http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/History.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/History.java b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/History.java new file mode 100644 index 0000000..8536871 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/History.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.history; + +import java.util.Collection; +import java.util.Date; +import org.apache.nifi.action.Action; + +/** + * The result of running an action query. + */ +public class History { + + private Integer total; + private Date lastRefreshed; + private Collection<Action> actions; + + public Collection<Action> getActions() { + return actions; + } + + public void setActions(Collection<Action> actions) { + this.actions = actions; + } + + public Integer getTotal() { + return total; + } + + public void setTotal(Integer totalRecordCount) { + this.total = totalRecordCount; + } + + public Date getLastRefreshed() { + return lastRefreshed; + } + + public void setLastRefreshed(Date lastRefreshed) { + this.lastRefreshed = lastRefreshed; + } + +}
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/HistoryQuery.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/HistoryQuery.java b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/HistoryQuery.java new file mode 100644 index 0000000..53cc13c --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/HistoryQuery.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.history; + +import java.util.Date; + +/** + * + */ +public class HistoryQuery { + + private String userName; + private String sourceId; + private Date startDate; + private Date endDate; + private Integer offset; + private Integer count; + private String sortColumn; + private String sortOrder; + + public Date getEndDate() { + return endDate; + } + + public void setEndDate(Date endDate) { + this.endDate = endDate; + } + + public String getSourceId() { + return sourceId; + } + + public void setSourceId(String sourceId) { + this.sourceId = sourceId; + } + + public Date getStartDate() { + return startDate; + } + + public void setStartDate(Date startDate) { + this.startDate = startDate; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public Integer getOffset() { + return offset; + } + + public void setOffset(Integer offset) { + this.offset = offset; + } + + public Integer getCount() { + return count; + } + + public void setCount(Integer count) { + this.count = count; + } + + public String getSortColumn() { + return sortColumn; + } + + public void setSortColumn(String sortColumn) { + this.sortColumn = sortColumn; + } + + public String getSortOrder() { + return sortOrder; + } + + public void setSortOrder(String sortOrder) { + this.sortOrder = sortOrder; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/PreviousValue.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/PreviousValue.java b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/PreviousValue.java new file mode 100644 index 0000000..6ece5cf --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/history/PreviousValue.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.history; + +import java.util.Date; + +/** + * + */ +public class PreviousValue { + + private String previousValue; + private Date timestamp; + private String userName; + + public String getPreviousValue() { + return previousValue; + } + + public void setPreviousValue(String previousValue) { + this.previousValue = previousValue; + } + + public Date getTimestamp() { + return timestamp; + } + + public void setTimestamp(Date timestamp) { + this.timestamp = timestamp; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/AccountStatus.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/AccountStatus.java b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/AccountStatus.java new file mode 100644 index 0000000..195f6bf --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/AccountStatus.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.user; + +/** + * Represents the status of a user's account. + */ +public enum AccountStatus { + + ACTIVE, + PENDING, + DISABLED; + + /** + * Returns the matching status or null if the specified status does not + * match any statuses. + * + * @param rawStatus + * @return + */ + public static AccountStatus valueOfStatus(String rawStatus) { + AccountStatus desiredStatus = null; + + for (AccountStatus status : values()) { + if (status.toString().equals(rawStatus)) { + desiredStatus = status; + break; + } + } + + return desiredStatus; + } +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUser.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUser.java b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUser.java new file mode 100644 index 0000000..984a572 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUser.java @@ -0,0 +1,154 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.user; + +import java.io.Serializable; +import java.util.Date; +import java.util.EnumSet; +import java.util.Objects; +import java.util.Set; +import org.apache.nifi.authorization.Authority; +import org.apache.commons.lang3.StringUtils; + +/** + * An NiFiUser. + */ +public class NiFiUser implements Serializable { + + public static final String ANONYMOUS_USER_DN = "anonymous"; + + private String id; + private String dn; + private String userName; + private String userGroup; + private String justification; + + private Date creation; + private Date lastVerified; + private Date lastAccessed; + + private AccountStatus status; + private EnumSet<Authority> authorities; + + /* getters / setters */ + public Date getCreation() { + return creation; + } + + public void setCreation(Date creation) { + this.creation = creation; + } + + public String getDn() { + return dn; + } + + public void setDn(String dn) { + this.dn = dn; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getUserGroup() { + return userGroup; + } + + public void setUserGroup(String userGroup) { + this.userGroup = userGroup; + } + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public String getJustification() { + return justification; + } + + public void setJustification(String justification) { + this.justification = justification; + } + + public AccountStatus getStatus() { + return status; + } + + public void setStatus(AccountStatus status) { + this.status = status; + } + + public Date getLastVerified() { + return lastVerified; + } + + public void setLastVerified(Date lastVerified) { + this.lastVerified = lastVerified; + } + + public Date getLastAccessed() { + return lastAccessed; + } + + public void setLastAccessed(Date lastAccessed) { + this.lastAccessed = lastAccessed; + } + + public Set<Authority> getAuthorities() { + if (authorities == null) { + authorities = EnumSet.noneOf(Authority.class); + } + return authorities; + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + final NiFiUser other = (NiFiUser) obj; + if (!Objects.equals(this.dn, other.dn)) { + return false; + } + return true; + } + + @Override + public int hashCode() { + int hash = 7; + hash = 53 * hash + Objects.hashCode(this.dn); + return hash; + } + + @Override + public String toString() { + return String.format("dn[%s], userName[%s], justification[%s], authorities[%s]", getDn(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", ")); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUserGroup.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUserGroup.java b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUserGroup.java new file mode 100644 index 0000000..7586fd1 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/user/NiFiUserGroup.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.user; + +import java.util.Set; + +/** + * + */ +public class NiFiUserGroup { + + private String group; + private Set<NiFiUser> users; + + public String getGroup() { + return group; + } + + public void setGroup(String group) { + this.group = group; + } + + public Set<NiFiUser> getUsers() { + return users; + } + + public void setUsers(Set<NiFiUser> users) { + this.users = users; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/resources/nifi-administration-context.xml ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/resources/nifi-administration-context.xml b/nar-bundles/framework-bundle/framework/administration/src/main/resources/nifi-administration-context.xml new file mode 100644 index 0000000..a36619f --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/resources/nifi-administration-context.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<beans default-lazy-init="true" + xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:context="http://www.springframework.org/schema/context"; + xmlns:aop="http://www.springframework.org/schema/aop"; + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd";> + + <!-- user authority provider --> + <bean id="authorityProvider" class="org.apache.nifi.authorization.AuthorityProviderFactoryBean" depends-on="clusterManager flowController"> + <property name="properties" ref="nifiProperties"/> + </bean> + + <!-- initialize the user data source --> + <bean id="userDataSource" class="org.apache.nifi.admin.UserDataSourceFactoryBean" destroy-method="shutdown"> + <property name="properties" ref="nifiProperties"/> + </bean> + + <!-- initialize the data source --> + <bean id="auditDataSource" class="org.apache.nifi.admin.AuditDataSourceFactoryBean" destroy-method="shutdown" depends-on="userDataSource"> + <property name="properties" ref="nifiProperties"/> + </bean> + + <!-- initialize the user transaction builder --> + <bean id="userTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder"> + <property name="authorityProvider" ref="authorityProvider"/> + <property name="dataSource" ref="userDataSource"/> + </bean> + + <!-- initialize the audit transaction builder --> + <bean id="auditTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder"> + <property name="authorityProvider" ref="authorityProvider"/> + <property name="dataSource" ref="auditDataSource"/> + </bean> + + <!-- administration service --> + <bean id="userService" class="org.apache.nifi.admin.service.impl.StandardUserService" init-method="seedUserAccounts"> + <property name="transactionBuilder" ref="userTransactionBuilder"/> + <property name="properties" ref="nifiProperties"/> + </bean> + + <!-- audit service --> + <bean id="auditService" class="org.apache.nifi.admin.service.impl.StandardAuditService"> + <property name="transactionBuilder" ref="auditTransactionBuilder"/> + </bean> +</beans> http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/main/xsd/authority-providers.xsd ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/main/xsd/authority-providers.xsd b/nar-bundles/framework-bundle/framework/administration/src/main/xsd/authority-providers.xsd new file mode 100644 index 0000000..122fa2c --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/main/xsd/authority-providers.xsd @@ -0,0 +1,49 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema";> + <!-- role --> + <xs:complexType name="Provider"> + <xs:sequence> + <xs:element name="identifier" type="NonEmptyStringType"/> + <xs:element name="class" type="NonEmptyStringType"/> + <xs:element name="property" type="Property" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + + <!-- Name/Value properties--> + <xs:complexType name="Property"> + <xs:simpleContent> + <xs:extension base="xs:string"> + <xs:attribute name="name" type="NonEmptyStringType"></xs:attribute> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + + <xs:simpleType name="NonEmptyStringType"> + <xs:restriction base="xs:string"> + <xs:minLength value="1"/> + </xs:restriction> + </xs:simpleType> + + <!-- users --> + <xs:element name="authorityProviders"> + <xs:complexType> + <xs:sequence> + <xs:element name="provider" type="Provider" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java new file mode 100644 index 0000000..5797705 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java @@ -0,0 +1,433 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.admin.service.action; + +import java.util.Date; +import java.util.EnumSet; +import java.util.Set; +import org.apache.nifi.admin.dao.AuthorityDAO; +import org.apache.nifi.admin.dao.DAOFactory; +import org.apache.nifi.admin.dao.DataAccessException; +import org.apache.nifi.admin.dao.UserDAO; +import org.apache.nifi.admin.service.AccountDisabledException; +import org.apache.nifi.admin.service.AccountNotFoundException; +import org.apache.nifi.admin.service.AccountPendingException; +import org.apache.nifi.admin.service.AdministrationException; +import org.apache.nifi.authorization.Authority; +import org.apache.nifi.authorization.AuthorityProvider; +import org.apache.nifi.authorization.exception.AuthorityAccessException; +import org.apache.nifi.authorization.exception.UnknownIdentityException; +import org.apache.nifi.user.AccountStatus; +import org.apache.nifi.user.NiFiUser; +import org.apache.commons.lang3.StringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.ArgumentCaptor; +import org.mockito.Mockito; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +/** + * + */ +public class AuthorizeUserActionTest { + + private static final String USER_ID_6 = "6"; + private static final String USER_ID_7 = "7"; + private static final String USER_ID_8 = "8"; + private static final String USER_ID_9 = "9"; + private static final String USER_ID_10 = "10"; + private static final String USER_ID_11 = "11"; + + private static final String USER_DN_1 = "authority access exception while searching for user"; + private static final String USER_DN_2 = "unknown user"; + private static final String USER_DN_3 = "user removed after checking existence"; + private static final String USER_DN_4 = "access exception getting authorities"; + private static final String USER_DN_5 = "error creating user account"; + private static final String USER_DN_6 = "create user general sequence"; + private static final String USER_DN_7 = "existing user requires verification"; + private static final String USER_DN_8 = "existing user does not require verification"; + private static final String USER_DN_9 = "existing pending user"; + private static final String USER_DN_10 = "existing disabled user"; + private static final String USER_DN_11 = "existing user is now unknown in the authority provider"; + + private DAOFactory daoFactory; + private UserDAO userDao; + private AuthorityDAO authorityDao; + private AuthorityProvider authorityProvider; + + @Before + public void setup() throws Exception { + // mock the user dao + userDao = Mockito.mock(UserDAO.class); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String id = (String) args[0]; + + NiFiUser user = null; + if (USER_ID_7.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_7); + user.setDn(USER_DN_7); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + } else if (USER_ID_8.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_8); + user.setDn(USER_DN_8); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + user.setLastVerified(new Date()); + } else if (USER_ID_11.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_11); + user.setDn(USER_DN_11); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + user.setStatus(AccountStatus.ACTIVE); + } + + return user; + } + }).when(userDao).findUserById(Mockito.anyString()); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + + NiFiUser user = null; + switch (dn) { + case USER_DN_7: + user = new NiFiUser(); + user.setId(USER_ID_7); + user.setDn(USER_DN_7); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + break; + case USER_DN_8: + user = new NiFiUser(); + user.setId(USER_ID_8); + user.setDn(USER_DN_8); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + user.setLastVerified(new Date()); + break; + case USER_DN_9: + user = new NiFiUser(); + user.setId(USER_ID_9); + user.setDn(USER_DN_9); + user.setStatus(AccountStatus.PENDING); + break; + case USER_DN_10: + user = new NiFiUser(); + user.setId(USER_ID_10); + user.setDn(USER_DN_10); + user.setStatus(AccountStatus.DISABLED); + break; + case USER_DN_11: + user = new NiFiUser(); + user.setId(USER_ID_11); + user.setDn(USER_DN_11); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + user.setStatus(AccountStatus.ACTIVE); + break; + } + + return user; + } + }).when(userDao).findUserByDn(Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + switch (user.getDn()) { + case USER_DN_5: + throw new DataAccessException(); + case USER_DN_6: + user.setId(USER_ID_6); + break; + } + + // do nothing + return null; + } + }).when(userDao).createUser(Mockito.any(NiFiUser.class)); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + + // do nothing + return null; + } + }).when(userDao).updateUser(Mockito.any(NiFiUser.class)); + + // mock the authority dao + authorityDao = Mockito.mock(AuthorityDAO.class); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + Set<Authority> authorities = (Set<Authority>) args[0]; + String id = (String) args[1]; + + // do nothing + return null; + } + }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + Set<Authority> authorities = (Set<Authority>) args[0]; + String id = (String) args[1]; + + // do nothing + return null; + } + }).when(authorityDao).deleteAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString()); + + // mock the dao factory + daoFactory = Mockito.mock(DAOFactory.class); + Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao); + Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao); + + // mock the authority provider + authorityProvider = Mockito.mock(AuthorityProvider.class); + Mockito.doAnswer(new Answer<Boolean>() { + @Override + public Boolean answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + switch (dn) { + case USER_DN_1: + throw new AuthorityAccessException(StringUtils.EMPTY); + case USER_DN_2: + return false; + } + + return true; + } + }).when(authorityProvider).doesDnExist(Mockito.anyString()); + Mockito.doAnswer(new Answer<Set<Authority>>() { + @Override + public Set<Authority> answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + Set<Authority> authorities = EnumSet.noneOf(Authority.class); + switch (dn) { + case USER_DN_3: + throw new UnknownIdentityException(StringUtils.EMPTY); + case USER_DN_4: + throw new AuthorityAccessException(StringUtils.EMPTY); + case USER_DN_6: + authorities.add(Authority.ROLE_MONITOR); + break; + case USER_DN_7: + authorities.add(Authority.ROLE_DFM); + break; + case USER_DN_9: + throw new UnknownIdentityException(StringUtils.EMPTY); + case USER_DN_10: + throw new UnknownIdentityException(StringUtils.EMPTY); + case USER_DN_11: + throw new UnknownIdentityException(StringUtils.EMPTY); + } + + return authorities; + } + }).when(authorityProvider).getAuthorities(Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + Set<Authority> authorites = (Set<Authority>) args[1]; + + // do nothing + return null; + } + }).when(authorityProvider).setAuthorities(Mockito.anyString(), Mockito.anySet()); + } + + /** + * Tests AuthorityAccessException in doesDnExist. + * + * @throws Exception + */ + @Test(expected = AdministrationException.class) + public void testAuthorityAccessExceptionInDoesDnExist() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_1, 0); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Test unknown user in the authority provider. + * + * @throws Exception + */ + @Test(expected = AccountNotFoundException.class) + public void testUnknownUser() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_2, 0); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Test a user thats been removed after checking their existence. + * + * @throws Exception + */ + @Test(expected = AccountNotFoundException.class) + public void testUserRemovedAfterCheckingExistence() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_3, 0); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Testing AuthorityAccessException when getting authorities. + * + * @throws Exception + */ + @Test(expected = AdministrationException.class) + public void testAuthorityAccessException() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_4, 0); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Testing DataAccessException while creating user accounts. + * + * @throws Exception + */ + @Test(expected = DataAccessException.class) + public void testErrorCreatingUserAccount() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_5, 0); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Tests the general case when a user account is created. + * + * @throws Exception + */ + @Test + public void testAccountCreation() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_6, 0); + NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider); + + // verify the user + Assert.assertEquals(USER_DN_6, user.getDn()); + Assert.assertEquals(1, user.getAuthorities().size()); + Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR)); + + // verify interaction with dao and provider + Mockito.verify(userDao, Mockito.times(1)).createUser(user); + } + + /** + * Tests the general case when there is an existing user account that + * requires verification. + * + * @throws Exception + */ + @Test + public void testExistingUserRequiresVerification() throws Exception { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_7, 0); + NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider); + + // verify the user + Assert.assertEquals(USER_DN_7, user.getDn()); + Assert.assertEquals(1, user.getAuthorities().size()); + Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_DFM)); + + // verify interaction with dao and provider + Mockito.verify(userDao, Mockito.times(1)).updateUser(user); + Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_DFM), USER_ID_7); + } + + /** + * Tests the general case when there is an existing user account that does + * not require verification. + * + * @throws Exception + */ + @Test + public void testExistingUserNoVerification() throws Exception { + // disabling verification by passing in a large cache duration + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_8, Integer.MAX_VALUE); + NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider); + + // verify the user + Assert.assertEquals(USER_DN_8, user.getDn()); + Assert.assertEquals(1, user.getAuthorities().size()); + Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR)); + + // verify interaction with dao and provider + Mockito.verify(userDao, Mockito.times(1)).updateUser(user); + Mockito.verify(authorityDao, Mockito.never()).createAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_8)); + Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_8)); + } + + /** + * Tests existing users whose accounts are in a pending status. + * + * @throws Exception + */ + @Test(expected = AccountPendingException.class) + public void testExistingPendingUser() throws Exception { + // disabling verification by passing in a large cache duration + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_9, Integer.MAX_VALUE); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Tests existing users whose accounts are in a disabled status. + * + * @throws Exception + */ + @Test(expected = AccountDisabledException.class) + public void testExistingDisabledUser() throws Exception { + // disabling verification by passing in a large cache duration + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_10, Integer.MAX_VALUE); + authorizeUser.execute(daoFactory, authorityProvider); + } + + /** + * Tests the general case where there is an active user that has been + * removed from the authority provider. + * + * @throws Exception + */ + @Test + public void testExistingActiveUserNotFoundInProvider() throws Exception { + try { + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_11, 0); + authorizeUser.execute(daoFactory, authorityProvider); + + Assert.fail(); + } catch (AccountDisabledException ade) { + ArgumentCaptor<NiFiUser> user = ArgumentCaptor.forClass(NiFiUser.class); + + // verify interaction with dao + Mockito.verify(userDao, Mockito.times(1)).updateUser(user.capture()); + + // verify user + Assert.assertEquals(AccountStatus.DISABLED, user.getValue().getStatus()); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java new file mode 100644 index 0000000..3d2081b --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java @@ -0,0 +1,144 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.admin.service.action; + +import java.util.EnumSet; +import java.util.Set; +import org.apache.nifi.admin.dao.AuthorityDAO; +import org.apache.nifi.admin.dao.DAOFactory; +import org.apache.nifi.admin.dao.DataAccessException; +import org.apache.nifi.admin.dao.UserDAO; +import org.apache.nifi.authorization.Authority; +import org.apache.nifi.user.NiFiUser; +import org.apache.commons.lang3.StringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +/** + * Test cases for creating a user. + */ +public class CreateUserActionTest { + + private String USER_ID_2 = "2"; + private String USER_ID_3 = "3"; + + private String USER_DN_1 = "data access exception when creating user"; + private String USER_DN_3 = "general create user case"; + + private DAOFactory daoFactory; + private UserDAO userDao; + private AuthorityDAO authorityDao; + + @Before + public void setup() throws Exception { + // mock the user dao + userDao = Mockito.mock(UserDAO.class); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + + if (USER_DN_1.equals(user.getDn())) { + throw new DataAccessException(); + } else if (USER_DN_3.equals(user.getDn())) { + user.setId(USER_ID_3); + } + + // do nothing + return null; + } + }).when(userDao).createUser(Mockito.any(NiFiUser.class)); + + // mock the authority dao + authorityDao = Mockito.mock(AuthorityDAO.class); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + Set<Authority> authorities = (Set<Authority>) args[0]; + String id = (String) args[1]; + + if (USER_ID_2.equals(id)) { + throw new DataAccessException(StringUtils.EMPTY); + } + + // do nothing + return null; + } + }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString()); + + // mock the dao factory + daoFactory = Mockito.mock(DAOFactory.class); + Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao); + Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao); + } + + /** + * Tests DataAccessExceptions that occur while creating user accounts. + * + * @throws Exception + */ + @Test(expected = DataAccessException.class) + public void testExceptionCreatingUser() throws Exception { + NiFiUser user = new NiFiUser(); + user.setDn(USER_DN_1); + + CreateUserAction createUser = new CreateUserAction(user); + createUser.execute(daoFactory, null); + } + + /** + * Tests DataAccessExceptions that occur while create user authorities. + * + * @throws Exception + */ + @Test(expected = DataAccessException.class) + public void testExceptionCreatingAuthoroties() throws Exception { + NiFiUser user = new NiFiUser(); + user.setId(USER_ID_2); + + CreateUserAction createUser = new CreateUserAction(user); + createUser.execute(daoFactory, null); + } + + /** + * General case for creating a user. + * + * @throws Exception + */ + @Test + public void testCreateUserAccount() throws Exception { + NiFiUser user = new NiFiUser(); + user.setDn(USER_DN_3); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN)); + + CreateUserAction createUser = new CreateUserAction(user); + createUser.execute(daoFactory, null); + + // verify the user + Assert.assertEquals(USER_ID_3, user.getId()); + + // verify interaction with dao + Mockito.verify(userDao, Mockito.times(1)).createUser(user); + Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(user.getAuthorities(), USER_ID_3); + } +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java new file mode 100644 index 0000000..de85298 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java @@ -0,0 +1,171 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.admin.service.action; + +import org.apache.nifi.admin.dao.DAOFactory; +import org.apache.nifi.admin.dao.DataAccessException; +import org.apache.nifi.admin.dao.UserDAO; +import org.apache.nifi.admin.service.AccountNotFoundException; +import org.apache.nifi.admin.service.AdministrationException; +import org.apache.nifi.authorization.AuthorityProvider; +import org.apache.nifi.authorization.exception.AuthorityAccessException; +import org.apache.nifi.user.AccountStatus; +import org.apache.nifi.user.NiFiUser; +import org.apache.commons.lang3.StringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +/** + * + */ +public class DisableUserActionTest { + + private static final String USER_ID_1 = "1"; + private static final String USER_ID_2 = "2"; + private static final String USER_ID_3 = "3"; + private static final String USER_ID_4 = "4"; + + private static final String USER_DN_3 = "authority access exception"; + private static final String USER_DN_4 = "general disable user case"; + + private DAOFactory daoFactory; + private UserDAO userDao; + private AuthorityProvider authorityProvider; + + @Before + public void setup() throws Exception { + // mock the user dao + userDao = Mockito.mock(UserDAO.class); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String id = (String) args[0]; + + NiFiUser user = null; + if (USER_ID_1.equals(id)) { + // leave user uninitialized + } else if (USER_ID_2.equals(id)) { + user = new NiFiUser(); + user.setId(id); + } else if (USER_ID_3.equals(id)) { + user = new NiFiUser(); + user.setId(id); + user.setDn(USER_DN_3); + } else if (USER_ID_4.equals(id)) { + user = new NiFiUser(); + user.setId(id); + user.setDn(USER_DN_4); + user.setStatus(AccountStatus.ACTIVE); + } + return user; + } + }).when(userDao).findUserById(Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + + if (USER_ID_2.equals(user.getId())) { + throw new DataAccessException(StringUtils.EMPTY); + } + + // do nothing + return null; + } + }).when(userDao).updateUser(Mockito.any(NiFiUser.class)); + + // mock the dao factory + daoFactory = Mockito.mock(DAOFactory.class); + Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao); + + // mock the authority provider + authorityProvider = Mockito.mock(AuthorityProvider.class); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + + if (USER_DN_3.equals(dn)) { + throw new AuthorityAccessException(StringUtils.EMPTY); + } + + // do nothing + return null; + } + }).when(authorityProvider).revokeUser(Mockito.anyString()); + } + + /** + * Tests the case when the user account is unknown. + * + * @throws Exception + */ + @Test(expected = AccountNotFoundException.class) + public void testUnknownUserAccount() throws Exception { + DisableUserAction disableUser = new DisableUserAction(USER_ID_1); + disableUser.execute(daoFactory, authorityProvider); + } + + /** + * Tests the case when a DataAccessException is thrown by the userDao. + * + * @throws Exception + */ + @Test(expected = DataAccessException.class) + public void testDataAccessExceptionInUserDao() throws Exception { + DisableUserAction disableUser = new DisableUserAction(USER_ID_2); + disableUser.execute(daoFactory, authorityProvider); + } + + /** + * Tests the case when a AuthorityAccessException is thrown by the provider. + * + * @throws Exception + */ + @Test(expected = AdministrationException.class) + public void testAuthorityAccessExceptionInProvider() throws Exception { + DisableUserAction disableUser = new DisableUserAction(USER_ID_3); + disableUser.execute(daoFactory, authorityProvider); + } + + /** + * Tests the general case when the user is disabled. + * + * @throws Exception + */ + @Test + public void testDisableUser() throws Exception { + DisableUserAction disableUser = new DisableUserAction(USER_ID_4); + NiFiUser user = disableUser.execute(daoFactory, authorityProvider); + + // verify the user + Assert.assertEquals(USER_ID_4, user.getId()); + Assert.assertEquals(USER_DN_4, user.getDn()); + Assert.assertEquals(AccountStatus.DISABLED, user.getStatus()); + + // verify the interaction with the dao and provider + Mockito.verify(userDao, Mockito.times(1)).updateUser(user); + Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_DN_4); + } +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java new file mode 100644 index 0000000..93dbe61 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.admin.service.action; + +import java.util.Date; +import org.junit.Assert; +import org.apache.nifi.admin.dao.DAOFactory; +import org.apache.nifi.admin.dao.DataAccessException; +import org.apache.nifi.admin.dao.UserDAO; +import org.apache.nifi.admin.service.AccountNotFoundException; +import org.apache.nifi.user.NiFiUser; +import org.apache.commons.lang3.StringUtils; +import org.junit.Before; +import org.junit.Test; +import org.mockito.ArgumentCaptor; +import org.mockito.Mockito; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +/** + * Test case for InvalidateUserAccountAction. + */ +public class InvalidateUserAccountActionTest { + + private static final String USER_ID_1 = "1"; + private static final String USER_ID_2 = "2"; + private static final String USER_ID_3 = "3"; + + private DAOFactory daoFactory; + private UserDAO userDao; + + @Before + public void setup() throws Exception { + // mock the user dao + userDao = Mockito.mock(UserDAO.class); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String id = (String) args[0]; + + NiFiUser user = null; + if (USER_ID_1.equals(id)) { + // leave uninitialized + } else if (USER_ID_2.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_2); + } else if (USER_ID_3.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_3); + user.setLastVerified(new Date()); + } + return user; + } + }).when(userDao).findUserById(Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + + if (USER_ID_2.equals(user.getId())) { + throw new DataAccessException(StringUtils.EMPTY); + } + + // do nothing + return null; + } + }).when(userDao).updateUser(Mockito.any(NiFiUser.class)); + + // mock the dao factory + daoFactory = Mockito.mock(DAOFactory.class); + Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao); + } + + /** + * Tests when the user account cannot be found. + * + * @throws Exception + */ + @Test(expected = AccountNotFoundException.class) + public void testAccountNotFoundException() throws Exception { + InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_1); + invalidateUserAccount.execute(daoFactory, null); + } + + /** + * Tests when a data access exception occurs when updating the user record. + * + * @throws Exception + */ + @Test(expected = DataAccessException.class) + public void testDataAccessException() throws Exception { + InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_2); + invalidateUserAccount.execute(daoFactory, null); + } + + /** + * Tests the general case of invalidating a user. + * + * @throws Exception + */ + @Test + public void testInvalidateUser() throws Exception { + InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_3); + invalidateUserAccount.execute(daoFactory, null); + + // verify the interaction with the dao + ArgumentCaptor<NiFiUser> userCaptor = ArgumentCaptor.forClass(NiFiUser.class); + Mockito.verify(userDao, Mockito.times(1)).updateUser(userCaptor.capture()); + + // verify the user + NiFiUser user = userCaptor.getValue(); + Assert.assertEquals(USER_ID_3, user.getId()); + Assert.assertNull(user.getLastVerified()); + } +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java new file mode 100644 index 0000000..6e77d46 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java @@ -0,0 +1,127 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.admin.service.action; + +import org.apache.nifi.admin.dao.DAOFactory; +import org.apache.nifi.admin.dao.DataAccessException; +import org.apache.nifi.admin.dao.UserDAO; +import org.apache.nifi.user.AccountStatus; +import org.apache.nifi.user.NiFiUser; +import org.apache.commons.lang3.StringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +/** + * Test case for RequestUserAccountAction. + */ +public class RequestUserAccountActionTest { + + private static final String USER_ID_3 = "3"; + + private static final String USER_DN_1 = "existing user account dn"; + private static final String USER_DN_2 = "data access exception"; + private static final String USER_DN_3 = "new account request"; + + private DAOFactory daoFactory; + private UserDAO userDao; + + @Before + public void setup() throws Exception { + // mock the user dao + userDao = Mockito.mock(UserDAO.class); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + + NiFiUser user = null; + if (USER_DN_1.equals(dn)) { + user = new NiFiUser(); + } + return user; + } + }).when(userDao).findUserByDn(Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + switch (user.getDn()) { + case USER_DN_2: + throw new DataAccessException(); + case USER_DN_3: + user.setId(USER_ID_3); + break; + } + + // do nothing + return null; + } + }).when(userDao).createUser(Mockito.any(NiFiUser.class)); + + // mock the dao factory + daoFactory = Mockito.mock(DAOFactory.class); + Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao); + } + + /** + * Tests when a user account already exists. + * + * @throws Exception + */ + @Test(expected = IllegalArgumentException.class) + public void testExistingAccount() throws Exception { + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_1, StringUtils.EMPTY); + requestUserAccount.execute(daoFactory, null); + } + + /** + * Tests when a DataAccessException occurs while saving the new account + * request. + * + * @throws Exception + */ + @Test(expected = DataAccessException.class) + public void testDataAccessException() throws Exception { + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_2, StringUtils.EMPTY); + requestUserAccount.execute(daoFactory, null); + } + + /** + * Tests the general case for requesting a new user account. + * + * @throws Exception + */ + @Test + public void testRequestUserAccountAction() throws Exception { + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_3, StringUtils.EMPTY); + NiFiUser user = requestUserAccount.execute(daoFactory, null); + + // verfiy the user + Assert.assertEquals(USER_ID_3, user.getId()); + Assert.assertEquals(USER_DN_3, user.getDn()); + Assert.assertEquals(AccountStatus.PENDING, user.getStatus()); + + // verify interaction with dao + Mockito.verify(userDao, Mockito.times(1)).createUser(user); + } +} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/4d998c12/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java ---------------------------------------------------------------------- diff --git a/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java new file mode 100644 index 0000000..f37fc84 --- /dev/null +++ b/nar-bundles/framework-bundle/framework/administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java @@ -0,0 +1,263 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.admin.service.action; + +import org.apache.nifi.admin.service.action.SeedUserAccountsAction; +import java.util.EnumSet; +import java.util.HashSet; +import java.util.Set; +import org.apache.nifi.admin.dao.AuthorityDAO; +import org.apache.nifi.admin.dao.DAOFactory; +import org.apache.nifi.admin.dao.UserDAO; +import org.apache.nifi.authorization.Authority; +import org.apache.nifi.authorization.AuthorityProvider; +import org.apache.nifi.user.AccountStatus; +import org.apache.nifi.user.NiFiUser; +import org.hamcrest.Matcher; +import org.junit.Before; +import org.junit.Test; +import org.mockito.ArgumentMatcher; +import org.mockito.Mockito; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +/** + * + */ +public class SeedUserAccountsActionTest { + + private static final String USER_ID_1 = "1"; + private static final String USER_ID_2 = "2"; + private static final String USER_ID_3 = "3"; + private static final String USER_ID_4 = "4"; + + private static final String USER_DN_1 = "user dn 1 - active user - remove monitor and operator, add dfm"; + private static final String USER_DN_2 = "user dn 2 - active user - no action"; + private static final String USER_DN_3 = "user dn 3 - pending user - add operator"; + private static final String USER_DN_4 = "user dn 4 - new user - add monitor"; + + private DAOFactory daoFactory; + private UserDAO userDao; + private AuthorityDAO authorityDao; + private AuthorityProvider authorityProvider; + + @Before + public void setup() throws Exception { + // mock the user dao + userDao = Mockito.mock(UserDAO.class); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String id = (String) args[0]; + + NiFiUser user = null; + if (USER_ID_1.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_1); + user.setDn(USER_DN_1); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + user.setStatus(AccountStatus.ACTIVE); + } else if (USER_ID_2.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_2); + user.setDn(USER_DN_2); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN)); + user.setStatus(AccountStatus.ACTIVE); + } else if (USER_ID_3.equals(id)) { + user = new NiFiUser(); + user.setId(USER_ID_3); + user.setDn(USER_DN_3); + user.setStatus(AccountStatus.PENDING); + } + return user; + } + }).when(userDao).findUserById(Mockito.anyString()); + Mockito.doAnswer(new Answer<NiFiUser>() { + @Override + public NiFiUser answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + + NiFiUser user = null; + if (USER_DN_1.equals(dn)) { + user = new NiFiUser(); + user.setId(USER_ID_1); + user.setDn(USER_DN_1); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); + user.setStatus(AccountStatus.ACTIVE); + } else if (USER_DN_2.equals(dn)) { + user = new NiFiUser(); + user.setId(USER_ID_2); + user.setDn(USER_DN_2); + user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN)); + user.setStatus(AccountStatus.ACTIVE); + } else if (USER_DN_3.equals(dn)) { + user = new NiFiUser(); + user.setId(USER_ID_3); + user.setDn(USER_DN_3); + user.setStatus(AccountStatus.PENDING); + } + return user; + } + }).when(userDao).findUserByDn(Mockito.anyString()); + Mockito.doAnswer(new Answer<Void>() { + @Override + public Void answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + NiFiUser user = (NiFiUser) args[0]; + + if (USER_DN_4.equals(user.getDn())) { + user.setId(USER_ID_4); + } + + return null; + } + }).when(userDao).createUser(Mockito.any(NiFiUser.class)); + + // mock the authority dao + authorityDao = Mockito.mock(AuthorityDAO.class); + + // mock the authority provider + authorityProvider = Mockito.mock(AuthorityProvider.class); + Mockito.doAnswer(new Answer<Set<String>>() { + @Override + public Set<String> answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + Authority role = (Authority) args[0]; + + Set<String> users = new HashSet<>(); + if (Authority.ROLE_DFM.equals(role)) { + users.add(USER_DN_1); + } else if (Authority.ROLE_ADMIN.equals(role)) { + users.add(USER_DN_2); + } else if (Authority.ROLE_PROXY.equals(role)) { + users.add(USER_DN_3); + } else if (Authority.ROLE_MONITOR.equals(role)) { + users.add(USER_DN_4); + } + return users; + } + }).when(authorityProvider).getUsers(Mockito.any(Authority.class)); + Mockito.doAnswer(new Answer<Set<Authority>>() { + @Override + public Set<Authority> answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + String dn = (String) args[0]; + + Set<Authority> authorities = EnumSet.noneOf(Authority.class); + switch (dn) { + case USER_DN_1: + authorities.add(Authority.ROLE_DFM); + break; + case USER_DN_2: + authorities.add(Authority.ROLE_ADMIN); + break; + case USER_DN_3: + authorities.add(Authority.ROLE_PROXY); + break; + case USER_DN_4: + authorities.add(Authority.ROLE_MONITOR); + break; + } + return authorities; + } + }).when(authorityProvider).getAuthorities(Mockito.anyString()); + + // mock the dao factory + daoFactory = Mockito.mock(DAOFactory.class); + Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao); + Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao); + } + + /** + * Tests seeding the user accounts. + * + * @throws Exception + */ + @Test + public void testSeedUsers() throws Exception { + SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction(); + seedUserAccounts.execute(daoFactory, authorityProvider); + + // matcher for user 1 + Matcher<NiFiUser> matchesUser1 = new ArgumentMatcher<NiFiUser>() { + @Override + public boolean matches(Object argument) { + NiFiUser user = (NiFiUser) argument; + return USER_ID_1.equals(user.getId()); + } + }; + + // verify user 1 - active existing user - remove monitor, operator, add dfm + Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesUser1)); + Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser1)); + Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_DFM), USER_ID_1); + + // matcher for user 2 + Matcher<NiFiUser> matchesUser2 = new ArgumentMatcher<NiFiUser>() { + @Override + public boolean matches(Object argument) { + NiFiUser user = (NiFiUser) argument; + return USER_ID_2.equals(user.getId()); + } + }; + + // verify user 2 - active existing user - no actions + Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesUser2)); + Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser2)); + Mockito.verify(authorityDao, Mockito.never()).createAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_2)); + Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_2)); + + // matchers for user 3 + Matcher<NiFiUser> matchesPendingUser3 = new ArgumentMatcher<NiFiUser>() { + @Override + public boolean matches(Object argument) { + NiFiUser user = (NiFiUser) argument; + return USER_ID_3.equals(user.getId()) && AccountStatus.ACTIVE.equals(user.getStatus()); + } + }; + Matcher<NiFiUser> matchesUser3 = new ArgumentMatcher<NiFiUser>() { + @Override + public boolean matches(Object argument) { + NiFiUser user = (NiFiUser) argument; + return USER_ID_3.equals(user.getId()); + } + }; + + // verify user 3 - pending user - add operator + Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesPendingUser3)); + Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser3)); + Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_PROXY), USER_ID_3); + Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_3)); + + // matcher for user 4 + Matcher<NiFiUser> matchesUser4 = new ArgumentMatcher<NiFiUser>() { + @Override + public boolean matches(Object argument) { + NiFiUser user = (NiFiUser) argument; + return USER_ID_4.equals(user.getId()); + } + }; + + // verify user 4 - new user - add monitor + Mockito.verify(userDao, Mockito.never()).updateUser(Mockito.argThat(matchesUser4)); + Mockito.verify(userDao, Mockito.times(1)).createUser(Mockito.argThat(matchesUser4)); + Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_MONITOR), USER_ID_4); + Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_4)); + } +}
