Skip to content

BE: RBAC: Implement RBAC tests #767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Apr 27, 2025
Merged

BE: RBAC: Implement RBAC tests #767

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
e369e62
added some tests
zambrinf Jan 11, 2025
f868570
rbac enabled tests
zambrinf Jan 12, 2025
1d5ca3b
added more test, closes #729
zambrinf Jan 12, 2025
fa99b39
added test cases for issues
zambrinf Jan 14, 2025
8208a8e
Merge branch 'main' into issues/729
zambrinf Jan 14, 2025
ae68966
Merge branch 'main' into issues/729
zambrinf Jan 14, 2025
efe4a70
Update application-test.yml
zambrinf Jan 15, 2025
520591a
revert yml file
zambrinf Jan 15, 2025
cda283f
Merge branch 'issues/729' of https://github.com/zambrinf/kafka-ui int…
zambrinf Jan 15, 2025
a4b6378
Merge branch 'main' into issues/729
zambrinf Jan 15, 2025
b26f849
Merge branch 'main' into issues/729
zambrinf Jan 18, 2025
6d3a9fc
fix tests for new validation
zambrinf Jan 18, 2025
2c15651
Merge branch 'main' into issues/729
zambrinf Feb 9, 2025
06a8374
Merge branch 'main' into issues/729
zambrinf Feb 12, 2025
ce35375
Merge branch 'main' into issues/729
Haarolean Mar 8, 2025
4efe946
addressing comments
zambrinf Apr 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
173 changes: 173 additions & 0 deletions api/src/test/java/io/kafbat/ui/service/rbac/AccessControlServiceRbacDisabledTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
package io.kafbat.ui.service.rbac;

import static io.kafbat.ui.service.rbac.MockedRbacUtils.CONNECT_NAME;
import static io.kafbat.ui.service.rbac.MockedRbacUtils.CONSUMER_GROUP_NAME;
import static io.kafbat.ui.service.rbac.MockedRbacUtils.DEV_ROLE;
import static io.kafbat.ui.service.rbac.MockedRbacUtils.PROD_CLUSTER;
import static io.kafbat.ui.service.rbac.MockedRbacUtils.SCHEMA_NAME;
import static io.kafbat.ui.service.rbac.MockedRbacUtils.TOPIC_NAME;
import static io.kafbat.ui.service.rbac.MockedRbacUtils.getAccessContext;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.when;

import io.kafbat.ui.AbstractIntegrationTest;
import io.kafbat.ui.config.auth.RbacUser;
import io.kafbat.ui.model.ClusterDTO;
import io.kafbat.ui.model.ConnectDTO;
import io.kafbat.ui.model.InternalTopic;
import io.kafbat.ui.model.rbac.AccessContext;
import io.kafbat.ui.model.rbac.Role;
import java.util.List;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.test.annotation.DirtiesContext;
import reactor.core.publisher.Mono;
import reactor.test.StepVerifier;

/**
* Test cases for AccessControlService when RBAC is disabled.
* Using PROD cluster and user DEV role for all tests.
*/
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
class AccessControlServiceRbacDisabledTest extends AbstractIntegrationTest {

@Autowired
AccessControlService accessControlService;

@Mock
SecurityContext securityContext;

@Mock
Authentication authentication;

@Mock
RbacUser user;

@BeforeEach
void setUp() {
// Mock security context
when(securityContext.getAuthentication()).thenReturn(authentication);
when(authentication.getPrincipal()).thenReturn(user);
}

public void withSecurityContext(Runnable runnable) {
try (MockedStatic<ReactiveSecurityContextHolder> ctxHolder = Mockito.mockStatic(
ReactiveSecurityContextHolder.class)) {
// Mock static method to get security context
ctxHolder.when(ReactiveSecurityContextHolder::getContext).thenReturn(Mono.just(securityContext));
runnable.run();
}
}

@Test
void validateAccess() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
AccessContext context = getAccessContext(PROD_CLUSTER, true);
Mono<Void> validateAccessMono = accessControlService.validateAccess(context);
StepVerifier.create(validateAccessMono)
.expectComplete()
.verify();
});
}

@Test
void isClusterAccessible() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
ClusterDTO clusterDto = new ClusterDTO();
clusterDto.setName(PROD_CLUSTER);
Mono<Boolean> clusterAccessibleMono = accessControlService.isClusterAccessible(clusterDto);
StepVerifier.create(clusterAccessibleMono)
.expectNext(true)
.expectComplete()
.verify();
});
}

@Test
void filterViewableTopics() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
List<InternalTopic> topics = List.of(
InternalTopic.builder()
.name(TOPIC_NAME)
.build()
);
Mono<List<InternalTopic>> filterTopicsMono = accessControlService.filterViewableTopics(topics, PROD_CLUSTER);
StepVerifier.create(filterTopicsMono)
.expectNextMatches(responseTopics -> responseTopics.stream().anyMatch(t -> t.getName().equals(TOPIC_NAME)))
.expectComplete()
.verify();
});
}

@Test
void isConsumerGroupAccessible() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
Mono<Boolean> consumerGroupAccessibleMono =
accessControlService.isConsumerGroupAccessible(CONSUMER_GROUP_NAME, PROD_CLUSTER);
StepVerifier.create(consumerGroupAccessibleMono)
.expectNext(true)
.expectComplete()
.verify();
});
}

@Test
void isSchemaAccessible() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
Mono<Boolean> consumerGroupAccessibleMono =
accessControlService.isSchemaAccessible(SCHEMA_NAME, PROD_CLUSTER);
StepVerifier.create(consumerGroupAccessibleMono)
.expectNext(true)
.expectComplete()
.verify();
});
}

@Test
void isConnectAccessible() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
Mono<Boolean> consumerGroupAccessibleMono =
accessControlService.isConnectAccessible(CONNECT_NAME, PROD_CLUSTER);
StepVerifier.create(consumerGroupAccessibleMono)
.expectNext(true)
.expectComplete()
.verify();
});
}

@Test
void isConnectAccessibleDto() {
withSecurityContext(() -> {
when(user.groups()).thenReturn(List.of(DEV_ROLE));
ConnectDTO connectDto = ConnectDTO.builder()
.name(CONNECT_NAME)
.build();
Mono<Boolean> consumerGroupAccessibleMono =
accessControlService.isConnectAccessible(connectDto, PROD_CLUSTER);
StepVerifier.create(consumerGroupAccessibleMono)
.expectNext(true)
.expectComplete()
.verify();
});
}

@Test
void getRoles() {
List<Role> roles = accessControlService.getRoles();
assertThat(roles).isEmpty();
}

}
Loading
Loading