.Constants.SQL_INSERT_APD_IF_NOT_EXISTS; import static iudx.aaa.server.apd.Constants.SQL_UPDATE_APD_STATUS; @@ -82,13 +76,11 @@ import iudx.aaa.server.apiserver.ApdStatus; import iudx.aaa.server.apiserver.ApdUpdateRequest; import iudx.aaa.server.apiserver.CreateApdRequest; -import iudx.aaa.server.apiserver.CreatePolicyRequest; import iudx.aaa.server.apiserver.Response; import iudx.aaa.server.apiserver.Response.ResponseBuilder; import iudx.aaa.server.apiserver.Roles; import iudx.aaa.server.apiserver.User; import iudx.aaa.server.apiserver.util.ComposeException; -import iudx.aaa.server.policy.PolicyService; import iudx.aaa.server.registration.RegistrationService; import iudx.aaa.server.token.TokenService; import java.util.ArrayList; @@ -98,7 +90,6 @@ import java.util.Map.Entry; import java.util.Set; import java.util.UUID; -import java.util.function.Supplier; import java.util.stream.Collector; import java.util.stream.Collectors; import org.apache.logging.log4j.LogManager; @@ -122,32 +113,27 @@ public class ApdServiceImpl implements ApdService { private PgPool pool; private ApdWebClient apdWebClient; private RegistrationService registrationService; - private PolicyService policyService; private TokenService tokenService; public ApdServiceImpl(PgPool pool, ApdWebClient apdWebClient, RegistrationService regService, - PolicyService polService, TokenService tokService, JsonObject options) { + TokenService tokService, JsonObject options) { this.pool = pool; this.apdWebClient = apdWebClient; this.registrationService = regService; - this.policyService = polService; this.tokenService = tokService; AUTH_SERVER_URL = options.getString(CONFIG_AUTH_URL); } /** - * authAdminStates and trusteeStates are Maps that determine what kind of state changes each user + * authAdminStates determines what kind of state changes each user * can make. See javadoc for updateApd for allowed states. Currently, each starting state is * present only once, so we can have Map. If this changes, we can have - * Map>. Note that there is no PENDING starting state for trusteeStates. + * Map>. * Since we use '==' for equality checking of ApdStatus enum, no NPE is thrown. */ - static private Map authAdminStates = Map.of(ApdStatus.PENDING, - ApdStatus.ACTIVE, ApdStatus.ACTIVE, ApdStatus.INACTIVE, ApdStatus.INACTIVE, ApdStatus.ACTIVE); - - static private Map trusteeStates = - Map.of(ApdStatus.ACTIVE, ApdStatus.INACTIVE, ApdStatus.INACTIVE, ApdStatus.PENDING); + static private Map authAdminStates = + Map.of(ApdStatus.ACTIVE, ApdStatus.INACTIVE, ApdStatus.INACTIVE, ApdStatus.ACTIVE); @Override public ApdService listApd(User user, Handler> handler) { @@ -163,10 +149,7 @@ public ApdService listApd(User user, Handler> handler) { return this; } - List roles = user.getRoles(); - Boolean isTrustee = roles.contains(Roles.TRUSTEE); - Future isAuthAdmin = - isTrustee ? Future.succeededFuture(false) : checkAdminServer(user); + Future isAuthAdmin = checkAdminServer(user); Future> apdIds = isAuthAdmin.compose( @@ -174,21 +157,16 @@ public ApdService listApd(User user, Handler> handler) { String query; Tuple tuple; if (!authAdmin) { - if (isTrustee) { - query = LIST_TRUSTEE_QUERY; - tuple = Tuple.of(UUID.fromString(user.getUserId()), ApdStatus.ACTIVE.toString()); - } else { query = LIST_USER_QUERY; tuple = Tuple.of(ApdStatus.ACTIVE.toString()); } - } else { + else { query = LIST_AUTH_QUERY; tuple = Tuple.of( ApdStatus.ACTIVE.toString(), - ApdStatus.INACTIVE.toString(), - ApdStatus.PENDING.toString()); + ApdStatus.INACTIVE.toString()); } Collector> ApdIdCollector = @@ -291,12 +269,10 @@ public ApdService updateApd(List request, User user, return this; } - List roles = user.getRoles(); - Boolean isTrustee = roles.contains(Roles.TRUSTEE); Future isAuthAdmin = checkAdminServer(user); Future checkUserRoles = isAuthAdmin.compose(res -> { - if (!(isTrustee || isAuthAdmin.result())) { + if (!isAuthAdmin.result()) { return Future.failedFuture(new ComposeException(403, URN_INVALID_ROLE.toString(), ERR_TITLE_NO_ROLES_PUT, ERR_DETAIL_NO_ROLES_PUT)); } @@ -306,19 +282,10 @@ public ApdService updateApd(List request, User user, Collector> collector = Collectors.toMap(row -> row.getUUID("apdId"), row -> row.toJson()); - /* In case a user has both Auth Admin and trustee roles, auth admin takes precedence */ Future> queryResult = checkUserRoles.compose(n -> { - String query; - Tuple tuple; - if (isAuthAdmin.result()) { - query = SQL_GET_APDS_BY_ID_ADMIN; - tuple = Tuple.of(apdIds.toArray(UUID[]::new)); - } else { - query = SQL_GET_APDS_BY_ID_TRUSTEE; - tuple = Tuple.of(apdIds.toArray(UUID[]::new), UUID.fromString(user.getUserId())); - } return pool - .withConnection(conn -> conn.preparedQuery(query).collecting(collector).execute(tuple)) + .withConnection(conn -> conn.preparedQuery(SQL_GET_APDS_BY_ID_ADMIN).collecting(collector) + .execute(Tuple.of(apdIds.toArray(UUID[]::new)))) .map(res -> res.value()); }); @@ -338,35 +305,9 @@ public ApdService updateApd(List request, User user, Map desiredStatus = request.stream() .collect(Collectors.toMap(i -> UUID.fromString(i.getApdId()), i -> i.getStatus())); - if (isAuthAdmin.result()) { return checkValidStatusChange(authAdminStates, currentStatus, desiredStatus); - } else { - return checkValidStatusChange(trusteeStates, currentStatus, desiredStatus); - } }); - /* - * Function to get list of trustee user IDs who's APDs are being set to ACTIVE state. Auth Admin - * policies will be set for these trustees (whether they already have them or not). If not an - * auth admin, send empty list to skip the policy set. - */ - Supplier> trusteesWithActiveApds = () -> { - if (!isAuthAdmin.result()) { - return new ArrayList(); - } - - List ids = request.stream().filter(r -> r.getStatus() == ApdStatus.ACTIVE) - .map(r -> UUID.fromString(r.getApdId())).collect(Collectors.toList()); - - return ids.stream().map(r -> queryResult.result().get(r).getString("owner_id")) - .map(id -> UUID.fromString(id)).distinct().collect(Collectors.toList()); - }; - - /* Function to get list of trustee user IDs from the query result map */ - Supplier> trusteeIds = () -> { - return queryResult.result().entrySet().stream() - .map(obj -> obj.getValue().getString("owner_id")).collect(Collectors.toList()); - }; validateStatus.compose(success -> { List tuple = @@ -374,11 +315,9 @@ public ApdService updateApd(List request, User user, .collect(Collectors.toList()); return pool - .withTransaction(conn -> conn.preparedQuery(SQL_UPDATE_APD_STATUS).executeBatch(tuple) - .compose(succ -> setAuthAdminPolicy(user, trusteesWithActiveApds.get())) - .compose(x -> getTrusteeDetails(trusteeIds.get()))); + .withTransaction(conn -> conn.preparedQuery(SQL_UPDATE_APD_STATUS).executeBatch(tuple)); - }).onSuccess(trusteeDetails -> { + }).onSuccess(updated -> { JsonArray response = new JsonArray(); Map apdDetails = queryResult.result(); @@ -389,9 +328,6 @@ public ApdService updateApd(List request, User user, obj.remove(RESP_APD_STATUS); obj.put(RESP_APD_STATUS, req.getStatus().toString().toLowerCase()); - String ownerId = (String) obj.remove("owner_id"); - obj.put(RESP_APD_OWNER, trusteeDetails.get(ownerId).put(RESP_OWNER_USER_ID, ownerId)); - response.add(obj); LOGGER.info("APD status updated : " + apdId.toString()); } @@ -445,57 +381,6 @@ private Future checkValidStatusChange(Map allowedSta return p.future(); } - /** - * Set auth admin policies for trustees whose APDs are going to ACTIVE state. As the trustee may - * already have the policy, the function handles both 'Created Policy' and 'Already Exists'. Due - * to this, the createPolicy method is called with individual requests instead of a list of - * requests ('Already Exists' will not allow the rest of the policies to be set if sent in list). - * - * @param user The User object, in this case the Auth Admin - * @param activeTrustees list of user IDs of trustees in UUID - * @return a void future. If a policy is not set (for a reason other than already exists) or the - * policy service fails, a failed future is returned. - */ - private Future setAuthAdminPolicy(User user, List activeTrustees) { - - Promise response = Promise.promise(); - /* Exit early if no trustee APDs going to active state or not auth admin */ - if (activeTrustees.size() == 0) { - response.complete(); - return response.future(); - } - - @SuppressWarnings("rawtypes") - List futures = new ArrayList<>(); - - for (UUID id : activeTrustees) { - JsonObject obj = new JsonObject(); - obj.put("userId", id.toString()); - obj.put("itemId", AUTH_SERVER_URL); - obj.put("constraints", new JsonObject()); - obj.put("itemType", "resource_server"); - CreatePolicyRequest req = new CreatePolicyRequest(obj); - Promise promise = Promise.promise(); - policyService.createPolicy(List.of(req), user, new JsonObject(), promise); - futures.add(promise.future()); - } - - CompositeFuture.all(futures).onSuccess(res -> { - List result = res.list(); - Boolean success = - result.stream().allMatch(obj -> obj.getString("type").equals(URN_SUCCESS.toString()) - || obj.getString("type").equals(URN_ALREADY_EXISTS.toString())); - if (success) { - response.complete(); - } else { - response.fail("Failed to set admin policy"); - } - }).onFailure(res -> { - response.fail("Failed to set admin policy"); - }); - return response.future(); - } - @Override public ApdService createApd(CreateApdRequest request, User user, Handler> handler) { @@ -509,16 +394,18 @@ public ApdService createApd(CreateApdRequest request, User user, return this; } - if (!user.getRoles().contains(Roles.TRUSTEE)) { - Response resp = new ResponseBuilder().type(URN_INVALID_ROLE).title(ERR_TITLE_NOT_TRUSTEE) - .detail(ERR_DETAIL_NOT_TRUSTEE).status(403).build(); - handler.handle(Future.succeededFuture(resp.toJson())); - return this; - } + Future isAuthAdmin = checkAdminServer(user); + + Future checkAdmin = isAuthAdmin.compose(res -> { + if (!isAuthAdmin.result()) { + return Future.failedFuture(new ComposeException(403, URN_INVALID_ROLE.toString(), + ERR_TITLE_NO_ROLES_PUT, ERR_DETAIL_NO_ROLES_PUT)); + } + return Future.succeededFuture(); + }); String url = request.getUrl().toLowerCase(); String name = request.getName(); - UUID trusteeId = UUID.fromString(user.getUserId()); if (!InternetDomainName.isValid(url)) { Response resp = new ResponseBuilder().type(URN_INVALID_INPUT).title(ERR_TITLE_INVALID_DOMAIN) @@ -527,8 +414,12 @@ public ApdService createApd(CreateApdRequest request, User user, return this; } - Tuple tuple = Tuple.of(name, url, trusteeId); - Future isApdOnline = apdWebClient.checkApdExists(url); + Tuple tuple = Tuple.of(name, url); + /* + * Disable APD existence check via /userclasses (apdWebClient.checkApdExists(url)) API for now. + * TODO: maybe have a liveness check with a proper liveness API later on. + */ + Future isApdOnline = checkAdmin.compose(res -> Future.succeededFuture(true)); Future apdId = isApdOnline .compose(success -> pool.withTransaction( @@ -541,17 +432,10 @@ public ApdService createApd(CreateApdRequest request, User user, return Future.succeededFuture(res.iterator().next().getUUID(0)); }); - Future> trusteeDetailsFut = - apdId.compose(success -> getTrusteeDetails(List.of(trusteeId.toString()))); - - trusteeDetailsFut.onSuccess(trusteeDetails -> { + apdId.onSuccess(created -> { JsonObject response = new JsonObject(); response.put(RESP_APD_ID, apdId.result().toString()).put(RESP_APD_NAME, name) - .put(RESP_APD_URL, url).put(RESP_APD_STATUS, ApdStatus.PENDING.toString().toLowerCase()); - - JsonObject ownerDetails = trusteeDetails.get(trusteeId.toString()); - ownerDetails.put(RESP_OWNER_USER_ID, trusteeId.toString()); - response.put(RESP_APD_OWNER, ownerDetails); + .put(RESP_APD_URL, url).put(RESP_APD_STATUS, ApdStatus.ACTIVE.toString().toLowerCase()); LOGGER.info("APD registered with id : " + apdId.result().toString()); @@ -668,30 +552,18 @@ public ApdService getApdDetails( return Future.succeededFuture(apdInfo); })); - Future> trusteeDetailsFuture = - apdDetails.compose( - details -> { - List userIds = - details.stream().map(ApdInfoObj::getOwnerId).collect(Collectors.toList()); - return getTrusteeDetails(userIds); - }); - Future responseFuture = - trusteeDetailsFuture.compose( - trusteeDetails -> { + apdDetails.compose( + res -> { JsonObject response = new JsonObject(); List apdDetailList = apdDetails.result(); apdDetailList.forEach( details -> { JsonObject apdResponse = new JsonObject(); - apdResponse.put( - RESP_APD_OWNER, - trusteeDetails.get(details.getOwnerId()).put("id", details.getOwnerId())); apdResponse.put("url", details.getUrl()); apdResponse.put("status", details.getStatus().toString().toLowerCase()); apdResponse.put("name", details.getName()); apdResponse.put("id",details.getId()); - apdResponse.remove("ownerId"); if (req.equalsIgnoreCase("id")) { response.put(details.getId(), apdResponse); } else response.put(details.getUrl(), apdResponse); @@ -718,13 +590,13 @@ public ApdService getApdDetails( } /** - * Calls RegistrationService.getUserDetails to specifically get details of trustees. + * Calls RegistrationService.getUserDetails. * * @param userIds List of strings of user IDs * @return a future of a Map, mapping the string user ID to a JSON object containing the user * details */ - private Future> getTrusteeDetails(List userIds) { + private Future> getUserDetails(List userIds) { Promise> promise = Promise.promise(); Promise regServicePromise = Promise.promise(); Future response = regServicePromise.future(); @@ -789,7 +661,7 @@ public ApdService callApd(JsonObject apdContext, Handler .execute(Tuple.of(apdId)).map(res -> res.value())); Future> userAndOwnerDetails = - getTrusteeDetails(List.of(userId, ownerId)); + getUserDetails(List.of(userId, ownerId)); Future authAccessToken = apdDetails.compose(list -> { /* In case the apdId sent does not exist, should never happen */ diff --git a/src/main/java/iudx/aaa/server/apd/ApdVerticle.java b/src/main/java/iudx/aaa/server/apd/ApdVerticle.java index 331afff5..6a41a1e2 100644 --- a/src/main/java/iudx/aaa/server/apd/ApdVerticle.java +++ b/src/main/java/iudx/aaa/server/apd/ApdVerticle.java @@ -13,7 +13,6 @@ import static iudx.aaa.server.admin.Constants.DB_RECONNECT_ATTEMPTS; import static iudx.aaa.server.admin.Constants.DB_RECONNECT_INTERVAL_MS; import static iudx.aaa.server.apd.Constants.REGISTRATION_SERVICE_ADDRESS; -import static iudx.aaa.server.apd.Constants.POLICY_SERVICE_ADDRESS; import static iudx.aaa.server.apd.Constants.TOKEN_SERVICE_ADDRESS; import io.vertx.core.AbstractVerticle; @@ -67,7 +66,6 @@ public class ApdVerticle extends AbstractVerticle { private WebClientOptions webClientOptions; private ApdWebClient apdWebClient; private RegistrationService registrationService; - private PolicyService policyService; private TokenService tokenService; private ApdService apdService; @@ -131,10 +129,9 @@ public void start() throws Exception { apdWebClient = new ApdWebClient(webClient, apdWebCliConfig); registrationService = RegistrationService.createProxy(vertx, REGISTRATION_SERVICE_ADDRESS); - policyService = PolicyService.createProxy(vertx, POLICY_SERVICE_ADDRESS); tokenService = TokenService.createProxy(vertx, TOKEN_SERVICE_ADDRESS); - apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, policyService, - tokenService, apdServiceOptions); + apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, tokenService, + apdServiceOptions); binder = new ServiceBinder(vertx); consumer = binder.setAddress(APD_SERVICE_ADDRESS).register(ApdService.class, apdService); diff --git a/src/main/java/iudx/aaa/server/apd/Constants.java b/src/main/java/iudx/aaa/server/apd/Constants.java index 2ba3df77..2572361a 100644 --- a/src/main/java/iudx/aaa/server/apd/Constants.java +++ b/src/main/java/iudx/aaa/server/apd/Constants.java @@ -3,7 +3,6 @@ public class Constants { public static final String REGISTRATION_SERVICE_ADDRESS = "iudx.aaa.registration.service"; - public static final String POLICY_SERVICE_ADDRESS = "iudx.aaa.policy.service"; public static final String TOKEN_SERVICE_ADDRESS = "iudx.aaa.token.service"; public static final String NIL_UUID = "00000000-0000-0000-0000-000000000000"; @@ -29,8 +28,6 @@ public class Constants { public static final String RESP_APD_NAME = "name"; public static final String RESP_APD_URL = "url"; public static final String RESP_APD_STATUS = "status"; - public static final String RESP_APD_OWNER = "owner"; - public static final String RESP_OWNER_USER_ID = "id"; public static final String INTERNALERROR = "internal server error"; /* Response title and details */ @@ -45,9 +42,6 @@ public class Constants { public static final String ERR_TITLE_NO_USER_PROFILE = "User profile does not exist"; public static final String ERR_DETAIL_NO_USER_PROFILE = "Please register to create user profile"; - public static final String ERR_TITLE_NOT_TRUSTEE = "Not a trustee"; - public static final String ERR_DETAIL_NOT_TRUSTEE = "Use does not have the trustee role"; - public static final String ERR_TITLE_APD_NOT_RESPOND = "Invalid APD response"; public static final String ERR_DETAIL_APD_NOT_RESPOND = "The APD is not responsive/has not responded correctly"; @@ -68,7 +62,7 @@ public class Constants { public static final String ERR_TITLE_NO_ROLES_PUT = "Invalid roles to call API"; public static final String ERR_DETAIL_NO_ROLES_PUT = - "Trustees and Auth Server Admin may call the API"; + "Auth Server Admin may call the API"; public static final String ERR_TITLE_INVALID_REQUEST = "Invalid request"; public static final String ERR_TITLE_INVALID_REQUEST_ID = "APD not present"; @@ -77,18 +71,15 @@ public class Constants { /* SQL */ public static final String SQL_INSERT_APD_IF_NOT_EXISTS = - "INSERT INTO apds (name, url, owner_id, status, created_at, updated_at) VALUES " - + "($1::text, $2::text, $3::uuid, 'PENDING', NOW(), NOW()) " + "INSERT INTO apds (name, url, status, created_at, updated_at) VALUES " + + "($1::text, $2::text, 'ACTIVE', NOW(), NOW()) " + "ON CONFLICT (url) DO NOTHING RETURNING id"; public static final String SQL_CHECK_ADMIN_OF_SERVER = "SELECT id FROM " + "resource_server WHERE owner_id = $1::uuid AND url = $2::text"; public static final String SQL_GET_APDS_BY_ID_ADMIN = - "SELECT id AS \"apdId\", name, url, owner_id, status FROM apds WHERE id = ANY($1::uuid[])"; - - public static final String SQL_GET_APDS_BY_ID_TRUSTEE = - "SELECT id AS \"apdId\", name, url, owner_id, status FROM apds WHERE id = ANY($1::uuid[]) AND owner_id = $2::uuid"; + "SELECT id AS \"apdId\", name, url, status FROM apds WHERE id = ANY($1::uuid[])"; public static final String SQL_UPDATE_APD_STATUS = "UPDATE apds SET status = $1::apd_status_enum, updated_at = NOW() WHERE id = $2::uuid"; @@ -138,9 +129,8 @@ public class Constants { public static final String APD_NOT_ACTIVE = " (NOTE: The APD is currently not in an active state.)"; public static final String ERR_TITLE_POLICY_EVAL_FAILED = "Policy evaluation failed"; - public static final String GET_APDINFO_ID = "SELECT id,name,url,status,owner_id as \"ownerId\" FROM apds where id = ANY($1::uuid[])"; - public static final String GET_APDINFO_URL = "SELECT id,name,url,status,owner_id as \"ownerId\" FROM apds where url = ANY($1::text[])"; - public static final String LIST_AUTH_QUERY = "SELECT id FROM apds where status = $1::apd_status_enum or status = $2::apd_status_enum or status = $3::apd_status_enum"; - public static final String LIST_TRUSTEE_QUERY = "SELECT id FROM apds WHERE (owner_id = $1::UUID OR status = $2::apd_status_enum) "; + public static final String GET_APDINFO_ID = "SELECT id,name,url,status FROM apds where id = ANY($1::uuid[])"; + public static final String GET_APDINFO_URL = "SELECT id,name,url,status FROM apds where url = ANY($1::text[])"; + public static final String LIST_AUTH_QUERY = "SELECT id FROM apds where status = $1::apd_status_enum or status = $2::apd_status_enum"; public static final String LIST_USER_QUERY = "SELECT id FROM apds WHERE status = $1::apd_status_enum "; } diff --git a/src/main/java/iudx/aaa/server/apiserver/ApdInfoObj.java b/src/main/java/iudx/aaa/server/apiserver/ApdInfoObj.java index 0349117f..2859e697 100644 --- a/src/main/java/iudx/aaa/server/apiserver/ApdInfoObj.java +++ b/src/main/java/iudx/aaa/server/apiserver/ApdInfoObj.java @@ -10,7 +10,6 @@ public class ApdInfoObj { UUID id; String name; String url; - UUID ownerId; ApdStatus status; public String getId() { @@ -37,14 +36,6 @@ public void setUrl(String url) { this.url = url; } - public String getOwnerId() { - return ownerId.toString(); - } - - public void setOwnerId(String ownerId) { - this.ownerId = UUID.fromString(ownerId); - } - public ApdStatus getStatus() { return status; } @@ -57,7 +48,6 @@ public ApdInfoObj(UUID id, String name, String url, UUID ownerId, ApdStatus stat this.id = id; this.name = name; this.url = url; - this.ownerId = ownerId; this.status = status; } diff --git a/src/main/java/iudx/aaa/server/apiserver/ApdStatus.java b/src/main/java/iudx/aaa/server/apiserver/ApdStatus.java index c0400d2c..b6498c69 100644 --- a/src/main/java/iudx/aaa/server/apiserver/ApdStatus.java +++ b/src/main/java/iudx/aaa/server/apiserver/ApdStatus.java @@ -8,7 +8,7 @@ * Enum that defines valid status an Access Policy Domain (APD) can be in. */ public enum ApdStatus { - PENDING, ACTIVE, INACTIVE; + ACTIVE, INACTIVE; static List apdStatusAsStrings = Arrays.stream(ApdStatus.values()).map(r -> r.name()).collect(Collectors.toList()); diff --git a/src/main/resources/db/migration/V10__Delete_APDs_in_pending_state_and_remove_pending_from_enum.sql b/src/main/resources/db/migration/V10__Delete_APDs_in_pending_state_and_remove_pending_from_enum.sql new file mode 100644 index 00000000..46712f6d --- /dev/null +++ b/src/main/resources/db/migration/V10__Delete_APDs_in_pending_state_and_remove_pending_from_enum.sql @@ -0,0 +1,15 @@ +-- removing PENDING status from apd_status_enum +-- first we need to delete any APDs in PENDING state + +DELETE FROM apds WHERE status = 'PENDING'; + +CREATE TYPE new_apd_status_enum AS ENUM ( + 'ACTIVE', + 'INACTIVE' +); + +ALTER TABLE apds ALTER COLUMN status TYPE new_apd_status_enum USING status::text::new_apd_status_enum; + +DROP TYPE apd_status_enum; + +ALTER TYPE new_apd_status_enum RENAME TO apd_status_enum; diff --git a/src/main/resources/db/migration/V9__Remove_trustee_ID_from_APD_table.sql b/src/main/resources/db/migration/V9__Remove_trustee_ID_from_APD_table.sql new file mode 100644 index 00000000..9ff8c54a --- /dev/null +++ b/src/main/resources/db/migration/V9__Remove_trustee_ID_from_APD_table.sql @@ -0,0 +1 @@ +ALTER TABLE apds DROP COLUMN owner_id; diff --git a/src/test/java/iudx/aaa/server/apd/CallApdTest.java b/src/test/java/iudx/aaa/server/apd/CallApdTest.java index 07e5cd6b..9e37c505 100644 --- a/src/test/java/iudx/aaa/server/apd/CallApdTest.java +++ b/src/test/java/iudx/aaa/server/apd/CallApdTest.java @@ -26,11 +26,9 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.ArgumentMatchers.any; -import io.vertx.core.CompositeFuture; import io.vertx.core.Future; import io.vertx.core.Promise; import io.vertx.core.Vertx; -import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; import io.vertx.junit5.VertxExtension; import io.vertx.junit5.VertxTestContext; @@ -45,7 +43,6 @@ import iudx.aaa.server.apiserver.Roles; import iudx.aaa.server.apiserver.util.ComposeException; import iudx.aaa.server.configuration.Configuration; -import iudx.aaa.server.policy.PolicyService; import iudx.aaa.server.registration.RegistrationService; import iudx.aaa.server.registration.Utils; import iudx.aaa.server.token.TokenService; @@ -83,22 +80,20 @@ public class CallApdTest { private static PgConnectOptions connectOptions; private static ApdWebClient apdWebClient = Mockito.mock(ApdWebClient.class); private static RegistrationService registrationService = Mockito.mock(RegistrationService.class); - private static PolicyService policyService = Mockito.mock(PolicyService.class); private static TokenService tokenService = Mockito.mock(TokenService.class); private static final String DUMMY_AUTH_SERVER = "auth" + RandomStringUtils.randomAlphabetic(5).toLowerCase() + "iudx.io"; - private static Future trusteeUser; private static Future otherUser; static String name = RandomStringUtils.randomAlphabetic(10).toLowerCase(); static String url = name + ".com"; static Future orgIdFut; - private static final UUID PENDING_APD_ID = UUID.randomUUID(); + private static final UUID INACTIVE_APD_ID = UUID.randomUUID(); private static final UUID ACTIVE_APD_ID = UUID.randomUUID(); - private static final String PENDING_APD = RandomStringUtils.randomAlphabetic(5).toLowerCase(); + private static final String INACTIVE_APD = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String ACTIVE_APD = RandomStringUtils.randomAlphabetic(5).toLowerCase(); @BeforeAll @@ -140,22 +135,19 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { orgIdFut = pool.withConnection(conn -> conn.preparedQuery(Utils.SQL_CREATE_ORG) .execute(Tuple.of(name, url)).map(row -> row.iterator().next().getUUID("id"))); - trusteeUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), false)); otherUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", Map.of(Roles.CONSUMER, RoleStatus.APPROVED), false)); - CompositeFuture.all(trusteeUser, otherUser).compose(s -> { - UUID trusteeId = UUID.fromString(trusteeUser.result().getString("userId")); + otherUser.compose(s -> { List apdTup = List.of( - Tuple.of(PENDING_APD_ID, PENDING_APD, PENDING_APD + ".com", trusteeId, ApdStatus.PENDING), - Tuple.of(ACTIVE_APD_ID, ACTIVE_APD, ACTIVE_APD + ".com", trusteeId, ApdStatus.ACTIVE)); + Tuple.of(INACTIVE_APD_ID, INACTIVE_APD, INACTIVE_APD + ".com", ApdStatus.INACTIVE), + Tuple.of(ACTIVE_APD_ID, ACTIVE_APD, ACTIVE_APD + ".com", ApdStatus.ACTIVE)); return pool .withConnection(conn -> conn.preparedQuery(Utils.SQL_CREATE_APD).executeBatch(apdTup)); }).onSuccess(res -> { - apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, policyService, - tokenService, options); + apdService = + new ApdServiceImpl(pool, apdWebClient, registrationService, tokenService, options); testContext.completeNow(); }); } @@ -163,7 +155,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { @AfterAll public static void finish(VertxTestContext testContext) { LOGGER.info("Finishing...."); - List users = List.of(trusteeUser.result(), otherUser.result()); + List users = List.of(otherUser.result()); Utils.deleteFakeUser(pool, users) .compose(succ -> pool.withConnection( @@ -280,7 +272,7 @@ void apdWebClientFails(VertxTestContext testContext) { UUID ownerId = UUID.randomUUID(); JsonObject apdContext = new JsonObject().put("userId", userId.toString()) - .put("ownerId", ownerId.toString()).put("apdId", PENDING_APD_ID.toString()) + .put("ownerId", ownerId.toString()).put("apdId", INACTIVE_APD_ID.toString()) .put("resource", RandomStringUtils.randomAlphabetic(20).toLowerCase()) .put("itemType", RandomStringUtils.randomAlphabetic(10).toLowerCase()) .put("resSerUrl", RandomStringUtils.randomAlphabetic(5).toLowerCase() + ".com") diff --git a/src/test/java/iudx/aaa/server/apd/CreateApdTest.java b/src/test/java/iudx/aaa/server/apd/CreateApdTest.java index fdc6de92..33b466b7 100644 --- a/src/test/java/iudx/aaa/server/apd/CreateApdTest.java +++ b/src/test/java/iudx/aaa/server/apd/CreateApdTest.java @@ -4,18 +4,15 @@ import static iudx.aaa.server.apd.Constants.ERR_DETAIL_APD_NOT_RESPOND; import static iudx.aaa.server.apd.Constants.ERR_DETAIL_EXISTING_DOMAIN; import static iudx.aaa.server.apd.Constants.ERR_DETAIL_INVALID_DOMAIN; -import static iudx.aaa.server.apd.Constants.ERR_DETAIL_NOT_TRUSTEE; import static iudx.aaa.server.apd.Constants.ERR_TITLE_APD_NOT_RESPOND; import static iudx.aaa.server.apd.Constants.ERR_TITLE_EXISTING_DOMAIN; import static iudx.aaa.server.apd.Constants.ERR_TITLE_INVALID_DOMAIN; -import static iudx.aaa.server.apd.Constants.ERR_TITLE_NOT_TRUSTEE; import static iudx.aaa.server.apd.Constants.RESP_APD_ID; import static iudx.aaa.server.apd.Constants.RESP_APD_NAME; -import static iudx.aaa.server.apd.Constants.RESP_APD_OWNER; import static iudx.aaa.server.apd.Constants.RESP_APD_STATUS; import static iudx.aaa.server.apd.Constants.RESP_APD_URL; -import static iudx.aaa.server.apd.Constants.RESP_OWNER_USER_ID; import static iudx.aaa.server.apd.Constants.SUCC_TITLE_REGISTERED_APD; +import static iudx.aaa.server.registration.Utils.SQL_CREATE_ADMIN_SERVER; import static iudx.aaa.server.apiserver.util.Urn.*; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -26,6 +23,7 @@ import org.apache.logging.log4j.Logger; import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -51,7 +49,6 @@ import iudx.aaa.server.apiserver.User.UserBuilder; import iudx.aaa.server.configuration.Configuration; import iudx.aaa.server.apiserver.util.ComposeException; -import iudx.aaa.server.policy.PolicyService; import iudx.aaa.server.registration.RegistrationService; import iudx.aaa.server.registration.Utils; import iudx.aaa.server.token.TokenService; @@ -80,13 +77,16 @@ public class CreateApdTest { private static PgConnectOptions connectOptions; private static ApdWebClient apdWebClient = Mockito.mock(ApdWebClient.class); private static RegistrationService registrationService = Mockito.mock(RegistrationService.class); - private static PolicyService policyService = Mockito.mock(PolicyService.class); private static TokenService tokenService = Mockito.mock(TokenService.class); private static final String DUMMY_AUTH_SERVER = "auth" + RandomStringUtils.randomAlphabetic(5).toLowerCase() + "iudx.io"; - private static Future trusteeUser; - private static Future otherUser; + private static final String DUMMY_SERVER = + "dummy" + RandomStringUtils.randomAlphabetic(5).toLowerCase() + ".iudx.io"; + + private static Future normalUser; + private static Future authAdmin; + private static Future otherAdmin; static String name = RandomStringUtils.randomAlphabetic(10).toLowerCase(); static String url = name + ".com"; @@ -131,14 +131,27 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { orgIdFut = pool.withConnection(conn -> conn.preparedQuery(Utils.SQL_CREATE_ORG) .execute(Tuple.of(name, url)).map(row -> row.iterator().next().getUUID("id"))); - trusteeUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), false)); - otherUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.PROVIDER, RoleStatus.APPROVED), false)); - - CompositeFuture.all(trusteeUser, otherUser).onSuccess(succ -> { - apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, policyService, - tokenService, options); + normalUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", + Map.of(Roles.CONSUMER, RoleStatus.APPROVED), false)); + authAdmin = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", + Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); + otherAdmin = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", + Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); + + CompositeFuture.all(normalUser, authAdmin, otherAdmin).compose(succ -> { + // create servers for admins + JsonObject admin1 = authAdmin.result(); + UUID uid1 = UUID.fromString(admin1.getString("userId")); + + JsonObject admin2 = otherAdmin.result(); + UUID uid2 = UUID.fromString(admin2.getString("userId")); + List tup = List.of(Tuple.of("Auth Server", uid1, DUMMY_AUTH_SERVER), + Tuple.of("Other Server", uid2, DUMMY_SERVER)); + + return pool.withConnection(conn -> conn.preparedQuery(SQL_CREATE_ADMIN_SERVER) + .executeBatch(tup)); + }).onSuccess(succ -> { + apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, tokenService, options); testContext.completeNow(); }); } @@ -146,7 +159,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { @AfterAll public static void finish(VertxTestContext testContext) { LOGGER.info("Finishing...."); - List users = List.of(trusteeUser.result(), otherUser.result()); + List users = List.of(normalUser.result(), authAdmin.result(), otherAdmin.result()); Utils.deleteFakeUser(pool, users) .compose(succ -> pool.withConnection( @@ -160,13 +173,13 @@ public static void finish(VertxTestContext testContext) { } @Test - @DisplayName("Test user calling does not have trustee role") - void notTrustee(VertxTestContext testContext) { - JsonObject userJson = otherUser.result(); + @DisplayName("Test user calling does not have admin role") + void notAdmin(VertxTestContext testContext) { + JsonObject userJson = normalUser.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) - .roles(List.of(Roles.PROVIDER, Roles.CONSUMER, Roles.ADMIN, Roles.DELEGATE)) + .roles(List.of(Roles.PROVIDER, Roles.CONSUMER, Roles.DELEGATE)) .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); JsonObject jsonRequest = new JsonObject().put("name", "something").put("url", "something.com"); @@ -177,8 +190,6 @@ void notTrustee(VertxTestContext testContext) { testContext.succeeding(response -> testContext.verify(() -> { assertEquals(response.getInteger("status"), 403); assertEquals(URN_INVALID_ROLE.toString(), response.getString("type")); - assertEquals(ERR_TITLE_NOT_TRUSTEE, response.getString("title")); - assertEquals(ERR_DETAIL_NOT_TRUSTEE, response.getString("detail")); testContext.completeNow(); }))); } @@ -186,10 +197,10 @@ void notTrustee(VertxTestContext testContext) { @Test @DisplayName("Test various invalid domains") void invalidDomain(VertxTestContext testContext) { - JsonObject userJson = trusteeUser.result(); + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(List.of(Roles.TRUSTEE)) + .userId(userJson.getString("userId")).roles(List.of(Roles.ADMIN)) .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); Checkpoint test1 = testContext.checkpoint(); @@ -249,13 +260,14 @@ void invalidDomain(VertxTestContext testContext) { }))); } + @Disabled @Test @DisplayName("Test APD not responding") void apdNotResponding(VertxTestContext testContext) { - JsonObject userJson = trusteeUser.result(); + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(List.of(Roles.TRUSTEE)) + .userId(userJson.getString("userId")).roles(List.of(Roles.ADMIN)) .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); String name = RandomStringUtils.randomAlphabetic(5).toLowerCase(); @@ -281,10 +293,10 @@ void apdNotResponding(VertxTestContext testContext) { @Test @DisplayName("Test successful APD registration") void successfulApdReg(VertxTestContext testContext) { - JsonObject userJson = trusteeUser.result(); + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(List.of(Roles.TRUSTEE)) + .userId(userJson.getString("userId")).roles(List.of(Roles.ADMIN)) .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); String name = RandomStringUtils.randomAlphabetic(5).toLowerCase(); @@ -293,15 +305,6 @@ void successfulApdReg(VertxTestContext testContext) { JsonObject jsonRequest = new JsonObject().put("name", name).put("url", url); Mockito.when(apdWebClient.checkApdExists(url)).thenReturn(Future.succeededFuture(true)); - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", userJson.getString("email")).put("name", - new JsonObject().put("firstName", userJson.getString("firstName")).put("lastName", - userJson.getString("lastName"))); - p.complete(new JsonObject().put(userJson.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - apdService.createApd(new CreateApdRequest(jsonRequest), user, testContext.succeeding(response -> testContext.verify(() -> { assertEquals(response.getInteger("status"), 200); @@ -311,17 +314,8 @@ void successfulApdReg(VertxTestContext testContext) { JsonObject result = response.getJsonObject("results"); assertEquals(name, result.getString(RESP_APD_NAME)); assertEquals(url, result.getString(RESP_APD_URL)); - assertEquals("pending", result.getString(RESP_APD_STATUS)); + assertEquals("active", result.getString(RESP_APD_STATUS)); assertTrue(result.containsKey(RESP_APD_ID)); - assertTrue(result.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDets = result.getJsonObject(RESP_APD_OWNER); - assertEquals(userJson.getString("userId"), ownerDets.getString(RESP_OWNER_USER_ID)); - assertEquals(userJson.getString("firstName"), - ownerDets.getJsonObject("name").getString("firstName")); - assertEquals(userJson.getString("lastName"), - ownerDets.getJsonObject("name").getString("lastName")); - assertEquals(userJson.getString("email"), ownerDets.getString("email")); testContext.completeNow(); }))); @@ -330,10 +324,10 @@ void successfulApdReg(VertxTestContext testContext) { @Test @DisplayName("Test existing url") void existingUrl(VertxTestContext testContext) { - JsonObject userJson = trusteeUser.result(); + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(List.of(Roles.TRUSTEE)) + .userId(userJson.getString("userId")).roles(List.of(Roles.ADMIN)) .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); String name = RandomStringUtils.randomAlphabetic(5).toLowerCase(); @@ -342,15 +336,6 @@ void existingUrl(VertxTestContext testContext) { JsonObject jsonRequest = new JsonObject().put("name", name).put("url", url); Mockito.when(apdWebClient.checkApdExists(any())).thenReturn(Future.succeededFuture(true)); - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", userJson.getString("email")).put("name", - new JsonObject().put("firstName", userJson.getString("firstName")).put("lastName", - userJson.getString("lastName"))); - p.complete(new JsonObject().put(userJson.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - Checkpoint created = testContext.checkpoint(); Checkpoint existing = testContext.checkpoint(); @@ -372,13 +357,14 @@ void existingUrl(VertxTestContext testContext) { }))); } + @Disabled @Test @DisplayName("Test APD web client fails (internal error)") void apdWebClientFails(VertxTestContext testContext) { - JsonObject userJson = trusteeUser.result(); + JsonObject userJson = normalUser.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(List.of(Roles.TRUSTEE)) + .userId(userJson.getString("userId")).roles(List.of(Roles.CONSUMER)) .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); String name = RandomStringUtils.randomAlphabetic(5).toLowerCase(); @@ -393,51 +379,4 @@ void apdWebClientFails(VertxTestContext testContext) { }))); } - @Test - @DisplayName("Test failing registration service - insert apd transaction should rollback") - void failingRegService(VertxTestContext testContext) { - JsonObject userJson = trusteeUser.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(List.of(Roles.TRUSTEE)) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - String name = RandomStringUtils.randomAlphabetic(5).toLowerCase(); - String url = name + ".com"; - - JsonObject jsonRequest = new JsonObject().put("name", name).put("url", url); - Mockito.when(apdWebClient.checkApdExists(url)).thenReturn(Future.succeededFuture(true)); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - p.fail("Fail"); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - Checkpoint regFailed = testContext.checkpoint(); - Checkpoint success = testContext.checkpoint(); - - apdService.createApd(new CreateApdRequest(jsonRequest), user, - testContext.failing(fail -> testContext.verify(() -> { - testContext.completeNow(); - regFailed.flag(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", userJson.getString("email")) - .put("name", new JsonObject().put("firstName", userJson.getString("firstName")) - .put("lastName", userJson.getString("lastName"))); - p.complete(new JsonObject().put(userJson.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - apdService.createApd(new CreateApdRequest(jsonRequest), user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(response.getInteger("status"), 200); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - assertEquals(SUCC_TITLE_REGISTERED_APD, response.getString("title")); - success.flag(); - }))); - }))); - } } diff --git a/src/test/java/iudx/aaa/server/apd/ListApdTest.java b/src/test/java/iudx/aaa/server/apd/ListApdTest.java index d13c9511..a828795f 100644 --- a/src/test/java/iudx/aaa/server/apd/ListApdTest.java +++ b/src/test/java/iudx/aaa/server/apd/ListApdTest.java @@ -2,7 +2,6 @@ import io.vertx.core.CompositeFuture; import io.vertx.core.Future; -import io.vertx.core.Promise; import io.vertx.core.Vertx; import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; @@ -19,7 +18,6 @@ import iudx.aaa.server.apiserver.User.UserBuilder; import iudx.aaa.server.apiserver.util.ComposeException; import iudx.aaa.server.configuration.Configuration; -import iudx.aaa.server.policy.PolicyService; import iudx.aaa.server.registration.RegistrationService; import iudx.aaa.server.registration.Utils; import iudx.aaa.server.token.TokenService; @@ -48,7 +46,6 @@ import static iudx.aaa.server.registration.Utils.SQL_CREATE_APD; import static iudx.aaa.server.registration.Utils.SQL_DELETE_SERVERS; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.ArgumentMatchers.any; @ExtendWith({VertxExtension.class}) @TestMethodOrder(OrderAnnotation.class) @@ -58,18 +55,16 @@ public class ListApdTest { "dummy" + RandomStringUtils.randomAlphabetic(5).toLowerCase() + ".iudx.io"; private static final String DUMMY_AUTH_SERVER = "auth" + RandomStringUtils.randomAlphabetic(5).toLowerCase() + "iudx.io"; - private static final UUID PENDING_A_ID = UUID.randomUUID(); + private static final UUID ACTIVE_A_ID = UUID.randomUUID(); private static final UUID INACTIVE_A_ID = UUID.randomUUID(); - private static final UUID PENDING_B_ID = UUID.randomUUID(); private static final UUID ACTIVE_B_ID = UUID.randomUUID(); private static final UUID INACTIVE_B_ID = UUID.randomUUID(); - private static final String PENDING_A = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String ACTIVE_A = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String INACTIVE_A = RandomStringUtils.randomAlphabetic(5).toLowerCase(); - private static final String PENDING_B = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String ACTIVE_B = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String INACTIVE_B = RandomStringUtils.randomAlphabetic(5).toLowerCase(); + static String name = RandomStringUtils.randomAlphabetic(10).toLowerCase(); static String url = name + ".com"; static Future orgIdFut; @@ -89,10 +84,9 @@ public class ListApdTest { private static PgConnectOptions connectOptions; private static ApdWebClient apdWebClient = Mockito.mock(ApdWebClient.class); private static RegistrationService registrationService = Mockito.mock(RegistrationService.class); - private static PolicyService policyService = Mockito.mock(PolicyService.class); private static TokenService tokenService = Mockito.mock(TokenService.class); - private static Future trusteeUserA; - private static Future trusteeUserB; + + private static Future normalUser; private static Future authAdmin; private static Future otherAdmin; @@ -135,16 +129,14 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { orgIdFut = pool.withConnection(conn -> conn.preparedQuery(Utils.SQL_CREATE_ORG) .execute(Tuple.of(name, url)).map(row -> row.iterator().next().getUUID("id"))); - trusteeUserA = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), false)); - trusteeUserB = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), false)); + normalUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", + Map.of(Roles.CONSUMER, RoleStatus.APPROVED), false)); authAdmin = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); otherAdmin = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); - CompositeFuture.all(trusteeUserA, trusteeUserB, authAdmin, otherAdmin).compose(succ -> { + CompositeFuture.all(normalUser, authAdmin, otherAdmin).compose(succ -> { // create servers for admins JsonObject admin1 = authAdmin.result(); UUID uid1 = UUID.fromString(admin1.getString("userId")); @@ -155,30 +147,24 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { Tuple.of("Other Server", uid2, DUMMY_SERVER)); /* - * To test the different APD states, we create 3 APDs each for the 2 trustees. Slightly + * To test the different APD states, we create 4 APDs. Slightly * different from other tests, we also create the UUID APD IDs and insert into the DB instead * of relying on the auto-create in DB */ - UUID trusteeIdA = UUID.fromString(trusteeUserA.result().getString("userId")); - UUID trusteeIdB = UUID.fromString(trusteeUserB.result().getString("userId")); - List apdTup = List.of( - Tuple.of(PENDING_A_ID, PENDING_A, PENDING_A + ".com", trusteeIdA, ApdStatus.PENDING), - Tuple.of(ACTIVE_A_ID, ACTIVE_A, ACTIVE_A + ".com", trusteeIdA, ApdStatus.ACTIVE), - Tuple.of(INACTIVE_A_ID, INACTIVE_A, INACTIVE_A + ".com", trusteeIdA, ApdStatus.INACTIVE), - Tuple.of(PENDING_B_ID, PENDING_B, PENDING_B + ".com", trusteeIdB, ApdStatus.PENDING), - Tuple.of(ACTIVE_B_ID, ACTIVE_B, ACTIVE_B + ".com", trusteeIdB, ApdStatus.ACTIVE), - Tuple.of(INACTIVE_B_ID, INACTIVE_B, INACTIVE_B + ".com", trusteeIdB, ApdStatus.INACTIVE)); + Tuple.of(ACTIVE_A_ID, ACTIVE_A, ACTIVE_A + ".com", ApdStatus.ACTIVE), + Tuple.of(INACTIVE_A_ID, INACTIVE_A, INACTIVE_A + ".com", ApdStatus.INACTIVE), + Tuple.of(ACTIVE_B_ID, ACTIVE_B, ACTIVE_B + ".com", ApdStatus.ACTIVE), + Tuple.of(INACTIVE_B_ID, INACTIVE_B, INACTIVE_B + ".com", ApdStatus.INACTIVE)); return pool.withConnection(conn -> conn.preparedQuery(SQL_CREATE_ADMIN_SERVER) .executeBatch(tup).compose(x -> conn.preparedQuery(SQL_CREATE_APD).executeBatch(apdTup))); }).onSuccess(x -> { apdService = - new ApdServiceImpl(pool, apdWebClient, registrationService, policyService,tokenService,options); + new ApdServiceImpl(pool, apdWebClient, registrationService, tokenService, options); testContext.completeNow(); }).onFailure(x -> { - apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, policyService,tokenService,options); - testContext.completeNow(); + testContext.failNow("Failed"); }); } @@ -186,8 +172,8 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { public static void finish(VertxTestContext testContext) { LOGGER.info("Finishing...."); Tuple servers = Tuple.of(List.of(DUMMY_AUTH_SERVER, DUMMY_SERVER).toArray()); - List users = List.of(trusteeUserA.result(), otherAdmin.result(), - trusteeUserB.result(), authAdmin.result()); + List users = + List.of(normalUser.result(), otherAdmin.result(), authAdmin.result()); pool.withConnection(conn -> conn.preparedQuery(SQL_DELETE_SERVERS).execute(servers) .compose(success -> Utils.deleteFakeUser(pool, users)).compose( @@ -273,24 +259,6 @@ void multipleSuccessApdId(VertxTestContext testContext) { request.add(ACTIVE_A_ID.toString()); request.add(ACTIVE_B_ID.toString()); - JsonObject trusteeAdets = trusteeUserA.result(); - JsonObject trusteeBdets = trusteeUserB.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject trusteeA = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - - JsonObject trusteeB = new JsonObject().put("email", trusteeBdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeBdets.getString("firstName")) - .put("lastName", trusteeBdets.getString("lastName"))); - - p.complete(new JsonObject().put(trusteeAdets.getString("userId"), trusteeA) - .put(trusteeBdets.getString("userId"), trusteeB)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - apdService.getApdDetails( List.of(), request, @@ -302,12 +270,6 @@ void multipleSuccessApdId(VertxTestContext testContext) { JsonObject respTwo = response.getJsonObject(ACTIVE_B_ID.toString()); assertEquals(respOne.getString("status"), "active"); assertEquals(respTwo.getString("status"), "active"); - assertEquals( - respOne.getJsonObject("owner").getString("email"), - trusteeAdets.getString("email")); - assertEquals( - respTwo.getJsonObject("owner").getString("email"), - trusteeBdets.getString("email")); testContext.completeNow(); }); })); @@ -317,7 +279,6 @@ void multipleSuccessApdId(VertxTestContext testContext) { @DisplayName("Test multiple list - consumer") void ListInvalidUser(VertxTestContext testContext) { - JsonObject trusteeAdets = trusteeUserA.result(); UUID uid1 = UUID.fromString(NIL_UUID); Roles role = Roles.PROVIDER; User user = new UserBuilder().userId(uid1).roles(List.of(role)).build(); @@ -344,107 +305,6 @@ void ListAuthAdmin(VertxTestContext testContext) { Roles role = Roles.ADMIN; User user = new UserBuilder().userId(uid1).roles(List.of(role)).build(); - JsonObject trusteeAdets = trusteeUserA.result(); - JsonObject trusteeBdets = trusteeUserB.result(); - Mockito.doAnswer(i -> { - List ids = i.getArgument(0); - Promise p = i.getArgument(1); - JsonObject response = new JsonObject(); - ids.forEach(id -> { - JsonObject value = new JsonObject(); - if(id.equals(trusteeAdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - - } - if(id.equals(trusteeBdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - } - response.put(id,value); - }); - - - p.complete(response); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - apdService.listApd(user, - testContext.succeeding(response -> { - testContext.verify(() -> { - JsonArray responseArr = response.getJsonArray("results"); - - List respObjList = new ArrayList<>(); - - for (int i=0;i obj.getString("apdId") - .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - - String status_ACTIVE_A = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getString("status")) - .collect(Collectors.joining()); - - String ownerId2 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(INACTIVE_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - - String status_INACTIVE_A = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(INACTIVE_A_ID.toString())).map(ar -> ar.getString("status")) - .collect(Collectors.joining()); - - assertEquals(ownerId1,trusteeAdets.getString("userId")); - assertEquals(status_ACTIVE_A, ApdStatus.ACTIVE.toString().toLowerCase()); - assertEquals(ownerId2,trusteeAdets.getString("userId")); - assertEquals(status_INACTIVE_A, ApdStatus.INACTIVE.toString().toLowerCase()); - testContext.completeNow(); - } - ); - })); - } - - //trustee role gets all apds belonging to them and all other apds that are active - @Test - @DisplayName("Test multiple list - Trustee") - void ListTrustee(VertxTestContext testContext) { - - JsonObject trusteeAdets = trusteeUserA.result(); - UUID uid1 = UUID.fromString(trusteeAdets.getString("userId")); - Roles role = Roles.TRUSTEE; - User user = new UserBuilder().userId(uid1).roles(List.of(role)).build(); - JsonObject trusteeBdets = trusteeUserB.result(); - Mockito.doAnswer(i -> { - List ids = i.getArgument(0); - Promise p = i.getArgument(1); - JsonObject response = new JsonObject(); - ids.forEach(id -> { - JsonObject value = new JsonObject(); - if(id.equals(trusteeAdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - - } - if(id.equals(trusteeBdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - } - response.put(id,value); - }); - p.complete(response); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - apdService.listApd(user, testContext.succeeding(response -> { testContext.verify(() -> { @@ -456,87 +316,31 @@ void ListTrustee(VertxTestContext testContext) { respObjList.add(responseArr.getJsonObject(i)); } - String ownerId1 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - String status_ACTIVE_A = respObjList.stream().filter(obj -> obj.getString("apdId") .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getString("status")) .collect(Collectors.joining()); - String ownerId2 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(PENDING_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - - String status_PENDING_A = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(PENDING_A_ID.toString())).map(ar -> ar.getString("status")) - .collect(Collectors.joining()); - - String ownerId3 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(INACTIVE_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - String status_INACTIVE_A = respObjList.stream().filter(obj -> obj.getString("apdId") .equals(INACTIVE_A_ID.toString())).map(ar -> ar.getString("status")) .collect(Collectors.joining()); - String ownerId4 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_B_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - - String status_ACTIVE_B = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_B_ID.toString())).map(ar -> ar.getString("status")) - .collect(Collectors.joining()); - - assertEquals(ownerId1,trusteeAdets.getString("userId")); assertEquals(status_ACTIVE_A, ApdStatus.ACTIVE.toString().toLowerCase()); - assertEquals(ownerId2,trusteeAdets.getString("userId")); - assertEquals(status_PENDING_A, ApdStatus.PENDING.toString().toLowerCase()); - assertEquals(ownerId3,trusteeAdets.getString("userId")); assertEquals(status_INACTIVE_A, ApdStatus.INACTIVE.toString().toLowerCase()); - assertEquals(ownerId4,trusteeBdets.getString("userId")); - assertEquals(status_ACTIVE_B, ApdStatus.ACTIVE.toString().toLowerCase()); testContext.completeNow(); } ); })); } - //provider role gets all active apds @Test @DisplayName("Test multiple list - provider") void ListApdProvider(VertxTestContext testContext) { - JsonObject trusteeAdets = trusteeUserA.result(); - UUID uid1 = UUID.fromString(trusteeAdets.getString("userId")); + JsonObject userdets = normalUser.result(); + UUID uid1 = UUID.fromString(userdets.getString("userId")); Roles role = Roles.PROVIDER; User user = new UserBuilder().userId(uid1).roles(List.of(role)).build(); - JsonObject trusteeBdets = trusteeUserB.result(); - Mockito.doAnswer(i -> { - List ids = i.getArgument(0); - Promise p = i.getArgument(1); - JsonObject response = new JsonObject(); - ids.forEach(id -> { - JsonObject value = new JsonObject(); - if(id.equals(trusteeAdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - - } - if(id.equals(trusteeBdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - } - response.put(id,value); - }); - p.complete(response); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); apdService.listApd(user, testContext.succeeding(response -> { @@ -549,25 +353,15 @@ void ListApdProvider(VertxTestContext testContext) { respObjList.add(responseArr.getJsonObject(i)); } - String ownerId1 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - String status_ACTIVE_A = respObjList.stream().filter(obj -> obj.getString("apdId") .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getString("status")) .collect(Collectors.joining()); - String ownerId2 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_B_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - String status_ACTIVE_B = respObjList.stream().filter(obj -> obj.getString("apdId") .equals(ACTIVE_B_ID.toString())).map(ar -> ar.getString("status")) .collect(Collectors.joining()); - assertEquals(ownerId1,trusteeAdets.getString("userId")); assertEquals(status_ACTIVE_A, ApdStatus.ACTIVE.toString().toLowerCase()); - assertEquals(ownerId2,trusteeBdets.getString("userId")); assertEquals(status_ACTIVE_B, ApdStatus.ACTIVE.toString().toLowerCase()); testContext.completeNow(); } @@ -580,35 +374,10 @@ void ListApdProvider(VertxTestContext testContext) { @DisplayName("Test multiple list - consumer") void ListApdConsumer(VertxTestContext testContext) { - JsonObject trusteeAdets = trusteeUserA.result(); - UUID uid1 = UUID.fromString(trusteeAdets.getString("userId")); - Roles role = Roles.PROVIDER; + JsonObject userDets = normalUser.result(); + UUID uid1 = UUID.fromString(userDets.getString("userId")); + Roles role = Roles.CONSUMER; User user = new UserBuilder().userId(uid1).roles(List.of(role)).build(); - JsonObject trusteeBdets = trusteeUserB.result(); - Mockito.doAnswer(i -> { - List ids = i.getArgument(0); - Promise p = i.getArgument(1); - JsonObject response = new JsonObject(); - ids.forEach(id -> { - JsonObject value = new JsonObject(); - if(id.equals(trusteeAdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - - } - if(id.equals(trusteeBdets.getString("userId"))) - { - value = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - } - response.put(id,value); - }); - p.complete(response); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); apdService.listApd(user, testContext.succeeding(response -> { @@ -621,25 +390,14 @@ void ListApdConsumer(VertxTestContext testContext) { respObjList.add(responseArr.getJsonObject(i)); } - String ownerId1 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - String status_ACTIVE_A = respObjList.stream().filter(obj -> obj.getString("apdId") .equals(ACTIVE_A_ID.toString())).map(ar -> ar.getString("status")) .collect(Collectors.joining()); - - String ownerId2 = respObjList.stream().filter(obj -> obj.getString("apdId") - .equals(ACTIVE_B_ID.toString())).map(ar -> ar.getJsonObject("owner").getString("id")) - .collect(Collectors.joining()); - String status_ACTIVE_B = respObjList.stream().filter(obj -> obj.getString("apdId") .equals(ACTIVE_B_ID.toString())).map(ar -> ar.getString("status")) .collect(Collectors.joining()); - assertEquals(ownerId1,trusteeAdets.getString("userId")); assertEquals(status_ACTIVE_A, ApdStatus.ACTIVE.toString().toLowerCase()); - assertEquals(ownerId2,trusteeBdets.getString("userId")); assertEquals(status_ACTIVE_B, ApdStatus.ACTIVE.toString().toLowerCase()); testContext.completeNow(); } diff --git a/src/test/java/iudx/aaa/server/apd/UpdateApdTest.java b/src/test/java/iudx/aaa/server/apd/UpdateApdTest.java index e0851c99..b0ac1390 100644 --- a/src/test/java/iudx/aaa/server/apd/UpdateApdTest.java +++ b/src/test/java/iudx/aaa/server/apd/UpdateApdTest.java @@ -10,10 +10,8 @@ import static iudx.aaa.server.apd.Constants.ERR_TITLE_NO_USER_PROFILE; import static iudx.aaa.server.apd.Constants.RESP_APD_ID; import static iudx.aaa.server.apd.Constants.RESP_APD_NAME; -import static iudx.aaa.server.apd.Constants.RESP_APD_OWNER; import static iudx.aaa.server.apd.Constants.RESP_APD_STATUS; import static iudx.aaa.server.apd.Constants.RESP_APD_URL; -import static iudx.aaa.server.apd.Constants.RESP_OWNER_USER_ID; import static iudx.aaa.server.apd.Constants.SUCC_TITLE_UPDATED_APD; import static iudx.aaa.server.apiserver.util.Urn.*; import static iudx.aaa.server.registration.Utils.SQL_CREATE_ADMIN_SERVER; @@ -21,11 +19,9 @@ import static iudx.aaa.server.registration.Utils.SQL_DELETE_SERVERS; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.ArgumentMatchers.any; import io.vertx.core.CompositeFuture; import io.vertx.core.Future; -import io.vertx.core.Promise; import io.vertx.core.Vertx; import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; @@ -37,13 +33,11 @@ import io.vertx.sqlclient.Tuple; import iudx.aaa.server.apiserver.ApdStatus; import iudx.aaa.server.apiserver.ApdUpdateRequest; -import iudx.aaa.server.apiserver.CreatePolicyRequest; import iudx.aaa.server.apiserver.RoleStatus; import iudx.aaa.server.apiserver.Roles; import iudx.aaa.server.apiserver.User; import iudx.aaa.server.apiserver.User.UserBuilder; import iudx.aaa.server.configuration.Configuration; -import iudx.aaa.server.policy.PolicyService; import iudx.aaa.server.registration.RegistrationService; import iudx.aaa.server.registration.Utils; import iudx.aaa.server.token.TokenService; @@ -86,7 +80,6 @@ public class UpdateApdTest { private static PgConnectOptions connectOptions; private static ApdWebClient apdWebClient = Mockito.mock(ApdWebClient.class); private static RegistrationService registrationService = Mockito.mock(RegistrationService.class); - private static PolicyService policyService = Mockito.mock(PolicyService.class); private static TokenService tokenService = Mockito.mock(TokenService.class); private static final String DUMMY_SERVER = @@ -94,24 +87,19 @@ public class UpdateApdTest { private static final String DUMMY_AUTH_SERVER = "auth" + RandomStringUtils.randomAlphabetic(5).toLowerCase() + "iudx.io"; - private static final UUID PENDING_A_ID = UUID.randomUUID(); private static final UUID ACTIVE_A_ID = UUID.randomUUID(); private static final UUID INACTIVE_A_ID = UUID.randomUUID(); - private static final UUID PENDING_B_ID = UUID.randomUUID(); private static final UUID ACTIVE_B_ID = UUID.randomUUID(); private static final UUID INACTIVE_B_ID = UUID.randomUUID(); - private static final String PENDING_A = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String ACTIVE_A = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String INACTIVE_A = RandomStringUtils.randomAlphabetic(5).toLowerCase(); - private static final String PENDING_B = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String ACTIVE_B = RandomStringUtils.randomAlphabetic(5).toLowerCase(); private static final String INACTIVE_B = RandomStringUtils.randomAlphabetic(5).toLowerCase(); - private static Future trusteeUserA; - private static Future trusteeUserB; + private static Future normalUser; private static Future authAdmin; private static Future otherAdmin; @@ -158,16 +146,14 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { orgIdFut = pool.withConnection(conn -> conn.preparedQuery(Utils.SQL_CREATE_ORG) .execute(Tuple.of(name, url)).map(row -> row.iterator().next().getUUID("id"))); - trusteeUserA = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), false)); - trusteeUserB = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), false)); + normalUser = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", + Map.of(Roles.CONSUMER, RoleStatus.APPROVED), false)); authAdmin = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); otherAdmin = orgIdFut.compose(orgId -> Utils.createFakeUser(pool, orgId.toString(), "", Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); - CompositeFuture.all(trusteeUserA, trusteeUserB, authAdmin, otherAdmin).compose(succ -> { + CompositeFuture.all(normalUser, authAdmin, otherAdmin).compose(succ -> { // create servers for admins JsonObject admin1 = authAdmin.result(); UUID uid1 = UUID.fromString(admin1.getString("userId")); @@ -178,26 +164,21 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { Tuple.of("Other Server", uid2, DUMMY_SERVER)); /* - * To test the different APD states, we create 3 APDs each for the 2 trustees. Slightly + * To test the different APD states, we create 4 APDs. Slightly * different from other tests, we also create the UUID APD IDs and insert into the DB instead * of relying on the auto-create in DB */ - UUID trusteeIdA = UUID.fromString(trusteeUserA.result().getString("userId")); - UUID trusteeIdB = UUID.fromString(trusteeUserB.result().getString("userId")); List apdTup = List.of( - Tuple.of(PENDING_A_ID, PENDING_A, PENDING_A + ".com", trusteeIdA, ApdStatus.PENDING), - Tuple.of(ACTIVE_A_ID, ACTIVE_A, ACTIVE_A + ".com", trusteeIdA, ApdStatus.ACTIVE), - Tuple.of(INACTIVE_A_ID, INACTIVE_A, INACTIVE_A + ".com", trusteeIdA, ApdStatus.INACTIVE), - Tuple.of(PENDING_B_ID, PENDING_B, PENDING_B + ".com", trusteeIdB, ApdStatus.PENDING), - Tuple.of(ACTIVE_B_ID, ACTIVE_B, ACTIVE_B + ".com", trusteeIdB, ApdStatus.ACTIVE), - Tuple.of(INACTIVE_B_ID, INACTIVE_B, INACTIVE_B + ".com", trusteeIdB, ApdStatus.INACTIVE)); + Tuple.of(ACTIVE_A_ID, ACTIVE_A, ACTIVE_A + ".com", ApdStatus.ACTIVE), + Tuple.of(INACTIVE_A_ID, INACTIVE_A, INACTIVE_A + ".com", ApdStatus.INACTIVE), + Tuple.of(ACTIVE_B_ID, ACTIVE_B, ACTIVE_B + ".com", ApdStatus.ACTIVE), + Tuple.of(INACTIVE_B_ID, INACTIVE_B, INACTIVE_B + ".com", ApdStatus.INACTIVE)); return pool.withConnection(conn -> conn.preparedQuery(SQL_CREATE_ADMIN_SERVER) .executeBatch(tup).compose(x -> conn.preparedQuery(SQL_CREATE_APD).executeBatch(apdTup))); }).onSuccess(x -> { - apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, policyService, - tokenService, options); + apdService = new ApdServiceImpl(pool, apdWebClient, registrationService, tokenService, options); testContext.completeNow(); }); } @@ -206,8 +187,8 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { public static void finish(VertxTestContext testContext) { LOGGER.info("Finishing...."); Tuple servers = Tuple.of(List.of(DUMMY_AUTH_SERVER, DUMMY_SERVER).toArray()); - List users = List.of(trusteeUserA.result(), otherAdmin.result(), - trusteeUserB.result(), authAdmin.result()); + List users = + List.of(normalUser.result(), otherAdmin.result(), authAdmin.result()); pool.withConnection(conn -> conn.preparedQuery(SQL_DELETE_SERVERS).execute(servers) .compose(success -> Utils.deleteFakeUser(pool, users)).compose( @@ -221,7 +202,7 @@ public static void finish(VertxTestContext testContext) { } /* - * We make use of ordering for these tests since there are only 6 APDs created. Some tests for + * We make use of ordering for these tests since there are only 4 APDs created. Some tests for * 400s and 403s that fail due to APD status at that time may succeed if the test for 200 runs * first (which would change the expected status). */ @@ -250,7 +231,7 @@ void noUserProfile(VertxTestContext testContext) { @Test @DisplayName("Test invalid roles") void invalidRoles(VertxTestContext testContext) { - JsonObject userJson = authAdmin.result(); + JsonObject userJson = normalUser.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) @@ -292,12 +273,12 @@ void notAuthAdmin(VertxTestContext testContext) { @Test @DisplayName("Test non-existent apd IDs") void nonExistentApdId(VertxTestContext testContext) { - JsonObject userJson = trusteeUserA.result(); + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); + .roles(List.of(Roles.ADMIN)).build(); String randUuid = UUID.randomUUID().toString(); JsonArray req = new JsonArray() @@ -319,16 +300,16 @@ void nonExistentApdId(VertxTestContext testContext) { @Test @DisplayName("Test duplicate apd IDs") void duplicateApdIds(VertxTestContext testContext) { - JsonObject userJson = trusteeUserA.result(); + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); + .roles(List.of(Roles.ADMIN)).build(); JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", PENDING_A_ID.toString()).put("status", "pending")) - .add(new JsonObject().put("apdId", PENDING_A_ID.toString()).put("status", "active")); + .add(new JsonObject().put("apdId", INACTIVE_A_ID.toString()).put("status", "active")) + .add(new JsonObject().put("apdId", INACTIVE_A_ID.toString()).put("status", "inactive")); List request = ApdUpdateRequest.jsonArrayToList(req); apdService.updateApd(request, user, @@ -336,51 +317,25 @@ void duplicateApdIds(VertxTestContext testContext) { assertEquals(response.getInteger("status"), 400); assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); assertEquals(ERR_TITLE_DUPLICATE_REQ, response.getString("title")); - assertEquals(PENDING_A_ID.toString(), response.getString("detail")); - testContext.completeNow(); - }))); - } - - @Order(6) - @Test - @DisplayName("Test trusteeB trying to change status of APD owned by trusteeA") - void wrongTrustee(VertxTestContext testContext) { - JsonObject userJson = trusteeUserB.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", ACTIVE_B_ID.toString()).put("status", "inactive")) - .add(new JsonObject().put("apdId", INACTIVE_A_ID.toString()).put("status", "pending")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(response.getInteger("status"), 400); - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - assertEquals(ERR_TITLE_INVALID_APDID, response.getString("title")); assertEquals(INACTIVE_A_ID.toString(), response.getString("detail")); testContext.completeNow(); }))); } - @Order(7) + @Order(6) @Test - @DisplayName("Test trustee changing to existing state") - void existingStateTrustee(VertxTestContext testContext) { - JsonObject userJson = trusteeUserB.result(); + @DisplayName("Test admin changing to existing state") + void existingStateAdmin(VertxTestContext testContext) { + JsonObject userJson = authAdmin.result(); User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); + .roles(List.of(Roles.ADMIN)).build(); JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", PENDING_B_ID.toString()).put("status", "pending")) - .add(new JsonObject().put("apdId", INACTIVE_B_ID.toString()).put("status", "pending")); + .add(new JsonObject().put("apdId", ACTIVE_B_ID.toString()).put("status", "active")) + .add(new JsonObject().put("apdId", INACTIVE_B_ID.toString()).put("status", "active")); List request = ApdUpdateRequest.jsonArrayToList(req); apdService.updateApd(request, user, @@ -388,12 +343,12 @@ void existingStateTrustee(VertxTestContext testContext) { assertEquals(response.getInteger("status"), 403); assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); assertEquals(ERR_TITLE_CANT_CHANGE_APD_STATUS, response.getString("title")); - assertEquals(PENDING_B_ID.toString(), response.getString("detail")); + assertEquals(ACTIVE_B_ID.toString(), response.getString("detail")); testContext.completeNow(); }))); } - @Order(8) + @Order(7) @Test @DisplayName("Test invalid state change for admin") void invalidStateAdmin(VertxTestContext testContext) { @@ -406,7 +361,7 @@ void invalidStateAdmin(VertxTestContext testContext) { JsonArray req = new JsonArray() .add(new JsonObject().put("apdId", ACTIVE_B_ID.toString()).put("status", "inactive")) - .add(new JsonObject().put("apdId", INACTIVE_B_ID.toString()).put("status", "pending")); + .add(new JsonObject().put("apdId", INACTIVE_B_ID.toString()).put("status", "inactive")); List request = ApdUpdateRequest.jsonArrayToList(req); apdService.updateApd(request, user, @@ -419,101 +374,7 @@ void invalidStateAdmin(VertxTestContext testContext) { }))); } - @Order(9) - @Test - @DisplayName("Test trusteeA changing active -> inactive") - void trusteeActiveToInactive(VertxTestContext testContext) { - JsonObject userJson = trusteeUserA.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", userJson.getString("email")).put("name", - new JsonObject().put("firstName", userJson.getString("firstName")).put("lastName", - userJson.getString("lastName"))); - p.complete(new JsonObject().put(userJson.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", ACTIVE_A_ID.toString()).put("status", "inactive")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(response.getInteger("status"), 200); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - assertEquals(SUCC_TITLE_UPDATED_APD, response.getString("title")); - JsonObject result = response.getJsonArray("results").getJsonObject(0); - assertEquals(ACTIVE_A, result.getString(RESP_APD_NAME)); - assertEquals(ACTIVE_A + ".com", result.getString(RESP_APD_URL)); - assertEquals("inactive", result.getString(RESP_APD_STATUS)); - assertTrue(result.containsKey(RESP_APD_ID)); - assertTrue(result.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDets = result.getJsonObject(RESP_APD_OWNER); - assertEquals(userJson.getString("userId"), ownerDets.getString(RESP_OWNER_USER_ID)); - assertEquals(userJson.getString("firstName"), - ownerDets.getJsonObject("name").getString("firstName")); - assertEquals(userJson.getString("lastName"), - ownerDets.getJsonObject("name").getString("lastName")); - assertEquals(userJson.getString("email"), ownerDets.getString("email")); - testContext.completeNow(); - }))); - } - - @Order(10) - @Test - @DisplayName("Test trusteeB changing inactive -> pending") - void trusteeInactiveToPending(VertxTestContext testContext) { - JsonObject userJson = trusteeUserB.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", userJson.getString("email")).put("name", - new JsonObject().put("firstName", userJson.getString("firstName")).put("lastName", - userJson.getString("lastName"))); - p.complete(new JsonObject().put(userJson.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", INACTIVE_B_ID.toString()).put("status", "pending")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(response.getInteger("status"), 200); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - assertEquals(SUCC_TITLE_UPDATED_APD, response.getString("title")); - JsonObject result = response.getJsonArray("results").getJsonObject(0); - assertEquals(INACTIVE_B, result.getString(RESP_APD_NAME)); - assertEquals(INACTIVE_B + ".com", result.getString(RESP_APD_URL)); - assertEquals("pending", result.getString(RESP_APD_STATUS)); - assertTrue(result.containsKey(RESP_APD_ID)); - assertTrue(result.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDets = result.getJsonObject(RESP_APD_OWNER); - assertEquals(userJson.getString("userId"), ownerDets.getString(RESP_OWNER_USER_ID)); - assertEquals(userJson.getString("firstName"), - ownerDets.getJsonObject("name").getString("firstName")); - assertEquals(userJson.getString("lastName"), - ownerDets.getJsonObject("name").getString("lastName")); - assertEquals(userJson.getString("email"), ownerDets.getString("email")); - testContext.completeNow(); - }))); - } - - @Order(11) + @Order(8) @Test @DisplayName("Test admin changes trusteeA inactive -> active") void adminInactiveToActive(VertxTestContext testContext) { @@ -524,23 +385,6 @@ void adminInactiveToActive(VertxTestContext testContext) { .name(userJson.getString("firstName"), userJson.getString("lastName")) .roles(List.of(Roles.ADMIN)).build(); - JsonObject trusteeDetails = trusteeUserA.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", trusteeDetails.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeDetails.getString("firstName")) - .put("lastName", trusteeDetails.getString("lastName"))); - p.complete(new JsonObject().put(trusteeDetails.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(3); - p.complete(new JsonObject().put("type", URN_SUCCESS.toString())); - return i.getMock(); - }).when(policyService).createPolicy(any(), any(), any(), any()); - JsonArray req = new JsonArray() .add(new JsonObject().put("apdId", INACTIVE_A_ID.toString()).put("status", "active")); List request = ApdUpdateRequest.jsonArrayToList(req); @@ -555,139 +399,14 @@ void adminInactiveToActive(VertxTestContext testContext) { assertEquals(INACTIVE_A + ".com", result.getString(RESP_APD_URL)); assertEquals("active", result.getString(RESP_APD_STATUS)); assertTrue(result.containsKey(RESP_APD_ID)); - assertTrue(result.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDets = result.getJsonObject(RESP_APD_OWNER); - assertEquals(trusteeDetails.getString("userId"), ownerDets.getString(RESP_OWNER_USER_ID)); - assertEquals(trusteeDetails.getString("firstName"), - ownerDets.getJsonObject("name").getString("firstName")); - assertEquals(trusteeDetails.getString("lastName"), - ownerDets.getJsonObject("name").getString("lastName")); - assertEquals(trusteeDetails.getString("email"), ownerDets.getString("email")); + testContext.completeNow(); }))); } - @Order(12) - @Test - @DisplayName("Multiple requests - test failing policy service and transaction rollback") - void polServiceFailing(VertxTestContext testContext) { - JsonObject userJson = authAdmin.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.ADMIN)).build(); - - JsonObject trusteeAdets = trusteeUserA.result(); - JsonObject trusteeBdets = trusteeUserB.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(3); - @SuppressWarnings("unchecked") - CreatePolicyRequest obj = ((List) i.getArgument(0)).get(0); - - if (obj.getUserId().equals(trusteeAdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_SUCCESS.toString())); - } else if (obj.getUserId().equals(trusteeBdets.getString("userId"))) { - p.fail("Fail"); - } - return i.getMock(); - }).when(policyService).createPolicy(any(), any(), any(), any()); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", PENDING_A_ID.toString()).put("status", "active")) - .add(new JsonObject().put("apdId", PENDING_B_ID.toString()).put("status", "active")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, testContext.failing(response -> testContext.verify(() -> { - testContext.completeNow(); - }))); - } - - @Order(13) - @Test - @DisplayName("Multiple requests - Test not recognized URN sent by policy service and transaction rollback") - void polServiceBadUrn(VertxTestContext testContext) { - JsonObject userJson = authAdmin.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.ADMIN)).build(); - - JsonObject trusteeAdets = trusteeUserA.result(); - JsonObject trusteeBdets = trusteeUserB.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(3); - @SuppressWarnings("unchecked") - CreatePolicyRequest obj = ((List) i.getArgument(0)).get(0); - - if (obj.getUserId().equals(trusteeAdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_SUCCESS.toString())); - } else if (obj.getUserId().equals(trusteeBdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_INVALID_INPUT.toString())); - } - return i.getMock(); - }).when(policyService).createPolicy(any(), any(), any(), any()); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", PENDING_A_ID.toString()).put("status", "active")) - .add(new JsonObject().put("apdId", PENDING_B_ID.toString()).put("status", "active")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, testContext.failing(response -> testContext.verify(() -> { - testContext.completeNow(); - }))); - } - - @Order(14) - @Test - @DisplayName("Multiple requests - Test registration service fail and transaction rollback") - void regServiceFail(VertxTestContext testContext) { - JsonObject userJson = authAdmin.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.ADMIN)).build(); - - JsonObject trusteeAdets = trusteeUserA.result(); - JsonObject trusteeBdets = trusteeUserB.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(3); - @SuppressWarnings("unchecked") - CreatePolicyRequest obj = ((List) i.getArgument(0)).get(0); - - if (obj.getUserId().equals(trusteeAdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_SUCCESS.toString())); - } else if (obj.getUserId().equals(trusteeBdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_ALREADY_EXISTS.toString())); - } - return i.getMock(); - }).when(policyService).createPolicy(any(), any(), any(), any()); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - p.fail("Fail"); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", PENDING_A_ID.toString()).put("status", "active")) - .add(new JsonObject().put("apdId", PENDING_B_ID.toString()).put("status", "active")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, testContext.failing(response -> testContext.verify(() -> { - testContext.completeNow(); - }))); - } - - @Order(15) + @Order(9) @Test - @DisplayName("Multiple requests - Test success admin setting pending -> active") + @DisplayName("Multiple requests - Test success admin setting active -> inactive, inactive -> active") void mutipleReqSuccess(VertxTestContext testContext) { JsonObject userJson = authAdmin.result(); @@ -696,40 +415,9 @@ void mutipleReqSuccess(VertxTestContext testContext) { .name(userJson.getString("firstName"), userJson.getString("lastName")) .roles(List.of(Roles.ADMIN)).build(); - JsonObject trusteeAdets = trusteeUserA.result(); - JsonObject trusteeBdets = trusteeUserB.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(3); - @SuppressWarnings("unchecked") - CreatePolicyRequest obj = ((List) i.getArgument(0)).get(0); - - if (obj.getUserId().equals(trusteeAdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_SUCCESS.toString())); - } else if (obj.getUserId().equals(trusteeBdets.getString("userId"))) { - p.complete(new JsonObject().put("type", URN_ALREADY_EXISTS.toString())); - } - return i.getMock(); - }).when(policyService).createPolicy(any(), any(), any(), any()); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject trusteeA = new JsonObject().put("email", trusteeAdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeAdets.getString("firstName")) - .put("lastName", trusteeAdets.getString("lastName"))); - - JsonObject trusteeB = new JsonObject().put("email", trusteeBdets.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeBdets.getString("firstName")) - .put("lastName", trusteeBdets.getString("lastName"))); - - p.complete(new JsonObject().put(trusteeAdets.getString("userId"), trusteeA) - .put(trusteeBdets.getString("userId"), trusteeB)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", PENDING_A_ID.toString()).put("status", "active")) - .add(new JsonObject().put("apdId", PENDING_B_ID.toString()).put("status", "active")); + .add(new JsonObject().put("apdId", ACTIVE_A_ID.toString()).put("status", "inactive")) + .add(new JsonObject().put("apdId", INACTIVE_B_ID.toString()).put("status", "active")); List request = ApdUpdateRequest.jsonArrayToList(req); apdService.updateApd(request, user, @@ -742,95 +430,23 @@ void mutipleReqSuccess(VertxTestContext testContext) { JsonObject resultA = response.getJsonArray("results").getJsonObject(0); JsonObject resultB = response.getJsonArray("results").getJsonObject(1); - if (!resultA.getString(RESP_APD_NAME).equals(PENDING_A)) { + if (!resultA.getString(RESP_APD_NAME).equals(ACTIVE_A)) { resultA = response.getJsonArray("results").getJsonObject(1); resultB = response.getJsonArray("results").getJsonObject(0); } - assertEquals(PENDING_A, resultA.getString(RESP_APD_NAME)); - assertEquals(PENDING_A + ".com", resultA.getString(RESP_APD_URL)); - assertEquals("active", resultA.getString(RESP_APD_STATUS)); + assertEquals(ACTIVE_A, resultA.getString(RESP_APD_NAME)); + assertEquals(ACTIVE_A + ".com", resultA.getString(RESP_APD_URL)); + assertEquals("inactive", resultA.getString(RESP_APD_STATUS)); assertTrue(resultA.containsKey(RESP_APD_ID)); - assertTrue(resultA.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDetsA = resultA.getJsonObject(RESP_APD_OWNER); - assertEquals(trusteeAdets.getString("userId"), ownerDetsA.getString(RESP_OWNER_USER_ID)); - assertEquals(trusteeAdets.getString("firstName"), - ownerDetsA.getJsonObject("name").getString("firstName")); - assertEquals(trusteeAdets.getString("lastName"), - ownerDetsA.getJsonObject("name").getString("lastName")); - assertEquals(trusteeAdets.getString("email"), ownerDetsA.getString("email")); - - assertEquals(PENDING_B, resultB.getString(RESP_APD_NAME)); - assertEquals(PENDING_B + ".com", resultB.getString(RESP_APD_URL)); + + assertEquals(INACTIVE_B, resultB.getString(RESP_APD_NAME)); + assertEquals(INACTIVE_B + ".com", resultB.getString(RESP_APD_URL)); assertEquals("active", resultB.getString(RESP_APD_STATUS)); assertTrue(resultB.containsKey(RESP_APD_ID)); - assertTrue(resultB.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDetsB = resultB.getJsonObject(RESP_APD_OWNER); - assertEquals(trusteeBdets.getString("userId"), ownerDetsB.getString(RESP_OWNER_USER_ID)); - assertEquals(trusteeBdets.getString("firstName"), - ownerDetsB.getJsonObject("name").getString("firstName")); - assertEquals(trusteeBdets.getString("lastName"), - ownerDetsB.getJsonObject("name").getString("lastName")); - assertEquals(trusteeBdets.getString("email"), ownerDetsB.getString("email")); testContext.completeNow(); }))); } - @Order(16) - @Test - @DisplayName("Test admin changes trusteeB active -> inactive") - void adminActiveToInactive(VertxTestContext testContext) { - JsonObject userJson = authAdmin.result(); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.ADMIN)).build(); - - JsonObject trusteeDetails = trusteeUserB.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - JsonObject userDets = new JsonObject().put("email", trusteeDetails.getString("email")) - .put("name", new JsonObject().put("firstName", trusteeDetails.getString("firstName")) - .put("lastName", trusteeDetails.getString("lastName"))); - p.complete(new JsonObject().put(trusteeDetails.getString("userId"), userDets)); - return i.getMock(); - }).when(registrationService).getUserDetails(any(), any()); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(3); - p.complete(new JsonObject().put("type", URN_SUCCESS.toString())); - return i.getMock(); - }).when(policyService).createPolicy(any(), any(), any(), any()); - - JsonArray req = new JsonArray() - .add(new JsonObject().put("apdId", ACTIVE_B_ID.toString()).put("status", "inactive")); - List request = ApdUpdateRequest.jsonArrayToList(req); - - apdService.updateApd(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(response.getInteger("status"), 200); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - assertEquals(SUCC_TITLE_UPDATED_APD, response.getString("title")); - JsonObject result = response.getJsonArray("results").getJsonObject(0); - assertEquals(ACTIVE_B, result.getString(RESP_APD_NAME)); - assertEquals(ACTIVE_B + ".com", result.getString(RESP_APD_URL)); - assertEquals("inactive", result.getString(RESP_APD_STATUS)); - assertTrue(result.containsKey(RESP_APD_ID)); - assertTrue(result.containsKey(RESP_APD_OWNER)); - - JsonObject ownerDets = result.getJsonObject(RESP_APD_OWNER); - assertEquals(trusteeDetails.getString("userId"), ownerDets.getString(RESP_OWNER_USER_ID)); - assertEquals(trusteeDetails.getString("firstName"), - ownerDets.getJsonObject("name").getString("firstName")); - assertEquals(trusteeDetails.getString("lastName"), - ownerDets.getJsonObject("name").getString("lastName")); - assertEquals(trusteeDetails.getString("email"), ownerDets.getString("email")); - testContext.completeNow(); - }))); - } } diff --git a/src/test/java/iudx/aaa/server/registration/Utils.java b/src/test/java/iudx/aaa/server/registration/Utils.java index 01b50b1a..f48c732f 100644 --- a/src/test/java/iudx/aaa/server/registration/Utils.java +++ b/src/test/java/iudx/aaa/server/registration/Utils.java @@ -62,8 +62,8 @@ public class Utils { + "resource_server ON d.resource_server_id = resource_server.id" + " WHERE url = ANY($1::text[]) AND d.owner_id = $2::uuid"; public static final String SQL_CREATE_APD = - "INSERT INTO apds (id, name, url, owner_id, status, created_at, updated_at) VALUES " - + "($1::uuid, $2::text, $3::text, $4::uuid, $5::apd_status_enum, NOW(), NOW()) "; + "INSERT INTO apds (id, name, url, status, created_at, updated_at) VALUES " + + "($1::uuid, $2::text, $3::text, $4::apd_status_enum, NOW(), NOW()) "; public static final String SQL_DELETE_APD = "UPDATE apds SET status ='INACTIVE' where owner_id = ANY($1::uuid[])"; private static final String SQL_DELETE_USER_BY_ID = diff --git a/src/test/resources/V1000__Add_Integration_Test_data.sql b/src/test/resources/V1000__Add_Integration_Test_data.sql index 18081636..402b4b0f 100644 --- a/src/test/resources/V1000__Add_Integration_Test_data.sql +++ b/src/test/resources/V1000__Add_Integration_Test_data.sql @@ -49,10 +49,9 @@ COPY ${flyway:defaultSchema}.access_requests (id, user_id, item_id, item_type, o -- Data for Name: apds; Type: TABLE DATA; Schema: ${flyway:defaultSchema}; Owner: integadmin -- -COPY ${flyway:defaultSchema}.apds (id, name, url, owner_id, status, created_at, updated_at) FROM stdin; -8e2741ad-34a3-4de2-a9e5-b97631f2fd8f Pending Integration APD pendingapd.integration-iudx.io 1d086d89-db81-4959-ae5b-a760ef5c15fb PENDING 2022-03-21 07:49:07.4212 2022-03-21 07:49:07.4212 -4f51cee5-e6ce-4e31-8c30-66d298c7d4a6 Active Integration APD activeapd.integration-iudx.io 1d086d89-db81-4959-ae5b-a760ef5c15fb ACTIVE 2022-03-21 07:47:25.098821 2022-03-21 08:29:34.802582 -1b988be6-cc13-422b-bca0-9ccb98a5b30f Inactive Integration APD inactiveapd.integration-iudx.io 1d086d89-db81-4959-ae5b-a760ef5c15fb INACTIVE 2022-03-21 07:49:24.904527 2022-03-21 08:30:12.182393 +COPY ${flyway:defaultSchema}.apds (id, name, url, status, created_at, updated_at) FROM stdin; +4f51cee5-e6ce-4e31-8c30-66d298c7d4a6 Active Integration APD activeapd.integration-iudx.io ACTIVE 2022-03-21 07:47:25.098821 2022-03-21 08:29:34.802582 +1b988be6-cc13-422b-bca0-9ccb98a5b30f Inactive Integration APD inactiveapd.integration-iudx.io INACTIVE 2022-03-21 07:49:24.904527 2022-03-21 08:30:12.182393 \. @@ -135,7 +134,6 @@ abe00721-1871-4268-a70a-3a670d843fea b2a705bd-9543-4dce-bbce-f3828e2de1d2 ADMIN cc831cdd-c894-41cf-a48b-d72760ca4f77 7b6fb9c0-8524-459e-afc3-df665a83cd16 ADMIN APPROVED 2021-09-21 07:44:14.694661 2021-09-21 07:44:14.694661 b856f9d9-5071-46d8-b6f7-467193f28759 746442f5-18a7-44fd-8c8f-3e39e5026fae PROVIDER APPROVED 2021-09-21 08:43:22.021489 2021-09-22 08:09:27.588546 25ccc6f6-fe1a-487f-b7c5-c323a7f8b83f da00dc18-9f0e-40ea-808b-bd8eac11bccc DELEGATE APPROVED 2021-09-27 12:09:31.269865 2021-09-27 12:09:31.269865 -8301a903-a7af-4109-9516-40e942f381ae 1d086d89-db81-4959-ae5b-a760ef5c15fb TRUSTEE APPROVED 2022-03-21 06:25:10.36597 2022-03-21 06:25:10.36597 \. From 4ce500cff50af4fbf613e8bdb60c9097fa3dca6b Mon Sep 17 00:00:00 2001 From: ThorodanBrom Date: Tue, 11 Jul 2023 13:19:59 +0530 Subject: [PATCH 2/2] Removed trustee role from server code - NOT FROM DATABASE - **DATABASE REMOVAL NEEDS MORE WORK/DISCUSSION** - Removed all trustee related flows from the code - Registration and user management - Policy creation - policies with item type APD - Updated unit tests, integration tests - Updated OpenAPI spec for both APD API changes and trustee changes --- Jenkinsfile | 2 +- docs/openapi.yaml | 234 +- .../java/iudx/aaa/server/apiserver/Roles.java | 2 +- .../aaa/server/policy/PolicyServiceImpl.java | 116 +- .../iudx/aaa/server/policy/createPolicy.java | 30 - .../registration/RegistrationServiceImpl.java | 24 +- .../server/policy/CreateApdPolicyTest.java | 106 +- .../policy/CreatePolicyNotificationTest.java | 17 +- .../policy/ListPolicyNotificationTest.java | 18 +- .../policy/UpdatePolicyNotificationTest.java | 17 +- .../server/registration/CreateUserTest.java | 72 +- .../server/registration/SearchUserTest.java | 90 +- .../server/registration/UpdateUserTest.java | 197 +- .../Integration_Test.postman_collection.json | 2076 +---------------- 14 files changed, 165 insertions(+), 2836 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9b3a6abd..8b2b01a2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -31,7 +31,7 @@ pipeline { sh 'docker compose -f docker-compose-test.yml up test' } xunit ( - thresholds: [ skipped(failureThreshold: '14'), failed(failureThreshold: '0') ], + thresholds: [ skipped(failureThreshold: '15'), failed(failureThreshold: '0') ], tools: [ JUnit(pattern: 'target/surefire-reports/*.xml') ] ) jacoco classPattern: 'target/classes', execPattern: 'target/jacoco.exec', sourcePattern: 'src/main/java', exclusionPattern:'**/*VertxEBProxy.class,**/Constants.class,**/*VertxProxyHandler.class,**/*Verticle.class,iudx/aaa/server/deploy/*.class,iudx/aaa/server/registration/KcAdmin.class,iudx/aaa/server/apiserver/*,iudx/aaa/server/apiserver/util/*,iudx/aaa/server/admin/AdminService.class,iudx/aaa/server/apd/ApdService.class,iudx/aaa/server/auditing/AuditingService.class,iudx/aaa/server/auditing/AuditingService.class,iudx/aaa/server/registration/RegistrationService.class,iudx/aaa/server/token/TokenService.class,iudx/aaa/server/policy/PolicyService.class' diff --git a/docs/openapi.yaml b/docs/openapi.yaml index 12926189..814b5586 100644 --- a/docs/openapi.yaml +++ b/docs/openapi.yaml @@ -207,7 +207,6 @@ paths: - delegate - consumer - admin - - trustee context: type: object required: @@ -250,11 +249,6 @@ paths: itemId: apd.iudx.org.in itemType: resource_server role: consumer - identity token for APD as trustee: - value: - itemId: apd.iudx.org.in - itemType: resource_server - role: trustee identity token for resource_server as provider: value: itemId: rs.iudx.org.in @@ -286,7 +280,7 @@ paths: - Item ID - URL of the server or APD - Users with any role can get an identity token for either a resource server or APD - **NOTE : If role is `admin` or `trustee`, the user must own the resource server or APD respectively.** + **NOTE : If role is `admin`, the user must own the resource server.** **NOTE : Users can be permitted to obtain identity tokens with the `admin` role if required.** @@ -312,9 +306,6 @@ paths: ## Tokens for admins **Admins are only permitted to get identity tokens.** - ## Tokens for trustees - **Trustees are only permitted to get identity tokens.** - ## JWT Access Token Response Structure The JWT is signed using the ES256 algorithm (`alg:ES256`). @@ -863,7 +854,6 @@ paths: - manage catalogue items - manage data on resource servers - manage policies - - **trustee**, which allows a user to manage an Access Policy Domain (APD) ## Client ID and Client Secret On successful creation of the user profile, the user would receive a client ID and a client secret. The client ID and client secret can be used instead of the OIDC flow to request for tokens. **The client secret is ONLY shown to the user here and can never be obtained again.** @@ -887,7 +877,6 @@ paths: - provider - consumer - delegate - - trustee minLength: 5 maxLength: 10 orgId: @@ -914,7 +903,7 @@ paths: orgId: 123e4567-e89b-12d3-a456-426614174000 description: |- - `orgId` is a valid organization ID obtain from the `GET /auth/v1/organizations` API - - **`orgId` is required for `provider`, `delegate` and `trustee` roles** + - **`orgId` is required for `provider` and `delegate` roles** - **The domain of the email address of the registering user must match the organization domain** required: true tags: @@ -1177,8 +1166,6 @@ paths: A user with either - `provider` role - `admin` role - - `trustee` role **with valid Auth admin policy** - - An auth admin policy is automatically created when an APD belonging to a trustee is set to _active_ state by the IUDX AAA admin - is an **auth delegate** may search for a user by providing the email address and role of said user. If a user exists, then the user ID `userId`, email, name and organization details (if applicable) is returned. @@ -1311,7 +1298,6 @@ paths: roles: - consumer - delegate - - trustee userId: 67194fc9-495e-40f7-b016-4470c1d4397f clients: - clientName: default @@ -1404,7 +1390,7 @@ paths: **NOTE: The operations cannot be done simultaneously.** ## Add roles - A user may add `consumer`, `delegate` and `trustee` roles to their user profile. **The `provider` role cannot be added**. + A user may add `consumer` and `delegate` roles to their user profile. **The `provider` role cannot be added**. ## Regenerate client secret A user may regenerate a client secret corresponding to a client ID in case they have lost the client secret or it has been compromised. A new client secret will be generated and sent as part of the output **and will not be shown again.** @@ -1446,7 +1432,6 @@ paths: enum: - consumer - delegate - - trustee minLength: 5 maxLength: 10 orgId: @@ -1475,14 +1460,13 @@ paths: roles: - consumer - delegate - - trustee orgId: 123e4567-e89b-12d3-a456-426614174000 Regenerate client secret: value: clientId: 25b2c2d5-a7fc-47d0-89e4-8709a1560bfa description: |- - `orgId` is a valid organization ID obtain from the `GET /auth/v1/organizations` API - - **`orgId` is required for `delegate` or `trustee` roles** + - **`orgId` is required for `delegate` role** - `clientId` is a valid client ID (belonging to the user) whose corresponding client secret needs to be generate required: true tags: @@ -2351,28 +2335,6 @@ paths: firstName: Bob lastName: Provider id: 844e251b-574b-46e6-9247-f76f1f70a637 - Listing of policies set by a trustee for a provider: - value: - type: 'urn:dx:as:Success' - title: policy read - results: - - policyId: 21abcc77-8917-4a12-8a48-42016552ed30 - itemType: apd - expiryTime: '2027-03-22T00:00' - constraints: {} - itemId: apd-test.datakaveri.org - user: - email: provider@datakaveri.org - name: - firstName: Provider - lastName: DK - id: 1d4e251b-514b-46e6-9547-f7661f70ae37 - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DK - id: a3be2d18-24cb-40d6-8a5e-f073aacbe519 Listing of APD policies: value: type: 'urn:dx:as:Success' @@ -2391,12 +2353,6 @@ paths: lastName: DK id: 1d4e251b-514b-46e6-9547-f7661f70ae37 apd: - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DK - id: a3be2d18-24cb-40d6-8a5e-f073aacbe519 url: apd-testing.datakaveri.org status: active name: Test APD @@ -2412,7 +2368,7 @@ paths: - `provider` : returns all policies created by the provider/auth delegate of the provider and the policies set for the provider. Also returns any **APD policies** set by the provider. - `delegate` : returns all policies set for the delegate - `consumer` : returns the policies set for the consumer - - `trustee` or `admin` : returns all policies set by them + - `admin` : returns all policies set by them ## Auth delegate An auth delegate may use the API to view policies on behalf of their provider. This is done by passing the user ID of the provider as a header called `providerId`. @@ -2598,8 +2554,8 @@ paths: description: application/json '403': description: |- - - If the user trying to set a policy does not have an `admin`, `provider`, `trustee` or `delegate` role - - If the user trying to set a policy does not have a policy by the AAA admin or trustee (in case of APD policies) + - If the user trying to set a policy does not have an `admin`, `provider` or `delegate` role + - If the user trying to set a policy does not have a policy by the AAA admin - If the user is neither the owner of the resource item/group or a delegate to the owner of the resource - If a valid policy already exists content: @@ -2615,14 +2571,8 @@ paths: ## Policies created by admin - Valid item types - `resource_server`. - - An `admin` can set **user policies** for a `provider`,`delegate` or `trustee` for their server. + - An `admin` can set **user policies** for a `provider` or `delegate` for their server. - **A policy is automatically set by the AAA admin for a provider when they are approved.** - - **A policy is automatically set by the AAA admin for a trustee when their APD is set to active state.** - - ## Policies created by trustee - - Valid item types - `apd`. - - A `trustee` can write **user policies** for `providers` for APDs they own. - - This policy allows providers to be able to use the APD for APD policies on their own resources. ## Policies created by provider @@ -2633,8 +2583,6 @@ paths: ### APD Policies - Valid item types - `resource`, `resource_group` - A `provider` can set **APD policies** for the resources owned by the `provider.` Access is granted if the user belongs to a `userClass` defined by the APD. - - **Providers must have a policy set by the concerned trustee to be able to set APD policies using a particular APD.** - - **The trustee policy also allows auth delegates working on behalf of the provider to set APD policies.** - **The concerned APD must be in `active` state.** ## Policies created by delegate @@ -2649,7 +2597,6 @@ paths: ### APD Policies - Valid item types - `resource`, `resource_group` - A `delegate` can set **APD policies** for the resources owned by the `provider`. - - The `provider` for whom the auth delegate is operating **must have a policy set by the concerned trustee for the particular APD**. The `delegate` need not have any such policy. - **The concerned APD must be in `active` state.** parameters: @@ -2717,7 +2664,6 @@ paths: - resource - resource_group - resource_server - - apd expiryTime: type: string minLength: 1 @@ -2808,14 +2754,6 @@ paths: access: - api - sub - Single request for trustee 'apd' itemType policy: - value: - request: - - userId: 2c4a230c-5085-4924-a3e1-25fb4fc5965b - itemId: apd-testing.datakaveri.org - itemType: apd - expiryTime: '2022-10-10T04:00:19' - constraints: {} Single request for APD policy: value: request: @@ -4211,31 +4149,6 @@ paths: status: type: string minLength: 1 - owner: - type: object - properties: - email: - type: string - minLength: 1 - name: - type: object - properties: - firstName: - type: string - minLength: 1 - lastName: - type: string - minLength: 1 - required: - - firstName - - lastName - id: - type: string - minLength: 1 - required: - - email - - name - - id required: - type - title @@ -4249,22 +4162,10 @@ paths: name: DataKaveri APD url: apd.datakaveri.org status: pending - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe - apdId: 540972fd-43df-43c1-9627-df2402a6b731 name: IISc APD url: apd.iisc.ac.in status: active - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: IISc - id: 7d379bda-c204-4a97-918f-c24590b0cd6f examples: Example: value: @@ -4275,22 +4176,10 @@ paths: name: DataKaveri APD url: apd.datakaveri.org status: pending - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe - apdId: 540972fd-43df-43c1-9627-df2402a6b731 name: IISc APD url: apd.iisc.ac.in status: active - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: IISc - id: 7d379bda-c204-4a97-918f-c24590b0cd6f '401': description: '- Unauthorized - `token` invalid/expired' content: @@ -4319,7 +4208,6 @@ paths: description: |- Returns registered APDs. - If called by the AAA admin, returns all APD registrations - - If called by a user with `trustee` role, returns all APDs in the **active** state and all the APDs the user has registered - If called by a user with any other roles, returns all APDs in the **active** state security: - authorization: [] @@ -4330,7 +4218,7 @@ paths: operationId: post-auth-v1-apd responses: '200': - description: The APD has been successfully registered and is pending AAA Admin approval + description: The APD has been successfully registered content: application/json: schema: @@ -4358,37 +4246,11 @@ paths: status: type: string minLength: 1 - owner: - type: object - properties: - email: - type: string - minLength: 1 - name: - type: object - properties: - firstName: - type: string - minLength: 1 - lastName: - type: string - minLength: 1 - required: - - firstName - - lastName - id: - type: string - minLength: 1 - required: - - email - - name - - id required: - apdId - name - url - status - - owner required: - type - title @@ -4401,13 +4263,7 @@ paths: apdId: 5d019ee7-e1d4-4f65-9a14-2e3b656b7296 name: zppcw url: zppcw.com - status: pending - owner: - email: vgmwddiczi@gmail.com - name: - firstName: uirsxfqyuj - lastName: lgbbcwgcax - id: 28c387e8-5807-44f7-830f-998e595d1bbe + status: active examples: Example: value: @@ -4417,13 +4273,7 @@ paths: apdId: 5d019ee7-e1d4-4f65-9a14-2e3b656b7296 name: DataKaveri APD url: apd.datakaveri.org - status: pending - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe + status: active '400': description: |- - Malformed or missing data @@ -4457,7 +4307,7 @@ paths: title: Token authentication failed detail: Inactive Token '403': - description: '- User does not have the `trustee` role' + description: '- User is not admin of AAA server' content: application/json: schema: @@ -4466,8 +4316,8 @@ paths: Example: value: type: 'urn:dx:as:InvalidRole' - title: Not a trustee - detail: Use does not have the trustee role + title: Not admin + detail: Use does not have the admin '404': description: '- A user profile for the user does not exist' content: @@ -4493,7 +4343,7 @@ paths: title: URL already exists detail: An APD with the requested URL already exists description: |- - A registered trustee can register an Access Policy Domain. The AAA admin must approve the registration and set the APD into the **active** state, after which policies can be written using the APD. + The AAA admin can add new APDs to the server. These APDs will be in the **active** state by default and once added, polcieis can be written for the APDs. ## APD Requirements during registration The APD URL must be provided during registration. The URL must be **reachable** as well as: @@ -4530,7 +4380,7 @@ paths: url: apd.datakaveri.org required: true description: |- - - Registered users with the `trustee` role are permitted to call the API + - AAA admin permitted to call the API. - `url` must be a **valid reachable domain/hostname**. Examples of invalid `url`s are: - `https://example.com` - `example.com:8080` @@ -4578,27 +4428,6 @@ paths: status: type: string minLength: 1 - owner: - type: object - properties: - email: - type: string - minLength: 1 - name: - type: object - properties: - firstName: - type: string - minLength: 1 - lastName: - type: string - minLength: 1 - required: - - firstName - - lastName - id: - type: string - minLength: 1 required: - email - name @@ -4616,12 +4445,6 @@ paths: name: zwcev url: zwcev.com status: inactive - owner: - email: iisjnaawjw@gmail.com - name: - firstName: dxzptlevqi - lastName: yfuwqntzmg - id: 55530f92-7d84-428c-8c0d-f8b37818ac13 examples: Example: value: @@ -4632,22 +4455,10 @@ paths: name: DataKaveri APD url: apd.datakaveri.org status: active - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe - apdId: 540972fd-43df-43c1-9627-df2402a6b731 name: IISc APD url: apd.iisc.ac.in status: inactive - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: IISc - id: 7d379bda-c204-4a97-918f-c24590b0cd6f '400': description: |- - Malformed or missing data @@ -4682,7 +4493,7 @@ paths: detail: Inactive Token '403': description: |- - - User is not AAA admin or does not have `trustee` role + - User is not AAA admin - Cannot change status of a particular APD content: application/json: @@ -4693,7 +4504,7 @@ paths: value: type: 'urn:dx:as:InvalidRole' title: Invalid roles to call API - detail: Trustees and Auth Server Admin may call the API + detail: Auth Server Admin may call the API Cannot change status of an APD: value: type: 'urn:dx:as:InvalidInput' @@ -4712,16 +4523,12 @@ paths: title: User profile does not exist detail: Please register to create user profile description: |- - Allows the AAA admins and trustees who have registered APDs to update status. + Allows the AAA admins to update status of APDs. - The AAA admin may change status: - - from **pending** to **active**, to allow policies to be written for the APD. + The AAA admin may change status : - from **active** to **inactive**, in case the APD is not responsive or has been compromised - from **inactive** to **active** - The trustee may change status of APDs they have registered: - - from **active** to **inactive**, to indicate that no new policies may be written using the APD. - - from **inactive** to **pending**, to allow the AAA admin to reconsider activating the APD requestBody: required: true content: @@ -4757,7 +4564,6 @@ paths: enum: - active - inactive - - pending description: The status to be changed to required: - apdId diff --git a/src/main/java/iudx/aaa/server/apiserver/Roles.java b/src/main/java/iudx/aaa/server/apiserver/Roles.java index 0e7e415d..c3a78ff4 100644 --- a/src/main/java/iudx/aaa/server/apiserver/Roles.java +++ b/src/main/java/iudx/aaa/server/apiserver/Roles.java @@ -8,7 +8,7 @@ * Enum that defines all valid roles recognized by the AAA server. */ public enum Roles { - PROVIDER, DELEGATE, TRUSTEE, CONSUMER, ADMIN; + PROVIDER, DELEGATE, CONSUMER, ADMIN; static List rolesAsStrings = Arrays.stream(Roles.values()).map(r -> r.name()).collect(Collectors.toList()); diff --git a/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java b/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java index b98cf464..c8144182 100644 --- a/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java +++ b/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java @@ -159,8 +159,7 @@ public PolicyService createPolicy( if (!roles.contains(Roles.ADMIN) && !roles.contains(Roles.PROVIDER) - && !roles.contains(Roles.DELEGATE) - && !roles.contains(Roles.TRUSTEE)) { + && !roles.contains(Roles.DELEGATE)) { Response r = new Response.ResponseBuilder() @@ -218,15 +217,6 @@ public PolicyService createPolicy( .map(CreatePolicyRequest::getItemId) .collect(Collectors.toList()); - // getApdInfo for all apdIds - // if itemType is apdIds, getApdInfo - List apdUrls = - userPolicyRequests.stream() - .filter( - tagObject -> tagObject.getItemType().toUpperCase().equals(itemTypes.APD.toString())) - .map(CreatePolicyRequest::getItemId) - .collect(Collectors.toList()); - List resGrpIds = request.stream() .filter( @@ -249,7 +239,6 @@ public PolicyService createPolicy( Map> catItem = new HashMap<>(); // check if resServer itemType, All requests must be resServer, role must contain admin - // if itemType is Apd, all req must be Apd,role must contain Trustee // if item type neither, for request may have both apd and user policies (catalogueFetch) if (resServerIds.size() > 0) { // if request has itemType resourceServer, then all request should be for resource server @@ -276,32 +265,6 @@ public PolicyService createPolicy( return this; } else catItem.put(RES_SERVER, resServerIds); } else { - // check if user policy for apd exists - if (apdUrls.size() > 0) { - if (apdUrls.size() != request.size()) { - Response r = - new Response.ResponseBuilder() - .type(URN_INVALID_INPUT) - .title(INVALID_INPUT) - .detail("All requests must be for APD") - .status(400) - .build(); - handler.handle(Future.succeededFuture(r.toJson())); - return this; - } - if (!roles.contains(Roles.TRUSTEE)) { - Response r = - new Response.ResponseBuilder() - .type(URN_INVALID_ROLE) - .title(INVALID_ROLE) - .detail(INVALID_ROLE) - .status(403) - .build(); - handler.handle(Future.succeededFuture(r.toJson())); - return this; - } - catItem.put(APD, apdUrls); - } else { if (!roles.contains(Roles.PROVIDER) && !roles.contains(Roles.DELEGATE)) { Response r = new Response.ResponseBuilder() @@ -316,53 +279,11 @@ public PolicyService createPolicy( if (resGrpIds.size() > 0) catItem.put(RES_GRP, resGrpIds); if (resIds.size() > 0) catItem.put(RES, resIds); } - } + Future> reqItemDetail; if (catItem.containsKey(RES_SERVER)) { reqItemDetail = createPolicy.getResSerDetails(catItem.get(RES_SERVER), user.getUserId()); } else { - if (catItem.containsKey(APD)) { - List urls = catItem.get(APD); - Promise promise = Promise.promise(); - apdService.getApdDetails(urls, List.of(), promise); - reqItemDetail = - promise - .future() - .compose( - apdDetail -> { - Map apdMap = new HashMap<>(); - List failedUrl = new ArrayList<>(); - urls.forEach( - url -> { - if (!apdDetail.containsKey(url)) failedUrl.add(url); - else { - JsonObject detail = apdDetail.getJsonObject(url); - //status of the apd is not validated for creating policy by the trustee - JsonObject resObj = new JsonObject(); - resObj.put(ITEMTYPE, APD); - resObj.put(ID, detail.getString(ID)); - resObj.put(CAT_ID, detail.getString(URL)); - resObj.put( - OWNER_ID, detail.getJsonObject(OWNER_DETAILS).getString(ID)); - resObj.put("resource_server_id",NIL_UUID); - resObj.put("resource_group_id",NIL_UUID); - apdMap.put(resObj.getString(CAT_ID), new ResourceObj(resObj)); - } - }); - - if (failedUrl.size() > 0) { - Response r = - new ResponseBuilder() - .status(400) - .type(URN_INVALID_INPUT) - .title(INVALID_INPUT) - .detail(failedUrl.toString()) - .build(); - return Future.failedFuture(new ComposeException(r)); - } - return Future.succeededFuture(apdMap); - }); - } else // For both apdPolicy and userPolicy reqItemDetail = catalogueClient.checkReqItems(catItem); } @@ -415,28 +336,7 @@ public PolicyService createPolicy( return createPolicy.checkAuthPolicy(user.getUserId()); }); - // to create a policy in the apd_polcies table, user must have a policy by the dataTrustee for the apdId - Future checkTrusteeAuthPolicy = - ItemChecks.compose(obj -> - { - if(validApd.result().isEmpty()) - return Future.succeededFuture(true); - else - { - Set apdIds = new HashSet(); - List urls = - apdPolicyRequests.stream().map(CreatePolicyRequest::getApdId).collect(Collectors.toList()); - urls.forEach(url -> - { - apdIds.add(UUID.fromString(validApd.result().getJsonObject(url).getString(ID))); - }); - return createPolicy.checkAuthTrusteePolicy(providerId, apdIds); - } - } - ); - - - Future> checkDelegate = CompositeFuture.all(checkAuthPolicy,checkTrusteeAuthPolicy).compose( + Future> checkDelegate = checkAuthPolicy.compose( checkAut -> { if (checkAut.equals(false)) return Future.succeededFuture(new ArrayList<>()); List resourceObj = new ArrayList<>(reqItemDetail.result().values()); @@ -537,7 +437,7 @@ public PolicyService deletePolicy(JsonArray request, User user, JsonObject data, List roles = user.getRoles(); if (!roles.contains(Roles.ADMIN) && !roles.contains(Roles.PROVIDER) - && !roles.contains(Roles.DELEGATE) && ! roles.contains(Roles.TRUSTEE)) { + && !roles.contains(Roles.DELEGATE)) { // cannot create policy Response r = new Response.ResponseBuilder().type(URN_INVALID_ROLE).title(INVALID_ROLE) .detail(INVALID_ROLE).status(401).build(); @@ -637,14 +537,8 @@ public PolicyService listPolicy(User user, JsonObject data, List userIds = new ArrayList(userIdSet); - /* - * For APD IDs get IDs from policies where the item type is APD and from the APD IDs in - * APD policies - */ - Set apdIdSet = itemTypeToIds.get(itemTypes.APD).stream().map(id -> id.toString()) + Set apdIdSet = apdPolicies.result().stream().map(j -> j.getString(APD_ID)) .collect(Collectors.toSet()); - apdIdSet.addAll(apdPolicies.result().stream().map(j -> j.getString(APD_ID)) - .collect(Collectors.toSet())); List apdIds = new ArrayList(apdIdSet); diff --git a/src/main/java/iudx/aaa/server/policy/createPolicy.java b/src/main/java/iudx/aaa/server/policy/createPolicy.java index 77acc063..fa2a0850 100644 --- a/src/main/java/iudx/aaa/server/policy/createPolicy.java +++ b/src/main/java/iudx/aaa/server/policy/createPolicy.java @@ -369,36 +369,6 @@ public Future checkAuthPolicy(String userId) { return p.future(); } - public Future checkAuthTrusteePolicy(String providerId, Set apdIds) { - Promise p = Promise.promise(); - pool.withConnection( - conn -> - conn.preparedQuery(CHECK_TRUSTEE_POLICY) - .execute(Tuple.of(providerId, status.ACTIVE, apdIds.toArray(UUID[]::new))) - .onFailure( - obj -> { - LOGGER.error( - "checkAuthTrusteePolicy db fail :: " + obj.getLocalizedMessage()); - p.fail(INTERNALERROR); - }) - .onSuccess( - obj -> { - if (obj.rowCount() == apdIds.size()) p.complete(true); - else { - Response r = - new Response.ResponseBuilder() - .type(URN_INVALID_INPUT) - .title(NO_AUTH_TRUSTEE_POLICY) - .detail(NO_AUTH_TRUSTEE_POLICY) - .status(403) - .build(); - p.fail(new ComposeException(r)); - } - })); - - return p.future(); - } - public Future> userPolicyDuplicate( List req, Map resourceObj, User user) { Promise> p = Promise.promise(); diff --git a/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java b/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java index 5f671c9a..ed53af87 100644 --- a/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java +++ b/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java @@ -140,8 +140,7 @@ public RegistrationService createUser(RegistrationRequest request, User user, UUID orgId = UUID.fromString(request.getOrgId()); final String phone = request.getPhone(); - if (requestedRoles.contains(Roles.PROVIDER) || requestedRoles.contains(Roles.DELEGATE) - || requestedRoles.contains(Roles.TRUSTEE)) { + if (requestedRoles.contains(Roles.PROVIDER) || requestedRoles.contains(Roles.DELEGATE)) { if (orgId.toString().equals(NIL_UUID)) { Response r = new ResponseBuilder().status(400).type(URN_MISSING_INFO) .title(ERR_TITLE_ORG_ID_REQUIRED).detail(ERR_DETAIL_ORG_ID_REQUIRED).build(); @@ -169,8 +168,7 @@ public RegistrationService createUser(RegistrationRequest request, User user, Future checkOrgExist; String orgIdToSet; - if (roles.containsKey(Roles.PROVIDER) || roles.containsKey(Roles.DELEGATE) - || roles.containsKey(Roles.TRUSTEE)) { + if (roles.containsKey(Roles.PROVIDER) || roles.containsKey(Roles.DELEGATE)) { orgIdToSet = request.getOrgId(); checkOrgExist = pool.withConnection( conn -> conn.preparedQuery(SQL_GET_ORG_DETAILS).execute(Tuple.of(orgId.toString())).map( @@ -615,7 +613,7 @@ public void addRoles(User user, UpdateProfileRequest request, Promise roles = user.getRoles(); - /* - * If the user is a trustee, check for auth admin policy. This is to prevent any user registered - * as a trustee to perform search. Currently, the auth admin policy is set when an APD owned by - * the trustee is set to active for the first time. - */ - Future trusteeAuthPolicyCheck; if (roles.contains(Roles.PROVIDER) || roles.contains(Roles.ADMIN)) { - trusteeAuthPolicyCheck = Future.succeededFuture(); } else if (roles.contains(Roles.DELEGATE) && isAuthDelegate) { - trusteeAuthPolicyCheck = Future.succeededFuture(); - - } else if (roles.contains(Roles.TRUSTEE)) { - Promise authPolPromise = Promise.promise(); - /* checkAuthPolicy sends ComposeException with correct response, can pass the future as is */ - policyService.checkAuthPolicy(user.getUserId(), authPolPromise); - trusteeAuthPolicyCheck = authPolPromise.future(); } else { Response r = new ResponseBuilder().status(401).type(URN_INVALID_ROLE) @@ -857,7 +841,7 @@ public void searchUser(User user, JsonObject searchUserDetails, Boolean isAuthDe String email = searchUserDetails.getString("email").toLowerCase(); Roles role = Roles.valueOf(searchUserDetails.getString("role").toUpperCase()); - Future foundUser = trusteeAuthPolicyCheck.compose(res -> kc.findUserByEmail(email)); + Future foundUser = kc.findUserByEmail(email); Future exists = foundUser.compose(res -> { if (res.isEmpty()) { diff --git a/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java b/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java index 51914bd4..c3dfae19 100644 --- a/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java +++ b/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java @@ -47,7 +47,6 @@ import static iudx.aaa.server.policy.Constants.ID; import static iudx.aaa.server.policy.Constants.INVALID_ROLE; import static iudx.aaa.server.policy.Constants.ITEMNOTFOUND; -import static iudx.aaa.server.policy.Constants.NO_AUTH_TRUSTEE_POLICY; import static iudx.aaa.server.policy.Constants.STATUS; import static iudx.aaa.server.policy.Constants.URL; import static iudx.aaa.server.registration.Utils.SQL_CREATE_APD; @@ -82,7 +81,6 @@ public class CreateApdPolicyTest { private static Future providerUser; private static Future authDelUser; private static Future consumerUser; - private static Future trusteeUser; private static JsonObject catOptions; private static UUID authSerId; private static String authServerURL; @@ -178,16 +176,6 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); - trusteeUser = - orgIdFut.compose( - orgId -> - Utils.createFakeUser( - pgclient, - orgId.toString(), - "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), - false)); - authDelUser = orgIdFut.compose( orgId -> @@ -207,7 +195,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { Map.of(Roles.CONSUMER, RoleStatus.APPROVED), false)); - CompositeFuture.all(adminUser, providerUser, authDelUser, consumerUser,trusteeUser) + CompositeFuture.all(adminUser, providerUser, authDelUser, consumerUser) .onSuccess( succ -> { // create all servers @@ -216,8 +204,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { resourceGrpID = UUID.randomUUID(); apdId = UUID.randomUUID(); //create APD with id,name,url,owner_id(admin user),status,created_at,updated_at - Tuple apdTuple = Tuple.of(apdId,RandomStringUtils.randomAlphabetic(5),apdURL, - UUID.fromString(trusteeUser.result().getString("userId")), Constants.status.ACTIVE); + Tuple apdTuple = Tuple.of(apdId,RandomStringUtils.randomAlphabetic(5),apdURL, Constants.status.ACTIVE); pgclient.withConnection(conn -> conn.preparedQuery(SQL_CREATE_APD).execute(apdTuple)) .compose(ar-> Utils.createFakeResourceServer(pgclient, adminUser.result(), authSerId, authServerURL)) @@ -276,15 +263,6 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { UUID.fromString(authDelUser.result().getString("userId")), UUID.fromString(providerUser.result().getString("userId")), authSerId)) - .compose( - proPol -> - Utils.createFakePolicy( - pgclient, - UUID.fromString(providerUser.result().getString("userId")), - Constants.itemTypes.RESOURCE_SERVER, - UUID.fromString(trusteeUser.result().getString("userId")), - apdId)) - .onSuccess( success -> { policyService = @@ -311,13 +289,11 @@ public static void finish(VertxTestContext testContext){ UUID adminId = UUID.fromString(adminUser.result().getString("userId")); UUID providerId = UUID.fromString(providerUser.result().getString("userId")); UUID delegateId = UUID.fromString(authDelUser.result().getString("userId")); - UUID trusteeId = UUID.fromString(authDelUser.result().getString("userId")); - Tuple policyOwners = Tuple.of(List.of(adminId, providerId, delegateId,trusteeId).toArray(UUID[]::new)); + Tuple policyOwners = Tuple.of(List.of(adminId, providerId, delegateId).toArray(UUID[]::new)); List users = List.of( - providerUser.result(), authDelUser.result(), consumerUser.result(), adminUser.result(), - trusteeUser.result()); + providerUser.result(), authDelUser.result(), consumerUser.result(), adminUser.result()); pgclient.withConnection( conn -> conn.preparedQuery(SQL_DELETE_APD).execute(policyOwners)) .compose(resGrp -> Utils.deleteFakeResourceServer(pgclient, users)) @@ -497,79 +473,7 @@ void invalidAPDPolicyItemId(VertxTestContext testContext) } @Test - @DisplayName("Testing apd Policy table - user does not have policy by trustee ") - void noTrusteePolicy(VertxTestContext testContext) - { - - JsonObject userJson = authDelUser.result(); - User user = - new User.UserBuilder() - .keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.PROVIDER)) - .build(); - - - JsonObject validCatItem = - new JsonObject() - .put("cat_id", "") - .put("itemType", "resource_group") - .put("owner_id", providerUser.result().getString("userId")) - .put("id",resourceGrpID) - .put("resource_group_id", resourceGrpID) - .put("resource_server_id", otherSerId.toString()); - - ResourceObj resourceObj = new ResourceObj(validCatItem); - Map resp = new HashMap<>(); - resp.put(resourceObj.getId().toString(), resourceObj); - Mockito.when(catalogueClient.checkReqItems(any())).thenReturn(Future.succeededFuture(resp)); - - String randomAPD = RandomStringUtils.randomAlphabetic(5); - Mockito.doAnswer( - i -> { - Promise p = i.getArgument(2); - JsonObject result = new JsonObject(); - List ids = i.getArgument(0); - for (String x : ids) { - result.put( - x, - new JsonObject() - .put(URL, "") - .put(STATUS, "active") - .put(STATUS, "active") - .put(STATUS, "active") - .put(ID,apdId) - ); - } - p.complete(result); - return i.getMock(); - }) - .when(apdService) - .getApdDetails(any(), any(), any()); - - JsonObject obj = new JsonObject(); - obj.put("itemId",resourceGrpID.toString()).put("itemType","RESOURCE_GROUP").put("apdId",randomAPD) - .put("userClass","").put("constraints",new JsonObject()); - List req = - CreatePolicyRequest.jsonArrayToList(new JsonArray().add(obj)); - policyService.createPolicy( - req, - user, - new JsonObject(), - testContext.succeeding( - response -> - testContext.verify( - () -> { - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - assertEquals(NO_AUTH_TRUSTEE_POLICY, response.getString("title")); - assertEquals(403, response.getInteger("status")); - testContext.completeNow(); - }))); - } - - @Test - @DisplayName("Testing apd Policy table - user does not have policy by trustee ") + @DisplayName("Testing apd Policy table - successful creation") void successApdPolicyCreation(VertxTestContext testContext) { diff --git a/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java b/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java index 4bdcdc09..34acc2e8 100644 --- a/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java +++ b/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java @@ -194,11 +194,10 @@ void failCreateNotifNoRoles(VertxTestContext testContext) { } @Test - @DisplayName("User with admin/provider/trustee/delegate role cannot create notification") + @DisplayName("User with admin/provider/delegate role cannot create notification") void failOtherRolesCreateNotif(VertxTestContext testContext) { Checkpoint checkAdmin = testContext.checkpoint(); Checkpoint checkProvider = testContext.checkpoint(); - Checkpoint checkTrustee = testContext.checkpoint(); Checkpoint checkDelegate = testContext.checkpoint(); JsonObject userJson = consumer.result(); @@ -239,20 +238,6 @@ void failOtherRolesCreateNotif(VertxTestContext testContext) { checkProvider.flag(); }))); - User trusteeUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - policyService.createPolicyNotification(request, trusteeUser, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(403, response.getInteger("status")); - assertEquals(URN_INVALID_ROLE.toString(), response.getString(TYPE)); - assertEquals(INVALID_ROLE, response.getString("detail")); - assertEquals(INVALID_ROLE, response.getString(TITLE)); - checkTrustee.flag(); - }))); - User delegateUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) .name(userJson.getString("firstName"), userJson.getString("lastName")) diff --git a/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java b/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java index b7c5d353..9736830e 100644 --- a/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java +++ b/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java @@ -298,11 +298,10 @@ void failNotRegisteredUser(VertxTestContext testContext) { } @Test - @DisplayName("Test admin/trustee calling API") + @DisplayName("Test admin calling API") void failDisallowedRoles(VertxTestContext testContext) { // same as the create notification tests here Checkpoint checkAdmin = testContext.checkpoint(); - Checkpoint checkTrustee = testContext.checkpoint(); JsonObject admin = consumer.result(); String randomUserId = UUID.randomUUID().toString(); User userAdmin = new UserBuilder().keycloakId(admin.getString("keycloakId")).userId(randomUserId) @@ -317,21 +316,6 @@ void failDisallowedRoles(VertxTestContext testContext) { assertEquals(401, response.getInteger("status")); checkAdmin.flag(); }))); - - JsonObject trustee = consumer.result(); - User trusteeUser = new UserBuilder().keycloakId(trustee.getString("keycloakId")).userId(randomUserId) - .name(trustee.getString("firstName"), trustee.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - policyService.listPolicyNotification(trusteeUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(URN_INVALID_ROLE.toString(), response.getString(TYPE)); - assertEquals(ERR_DETAIL_LIST_DELEGATE_ROLES, response.getString("detail")); - assertEquals(ERR_TITLE_INVALID_ROLES, response.getString("title")); - assertEquals(401, response.getInteger("status")); - checkTrustee.flag(); - }))); - } @Test diff --git a/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java b/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java index 41f32365..33f24ed3 100644 --- a/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java +++ b/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java @@ -356,13 +356,12 @@ void failNotRegisteredUser(VertxTestContext testContext) { } @Test - @DisplayName("Test admin/trustee/consumer calling API") + @DisplayName("Test admin/consumer calling API") void failDisallowedRoles(VertxTestContext testContext) { // creake fake request // try with different users with checkpoints Checkpoint checkAdmin = testContext.checkpoint(); Checkpoint checkConsumer = testContext.checkpoint(); - Checkpoint checkTrustee = testContext.checkpoint(); JsonObject userJson = provider.result(); User adminUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")).userId(NIL_UUID) @@ -385,20 +384,6 @@ void failDisallowedRoles(VertxTestContext testContext) { checkAdmin.flag(); }))); - User trusteeUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")).userId(NIL_UUID) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)) - .build(); - - policyService.updatePolicyNotification(request, trusteeUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(URN_INVALID_ROLE.toString(), response.getString(TYPE)); - assertEquals(ERR_DETAIL_LIST_DELEGATE_ROLES, response.getString("detail")); - assertEquals(ERR_TITLE_INVALID_ROLES, response.getString("title")); - assertEquals(401, response.getInteger("status")); - checkTrustee.flag(); - }))); - User consumerUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")).userId(NIL_UUID) .name(userJson.getString("firstName"), userJson.getString("lastName")) .roles(List.of(Roles.CONSUMER)) diff --git a/src/test/java/iudx/aaa/server/registration/CreateUserTest.java b/src/test/java/iudx/aaa/server/registration/CreateUserTest.java index 88a8b4be..096d571d 100644 --- a/src/test/java/iudx/aaa/server/registration/CreateUserTest.java +++ b/src/test/java/iudx/aaa/server/registration/CreateUserTest.java @@ -276,48 +276,6 @@ void createDelegateSuccess(VertxTestContext testContext) { }))); } - @Test - @DisplayName("Test successful trustee registration") - void createTrusteeSuccess(VertxTestContext testContext) { - - String orgId = orgIdFut.result().toString(); - String email = RandomStringUtils.randomAlphabetic(5).toLowerCase() + "@" + url; - String keycloakId = UUID.randomUUID().toString(); - - Mockito.when(kc.getEmailId(any())).thenReturn(Future.succeededFuture(email)); - - JsonObject jsonReq = - new JsonObject().put("roles", new JsonArray().add("trustee")).put("orgId", orgId); - RegistrationRequest request = new RegistrationRequest(jsonReq); - - User user = new UserBuilder().keycloakId(keycloakId).name("Foo", "Bar").build(); - - registrationService.createUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(201, response.getInteger("status")); - - JsonObject result = response.getJsonObject("results"); - - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - assertEquals(SUCC_TITLE_CREATED_USER, response.getString("title")); - assertTrue(result.getJsonArray("roles").contains(Roles.TRUSTEE.name().toLowerCase())); - assertEquals(result.getString("email"), email); - assertEquals(result.getString("keycloakId"), keycloakId); - assertTrue(result.getString("userId").matches(UUID_REGEX)); - assertEquals(result.getJsonObject("name").getString("firstName"), "Foo"); - assertEquals(result.getJsonObject("name").getString("lastName"), "Bar"); - assertTrue(!result.containsKey("phone")); - assertEquals(result.getJsonObject("organization").getString("url"), url); - - JsonObject client = result.getJsonArray("clients").getJsonObject(0); - assertTrue(client.getString(RESP_CLIENT_ID).matches(UUID_REGEX)); - assertTrue(client.getString(RESP_CLIENT_SC).matches(CLIENT_SECRET_REGEX)); - assertEquals(client.getString(RESP_CLIENT_NAME), DEFAULT_CLIENT); - - testContext.completeNow(); - }))); - } - @Test @DisplayName("Test successful registration of all roles") void allRolesRegister(VertxTestContext testContext) { @@ -329,7 +287,7 @@ void allRolesRegister(VertxTestContext testContext) { Mockito.when(kc.getEmailId(any())).thenReturn(Future.succeededFuture(email)); JsonObject jsonReq = new JsonObject() - .put("roles", new JsonArray().add("delegate").add("provider").add("consumer").add("trustee")) + .put("roles", new JsonArray().add("delegate").add("provider").add("consumer")) .put("orgId", orgId).put("phone", "9989989980"); RegistrationRequest request = new RegistrationRequest(jsonReq); @@ -347,8 +305,7 @@ void allRolesRegister(VertxTestContext testContext) { @SuppressWarnings("unchecked") List roles = result.getJsonArray("roles").getList(); assertTrue(roles.containsAll( - List.of(Roles.DELEGATE.name().toLowerCase(), Roles.CONSUMER.name().toLowerCase(), - Roles.TRUSTEE.name().toLowerCase()))); + List.of(Roles.DELEGATE.name().toLowerCase(), Roles.CONSUMER.name().toLowerCase()))); assertEquals(result.getString("email"), email); assertEquals(result.getString("keycloakId"), keycloakId); @@ -418,31 +375,6 @@ void noOrgForProviderReg(VertxTestContext testContext) { }))); } - @Test - @DisplayName("Testing no organization ID for trustee reg") - void noOrgForTrusteeReg(VertxTestContext testContext) { - String email = RandomStringUtils.randomAlphabetic(5).toLowerCase() + "@" + url; - String keycloakId = UUID.randomUUID().toString(); - - Mockito.when(kc.getEmailId(any())).thenReturn(Future.succeededFuture(email)); - - JsonObject jsonReq = - new JsonObject().put("roles", new JsonArray().add("trustee")); - RegistrationRequest request = new RegistrationRequest(jsonReq); - - User user = new UserBuilder().keycloakId(keycloakId).name("Foo", "Bar").build(); - - registrationService.createUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(URN_MISSING_INFO.toString(), response.getString("type")); - assertEquals(400, response.getInteger("status")); - assertEquals(ERR_DETAIL_ORG_ID_REQUIRED, response.getString("detail")); - assertEquals(ERR_TITLE_ORG_ID_REQUIRED, response.getString("title")); - - testContext.completeNow(); - }))); - } - @Test @DisplayName("Test org-domain mismatch") void orgDomainNotMatch(VertxTestContext testContext) { diff --git a/src/test/java/iudx/aaa/server/registration/SearchUserTest.java b/src/test/java/iudx/aaa/server/registration/SearchUserTest.java index 6f28c6bf..92ab4e00 100644 --- a/src/test/java/iudx/aaa/server/registration/SearchUserTest.java +++ b/src/test/java/iudx/aaa/server/registration/SearchUserTest.java @@ -86,7 +86,6 @@ public class SearchUserTest { static Future providerDeleg; static Future consumerAdmin; - static Future trustee; static Future orgIdFut; @BeforeAll @@ -125,7 +124,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { options.put(CONFIG_AUTH_URL, dbConfig.getString(CONFIG_AUTH_URL)).put(CONFIG_OMITTED_SERVERS, dbConfig.getJsonArray(CONFIG_OMITTED_SERVERS)); /* - * create fake organization, and create 3 mock users. One user has an organization + phone + * create fake organization, and create 2 mock users. One user has an organization + phone * number other does not */ @@ -140,15 +139,11 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { rolesB.put(Roles.CONSUMER, RoleStatus.APPROVED); rolesB.put(Roles.ADMIN, RoleStatus.APPROVED); - Map rolesC = new HashMap(); - rolesC.put(Roles.TRUSTEE, RoleStatus.APPROVED); - providerDeleg = orgIdFut.compose(id -> Utils.createFakeUser(pool, id.toString(), url, rolesA, true)); consumerAdmin = Utils.createFakeUser(pool, Constants.NIL_UUID, "", rolesB, false); - trustee = Utils.createFakeUser(pool, Constants.NIL_UUID, "", rolesC, false); - CompositeFuture.all(providerDeleg, consumerAdmin, trustee).onSuccess(res -> { + CompositeFuture.all(providerDeleg, consumerAdmin).onSuccess(res -> { registrationService = new RegistrationServiceImpl(pool, kc, tokenService, policyService, options); testContext.completeNow(); @@ -161,7 +156,7 @@ public static void finish(VertxTestContext testContext) { Utils .deleteFakeUser(pool, - List.of(consumerAdmin.result(), providerDeleg.result(), trustee.result())) + List.of(consumerAdmin.result(), providerDeleg.result())) .compose(success -> pool.withConnection( conn -> conn.preparedQuery(SQL_DELETE_ORG).execute(Tuple.of(orgIdFut.result())))) .onComplete(x -> { @@ -467,83 +462,4 @@ void searchNoRole(VertxTestContext testContext) { testContext.completeNow(); }))); } - - @Test - @DisplayName("Test search - trustee does not have auth admin policy") - void searchTrusteeNoAuthAdminPolicy(VertxTestContext testContext) { - JsonObject userJson = trustee.result(); - List roles = List.of(Roles.TRUSTEE); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - p.fail(new ComposeException(403, URN_INVALID_INPUT, NO_AUTH_POLICY, NO_AUTH_ADMIN_POLICY)); - return i.getMock(); - }).when(policyService).checkAuthPolicy(Mockito.eq(userJson.getString("userId")), any()); - - JsonObject consumerUser = consumerAdmin.result(); - - JsonObject searchUser = new JsonObject().put("email", consumerUser.getString("email")) - .put("role", Roles.CONSUMER.toString().toLowerCase()); - - registrationService.listUser(user, searchUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(403, response.getInteger("status")); - assertEquals(NO_AUTH_POLICY, response.getString("title")); - assertEquals(NO_AUTH_ADMIN_POLICY, response.getString("detail")); - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - testContext.completeNow(); - }))); - } - - @Test - @DisplayName("Test search - trustee finds consumer successfully") - void searchTrusteeFindConsumer(VertxTestContext testContext) { - JsonObject userJson = trustee.result(); - List roles = List.of(Roles.TRUSTEE); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - JsonObject consumerUser = consumerAdmin.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - p.complete(); - return i.getMock(); - }).when(policyService).checkAuthPolicy(Mockito.eq(userJson.getString("userId")), any()); - - JsonObject kcResult = new JsonObject().put("keycloakId", consumerUser.getString("keycloakId")) - .put("email", consumerUser.getString("email")) - .put("name", new JsonObject().put("firstName", consumerUser.getString("firstName")) - .put("lastName", consumerUser.getString("lastName"))); - - Mockito.when(kc.findUserByEmail(consumerUser.getString("email"))) - .thenReturn(Future.succeededFuture(kcResult)); - - JsonObject searchUser = new JsonObject().put("email", consumerUser.getString("email")) - .put("role", Roles.CONSUMER.toString().toLowerCase()); - - registrationService.listUser(user, searchUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(200, response.getInteger("status")); - assertEquals(SUCC_TITLE_USER_FOUND, response.getString("title")); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - - JsonObject result = response.getJsonObject("results"); - - JsonObject name = result.getJsonObject("name"); - assertEquals(name.getString("firstName"), consumerUser.getString("firstName")); - assertEquals(name.getString("lastName"), consumerUser.getString("lastName")); - - assertTrue(result.getJsonObject(RESP_ORG) == null); - assertEquals(result.getString("userId"), consumerUser.getString("userId")); - - testContext.completeNow(); - }))); - } } diff --git a/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java b/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java index d52317be..e6146fb1 100644 --- a/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java +++ b/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java @@ -224,77 +224,6 @@ void userDoesNotExist(VertxTestContext testContext) { }))); } - @Test - @DisplayName("[Update roles] Test no org ID when delegate requesting trustee") - void delegateNoOrgId(VertxTestContext testContext) { - JsonObject req = new JsonObject().put("roles", new JsonArray().add("trustee")); - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.DELEGATE); - Map cons = new HashMap(); - cons.put(Roles.DELEGATE, RoleStatus.APPROVED); - - Future delegate = - Utils.createFakeUser(pool, orgIdFut.result().toString(), "", cons, false); - - delegate.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(400, response.getInteger("status")); - assertEquals(ERR_TITLE_ORG_ID_REQUIRED, response.getString("title")); - assertEquals(URN_MISSING_INFO.toString(), response.getString("type")); - assertEquals(ERR_DETAIL_ORG_ID_REQUIRED, response.getString("detail")); - testContext.completeNow(); - }))); - }); - } - - @Test - @DisplayName("[Update roles] Test invalid org Id when delegate getting trustee") - void delegateInvalidOrg(VertxTestContext testContext) { - JsonObject req = new JsonObject().put("roles", new JsonArray().add("trustee")).put("orgId", - UUID.randomUUID().toString()); - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.DELEGATE); - Map cons = new HashMap(); - cons.put(Roles.DELEGATE, RoleStatus.APPROVED); - - Future consumer = - Utils.createFakeUser(pool, orgIdFut.result().toString(), "", cons, false); - - consumer.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(400, response.getInteger("status")); - assertEquals(ERR_TITLE_ORG_NO_EXIST, response.getString("title")); - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - assertEquals(ERR_DETAIL_ORG_NO_EXIST, response.getString("detail")); - testContext.completeNow(); - }))); - }); - } - @Test @DisplayName("[Update roles] Test no org ID when consumer requesting delegate") void consumerNoOrgId(VertxTestContext testContext) { @@ -399,10 +328,10 @@ void emailNotFoundOnKeycloak(VertxTestContext testContext) { } @Test - @DisplayName("[Update roles] Test consumer with gmail email cannot become delegate, trustee") + @DisplayName("[Update roles] Test consumer with gmail email cannot become delegate") void consumerDomainMismatch(VertxTestContext testContext) { - JsonObject req = new JsonObject().put("roles", new JsonArray().add("delegate").add("trustee")) + JsonObject req = new JsonObject().put("roles", new JsonArray().add("delegate")) .put("orgId", orgIdFut.result().toString()); UpdateProfileRequest request = new UpdateProfileRequest(req); @@ -497,128 +426,6 @@ void consumerAddProvDele(VertxTestContext testContext) { }); } - @Test - @DisplayName("[Update roles] Test trustee get delegate role (orgId needed)") - void trusteeAddDele(VertxTestContext testContext) { - - JsonObject req = new JsonObject().put("roles", new JsonArray().add("delegate")).put("orgId", - orgIdFut.result().toString()); - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.TRUSTEE); - Map cons = new HashMap(); - cons.put(Roles.TRUSTEE, RoleStatus.APPROVED); - - Future trustee = - Utils.createFakeUser(pool, orgIdFut.result().toString(), url, cons, false); - - trustee.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(200, response.getInteger("status")); - assertEquals(SUCC_TITLE_UPDATED_USER_ROLES, response.getString("title")); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - - JsonObject result = response.getJsonObject("results"); - - JsonObject name = result.getJsonObject("name"); - assertEquals(name.getString("firstName"), userJson.getString("firstName")); - assertEquals(name.getString("lastName"), userJson.getString("lastName")); - - @SuppressWarnings("unchecked") - List returnedRoles = result.getJsonArray("roles").getList(); - List rolesString = - List.of(Roles.TRUSTEE.name().toLowerCase(), Roles.DELEGATE.name().toLowerCase()); - assertTrue( - returnedRoles.containsAll(rolesString) && rolesString.containsAll(returnedRoles)); - - JsonArray clients = result.getJsonArray(RESP_CLIENT_ARR); - JsonObject defaultClient = clients.getJsonObject(0); - assertTrue(clients.size() > 0); - assertEquals(defaultClient.getString(RESP_CLIENT_ID), userJson.getString("clientId")); - - JsonObject org = result.getJsonObject(RESP_ORG); - assertEquals(org.getString("url"), userJson.getString("url")); - - assertEquals(result.getString(RESP_EMAIL), userJson.getString("email")); - assertEquals(result.getString("userId"), userJson.getString("userId")); - assertEquals(result.getString("keycloakId"), userJson.getString("keycloakId")); - - testContext.completeNow(); - }))); - }); - } - - @Test - @DisplayName("[Update roles] Test trustee get consumer role") - void trusteeAddCons(VertxTestContext testContext) { - - JsonObject req = new JsonObject().put("roles", new JsonArray().add("consumer"));; - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.TRUSTEE); - Map cons = new HashMap(); - cons.put(Roles.TRUSTEE, RoleStatus.APPROVED); - - Future trustee = - Utils.createFakeUser(pool, orgIdFut.result().toString(), url, cons, false); - - trustee.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(200, response.getInteger("status")); - assertEquals(SUCC_TITLE_UPDATED_USER_ROLES, response.getString("title")); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - - JsonObject result = response.getJsonObject("results"); - - JsonObject name = result.getJsonObject("name"); - assertEquals(name.getString("firstName"), userJson.getString("firstName")); - assertEquals(name.getString("lastName"), userJson.getString("lastName")); - - @SuppressWarnings("unchecked") - List returnedRoles = result.getJsonArray("roles").getList(); - List rolesString = - List.of(Roles.TRUSTEE.name().toLowerCase(), Roles.CONSUMER.name().toLowerCase()); - assertTrue( - returnedRoles.containsAll(rolesString) && rolesString.containsAll(returnedRoles)); - - JsonArray clients = result.getJsonArray(RESP_CLIENT_ARR); - JsonObject defaultClient = clients.getJsonObject(0); - assertTrue(clients.size() > 0); - assertEquals(defaultClient.getString(RESP_CLIENT_ID), userJson.getString("clientId")); - - JsonObject org = result.getJsonObject(RESP_ORG); - assertEquals(org.getString("url"), userJson.getString("url")); - - assertEquals(result.getString(RESP_EMAIL), userJson.getString("email")); - assertEquals(result.getString("userId"), userJson.getString("userId")); - assertEquals(result.getString("keycloakId"), userJson.getString("keycloakId")); - - testContext.completeNow(); - }))); - }); - } @Test @DisplayName("[Update roles] Test existing role request") diff --git a/src/test/resources/Integration_Test.postman_collection.json b/src/test/resources/Integration_Test.postman_collection.json index c0e4ab98..7810f213 100644 --- a/src/test/resources/Integration_Test.postman_collection.json +++ b/src/test/resources/Integration_Test.postman_collection.json @@ -261,69 +261,6 @@ }, "response": [] }, - { - "name": "Token for postman.trustee@datakaveri.org", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "let access_token = pm.response.json().access_token", - "pm.environment.set(\"POSTMAN_TRUSTEE_TOKEN\",access_token);" - ], - "type": "text/javascript" - } - } - ], - "request": { - "auth": { - "type": "noauth" - }, - "method": "POST", - "header": [], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "grant_type", - "value": "password", - "type": "text" - }, - { - "key": "username", - "value": "postman.trustee@datakaveri.org", - "type": "text" - }, - { - "key": "password", - "value": "password", - "type": "text" - }, - { - "key": "client_id", - "value": "account", - "type": "text" - } - ] - }, - "url": { - "raw": "https://{{KEYCLOAK_ENDPOINT}}/auth/realms/{{KEYCLOAK_REALM}}/protocol/openid-connect/token", - "protocol": "https", - "host": [ - "{{KEYCLOAK_ENDPOINT}}" - ], - "path": [ - "auth", - "realms", - "{{KEYCLOAK_REALM}}", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - }, { "name": "Token for no.profile@datakaveri.org", "event": [ @@ -1051,65 +988,6 @@ }, "response": [] }, - { - "name": "orgId needed for trustee role - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingInformation\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"roles\": [\n \"trustee\"\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, { "name": "orgId needed for provider role - [400] Copy", "event": [ @@ -1383,7 +1261,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"roles\":[\"provider\", \"trustee\"],\n \"orgId\":\"{{$randomUUID}}\"\n}", + "raw": "{\n \"roles\":[\"provider\"],\n \"orgId\":\"{{$randomUUID}}\"\n}", "options": { "raw": { "language": "json" @@ -1487,7 +1365,7 @@ "response": [] }, { - "name": "Successful delegate, trustee and provider registration registration - [201] (All roles)", + "name": "Successful delegate and provider registration registration - [201] (All roles)", "event": [ { "listen": "test", @@ -1513,7 +1391,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"delegate\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -1542,7 +1420,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"roles\": [\n \"delegate\",\n \"provider\",\n \"trustee\"\n ],\n \"orgId\": \"3a054e6a-220d-4d49-8cbd-25447dfaa8ed\",\n \"phone\": \"9989989981\"\n}", + "raw": "{\n \"roles\": [\n \"delegate\",\n \"provider\"\n ],\n \"orgId\": \"3a054e6a-220d-4d49-8cbd-25447dfaa8ed\",\n \"phone\": \"9989989981\"\n}", "options": { "raw": { "language": "json" @@ -4976,7 +4854,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"consumer\", \"provider\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"delegate\", \"consumer\", \"provider\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -5143,63 +5021,6 @@ }, "response": [] }, - { - "name": "orgId required for trustee role - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingInformation\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"roles\": [\n \"trustee\"\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, { "name": "OrgId does not match domain - [400]", "event": [ @@ -5333,79 +5154,6 @@ } }, "response": [] - }, - { - "name": "Add trustee role for rejected provider - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " const result = body.results;", - "", - " pm.expect(result).to.have.property(\"userId\");", - " pm.expect(result).to.have.property(\"email\");", - " pm.expect(result).to.have.property(\"name\");", - " pm.expect(result).to.have.property(\"keycloakId\");", - " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"trustee\"]);", - "", - " const clients = result.clients;", - " pm.expect(clients).length.greaterThan(0);", - " pm.expect(clients[0]).to.have.property(\"clientId\");", - " pm.expect(clients[0]).to.not.have.property(\"clientSecret\");", - " pm.expect(clients[0]).to.have.property(\"clientName\");", - "", - " pm.expect(result).to.have.property(\"organization\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"roles\": [\n \"trustee\"\n ],\n \"orgId\": \"3a054e6a-220d-4d49-8cbd-25447dfaa8ed\"\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] } ] }, @@ -6207,7 +5955,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"consumer\",\"delegate\",\"provider\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"consumer\",\"delegate\",\"provider\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -6315,7 +6063,7 @@ "response": [] }, { - "name": "List User rejected provider, delegate, trustee", + "name": "List User rejected provider, delegate", "event": [ { "listen": "test", @@ -6341,7 +6089,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"delegate\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -7027,14 +6775,14 @@ "response": [] }, { - "name": "Trustee (with no auth admin policy) searching", + "name": "Delegate searching without providerId header", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(401);", "});", "", "pm.test(\"Check response header\", function () {", @@ -7043,7 +6791,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", "});", "", "" @@ -7057,7 +6805,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{POSTMAN_DELEGATE_TOKEN}}", "type": "text" }, { @@ -7087,74 +6835,14 @@ "response": [] }, { - "name": "Delegate searching without providerId header", + "name": "Admin search for provider", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(401);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_DELEGATE_TOKEN}}", - "type": "text" - }, - { - "key": "email", - "value": "consumer@gmail.com", - "type": "text" - }, - { - "key": "role", - "value": "consumer", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, - { - "name": "Admin search for provider", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -7280,73 +6968,6 @@ }, "response": [] }, - { - "name": "Trustee with auth admin policy searching", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.title).to.be.eq(\"User found\");", - " const result = body.results;", - " pm.expect(result).to.have.property(\"email\", \"consumer@gmail.com\");", - " pm.expect(result).to.have.property(\"userId\", pm.environment.get(\"CONSUMER_GMAIL_USERID\"));", - " pm.expect(result.name).to.not.be.empty;", - " pm.expect(result.organization).to.not.exist;", - " ", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - }, - { - "key": "email", - "value": "consumer@gmail.com", - "type": "text" - }, - { - "key": "role", - "value": "consumer", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, { "name": "Auth delegate searching for delegate", "event": [ @@ -21138,7 +20759,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21185,7 +20806,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21241,7 +20862,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21297,7 +20918,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21548,62 +21169,6 @@ }, "response": [] }, - { - "name": "Calling API as admin - [403]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"name\":\"Example\",\n \"url\":\"example.com\"\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, { "name": "Invalid URL (http) - [400]", "event": [ @@ -21633,7 +21198,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21689,7 +21254,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21773,14 +21338,14 @@ "response": [] }, { - "name": "Invalid URL (invalid TLD) - [400]", + "name": "Invalid URL (invalid TLD) - [200] - invalid TLD ignored for now", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -21789,7 +21354,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", "});" ], "type": "text/javascript" @@ -21801,7 +21366,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21850,10 +21415,8 @@ " pm.environment.set(\"TEST_APD_ID\", res.apdId);", " pm.expect(res.name).to.be.eq(\"Integration APD\");", " let url = pm.environment.get(\"TEST_APD_URL\");", - " let id = pm.environment.get(\"REJPROVIDER_DELEGATE_USERID\");", " pm.expect(res.url).to.be.eq(url);", - " pm.expect(res.status).to.be.eq(\"pending\");", - " pm.expect(res.owner.id).to.be.eq(id);", + " pm.expect(res.status).to.be.eq(\"active\");", "});" ], "type": "text/javascript" @@ -21865,7 +21428,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21921,7 +21484,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22095,7 +21658,7 @@ "response": [] }, { - "name": "Listing as postman.trustee - [200]", + "name": "Listing as consumer - [200]", "event": [ { "listen": "test", @@ -22115,10 +21678,8 @@ " pm.expect(body.results).to.not.be.empty;", " pm.expect(body.results.length).to.be.eq(3);", " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\", \"inactive\",\"pending\"]);", - " pm.expect(r.owner.id).to.be.eq(\"1d086d89-db81-4959-ae5b-a760ef5c15fb\");", + " pm.expect(r.status).to.be.oneOf([\"active\"]);", " })", - "", "});" ], "type": "text/javascript" @@ -22130,7 +21691,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{CONSUMER_GMAIL_TOKEN}}", "type": "text" } ], @@ -22149,7 +21710,7 @@ "response": [] }, { - "name": "Listing as other trustee (rejprovider.delegate user) - [200]", + "name": "Listing as provider - [200]", "event": [ { "listen": "test", @@ -22167,13 +21728,9 @@ " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(2);", + " pm.expect(body.results.length).to.be.eq(3);", " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\", \"pending\"]);", - " if(r.status == 'pending')", - " pm.expect(r.owner.id).to.be.eq(pm.environment.get(\"REJPROVIDER_DELEGATE_USERID\"));", - " if(r.status == 'active')", - " pm.expect(r.owner.id).to.be.eq(\"1d086d89-db81-4959-ae5b-a760ef5c15fb\"); ", + " pm.expect(r.status).to.be.oneOf([\"active\"]);", " })", "});" ], @@ -22186,7 +21743,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], @@ -22205,7 +21762,7 @@ "response": [] }, { - "name": "Listing as consumer - [200]", + "name": "Listing as other admin - [200]", "event": [ { "listen": "test", @@ -22223,7 +21780,7 @@ " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(1);", + " pm.expect(body.results.length).to.be.eq(3);", " body.results.forEach((r) => {", " pm.expect(r.status).to.be.oneOf([\"active\"]);", " })", @@ -22238,7 +21795,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{CONSUMER_GMAIL_TOKEN}}", + "value": "Bearer {{OTHER_ADMIN_TOKEN}}", "type": "text" } ], @@ -22255,16 +21812,21 @@ } }, "response": [] - }, + } + ] + }, + { + "name": "Update APD", + "item": [ { - "name": "Listing as provider - [200]", + "name": "No Token - [401]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(401);", "});", "", "pm.test(\"Check response header\", function () {", @@ -22273,12 +21835,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(1);", - " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\"]);", - " })", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingAuthenticationToken\");", "});" ], "type": "text/javascript" @@ -22286,14 +21843,17 @@ } ], "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" + "method": "PUT", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"{{$randomUUID}}\",\n \"status\": \"active\"\n }\n ]\n}", + "options": { + "raw": { + "language": "json" + } } - ], + }, "url": { "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", "host": [ @@ -22309,121 +21869,14 @@ "response": [] }, { - "name": "Listing as other admin - [200]", + "name": "No profile - [404]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(1);", - " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\"]);", - " })", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{OTHER_ADMIN_TOKEN}}", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Update APD", - "item": [ - { - "name": "No Token - [401]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(401);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingAuthenticationToken\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"{{$randomUUID}}\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "No profile - [404]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(404);", + " pm.response.to.have.status(404);", "});", "", "pm.test(\"Check response header\", function () {", @@ -22500,7 +21953,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22547,7 +22000,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22603,7 +22056,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22659,7 +22112,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22715,7 +22168,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22771,7 +22224,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22827,7 +22280,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22883,7 +22336,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -23079,64 +22532,7 @@ "response": [] }, { - "name": "Other trustee (rejprovider.delegate) calling API on APD ID they do not own - [403]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body.detail).to.be.eq(\"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\")", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Auth admin change pending -> active, active -> inactive, inactive -> active, for postman.trustee APDs - [200]", + "name": "Auth admin change active -> inactive, inactive -> active - [200]", "event": [ { "listen": "test", @@ -23156,10 +22552,6 @@ " let res = body.results;", " count = 0;", " res.forEach(obj => {", - " if(obj.apdId === '8e2741ad-34a3-4de2-a9e5-b97631f2fd8f'){", - " pm.expect(obj.status).to.be.eq(\"active\");", - " count++;", - " }", " if(obj.apdId === '4f51cee5-e6ce-4e31-8c30-66d298c7d4a6'){", " pm.expect(obj.status).to.be.eq(\"inactive\");", " count++;", @@ -23169,7 +22561,7 @@ " count++;", " }", " })", - " pm.expect(count).to.be.eq(3);", + " pm.expect(count).to.be.eq(2);", "", "});" ], @@ -23188,7 +22580,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23244,7 +22636,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23266,7 +22658,7 @@ "response": [] }, { - "name": "postman.trustee changing 2 actives -> inactive and inactive -> active (not allowed) - [403]", + "name": "Auth admin setting inactive -> inactive (not allowed) and test APD active -> inactive - [403]", "event": [ { "listen": "test", @@ -23294,13 +22686,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"inactive\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23322,14 +22714,14 @@ "response": [] }, { - "name": "postman.trustee changing 2 actives -> inactive and inactive -> pending - [200]", + "name": "Auth admin setting inactive -> active and test APD active -> active (not allowed) - [403]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(403);", "});", "", "pm.test(\"Check response header\", function () {", @@ -23338,25 +22730,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " let res = body.results;", - " count = 0;", - " res.forEach(obj => {", - " if(obj.apdId === '8e2741ad-34a3-4de2-a9e5-b97631f2fd8f'){", - " pm.expect(obj.status).to.be.eq(\"inactive\");", - " count++;", - " }", - " if(obj.apdId === '4f51cee5-e6ce-4e31-8c30-66d298c7d4a6'){", - " pm.expect(obj.status).to.be.eq(\"pending\");", - " count++;", - " }", - " if(obj.apdId === '1b988be6-cc13-422b-bca0-9ccb98a5b30f'){", - " pm.expect(obj.status).to.be.eq(\"inactive\");", - " count++;", - " }", - " })", - " pm.expect(count).to.be.eq(3);", - "", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", "});" ], "type": "text/javascript" @@ -23368,13 +22742,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"pending\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"inactive\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23396,14 +22770,14 @@ "response": [] }, { - "name": "Auth admin setting inactive -> pending (not allowed) and test APD pending -> active - [403]", + "name": "Cleanup - auth.admin setting activeapd.integration-iudx.io to active - [200]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -23412,7 +22786,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", "});" ], "type": "text/javascript" @@ -23430,7 +22804,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"pending\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23452,14 +22826,14 @@ "response": [] }, { - "name": "Auth admin setting inactive -> active and test APD pending -> inactive (not allowed) - [403]", + "name": "Cleanup - auth.admin setting inactiveapd.integration-iudx.io to inactive - [200]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -23468,7 +22842,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", "});" ], "type": "text/javascript" @@ -23486,7 +22860,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"inactive\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"inactive\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23506,254 +22880,15 @@ } }, "response": [] - }, + } + ] + }, + { + "name": "Create APD Policy and Trustee-Provider policies", + "item": [ { - "name": "Auth admin setting inactive -> active and test APD pending -> active - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " let apdId = pm.environment.get(\"TEST_APD_ID\");", - " let res = body.results;", - " count = 0;", - " res.forEach(obj => {", - " if(obj.apdId === '8e2741ad-34a3-4de2-a9e5-b97631f2fd8f'){", - " pm.expect(obj.status).to.be.eq(\"active\");", - " count++;", - " }", - " if(obj.apdId === apdId){", - " pm.expect(obj.status).to.be.eq(\"active\");", - " count++;", - " }", - " })", - " pm.expect(count).to.be.eq(2);", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Cleanup - postman.trustee setting pendingapd.integration-iudx.io to inactive - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"inactive\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Cleanup - postman.trustee setting pendingapd.integration-iudx.io to pending - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"pending\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Cleanup - auth.admin setting activeapd.integration-iudx.io to active - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Create APD Policy and Trustee-Provider policies", - "item": [ - { - "name": "Setup", - "item": [ + "name": "Setup", + "item": [ { "name": "Setup - Get all existing policies for consumer", "event": [ @@ -24443,746 +23578,7 @@ "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\":\"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": []\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Invalid userClass - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"?\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Missing userClass - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Invalid expiryTime - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {},\n \"expiryTime\": \"2133231-23-232T90320\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Duplicate requests - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Trustee APD item Type policies", - "item": [ - { - "name": "Admin setting 'apd' policy - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\":\"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Provider setting 'apd' policy - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\":\"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Duplicate requests - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body).to.have.property(\"title\", \"Request must be unique\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Setting many policies w/ different item types - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"resource_server\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for non existent APD - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"thisdoesnotexist.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for provider for inactive APD - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Existing policy - [409]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(409);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:AlreadyExists\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"activeapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"pendingapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for provider for pending APD - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"pendingapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for provider for TEST_APD_URL does not own - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25192,7 +23588,6 @@ "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body).to.have.property(\"title\", \"Not allowed to create policies for resource\");", "});" ], "type": "text/javascript" @@ -25204,13 +23599,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\":\"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": []\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25232,14 +23627,14 @@ "response": [] }, { - "name": "Other trustee setting policy for provider for TEST_APD_URL - [200]", + "name": "Invalid userClass - [400]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25248,8 +23643,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", "});" ], "type": "text/javascript" @@ -25261,13 +23655,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"?\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25287,21 +23681,16 @@ } }, "response": [] - } - ] - }, - { - "name": "Provider setting APD policies", - "item": [ + }, { - "name": "Provider cannot set APD policy for activeapd.integration-iudx.io - no trustee policy - [400]", + "name": "Missing userClass - [400]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25311,7 +23700,6 @@ "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body).to.have.property(\"title\", \"No auth policy for user by trustee\");", "});" ], "type": "text/javascript" @@ -25329,7 +23717,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"4b367af2-ad55-4017-9e19-35a5fa37e9b8\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"activeapd.integration-iudx.io\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"aec83a80-61ec-4ae0-8671-80194f2ce73e\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"{{TEST_APD_URL}}\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25351,14 +23739,14 @@ "response": [] }, { - "name": "Postman trustee setting policy for provider for active APD - [200]", + "name": "Invalid expiryTime - [400]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25367,8 +23755,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", "});" ], "type": "text/javascript" @@ -25380,13 +23767,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"activeapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {},\n \"expiryTime\": \"2133231-23-232T90320\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25408,7 +23795,7 @@ "response": [] }, { - "name": "Provider cannot set APD policy for pendingapd.integration-iudx.io - [400]", + "name": "Duplicate requests - [400]", "event": [ { "listen": "test", @@ -25442,7 +23829,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"4b367af2-ad55-4017-9e19-35a5fa37e9b8\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"pendingapd.integration-iudx.io\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"aec83a80-61ec-4ae0-8671-80194f2ce73e\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"{{TEST_APD_URL}}\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25462,7 +23849,12 @@ } }, "response": [] - }, + } + ] + }, + { + "name": "Provider setting APD policies", + "item": [ { "name": "Provider cannot set APD policy for inactiveapd.integration-iudx.io - [400]", "event": [ @@ -27198,69 +25590,6 @@ { "name": "List APD policies", "item": [ - { - "name": "Postman.trustee viewing policies", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " let apdcount = 0;", - " let id_array = [];", - " pm.expect(body.results).to.not.be.empty;", - " body.results.forEach((r) => {", - " if(r.itemType === 'apd'){", - " pm.expect(r.user.id).to.be.eq(\"746442f5-18a7-44fd-8c8f-3e39e5026fae\");", - " pm.expect(r.user.email).to.be.eq(\"postman.provider-admin@datakaveri.org\");", - " pm.expect(r.constraints).to.exist;", - " pm.expect(r.policyId).to.exist;", - " pm.expect(r.expiryTime).to.exist;", - " apdcount++;", - " id_array.push({id:r.policyId});", - " }", - " })", - " pm.environment.set(\"TRUSTEE_POLICY_IDS\", JSON.stringify(id_array));", - " pm.expect(apdcount).to.be.eq(3);", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, { "name": "Consumer cannot see any apd policies", "event": [ @@ -27691,122 +26020,6 @@ }, "response": [] }, - { - "name": "Postman.trustee deleting trustee policies", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": {{TRUSTEE_POLICY_IDS}}\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman.trustee deleting same again", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": {{TRUSTEE_POLICY_IDS}}\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, { "name": "Postman.provider viewing policies after delete", "event": [ @@ -27858,57 +26071,6 @@ } }, "response": [] - }, - { - "name": "Postman.trustee viewing policies after delete", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.results).to.not.be.empty;", - " body.results.forEach((r) => {", - " pm.expect(r.itemType).to.not.be.eq(\"apd\");", - " })", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] } ] },