Skip to content

Commit

Permalink
Merge pull request #27 from orkes-io/tests/authorization-client
Browse files Browse the repository at this point in the history 
Added tests for Authorization client
  • Loading branch information
@v1r3n
v1r3n authored Sep 16, 2022
2 parents 60f31da + f16084b commit bb9afd8
Show file tree
Hide file tree
Showing 2 changed files with 160 additions and 82 deletions.
36 changes: 15 additions & 21 deletions src/test/java/io/orkes/conductor/client/Examples.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,13 @@
*/
package io.orkes.conductor.client;

import java.util.*;

import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;

import com.netflix.conductor.common.metadata.tasks.TaskDef;
import com.netflix.conductor.common.metadata.workflow.StartWorkflowRequest;
import com.netflix.conductor.common.metadata.workflow.WorkflowDef;

import io.orkes.conductor.client.http.OrkesMetadataClient;
import io.orkes.conductor.client.model.*;
import io.orkes.conductor.client.model.AuthorizationRequest;
import io.orkes.conductor.client.model.Group;
import io.orkes.conductor.client.model.TagObject;
import io.orkes.conductor.client.model.UpsertGroupRequest;
Expand All @@ -34,6 +29,12 @@

import static org.junit.jupiter.api.Assertions.assertEquals;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

public class Examples {
private final MetadataClient metadataClient;
private final WorkflowClient workflowClient;
Expand All @@ -55,18 +56,8 @@ public void tagWorkflowsAndTasks() {
tagObject.setType(TagObject.TypeEnum.METADATA);
tagObject.setKey("a");
tagObject.setValue("b");
((OrkesMetadataClient) metadataClient).addTaskTag(tagObject, Commons.TASK_NAME);
((OrkesMetadataClient) metadataClient).addWorkflowTag(tagObject, Commons.WORKFLOW_NAME);
}

@Test
@DisplayName("add auth to tags")
public void addAuthToTags() {
// Add auth to tags
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.access(
Collections.singletonList(AuthorizationRequest.AccessEnum.EXECUTE));
// authorizationResourceApi.grantPermissions(authorizationRequest);
metadataClient.addTaskTag(tagObject, Commons.TASK_NAME);
metadataClient.addWorkflowTag(tagObject, Commons.WORKFLOW_NAME);
}

@Test
Expand All @@ -84,8 +75,7 @@ public void startWorkflow() {
StartWorkflowRequest startWorkflowRequest = new StartWorkflowRequest();
startWorkflowRequest.setName(Commons.WORKFLOW_NAME);
startWorkflowRequest.setVersion(1);
Map<String, Object> input = new HashMap<>();
startWorkflowRequest.setInput(input);
startWorkflowRequest.setInput(new HashMap<>());
workflowClient.startWorkflow(startWorkflowRequest);
}

Expand Down Expand Up @@ -136,7 +126,11 @@ UpsertGroupRequest getUpsertGroupRequest() {
}

List<String> getAccessListAll() {
return new ArrayList<String>(
Arrays.asList("CREATE", "READ", "UPDATE", "EXECUTE", "DELETE"));
return List.of(
"CREATE",
"READ",
"UPDATE",
"EXECUTE",
"DELETE");
}
}
206 changes: 145 additions & 61 deletions src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,16 @@
import org.junit.jupiter.api.Test;

import io.orkes.conductor.client.AuthorizationClient;
import io.orkes.conductor.client.http.ApiException;
import io.orkes.conductor.client.model.*;
import io.orkes.conductor.client.model.TargetRef.TypeEnum;
import io.orkes.conductor.client.model.UpsertGroupRequest.RolesEnum;
import io.orkes.conductor.client.util.Commons;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;

public class AuthorizationClientTests extends ClientTest {
private final AuthorizationClient authorizationClient;
Expand All @@ -34,66 +39,74 @@ public AuthorizationClientTests() {
@Test
@DisplayName("auto assign group permission on workflow creation by any group member")
public void autoAssignWorkflowPermissions() {
giveApplicationPermissions("46f0bf10-b59d-4fbd-a053-935307c8cb86");
Group group = authorizationClient.upsertGroup(getUpsertGroupRequest(), "sdk-test-group");
giveApplicationPermissions(Commons.APPLICATION_ID);
Group group = authorizationClient.upsertGroup(
getUpsertGroupRequest(),
"sdk-test-group");
validateGroupPermissions(group.getId());
}

@Test
void testAddUser() {
UpsertUserRequest request = new UpsertUserRequest();
request.setName("Orkes User");
request.setGroups(Arrays.asList("Example Group"));
request.setRoles(Arrays.asList(UpsertUserRequest.RolesEnum.USER));
String userId = "[email protected]"; // MUST be the email addressed used to login to Conductor
ConductorUser user = authorizationClient.upsertUser(request, userId);
assertNotNull(user);

ConductorUser found = authorizationClient.getUser(userId);
assertNotNull(found);
assertEquals(user.getName(), found.getName());
assertEquals(user.getGroups().get(0).getId(), found.getGroups().get(0).getId());
assertEquals(user.getRoles().get(0).getName(), found.getRoles().get(0).getName());
void testUser() {
ConductorUser user = authorizationClient.upsertUser(
getUpserUserRequest(),
Commons.USER_EMAIL);
ConductorUser receivedUser = authorizationClient.getUser(Commons.USER_EMAIL);
assertEquals(
user.getName(),
receivedUser.getName());
assertEquals(
user.getGroups().get(0).getId(),
receivedUser.getGroups().get(0).getId());
assertEquals(
user.getRoles().get(0).getName(),
receivedUser.getRoles().get(0).getName());
authorizationClient.sendInviteEmail(user.getId(), user);
Group group = authorizationClient.upsertGroup(getUpsertGroupRequest(), Commons.GROUP_ID);
assertNotNull(group);
authorizationClient.removeUserFromGroup(Commons.GROUP_ID, user.getId());
authorizationClient.removePermissions(getAuthorizationRequest());
}

@Test
void testAddGroup() {
void testGroup() {
UpsertGroupRequest request = new UpsertGroupRequest();

// Default Access for the group. When specified, any new workflow or task created by the
// Default Access for the group. When specified, any new workflow or task
// created by the
// members of this group
// get this default permission inside the group.
Map<String, List<String>> defaultAccess = new HashMap<>();

// Grant READ access to the members of the group for any new workflow created by a member of
// Grant READ access to the members of the group for any new workflow created by
// a member of
// this group
defaultAccess.put("WORKFLOW_DEF", List.of("READ"));
defaultAccess.put(TypeEnum.WORKFLOW_DEF.getValue(), List.of("READ"));

// Grant EXECUTE access to the members of the group for any new task created by a member of
// Grant EXECUTE access to the members of the group for any new task created by
// a member of
// this group
defaultAccess.put("TASK_DEF", List.of("EXECUTE"));
defaultAccess.put(TypeEnum.TASK_DEF.getValue(), List.of("EXECUTE"));
request.setDefaultAccess(defaultAccess);

request.setDescription("Example group created for testing");
request.setRoles(Arrays.asList(UpsertGroupRequest.RolesEnum.USER));

String groupId = "Test Group";
Group group = authorizationClient.upsertGroup(request, groupId);
Group group = authorizationClient.upsertGroup(request, Commons.GROUP_ID);
assertNotNull(group);

Group found = authorizationClient.getGroup(groupId);
Group found = authorizationClient.getGroup(Commons.GROUP_ID);
assertNotNull(found);
assertEquals(group.getId(), found.getId());
assertEquals(group.getDefaultAccess().keySet(), found.getDefaultAccess().keySet());
}

@Test
void testAddApplication() {

void testApplication() {
CreateOrUpdateApplicationRequest request = new CreateOrUpdateApplicationRequest();
request.setName("Test Application for the testing");

// WARNING: Application Name is not a UNIQUE value and if called multiple times, it will
// WARNING: Application Name is not a UNIQUE value and if called multiple times,
// it will
// create a new application
ConductorApplication application = authorizationClient.createApplication(request);
assertNotNull(application);
Expand All @@ -102,26 +115,36 @@ void testAddApplication() {
// Get the list of applications
List<ConductorApplication> apps = authorizationClient.listApplications();
assertNotNull(apps);
long found =
apps.stream()
.map(ConductorApplication::getId)
.filter(id -> id.equals(application.getId()))
.count();
long found = apps.stream()
.map(ConductorApplication::getId)
.filter(id -> id.equals(application.getId()))
.count();
assertEquals(1, found);

// Create new access key
CreateAccessKeyResponse accessKey =
authorizationClient.createAccessKey(application.getId());
assertNotNull(accessKey.getId());
assertNotNull(accessKey.getSecret());
System.out.println(accessKey.getId() + ":" + accessKey.getSecret());
CreateAccessKeyResponse accessKey = authorizationClient.createAccessKey(application.getId());
List<AccessKeyResponse> accessKeyResponses = authorizationClient.getAccessKeys(application.getId());
assertEquals(1, accessKeyResponses.size());
authorizationClient.toggleAccessKeyStatus(application.getId(), accessKey.getId());
authorizationClient.deleteAccessKey(application.getId(), accessKey.getId());
accessKeyResponses = authorizationClient.getAccessKeys(application.getId());
assertEquals(0, accessKeyResponses.size());

authorizationClient.removeRoleFromApplicationUser(application.getId(), RolesEnum.ADMIN.getValue());

String newName = "ansdjansdjna";
authorizationClient.updateApplication(
new CreateOrUpdateApplicationRequest().name(newName),
application.getId());
assertEquals(
newName,
authorizationClient.getApplication(application.getId()).getName());

authorizationClient.deleteApplication(application.getId());
}

@Test
void testGrangPermissionsToGroup() {

void testGrantPermissionsToGroup() {
AuthorizationRequest request = new AuthorizationRequest();
request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ));
SubjectRef subject = new SubjectRef();
Expand All @@ -137,27 +160,61 @@ void testGrangPermissionsToGroup() {

@Test
void testGrantPermissionsToTag() {
authorizationClient.grantPermissions(getAuthorizationRequest());
}

AuthorizationRequest request = new AuthorizationRequest();
request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ));

SubjectRef subject = new SubjectRef();
subject.setId("Example Group");
subject.setType(SubjectRef.TypeEnum.GROUP);

request.setSubject(subject);

// Grant permissions to the tag with accounting org
TargetRef target = new TargetRef();
target.setId("org:accounting");
target.setType(TargetRef.TypeEnum.TAG);

request.setTarget(target);
authorizationClient.grantPermissions(request);
@Test
void testMethods() {
try {
authorizationClient.deleteUser(Commons.USER_EMAIL);
} catch (ApiException e) {
if (e.getCode() != 404) {
throw e;
}
}
authorizationClient.upsertUser(
getUpserUserRequest(),
Commons.USER_EMAIL);
List<ConductorUser> users = authorizationClient.listUsers(false);
assertFalse(users.isEmpty());
users = authorizationClient.listUsers(true);
assertFalse(users.isEmpty());
try {
authorizationClient.deleteGroup(Commons.GROUP_ID);
} catch (ApiException e) {
if (e.getCode() != 404) {
throw e;
}
}
authorizationClient.upsertGroup(getUpsertGroupRequest(), Commons.GROUP_ID);
List<Group> groups = authorizationClient.listGroups();
assertFalse(groups.isEmpty());
authorizationClient.addUserToGroup(
Commons.GROUP_ID,
Commons.USER_EMAIL);
boolean found = false;
for (ConductorUser user : authorizationClient.getUsersInGroup(Commons.GROUP_ID)) {
if (user.getName().equals(Commons.USER_NAME)) {
found = true;
}
}
assertTrue(found);
authorizationClient.getPermissions("abc", Commons.GROUP_ID);
assertEquals(
authorizationClient.getApplication(Commons.APPLICATION_ID).getId(),
Commons.APPLICATION_ID);
assertTrue(
authorizationClient.getGrantedPermissionsForGroup(Commons.GROUP_ID)
.getGrantedAccess()
.isEmpty());
assertFalse(
authorizationClient.getGrantedPermissionsForUser(Commons.USER_EMAIL)
.getGrantedAccess()
.isEmpty());
}

void giveApplicationPermissions(String applicationId) {
authorizationClient.addRoleToApplicationUser(applicationId, "ADMIN");
authorizationClient.addRoleToApplicationUser(applicationId, RolesEnum.ADMIN.getValue());
}

void validateGroupPermissions(String id) {
Expand All @@ -175,13 +232,40 @@ UpsertGroupRequest getUpsertGroupRequest() {
return new UpsertGroupRequest()
.defaultAccess(
Map.of(
"WORKFLOW_DEF", getAccessListAll(),
"TASK_DEF", getAccessListAll()))
TypeEnum.WORKFLOW_DEF.getValue(), getAccessListAll(),
TypeEnum.TASK_DEF.getValue(), getAccessListAll()))
.description("Group used for SDK testing")
.roles(List.of(RolesEnum.ADMIN));
}

UpsertUserRequest getUpserUserRequest() {
UpsertUserRequest request = new UpsertUserRequest();
request.setName(Commons.USER_NAME);
request.setGroups(List.of(Commons.GROUP_ID));
request.setRoles(List.of(UpsertUserRequest.RolesEnum.USER));
return request;
}

List<String> getAccessListAll() {
return List.of("CREATE", "READ", "UPDATE", "EXECUTE", "DELETE");
return List.of(
"CREATE",
"READ",
"UPDATE",
"EXECUTE",
"DELETE");
}

AuthorizationRequest getAuthorizationRequest() {
AuthorizationRequest request = new AuthorizationRequest();
request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ));
SubjectRef subject = new SubjectRef();
subject.setId("Example Group");
subject.setType(SubjectRef.TypeEnum.GROUP);
request.setSubject(subject);
TargetRef target = new TargetRef();
target.setId("org:accounting");
target.setType(TargetRef.TypeEnum.TAG);
request.setTarget(target);
return request;
}
}

0 comments on commit bb9afd8

Please sign in to comment.