From 1fd60f86ca3a8c9a39cefb38e11e2fcc83119831 Mon Sep 17 00:00:00 2001 From: AlexisSouquiere Date: Tue, 10 Jan 2023 12:46:02 +0100 Subject: [PATCH] Added /acls endpoint to get all the ACLs (#231) * Adding /acls endpoint to get all the ACLs * Adding unit tests Co-authored-by: Alexis Souquiere --- .../AccessControlListController.java | 2 +- ...essControlListNonNamespacedController.java | 34 +++++++++++++ .../services/AccessControlEntryService.java | 8 ++++ .../AccessControlListControllerTest.java | 1 + ...ontrolListNonNamespacedControllerTest.java | 48 +++++++++++++++++++ .../AccessControlEntryServiceTest.java | 18 +++++++ 6 files changed, 110 insertions(+), 1 deletion(-) rename src/main/java/com/michelin/ns4kafka/controllers/{ => acl}/AccessControlListController.java (99%) create mode 100644 src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListNonNamespacedController.java create mode 100644 src/test/java/com/michelin/ns4kafka/controllers/AccessControlListNonNamespacedControllerTest.java diff --git a/src/main/java/com/michelin/ns4kafka/controllers/AccessControlListController.java b/src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListController.java similarity index 99% rename from src/main/java/com/michelin/ns4kafka/controllers/AccessControlListController.java rename to src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListController.java index 826186a6..01c3e625 100644 --- a/src/main/java/com/michelin/ns4kafka/controllers/AccessControlListController.java +++ b/src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListController.java @@ -1,4 +1,4 @@ -package com.michelin.ns4kafka.controllers; +package com.michelin.ns4kafka.controllers.acl; import com.michelin.ns4kafka.controllers.generic.NamespacedResourceController; import com.michelin.ns4kafka.models.AccessControlEntry; diff --git a/src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListNonNamespacedController.java b/src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListNonNamespacedController.java new file mode 100644 index 00000000..7872ec16 --- /dev/null +++ b/src/main/java/com/michelin/ns4kafka/controllers/acl/AccessControlListNonNamespacedController.java @@ -0,0 +1,34 @@ +package com.michelin.ns4kafka.controllers.acl; + +import com.michelin.ns4kafka.controllers.generic.NonNamespacedResourceController; +import com.michelin.ns4kafka.models.AccessControlEntry; +import com.michelin.ns4kafka.security.ResourceBasedSecurityRule; +import com.michelin.ns4kafka.services.AccessControlEntryService; +import io.micronaut.http.annotation.Controller; +import io.micronaut.http.annotation.Get; +import io.swagger.v3.oas.annotations.tags.Tag; + +import javax.annotation.security.RolesAllowed; +import javax.inject.Inject; +import java.util.List; + +@Tag(name = "ACLs resource") +@Controller("/api/acls") +@RolesAllowed(ResourceBasedSecurityRule.IS_ADMIN) +public class AccessControlListNonNamespacedController extends NonNamespacedResourceController { + + /** + * The ACL service + */ + @Inject + AccessControlEntryService accessControlEntryService; + + /** + * Get all the ACLs of all namespaces + * @return A list of ACLs + */ + @Get + public List listAll() { + return accessControlEntryService.findAll(); + } +} \ No newline at end of file diff --git a/src/main/java/com/michelin/ns4kafka/services/AccessControlEntryService.java b/src/main/java/com/michelin/ns4kafka/services/AccessControlEntryService.java index ae56d702..d1277162 100644 --- a/src/main/java/com/michelin/ns4kafka/services/AccessControlEntryService.java +++ b/src/main/java/com/michelin/ns4kafka/services/AccessControlEntryService.java @@ -271,6 +271,14 @@ public List findAllForCluster(String cluster) { .collect(Collectors.toList()); } + /** + * Find all the ACLs on all clusters + * @return A list of ACLs + */ + public List findAll() { + return new ArrayList<>(accessControlEntryRepository.findAll()); + } + /** * Does given namespace is owner of the given resource ? * diff --git a/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListControllerTest.java b/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListControllerTest.java index a11681a4..432e326e 100644 --- a/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListControllerTest.java @@ -1,5 +1,6 @@ package com.michelin.ns4kafka.controllers; +import com.michelin.ns4kafka.controllers.acl.AccessControlListController; import com.michelin.ns4kafka.models.AccessControlEntry; import com.michelin.ns4kafka.models.Namespace; import com.michelin.ns4kafka.models.ObjectMeta; diff --git a/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListNonNamespacedControllerTest.java b/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListNonNamespacedControllerTest.java new file mode 100644 index 00000000..16b0bfd0 --- /dev/null +++ b/src/test/java/com/michelin/ns4kafka/controllers/AccessControlListNonNamespacedControllerTest.java @@ -0,0 +1,48 @@ +package com.michelin.ns4kafka.controllers; + +import com.michelin.ns4kafka.controllers.acl.AccessControlListNonNamespacedController; +import com.michelin.ns4kafka.models.AccessControlEntry; +import com.michelin.ns4kafka.models.Namespace; +import com.michelin.ns4kafka.models.ObjectMeta; +import com.michelin.ns4kafka.services.AccessControlEntryService; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; + +import java.util.List; + +import static org.mockito.Mockito.when; + +@ExtendWith(MockitoExtension.class) +class AccessControlListNonNamespacedControllerTest { + /** + * The mocked ACL service + */ + @Mock + AccessControlEntryService accessControlEntryService; + + /** + * The mocked ACL controller + */ + @InjectMocks + AccessControlListNonNamespacedController accessControlListNonNamespacedController; + + @Test + void listAll() { + AccessControlEntry ace1 = AccessControlEntry.builder() + .metadata(ObjectMeta.builder().namespace("namespace1").build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder().grantedTo("namespace1").build()).build(); + AccessControlEntry ace2 = AccessControlEntry.builder() + .metadata(ObjectMeta.builder().namespace("namespace2").build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder().grantedTo("namespace2").build()).build(); + + when(accessControlEntryService.findAll()).thenReturn(List.of(ace1, ace2)); + + List actual = accessControlListNonNamespacedController.listAll(); + Assertions.assertEquals(2, actual.size()); + Assertions.assertEquals(List.of(ace1, ace2), actual); + } +} diff --git a/src/test/java/com/michelin/ns4kafka/services/AccessControlEntryServiceTest.java b/src/test/java/com/michelin/ns4kafka/services/AccessControlEntryServiceTest.java index 2584b403..eb8ee3f3 100644 --- a/src/test/java/com/michelin/ns4kafka/services/AccessControlEntryServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/services/AccessControlEntryServiceTest.java @@ -806,6 +806,24 @@ void findAllForNamespace() { Assertions.assertEquals(2, actual.size()); } + @Test + void findAll() { + AccessControlEntry ace1 = AccessControlEntry.builder() + .metadata(ObjectMeta.builder().namespace("namespace1").build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder().grantedTo("namespace1").build()).build(); + AccessControlEntry ace2 = AccessControlEntry.builder() + .metadata(ObjectMeta.builder().namespace("namespace2").build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder().grantedTo("namespace2").build()).build(); + AccessControlEntry ace3 = AccessControlEntry.builder() + .metadata(ObjectMeta.builder().namespace("namespace3").build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder().grantedTo("namespace3").build()).build(); + + Mockito.when(accessControlEntryRepository.findAll()) + .thenReturn(List.of(ace1, ace2, ace3)); + List actual = accessControlEntryService.findAll(); + Assertions.assertEquals(3, actual.size()); + } + @Test void isNamespaceOwnerOfResource() { AccessControlEntry ace1 = AccessControlEntry.builder()