Skip to content

Commit e369e62

Browse files
zambrinfzambrinf
committed
added some tests
1 parent 4cf17a0 commit e369e62

File tree

2 files changed

+170
-1
lines changed

2 files changed

+170
-1
lines changed

api/src/test/java/io/kafbat/ui/service/rbac/AccessControlServiceTest.java

+169
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,169 @@
1+
package io.kafbat.ui.service.rbac;
2+
3+
import static org.mockito.ArgumentMatchers.any;
4+
import static org.mockito.Mockito.mock;
5+
import static org.mockito.Mockito.when;
6+
7+
import io.kafbat.ui.AbstractIntegrationTest;
8+
import io.kafbat.ui.config.auth.RbacUser;
9+
import io.kafbat.ui.config.auth.RoleBasedAccessControlProperties;
10+
import io.kafbat.ui.model.rbac.AccessContext;
11+
import java.util.List;
12+
import io.kafbat.ui.model.rbac.Role;
13+
import org.junit.jupiter.api.Assertions;
14+
import org.junit.jupiter.api.BeforeEach;
15+
import org.junit.jupiter.api.Test;
16+
import org.mockito.Mock;
17+
import org.mockito.MockedStatic;
18+
import org.mockito.Mockito;
19+
import org.springframework.beans.factory.annotation.Autowired;
20+
import org.springframework.context.ApplicationContextInitializer;
21+
import org.springframework.context.ConfigurableApplicationContext;
22+
import org.springframework.security.access.AccessDeniedException;
23+
import org.springframework.security.core.Authentication;
24+
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
25+
import org.springframework.security.core.context.SecurityContext;
26+
import org.springframework.test.context.ContextConfiguration;
27+
import org.springframework.test.util.ReflectionTestUtils;
28+
import reactor.core.publisher.Mono;
29+
import reactor.test.StepVerifier;
30+
31+
//@ContextConfiguration(initializers = {AccessControlServiceTest.PropertiesInitializer.class})
32+
class AccessControlServiceTest extends AbstractIntegrationTest {
33+
34+
// public static class PropertiesInitializer extends AbstractIntegrationTest.Initializer
35+
// implements ApplicationContextInitializer<ConfigurableApplicationContext> {
36+
37+
// @Override
38+
// public void initialize(ConfigurableApplicationContext applicationContext) {
39+
// System.setProperty("rbac.roles[0].name", "memelords");
40+
// System.setProperty("rbac.roles[0].clusters[0]", "local");
41+
//
42+
// System.setProperty("rbac.roles[0].subjects[0].provider", "oauth_google");
43+
// System.setProperty("rbac.roles[0].subjects[0].type", "domain");
44+
// System.setProperty("rbac.roles[0].subjects[0].value", "katbat.dev");
45+
//
46+
// System.setProperty("rbac.roles[0].subjects[1].provider", "oauth_google");
47+
// System.setProperty("rbac.roles[0].subjects[1].type", "user");
48+
// System.setProperty("rbac.roles[0].subjects[1].value", "name@kafbat.dev");
49+
//
50+
// System.setProperty("rbac.roles[0].permissions[0].resource", "applicationconfig");
51+
// System.setProperty("rbac.roles[0].permissions[0].actions", "all");
52+
//
53+
// super.initialize(applicationContext);
54+
// }
55+
// }
56+
57+
@Autowired
58+
AccessControlService accessControlService;
59+
60+
@Mock
61+
ReactiveSecurityContextHolder securityContextHolder;
62+
63+
@Mock
64+
SecurityContext securityContext;
65+
66+
@Mock
67+
Authentication authentication;
68+
69+
@Mock
70+
RbacUser user;
71+
72+
@BeforeEach
73+
void setUp() {
74+
// Mock roles
75+
RoleBasedAccessControlProperties properties = mock();
76+
77+
Role memeLordsRole = new Role();
78+
memeLordsRole.setClusters(List.of("local"));
79+
memeLordsRole.setName("memeLords");
80+
List<Role> roles = List.of(
81+
memeLordsRole
82+
);
83+
when(properties.getRoles()).thenReturn(roles);
84+
ReflectionTestUtils.setField(accessControlService, "properties", properties);
85+
86+
// Mock security context
87+
when(securityContext.getAuthentication()).thenReturn(authentication);
88+
when(authentication.getPrincipal()).thenReturn(user);
89+
}
90+
91+
public void withSecurityContext(Runnable runnable) {
92+
try (MockedStatic<ReactiveSecurityContextHolder> ctxHolder = Mockito.mockStatic(
93+
ReactiveSecurityContextHolder.class)) {
94+
// Mock static method to get security context
95+
ctxHolder.when(ReactiveSecurityContextHolder::getContext).thenReturn(Mono.just(securityContext));
96+
runnable.run();
97+
}
98+
}
99+
100+
@Test
101+
void validateAccess() {
102+
withSecurityContext(() -> {
103+
when(user.groups()).thenReturn(List.of("memelords"));
104+
AccessContext.ResourceAccess mockedResource = mock(AccessContext.ResourceAccess.class);
105+
when(mockedResource.isAccessible(any())).thenReturn(true);
106+
var accessContext = new AccessContext("local", List.of(
107+
mockedResource
108+
), "op", "params");
109+
110+
Mono<Void> voidMono = accessControlService.validateAccess(accessContext);
111+
StepVerifier.create(voidMono)
112+
.expectComplete()
113+
.verify();
114+
});
115+
}
116+
117+
@Test
118+
void validateAccess_deniedWrongGroup() {
119+
withSecurityContext(() -> {
120+
when(user.groups()).thenReturn(List.of("otherGroup")); // wrong group
121+
AccessContext.ResourceAccess mockedResource = mock(AccessContext.ResourceAccess.class);
122+
when(mockedResource.isAccessible(any())).thenReturn(true);
123+
var accessContext = new AccessContext("local", List.of(
124+
mockedResource
125+
), "op", "params");
126+
127+
Mono<Void> voidMono = accessControlService.validateAccess(accessContext);
128+
StepVerifier.create(voidMono)
129+
.expectErrorMatches(e -> e instanceof AccessDeniedException)
130+
.verify();
131+
});
132+
}
133+
134+
@Test
135+
void validateAccess_deniedWrongCluster() {
136+
withSecurityContext(() -> {
137+
when(user.groups()).thenReturn(List.of("memelords"));
138+
AccessContext.ResourceAccess mockedResource = mock(AccessContext.ResourceAccess.class);
139+
when(mockedResource.isAccessible(any())).thenReturn(true);
140+
var accessContext = new AccessContext("prod", // wrong cluster
141+
List.of(
142+
mockedResource
143+
), "op", "params");
144+
145+
Mono<Void> voidMono = accessControlService.validateAccess(accessContext);
146+
StepVerifier.create(voidMono)
147+
.expectErrorMatches(e -> e instanceof AccessDeniedException)
148+
.verify();
149+
});
150+
}
151+
152+
@Test
153+
void validateAccess_deniedResourceNotAcessible() {
154+
withSecurityContext(() -> {
155+
when(user.groups()).thenReturn(List.of("memelords"));
156+
AccessContext.ResourceAccess mockedResource = mock(AccessContext.ResourceAccess.class);
157+
when(mockedResource.isAccessible(any())).thenReturn(false); // resource not acessible
158+
var accessContext = new AccessContext("local", List.of(
159+
mockedResource
160+
), "op", "params");
161+
162+
Mono<Void> voidMono = accessControlService.validateAccess(accessContext);
163+
StepVerifier.create(voidMono)
164+
.expectErrorMatches(e -> e instanceof AccessDeniedException)
165+
.verify();
166+
});
167+
}
168+
169+
}

api/src/test/resources/application-test.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,4 @@ spring:
22
jmx:
33
enabled: true
44
auth:
5-
type: DISABLED
5+
type: DISABLED

0 commit comments

Comments
 (0)