From 74318abc92ce9f507c1ba1f00964e09f70d3fd06 Mon Sep 17 00:00:00 2001 From: gardusig Date: Thu, 15 Sep 2022 00:36:51 -0300 Subject: [PATCH 1/4] Added tests for authorization client --- .../client/api/AuthorizationClientTests.java | 148 +++++++++++++----- .../orkes/conductor/client/util/Commons.java | 4 + 2 files changed, 114 insertions(+), 38 deletions(-) diff --git a/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java b/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java index e1a0fb5c..a613f57b 100644 --- a/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java +++ b/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java @@ -18,11 +18,15 @@ import org.junit.jupiter.api.Test; import io.orkes.conductor.client.AuthorizationClient; +import io.orkes.conductor.client.http.ApiException; import io.orkes.conductor.client.model.*; import io.orkes.conductor.client.model.UpsertGroupRequest.RolesEnum; +import io.orkes.conductor.client.util.Commons; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; public class AuthorizationClientTests extends ClientTest { private final AuthorizationClient authorizationClient; @@ -34,42 +38,46 @@ public AuthorizationClientTests() { @Test @DisplayName("auto assign group permission on workflow creation by any group member") public void autoAssignWorkflowPermissions() { - giveApplicationPermissions("46f0bf10-b59d-4fbd-a053-935307c8cb86"); + giveApplicationPermissions(Commons.APPLICATION_ID); Group group = authorizationClient.upsertGroup(getUpsertGroupRequest(), "sdk-test-group"); validateGroupPermissions(group.getId()); } @Test - void testAddUser() { - UpsertUserRequest request = new UpsertUserRequest(); - request.setName("Orkes User"); - request.setGroups(Arrays.asList("Example Group")); - request.setRoles(Arrays.asList(UpsertUserRequest.RolesEnum.USER)); - String userId = "user@orkes.io"; // MUST be the email addressed used to login to Conductor - ConductorUser user = authorizationClient.upsertUser(request, userId); - assertNotNull(user); - - ConductorUser found = authorizationClient.getUser(userId); - assertNotNull(found); - assertEquals(user.getName(), found.getName()); - assertEquals(user.getGroups().get(0).getId(), found.getGroups().get(0).getId()); - assertEquals(user.getRoles().get(0).getName(), found.getRoles().get(0).getName()); + void testUser() { + ConductorUser user = authorizationClient.upsertUser( + getUpserUserRequest(), + Commons.USER_EMAIL); + ConductorUser receivedUser = authorizationClient.getUser(Commons.USER_EMAIL); + assertEquals( + user.getName(), + receivedUser.getName()); + assertEquals( + user.getGroups().get(0).getId(), + receivedUser.getGroups().get(0).getId()); + assertEquals( + user.getRoles().get(0).getName(), + receivedUser.getRoles().get(0).getName()); + authorizationClient.sendInviteEmail(user.getId(), user); } @Test - void testAddGroup() { + void testGroup() { UpsertGroupRequest request = new UpsertGroupRequest(); - // Default Access for the group. When specified, any new workflow or task created by the + // Default Access for the group. When specified, any new workflow or task + // created by the // members of this group // get this default permission inside the group. Map> defaultAccess = new HashMap<>(); - // Grant READ access to the members of the group for any new workflow created by a member of + // Grant READ access to the members of the group for any new workflow created by + // a member of // this group defaultAccess.put("WORKFLOW_DEF", List.of("READ")); - // Grant EXECUTE access to the members of the group for any new task created by a member of + // Grant EXECUTE access to the members of the group for any new task created by + // a member of // this group defaultAccess.put("TASK_DEF", List.of("EXECUTE")); request.setDefaultAccess(defaultAccess); @@ -77,23 +85,22 @@ void testAddGroup() { request.setDescription("Example group created for testing"); request.setRoles(Arrays.asList(UpsertGroupRequest.RolesEnum.USER)); - String groupId = "Test Group"; - Group group = authorizationClient.upsertGroup(request, groupId); + Group group = authorizationClient.upsertGroup(request, Commons.GROUP_ID); assertNotNull(group); - Group found = authorizationClient.getGroup(groupId); + Group found = authorizationClient.getGroup(Commons.GROUP_ID); assertNotNull(found); assertEquals(group.getId(), found.getId()); assertEquals(group.getDefaultAccess().keySet(), found.getDefaultAccess().keySet()); } @Test - void testAddApplication() { - + void testApplication() { CreateOrUpdateApplicationRequest request = new CreateOrUpdateApplicationRequest(); request.setName("Test Application for the testing"); - // WARNING: Application Name is not a UNIQUE value and if called multiple times, it will + // WARNING: Application Name is not a UNIQUE value and if called multiple times, + // it will // create a new application ConductorApplication application = authorizationClient.createApplication(request); assertNotNull(application); @@ -102,26 +109,34 @@ void testAddApplication() { // Get the list of applications List apps = authorizationClient.listApplications(); assertNotNull(apps); - long found = - apps.stream() - .map(ConductorApplication::getId) - .filter(id -> id.equals(application.getId())) - .count(); + long found = apps.stream() + .map(ConductorApplication::getId) + .filter(id -> id.equals(application.getId())) + .count(); assertEquals(1, found); // Create new access key - CreateAccessKeyResponse accessKey = - authorizationClient.createAccessKey(application.getId()); - assertNotNull(accessKey.getId()); - assertNotNull(accessKey.getSecret()); - System.out.println(accessKey.getId() + ":" + accessKey.getSecret()); + CreateAccessKeyResponse accessKey = authorizationClient.createAccessKey(application.getId()); + List accessKeyResponses = authorizationClient.getAccessKeys(application.getId()); + assertEquals(1, accessKeyResponses.size()); + authorizationClient.toggleAccessKeyStatus(application.getId(), accessKey.getId()); + authorizationClient.deleteAccessKey(application.getId(), accessKey.getId()); + accessKeyResponses = authorizationClient.getAccessKeys(application.getId()); + assertEquals(0, accessKeyResponses.size()); + + String newName = "ansdjansdjna"; + authorizationClient.updateApplication( + new CreateOrUpdateApplicationRequest().name(newName), + application.getId()); + assertEquals( + newName, + authorizationClient.getApplication(application.getId()).getName()); authorizationClient.deleteApplication(application.getId()); } @Test - void testGrangPermissionsToGroup() { - + void testGrantPermissionsToGroup() { AuthorizationRequest request = new AuthorizationRequest(); request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ)); SubjectRef subject = new SubjectRef(); @@ -137,7 +152,6 @@ void testGrangPermissionsToGroup() { @Test void testGrantPermissionsToTag() { - AuthorizationRequest request = new AuthorizationRequest(); request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ)); @@ -156,6 +170,56 @@ void testGrantPermissionsToTag() { authorizationClient.grantPermissions(request); } + @Test + void testMethods() { + try { + authorizationClient.deleteUser(Commons.USER_EMAIL); + } catch (ApiException e) { + if (e.getCode() != 404) { + throw e; + } + } + authorizationClient.upsertUser( + getUpserUserRequest(), + Commons.USER_EMAIL); + List users = authorizationClient.listUsers(false); + assertFalse(users.isEmpty()); + users = authorizationClient.listUsers(true); + assertFalse(users.isEmpty()); + try { + authorizationClient.deleteGroup(Commons.GROUP_ID); + } catch (ApiException e) { + if (e.getCode() != 404) { + throw e; + } + } + authorizationClient.upsertGroup(getUpsertGroupRequest(), Commons.GROUP_ID); + List groups = authorizationClient.listGroups(); + assertFalse(groups.isEmpty()); + authorizationClient.addUserToGroup( + Commons.GROUP_ID, + Commons.USER_EMAIL); + boolean found = false; + for (ConductorUser user : authorizationClient.getUsersInGroup(Commons.GROUP_ID)) { + if (user.getName().equals(Commons.USER_NAME)) { + found = true; + } + } + assertTrue(found); + authorizationClient.getPermissions("abc", Commons.GROUP_ID); + assertEquals( + authorizationClient.getApplication(Commons.APPLICATION_ID).getId(), + Commons.APPLICATION_ID); + assertTrue( + authorizationClient.getGrantedPermissionsForGroup(Commons.GROUP_ID) + .getGrantedAccess() + .isEmpty()); + assertFalse( + authorizationClient.getGrantedPermissionsForUser(Commons.USER_EMAIL) + .getGrantedAccess() + .isEmpty()); + } + void giveApplicationPermissions(String applicationId) { authorizationClient.addRoleToApplicationUser(applicationId, "ADMIN"); } @@ -181,6 +245,14 @@ UpsertGroupRequest getUpsertGroupRequest() { .roles(List.of(RolesEnum.ADMIN)); } + UpsertUserRequest getUpserUserRequest() { + UpsertUserRequest request = new UpsertUserRequest(); + request.setName(Commons.USER_NAME); + request.setGroups(List.of(Commons.GROUP_ID)); + request.setRoles(List.of(UpsertUserRequest.RolesEnum.USER)); + return request; + } + List getAccessListAll() { return List.of("CREATE", "READ", "UPDATE", "EXECUTE", "DELETE"); } diff --git a/src/test/java/io/orkes/conductor/client/util/Commons.java b/src/test/java/io/orkes/conductor/client/util/Commons.java index 831ae308..0d855ad5 100644 --- a/src/test/java/io/orkes/conductor/client/util/Commons.java +++ b/src/test/java/io/orkes/conductor/client/util/Commons.java @@ -22,6 +22,10 @@ public class Commons { public static String TASK_NAME = "test-sdk-java-task"; public static String OWNER_EMAIL = "example@orkes.io"; public static int WORKFLOW_VERSION = 1; + public static String GROUP_ID = "sdk-test-group"; + public static String USER_NAME = "Orkes User"; + public static String USER_EMAIL = "user@orkes.io"; + public static String APPLICATION_ID = "46f0bf10-b59d-4fbd-a053-935307c8cb86"; public static TagObject getTagObject() { TagObject tagObject = new TagObject(); From fb5234a8689170d83413371c790f2b07a9f8970c Mon Sep 17 00:00:00 2001 From: gardusig Date: Thu, 15 Sep 2022 00:58:53 -0300 Subject: [PATCH 2/4] Added integration tests for auth client --- .../client/api/AuthorizationClientTests.java | 57 +++++++++++-------- 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java b/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java index a613f57b..204d66a0 100644 --- a/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java +++ b/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java @@ -20,6 +20,8 @@ import io.orkes.conductor.client.AuthorizationClient; import io.orkes.conductor.client.http.ApiException; import io.orkes.conductor.client.model.*; +import io.orkes.conductor.client.model.AuthorizationRequest.AccessEnum; +import io.orkes.conductor.client.model.TargetRef.TypeEnum; import io.orkes.conductor.client.model.UpsertGroupRequest.RolesEnum; import io.orkes.conductor.client.util.Commons; @@ -59,6 +61,10 @@ void testUser() { user.getRoles().get(0).getName(), receivedUser.getRoles().get(0).getName()); authorizationClient.sendInviteEmail(user.getId(), user); + Group group = authorizationClient.upsertGroup(getUpsertGroupRequest(), Commons.GROUP_ID); + assertNotNull(group); + authorizationClient.removeUserFromGroup(Commons.GROUP_ID, user.getId()); + authorizationClient.removePermissions(getAuthorizationRequest()); } @Test @@ -74,12 +80,12 @@ void testGroup() { // Grant READ access to the members of the group for any new workflow created by // a member of // this group - defaultAccess.put("WORKFLOW_DEF", List.of("READ")); + defaultAccess.put(TypeEnum.WORKFLOW_DEF.getValue(), List.of("READ")); // Grant EXECUTE access to the members of the group for any new task created by // a member of // this group - defaultAccess.put("TASK_DEF", List.of("EXECUTE")); + defaultAccess.put(TypeEnum.TASK_DEF.getValue(), List.of("EXECUTE")); request.setDefaultAccess(defaultAccess); request.setDescription("Example group created for testing"); @@ -87,7 +93,6 @@ void testGroup() { Group group = authorizationClient.upsertGroup(request, Commons.GROUP_ID); assertNotNull(group); - Group found = authorizationClient.getGroup(Commons.GROUP_ID); assertNotNull(found); assertEquals(group.getId(), found.getId()); @@ -124,6 +129,8 @@ void testApplication() { accessKeyResponses = authorizationClient.getAccessKeys(application.getId()); assertEquals(0, accessKeyResponses.size()); + authorizationClient.removeRoleFromApplicationUser(application.getId(), RolesEnum.ADMIN.getValue()); + String newName = "ansdjansdjna"; authorizationClient.updateApplication( new CreateOrUpdateApplicationRequest().name(newName), @@ -152,22 +159,7 @@ void testGrantPermissionsToGroup() { @Test void testGrantPermissionsToTag() { - AuthorizationRequest request = new AuthorizationRequest(); - request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ)); - - SubjectRef subject = new SubjectRef(); - subject.setId("Example Group"); - subject.setType(SubjectRef.TypeEnum.GROUP); - - request.setSubject(subject); - - // Grant permissions to the tag with accounting org - TargetRef target = new TargetRef(); - target.setId("org:accounting"); - target.setType(TargetRef.TypeEnum.TAG); - - request.setTarget(target); - authorizationClient.grantPermissions(request); + authorizationClient.grantPermissions(getAuthorizationRequest()); } @Test @@ -221,7 +213,7 @@ void testMethods() { } void giveApplicationPermissions(String applicationId) { - authorizationClient.addRoleToApplicationUser(applicationId, "ADMIN"); + authorizationClient.addRoleToApplicationUser(applicationId, RolesEnum.ADMIN.getValue()); } void validateGroupPermissions(String id) { @@ -239,8 +231,8 @@ UpsertGroupRequest getUpsertGroupRequest() { return new UpsertGroupRequest() .defaultAccess( Map.of( - "WORKFLOW_DEF", getAccessListAll(), - "TASK_DEF", getAccessListAll())) + TypeEnum.WORKFLOW_DEF.getValue(), getAccessListAll(), + TypeEnum.TASK_DEF.getValue(), getAccessListAll())) .description("Group used for SDK testing") .roles(List.of(RolesEnum.ADMIN)); } @@ -254,6 +246,25 @@ UpsertUserRequest getUpserUserRequest() { } List getAccessListAll() { - return List.of("CREATE", "READ", "UPDATE", "EXECUTE", "DELETE"); + return List.of( + "CREATE", + "READ", + "UPDATE", + "EXECUTE", + "DELETE"); + } + + AuthorizationRequest getAuthorizationRequest() { + AuthorizationRequest request = new AuthorizationRequest(); + request.access(Arrays.asList(AuthorizationRequest.AccessEnum.READ)); + SubjectRef subject = new SubjectRef(); + subject.setId("Example Group"); + subject.setType(SubjectRef.TypeEnum.GROUP); + request.setSubject(subject); + TargetRef target = new TargetRef(); + target.setId("org:accounting"); + target.setType(TargetRef.TypeEnum.TAG); + request.setTarget(target); + return request; } } From 7f07e9f29237fa84d094f1770dd6a6dccf01159e Mon Sep 17 00:00:00 2001 From: gardusig Date: Thu, 15 Sep 2022 13:14:36 -0300 Subject: [PATCH 3/4] Updated authorization client tests --- .../orkes/conductor/client/api/AuthorizationClientTests.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java b/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java index 204d66a0..1e743a7b 100644 --- a/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java +++ b/src/test/java/io/orkes/conductor/client/api/AuthorizationClientTests.java @@ -20,7 +20,6 @@ import io.orkes.conductor.client.AuthorizationClient; import io.orkes.conductor.client.http.ApiException; import io.orkes.conductor.client.model.*; -import io.orkes.conductor.client.model.AuthorizationRequest.AccessEnum; import io.orkes.conductor.client.model.TargetRef.TypeEnum; import io.orkes.conductor.client.model.UpsertGroupRequest.RolesEnum; import io.orkes.conductor.client.util.Commons; @@ -41,7 +40,9 @@ public AuthorizationClientTests() { @DisplayName("auto assign group permission on workflow creation by any group member") public void autoAssignWorkflowPermissions() { giveApplicationPermissions(Commons.APPLICATION_ID); - Group group = authorizationClient.upsertGroup(getUpsertGroupRequest(), "sdk-test-group"); + Group group = authorizationClient.upsertGroup( + getUpsertGroupRequest(), + "sdk-test-group"); validateGroupPermissions(group.getId()); } From f16084b2d14abe62e35c36230af8d8f6c21994b6 Mon Sep 17 00:00:00 2001 From: gardusig Date: Thu, 15 Sep 2022 13:21:51 -0300 Subject: [PATCH 4/4] Updated Examples tests --- .../io/orkes/conductor/client/Examples.java | 36 ++++++++----------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/src/test/java/io/orkes/conductor/client/Examples.java b/src/test/java/io/orkes/conductor/client/Examples.java index 799c919d..cdc628e0 100644 --- a/src/test/java/io/orkes/conductor/client/Examples.java +++ b/src/test/java/io/orkes/conductor/client/Examples.java @@ -12,8 +12,6 @@ */ package io.orkes.conductor.client; -import java.util.*; - import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; @@ -21,9 +19,6 @@ import com.netflix.conductor.common.metadata.workflow.StartWorkflowRequest; import com.netflix.conductor.common.metadata.workflow.WorkflowDef; -import io.orkes.conductor.client.http.OrkesMetadataClient; -import io.orkes.conductor.client.model.*; -import io.orkes.conductor.client.model.AuthorizationRequest; import io.orkes.conductor.client.model.Group; import io.orkes.conductor.client.model.TagObject; import io.orkes.conductor.client.model.UpsertGroupRequest; @@ -34,6 +29,12 @@ import static org.junit.jupiter.api.Assertions.assertEquals; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + public class Examples { private final MetadataClient metadataClient; private final WorkflowClient workflowClient; @@ -55,18 +56,8 @@ public void tagWorkflowsAndTasks() { tagObject.setType(TagObject.TypeEnum.METADATA); tagObject.setKey("a"); tagObject.setValue("b"); - ((OrkesMetadataClient) metadataClient).addTaskTag(tagObject, Commons.TASK_NAME); - ((OrkesMetadataClient) metadataClient).addWorkflowTag(tagObject, Commons.WORKFLOW_NAME); - } - - @Test - @DisplayName("add auth to tags") - public void addAuthToTags() { - // Add auth to tags - AuthorizationRequest authorizationRequest = new AuthorizationRequest(); - authorizationRequest.access( - Collections.singletonList(AuthorizationRequest.AccessEnum.EXECUTE)); - // authorizationResourceApi.grantPermissions(authorizationRequest); + metadataClient.addTaskTag(tagObject, Commons.TASK_NAME); + metadataClient.addWorkflowTag(tagObject, Commons.WORKFLOW_NAME); } @Test @@ -84,8 +75,7 @@ public void startWorkflow() { StartWorkflowRequest startWorkflowRequest = new StartWorkflowRequest(); startWorkflowRequest.setName(Commons.WORKFLOW_NAME); startWorkflowRequest.setVersion(1); - Map input = new HashMap<>(); - startWorkflowRequest.setInput(input); + startWorkflowRequest.setInput(new HashMap<>()); workflowClient.startWorkflow(startWorkflowRequest); } @@ -136,7 +126,11 @@ UpsertGroupRequest getUpsertGroupRequest() { } List getAccessListAll() { - return new ArrayList( - Arrays.asList("CREATE", "READ", "UPDATE", "EXECUTE", "DELETE")); + return List.of( + "CREATE", + "READ", + "UPDATE", + "EXECUTE", + "DELETE"); } }