From 93d23c1409c9f81fe09c193f83dba42d7df0126f Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Thu, 15 Feb 2024 09:03:52 +0100 Subject: [PATCH] create super-user in tests --- .../tests/DidManagementApiEndToEndTest.java | 17 +++--- .../tests/KeyPairResourceApiEndToEndTest.java | 24 +++++--- .../tests/ManagementApiEndToEndTest.java | 56 ++++++++++--------- .../ParticipantContextApiEndToEndTest.java | 27 +++++---- 4 files changed, 74 insertions(+), 50 deletions(-) diff --git a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/DidManagementApiEndToEndTest.java b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/DidManagementApiEndToEndTest.java index 3d01aa17c..4a7b5ea6d 100644 --- a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/DidManagementApiEndToEndTest.java +++ b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/DidManagementApiEndToEndTest.java @@ -79,14 +79,14 @@ void publishDid_notOwner_expect403() { @Test void publishDid() { - + var superUserKey = createSuperUser(); var subscriber = mock(EventSubscriber.class); getService(EventRouter.class).registerSync(DidDocumentPublished.class, subscriber); var user = "test-user"; var token = createParticipant(user); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> { reset(subscriber); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() @@ -155,14 +155,14 @@ void unpublishDid_notOwner_expect403() { @Test void unpublishDid() { - + var superUserKey = createSuperUser(); var subscriber = mock(EventSubscriber.class); getService(EventRouter.class).registerSync(DidDocumentUnpublished.class, subscriber); var user = "test-user"; var token = createParticipant(user); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> { reset(subscriber); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() @@ -214,11 +214,12 @@ void getState_nowOwner_expect403() { @Test void getAll() { + var superUserKey = createSuperUser(); range(0, 20).forEach(i -> createParticipant("user-" + i)); var docs = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/dids") .then() .log().ifValidationFails() @@ -230,11 +231,12 @@ void getAll() { @Test void getAll_withDefaultPaging() { + var superUserKey = createSuperUser(); range(0, 70).forEach(i -> createParticipant("user-" + i)); var docs = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/dids") .then() .log().ifValidationFails() @@ -246,11 +248,12 @@ void getAll_withDefaultPaging() { @Test void getAll_withPaging() { + var superUserKey = createSuperUser(); range(0, 20).forEach(i -> createParticipant("user-" + i)); var docs = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/dids?offset=5&limit=10") .then() .log().ifValidationFails() diff --git a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/KeyPairResourceApiEndToEndTest.java b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/KeyPairResourceApiEndToEndTest.java index 255bff06b..f325b016d 100644 --- a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/KeyPairResourceApiEndToEndTest.java +++ b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/KeyPairResourceApiEndToEndTest.java @@ -84,12 +84,13 @@ void findById_notAuthorized() { @Test void findById() { + var superUserKey = createSuperUser(); var user1 = "user1"; var token = createParticipant(user1); var key = createKeyPair(user1); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) .header(new Header("x-api-key", t)) @@ -132,11 +133,12 @@ void findForParticipant_notAuthorized() { @Test void findForParticipant() { + var superUserKey = createSuperUser(); var user1 = "user1"; var token = createParticipant(user1); createKeyPair(user1); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) .header(new Header("x-api-key", t)) @@ -150,13 +152,14 @@ void findForParticipant() { @Test void addKeyPair() { + var superUserKey = createSuperUser(); var subscriber = mock(EventSubscriber.class); getService(EventRouter.class).registerSync(KeyPairAdded.class, subscriber); var user1 = "user1"; var token = createParticipant(user1); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> { var keyDesc = createKeyDescriptor(user1).build(); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() @@ -210,6 +213,7 @@ void addKeyPair_notAuthorized() { @Test void rotate() { + var superUserKey = createSuperUser(); var subscriber = mock(EventSubscriber.class); getService(EventRouter.class).registerSync(KeyPairRotated.class, subscriber); getService(EventRouter.class).registerSync(KeyPairAdded.class, subscriber); @@ -219,7 +223,7 @@ void rotate() { var keyId = createKeyPair(user1); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> { reset(subscriber); // attempt to publish user1's DID document, which should fail @@ -287,12 +291,13 @@ void rotate_notAuthorized() { @Test void revoke() { + var superUserKey = createSuperUser(); var user1 = "user1"; var token = createParticipant(user1); var keyId = createKeyPair(user1); - assertThat(Arrays.asList(token, getSuperUserApiKey())) + assertThat(Arrays.asList(token, superUserKey)) .allSatisfy(t -> { var keyDesc = createKeyDescriptor(user1).build(); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() @@ -335,6 +340,7 @@ void revoke_notAuthorized() { @Test void getAll() { + var superUserKey = createSuperUser(); range(0, 10) .forEach(i -> { var participantId = "user" + i; @@ -342,7 +348,7 @@ void getAll() { }); var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/keypairs") .then() .log().ifValidationFails() @@ -353,6 +359,7 @@ void getAll() { @Test void getAll_withPaging() { + var superUserKey = createSuperUser(); range(0, 10) .forEach(i -> { var participantId = "user" + i; @@ -360,7 +367,7 @@ void getAll_withPaging() { }); var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/keypairs?offset=2&limit=4") .then() .log().ifValidationFails() @@ -371,6 +378,7 @@ void getAll_withPaging() { @Test void getAll_withDefaultPaging() { + var superUserKey = createSuperUser(); IntStream.range(0, 70) .forEach(i -> { var participantId = "user" + i; @@ -378,7 +386,7 @@ void getAll_withDefaultPaging() { }); var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/keypairs") .then() .log().ifValidationFails() diff --git a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ManagementApiEndToEndTest.java b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ManagementApiEndToEndTest.java index bec5feaf2..ca9ba780d 100644 --- a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ManagementApiEndToEndTest.java +++ b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ManagementApiEndToEndTest.java @@ -19,6 +19,7 @@ import org.eclipse.edc.identithub.did.spi.DidDocumentService; import org.eclipse.edc.identityhub.participantcontext.ApiTokenGenerator; import org.eclipse.edc.identityhub.spi.ParticipantContextService; +import org.eclipse.edc.identityhub.spi.authentication.ServicePrincipal; import org.eclipse.edc.identityhub.spi.model.KeyPairResource; import org.eclipse.edc.identityhub.spi.model.participant.KeyDescriptor; import org.eclipse.edc.identityhub.spi.model.participant.ParticipantContext; @@ -34,6 +35,7 @@ import org.junit.jupiter.api.extension.RegisterExtension; import java.util.Collection; +import java.util.List; import java.util.Map; /** @@ -48,9 +50,23 @@ public abstract class ManagementApiEndToEndTest { @RegisterExtension protected static final EdcRuntimeExtension RUNTIME = new EdcRuntimeExtension(":launcher", "identity-hub", RUNTIME_CONFIGURATION.controlPlaneConfiguration()); - protected String getSuperUserApiKey() { - var vault = RUNTIME.getContext().getService(Vault.class); - return vault.resolveSecret("super-user-apikey"); + protected static ParticipantManifest createNewParticipant() { + var manifest = ParticipantManifest.Builder.newInstance() + .participantId("another-participant") + .active(false) + .did("did:web:another:participant") + .serviceEndpoint(new Service("test-service", "test-service-type", "https://test.com")) + .key(KeyDescriptor.Builder.newInstance() + .privateKeyAlias("another-alias") + .keyGeneratorParams(Map.of("algorithm", "EdDSA", "curve", "Ed25519")) + .keyId("another-keyid") + .build()) + .build(); + return manifest; + } + + protected String createSuperUser() { + return createParticipant("super-user", List.of(ServicePrincipal.ROLE_ADMIN)); } protected String storeParticipant(ParticipantContext pc) { @@ -64,19 +80,7 @@ protected String storeParticipant(ParticipantContext pc) { } protected String createParticipant(String participantId) { - var manifest = ParticipantManifest.Builder.newInstance() - .participantId(participantId) - .active(true) - .serviceEndpoint(new Service("test-service-id", "test-type", "http://foo.bar.com")) - .did("did:web:" + participantId) - .key(KeyDescriptor.Builder.newInstance() - .privateKeyAlias(participantId + "-alias") - .keyId(participantId + "-key") - .keyGeneratorParams(Map.of("algorithm", "EC", "curve", "secp256r1")) - .build()) - .build(); - var srv = RUNTIME.getContext().getService(ParticipantContextService.class); - return srv.createParticipantContext(manifest).orElseThrow(f -> new EdcException(f.getFailureDetail())); + return createParticipant(participantId, List.of()); } protected String createTokenFor(String userId) { @@ -105,18 +109,20 @@ protected ParticipantContext getParticipant(String participantId) { .orElseThrow(f -> new EdcException(f.getFailureDetail())); } - protected static ParticipantManifest createNewParticipant() { + private String createParticipant(String participantId, List roles) { var manifest = ParticipantManifest.Builder.newInstance() - .participantId("another-participant") - .active(false) - .did("did:web:another:participant") - .serviceEndpoint(new Service("test-service", "test-service-type", "https://test.com")) + .participantId(participantId) + .active(true) + .roles(roles) + .serviceEndpoint(new Service("test-service-id", "test-type", "http://foo.bar.com")) + .did("did:web:" + participantId) .key(KeyDescriptor.Builder.newInstance() - .privateKeyAlias("another-alias") - .keyGeneratorParams(Map.of("algorithm", "EdDSA", "curve", "Ed25519")) - .keyId("another-keyid") + .privateKeyAlias(participantId + "-alias") + .keyId(participantId + "-key") + .keyGeneratorParams(Map.of("algorithm", "EC", "curve", "secp256r1")) .build()) .build(); - return manifest; + var srv = RUNTIME.getContext().getService(ParticipantContextService.class); + return srv.createParticipantContext(manifest).orElseThrow(f -> new EdcException(f.getFailureDetail())); } } diff --git a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ParticipantContextApiEndToEndTest.java b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ParticipantContextApiEndToEndTest.java index 9a2d010f2..464956ed5 100644 --- a/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ParticipantContextApiEndToEndTest.java +++ b/e2e-tests/api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ParticipantContextApiEndToEndTest.java @@ -50,7 +50,7 @@ public class ParticipantContextApiEndToEndTest extends ManagementApiEndToEndTest @Test void getUserById() { - var apikey = getSuperUserApiKey(); + var apikey = createSuperUser(); var su = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .header(new Header("x-api-key", apikey)) @@ -93,7 +93,7 @@ void getUserById_notOwner_expect403() { void createNewUser_principalIsSuperser() { var subscriber = mock(EventSubscriber.class); getService(EventRouter.class).registerSync(ParticipantContextCreated.class, subscriber); - var apikey = getSuperUserApiKey(); + var apikey = createSuperUser(); var manifest = createNewParticipant(); @@ -166,6 +166,7 @@ void createNewUser_principalIsKnown_expect401() { @Test void activateParticipant_principalIsSuperser() { + var superUserKey = createSuperUser(); var subscriber = mock(EventSubscriber.class); getService(EventRouter.class).registerSync(ParticipantContextUpdated.class, subscriber); @@ -179,7 +180,7 @@ void activateParticipant_principalIsSuperser() { storeParticipant(anotherUser); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .contentType(ContentType.JSON) .post("/v1/participants/%s/state?isActive=true".formatted(toBase64(participantId))) .then() @@ -198,13 +199,14 @@ void activateParticipant_principalIsSuperser() { @Test void deleteParticipant() { + var superUserKey = createSuperUser(); var participantId = "another-user"; createParticipant(participantId); assertThat(getDidForParticipant(participantId)).hasSize(1); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .contentType(ContentType.JSON) .delete("/v1/participants/%s".formatted(toBase64(participantId))) .then() @@ -216,10 +218,11 @@ void deleteParticipant() { @Test void regenerateToken() { + var superUserKey = createSuperUser(); var participantId = "another-user"; var userToken = createParticipant(participantId); - assertThat(Arrays.asList(userToken, getSuperUserApiKey())) + assertThat(Arrays.asList(userToken, superUserKey)) .allSatisfy(t -> RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .header(new Header("x-api-key", t)) .contentType(ContentType.JSON) @@ -232,11 +235,12 @@ void regenerateToken() { @Test void updateRoles() { + var superUserKey = createSuperUser(); var participantId = "some-user"; createParticipant(participantId); RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .contentType(ContentType.JSON) .body(List.of("role1", "role2", "admin")) .put("/v1/participants/%s/roles".formatted(toBase64(participantId))) @@ -248,7 +252,7 @@ void updateRoles() { } @ParameterizedTest(name = "Expect 403, role = {0}") - @ValueSource(strings = {"some-role", "admin"}) + @ValueSource(strings = { "some-role", "admin" }) void updateRoles_whenNotSuperuser(String role) { var participantId = "some-user"; var userToken = createParticipant(participantId); @@ -265,6 +269,7 @@ void updateRoles_whenNotSuperuser(String role) { @Test void getAll() { + var superUserKey = createSuperUser(); range(0, 10) .forEach(i -> { var participantId = "user" + i; @@ -272,7 +277,7 @@ void getAll() { }); var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/participants") .then() .log().ifValidationFails() @@ -283,6 +288,7 @@ void getAll() { @Test void getAll_withPaging() { + var superUserKey = createSuperUser(); range(0, 10) .forEach(i -> { var participantId = "user" + i; @@ -290,7 +296,7 @@ void getAll_withPaging() { }); var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/participants?offset=2&limit=4") .then() .log().ifValidationFails() @@ -301,6 +307,7 @@ void getAll_withPaging() { @Test void getAll_withDefaultPaging() { + var superUserKey = createSuperUser(); IntStream.range(0, 70) .forEach(i -> { var participantId = "user" + i; @@ -308,7 +315,7 @@ void getAll_withDefaultPaging() { }); var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest() .contentType(JSON) - .header(new Header("x-api-key", getSuperUserApiKey())) + .header(new Header("x-api-key", superUserKey)) .get("/v1/participants") .then() .log().ifValidationFails()