/**
* Copyright (C) 2015 Red Hat, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.fabric8.elasticsearch.plugin;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import java.io.IOException;
import java.net.URL;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.lang.ArrayUtils;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import io.fabric8.elasticsearch.plugin.OpenshiftAPIService.OpenShiftClientFactory;
import io.fabric8.elasticsearch.plugin.model.Project;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.openshift.api.model.ProjectBuilder;
import io.fabric8.openshift.api.model.ProjectListBuilder;
import io.fabric8.openshift.client.DefaultOpenShiftClient;
import io.fabric8.openshift.client.server.mock.OpenShiftServer;
import okhttp3.Call;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
public class OpenshiftAPIServiceTest {
@Rule
public OpenShiftServer apiServer = new OpenShiftServer();
private OpenshiftAPIService service = new OpenshiftAPIService();
@Before
public void setup() {
final String basedir = System.getProperty("project.basedir");
final String password = "changeit";
final String keyStore = basedir + "/src/it/resources/keystore.jks";
final String masterUrl = apiServer.getMockServer().url("/").toString();
System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, masterUrl);
System.setProperty("kubernetes.trust.certificates", "true");
System.setProperty("kubernetes.keystore.file", keyStore);
System.setProperty("kubernetes.keystore.passphrase", password);
System.setProperty("kubernetes.truststore.file", keyStore);
System.setProperty("kubernetes.truststore.passphrase", password);
}
private void givenProjects(String... projects) throws Exception {
ProjectListBuilder builder = new ProjectListBuilder(false);
for (String project : projects) {
builder.addToItems(new ProjectBuilder(false)
.withNewMetadata()
.withUid(project)
.withName(project)
.endMetadata()
.build());
}
apiServer.expect()
.withPath("/apis/project.openshift.io/v1/projects")
.andReturn(200, builder.build())
.always();
}
@Test
public void testProjectNames() throws Exception {
givenProjects("foo", "bar");
Set<Project> projects = service.projectNames("someToken");
Set<Project> exp = new HashSet<Project>();
exp.add(new Project("foo","foo"));
exp.add(new Project("bar","bar"));
assertEquals(exp, projects);
}
@Test
public void testLocalSubjectAccessReviewWhenNotNonResourceURL() throws IOException{
OkHttpClient okClient = mock(OkHttpClient.class);
DefaultOpenShiftClient client = mock(DefaultOpenShiftClient.class);
OpenShiftClientFactory factory = mock(OpenShiftClientFactory.class);
Call call = mock(Call.class);
when(factory.buildClient(anyString())).thenReturn(client);
when(client.getHttpClient()).thenReturn(okClient);
when(client.getMasterUrl()).thenReturn(new URL("https://localhost:8443/"));
Response response = new Response.Builder()
.request(new Request.Builder().url("https://localhost:8443").build())
.code(201)
.protocol(Protocol.HTTP_1_1)
.message("")
.body(ResponseBody.create(MediaType.parse("application/json;utf-8"), "{\"allowed\":true}"))
.build();
RequestAnswer answer = new RequestAnswer(call);
when(okClient.newCall(any(Request.class))).thenAnswer(answer);
when(call.execute()).thenReturn(response);
service = new OpenshiftAPIService(factory );
assertTrue(service.localSubjectAccessReview("sometoken", "openshift-logging", "get", "pod/metrics", null, ArrayUtils.EMPTY_STRING_ARRAY));
Buffer buffer = new Buffer();
assertEquals("https://localhost:8443/apis/authorization.openshift.io/v1/subjectaccessreviews",answer.getRequest().url().toString());
answer.getRequest().body().writeTo(buffer);
String exp = "{\"kind\":\"SubjectAccessReview\","
+ "\"apiVersion\":\"authorization.openshift.io/v1\",\"verb\":\"get\",\"scopes\":[],\"resourceAPIGroup\":null,"
+ "\"resource\":\"pod/metrics\",\"namespace\":\"openshift-logging\"}";
assertEquals(exp, new String(buffer.readByteArray()));
}
@Test
public void testLocalSubjectAccessReviewForNonResourceURL() throws IOException{
OkHttpClient okClient = mock(OkHttpClient.class);
DefaultOpenShiftClient client = mock(DefaultOpenShiftClient.class);
OpenShiftClientFactory factory = mock(OpenShiftClientFactory.class);
Call call = mock(Call.class);
when(factory.buildClient(anyString())).thenReturn(client);
when(client.getHttpClient()).thenReturn(okClient);
when(client.getMasterUrl()).thenReturn(new URL("https://localhost:8443/"));
Response response = new Response.Builder()
.request(new Request.Builder().url("https://localhost:8443").build())
.code(201)
.protocol(Protocol.HTTP_1_1)
.message("")
.body(ResponseBody.create(MediaType.parse("application/json;utf-8"), "{\"allowed\":true}"))
.build();
RequestAnswer answer = new RequestAnswer(call);
when(okClient.newCall(any(Request.class))).thenAnswer(answer);
when(call.execute()).thenReturn(response);
service = new OpenshiftAPIService(factory );
assertTrue(service.localSubjectAccessReview("sometoken", "openshift-logging", "get", "/metrics", null, ArrayUtils.EMPTY_STRING_ARRAY));
Buffer buffer = new Buffer();
answer.getRequest().body().writeTo(buffer);
assertEquals("https://localhost:8443/apis/authorization.openshift.io/v1/subjectaccessreviews",answer.getRequest().url().toString());
String exp = "{\"kind\":\"SubjectAccessReview\","
+ "\"apiVersion\":\"authorization.openshift.io/v1\",\"verb\":\"get\",\"scopes\":[],"
+ "\"isNonResourceURL\":true,\"path\":\"/metrics\"}";
assertEquals(exp, new String(buffer.readByteArray()));
}
class RequestAnswer implements Answer<Call> {
private Request request;
private Call call;
RequestAnswer(Call call){
this.call = call;
}
public Request getRequest() {
return this.request;
}
@Override
public Call answer(InvocationOnMock invocation) throws Throwable {
request = (Request) invocation.getArguments()[0];
return call;
}
}
}
