From e75e95f814e61d9c632b65de9b1ea84e72c39132 Mon Sep 17 00:00:00 2001 From: Thomas CAI <92149044+ThomasCAI-mlv@users.noreply.github.com> Date: Fri, 9 Aug 2024 15:45:53 +0200 Subject: [PATCH] Handle wildcard parameter in ACL list API (#425) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Loïc Greffier --- .../controller/acl/AclController.java | 39 +-- .../ns4kafka/repository/kafka/KafkaStore.java | 2 +- .../michelin/ns4kafka/service/AclService.java | 90 +++++- .../service/ConnectClusterService.java | 6 +- .../ns4kafka/service/ConnectorService.java | 7 +- .../ns4kafka/service/NamespaceService.java | 4 +- .../service/ResourceQuotaService.java | 4 +- .../ns4kafka/service/RoleBindingService.java | 4 +- .../ns4kafka/service/SchemaService.java | 7 +- .../ns4kafka/service/StreamService.java | 4 +- .../ns4kafka/service/TopicService.java | 6 +- .../michelin/ns4kafka/util/RegexUtils.java | 10 +- .../controller/AclControllerTest.java | 123 ++++--- .../AkhqClaimProviderControllerTest.java | 37 ++- .../AkhqClaimProviderControllerV3Test.java | 305 ++++++++++++------ .../ConnectClusterControllerTest.java | 3 - ...ectClusterNonNamespacedControllerTest.java | 3 - .../ConsumerGroupControllerTest.java | 2 +- ...ourceQuotaNonNamespacedControllerTest.java | 10 +- .../integration/AclIntegrationTest.java | 11 +- .../ApiResourcesIntegrationTest.java | 3 - .../integration/ConnectIntegrationTest.java | 2 +- .../ExceptionHandlerIntegrationTest.java | 5 +- .../integration/NamespaceIntegrationTest.java | 5 +- .../integration/SchemaIntegrationTest.java | 2 +- .../integration/StreamIntegrationTest.java | 10 +- .../integration/TopicIntegrationTest.java | 30 +- .../integration/UserIntegrationTest.java | 10 +- .../model/AccessControlEntryTest.java | 5 +- .../ns4kafka/model/ConnectValidatorTest.java | 6 +- .../ns4kafka/model/ConnectorTest.java | 14 +- .../michelin/ns4kafka/model/MetadataTest.java | 8 +- .../ns4kafka/model/NamespaceTest.java | 2 +- .../ns4kafka/model/ResourceValidatorTest.java | 18 +- .../ns4kafka/model/RoleBindingTest.java | 33 +- .../michelin/ns4kafka/model/SchemaTest.java | 4 +- .../michelin/ns4kafka/model/StreamTest.java | 14 +- .../michelin/ns4kafka/model/TopicTest.java | 26 +- .../ns4kafka/model/TopicValidatorTest.java | 75 +++-- .../security/auth/AuthenticationInfoTest.java | 5 +- .../auth/AuthenticationServiceTest.java | 17 +- .../GitlabAuthenticationProviderTest.java | 2 + .../ldap/LdapAuthenticationMapperTest.java | 4 +- .../LocalUserAuthenticationProviderTest.java | 1 + .../ns4kafka/service/AclServiceTest.java | 264 ++++++++++++++- .../service/ConnectClusterServiceTest.java | 71 ++-- .../service/ConnectorServiceTest.java | 54 ++-- .../service/ConsumerGroupServiceTest.java | 5 +- .../ns4kafka/service/SchemaServiceTest.java | 14 +- .../ns4kafka/service/TopicServiceTest.java | 36 +-- .../ns4kafka/util/BytesUtilsTest.java | 7 +- .../ns4kafka/util/EncryptionUtilsTest.java | 16 +- .../ns4kafka/util/RegexUtilsTest.java | 186 +++++------ 53 files changed, 1074 insertions(+), 557 deletions(-) diff --git a/src/main/java/com/michelin/ns4kafka/controller/acl/AclController.java b/src/main/java/com/michelin/ns4kafka/controller/acl/AclController.java index a9c0bcc6..7e92a8ef 100644 --- a/src/main/java/com/michelin/ns4kafka/controller/acl/AclController.java +++ b/src/main/java/com/michelin/ns4kafka/controller/acl/AclController.java @@ -1,6 +1,5 @@ package com.michelin.ns4kafka.controller.acl; -import static com.michelin.ns4kafka.service.AclService.PUBLIC_GRANTED_TO; import static com.michelin.ns4kafka.util.FormatErrorUtils.invalidAclDeleteOnlyAdmin; import static com.michelin.ns4kafka.util.FormatErrorUtils.invalidImmutableField; import static com.michelin.ns4kafka.util.FormatErrorUtils.invalidNotFound; @@ -49,32 +48,24 @@ public class AclController extends NamespacedResourceController { * @return A list of ACLs */ @Get("{?limit}") - public List list(String namespace, Optional limit) { - if (limit.isEmpty()) { - limit = Optional.of(AclLimit.ALL); - } - + public List list(String namespace, + Optional limit, + @QueryValue(defaultValue = "*") String name) { Namespace ns = getNamespace(namespace); - return switch (limit.get()) { - case GRANTEE -> aclService.findAllGrantedToNamespace(ns) + return switch (limit.orElse(AclLimit.ALL)) { + case GRANTEE -> aclService.findAllGrantedToNamespaceByWildcardName(ns, name) .stream() - .sorted(Comparator.comparing(o -> o.getMetadata().getNamespace())) + .sorted(Comparator.comparing((AccessControlEntry acl) -> acl.getMetadata().getNamespace())) .toList(); - case GRANTOR -> aclService.findAllForCluster(ns.getMetadata().getCluster()) + case GRANTOR -> aclService.findAllGrantedByNamespaceByWildcardName(ns, name) .stream() - // granted by me - .filter(accessControlEntry -> accessControlEntry.getMetadata().getNamespace().equals(namespace)) - // without the granted to me - .filter(accessControlEntry -> !accessControlEntry.getSpec().getGrantedTo().equals(namespace)) - .sorted(Comparator.comparing(o -> o.getSpec().getGrantedTo())) + .sorted(Comparator.comparing(acl -> acl.getSpec().getGrantedTo())) .toList(); - default -> aclService.findAllForCluster(ns.getMetadata().getCluster()) + default -> aclService.findAllRelatedToNamespaceByWildcardName(ns, name) .stream() - .filter(accessControlEntry -> - accessControlEntry.getMetadata().getNamespace().equals(namespace) - || accessControlEntry.getSpec().getGrantedTo().equals(namespace) - || accessControlEntry.getSpec().getGrantedTo().equals(PUBLIC_GRANTED_TO)) - .sorted(Comparator.comparing(o -> o.getMetadata().getNamespace())) + .sorted(Comparator + .comparing((AccessControlEntry acl) -> acl.getMetadata().getNamespace()) + .thenComparing(acl -> acl.getSpec().getGrantedTo())) .toList(); }; } @@ -83,12 +74,14 @@ public List list(String namespace, Optional limit) * Get an ACL by namespace and name. * * @param namespace The name - * @param acl The ACL name + * @param acl The ACL name * @return The ACL + * @deprecated use list(String, Optional ALL, String name) instead. */ @Get("/{acl}") + @Deprecated(since = "1.12.0") public Optional get(String namespace, String acl) { - return list(namespace, Optional.of(AclLimit.ALL)) + return aclService.findAllRelatedToNamespace(getNamespace(namespace)) .stream() .filter(accessControlEntry -> accessControlEntry.getMetadata().getName().equals(acl)) .findFirst(); diff --git a/src/main/java/com/michelin/ns4kafka/repository/kafka/KafkaStore.java b/src/main/java/com/michelin/ns4kafka/repository/kafka/KafkaStore.java index fb176a94..07ebeca7 100644 --- a/src/main/java/com/michelin/ns4kafka/repository/kafka/KafkaStore.java +++ b/src/main/java/com/michelin/ns4kafka/repository/kafka/KafkaStore.java @@ -141,7 +141,7 @@ private void verifyInternalTopic() "The topic " + kafkaTopic + " should have only 1 partition but has " + numPartitions + "."); } - if (description.partitions().get(0).replicas().size() < kafkaStoreProperties.getReplicationFactor() + if (description.partitions().getFirst().replicas().size() < kafkaStoreProperties.getReplicationFactor() && log.isWarnEnabled()) { log.warn("The replication factor of the topic " + kafkaTopic + " is less than the desired one of " + kafkaStoreProperties.getReplicationFactor() diff --git a/src/main/java/com/michelin/ns4kafka/service/AclService.java b/src/main/java/com/michelin/ns4kafka/service/AclService.java index 041ed55e..2d3cfe0b 100644 --- a/src/main/java/com/michelin/ns4kafka/service/AclService.java +++ b/src/main/java/com/michelin/ns4kafka/service/AclService.java @@ -12,6 +12,7 @@ import com.michelin.ns4kafka.model.Namespace; import com.michelin.ns4kafka.repository.AccessControlEntryRepository; import com.michelin.ns4kafka.service.executor.AccessControlEntryAsyncExecutor; +import com.michelin.ns4kafka.util.RegexUtils; import io.micronaut.context.ApplicationContext; import io.micronaut.inject.qualifiers.Qualifiers; import jakarta.inject.Inject; @@ -247,7 +248,7 @@ public void delete(AccessControlEntry accessControlEntry) { } /** - * Find all ACLs granted to given namespace. + * Find all ACLs granted to a given namespace. * Will also return public granted ACLs. * * @param namespace The namespace @@ -256,9 +257,83 @@ public void delete(AccessControlEntry accessControlEntry) { public List findAllGrantedToNamespace(Namespace namespace) { return accessControlEntryRepository.findAll() .stream() - .filter(accessControlEntry -> - accessControlEntry.getSpec().getGrantedTo().equals(namespace.getMetadata().getName()) - || accessControlEntry.getSpec().getGrantedTo().equals(PUBLIC_GRANTED_TO)) + .filter(acl -> acl.getSpec().getGrantedTo().equals(namespace.getMetadata().getName()) + || acl.getSpec().getGrantedTo().equals(PUBLIC_GRANTED_TO)) + .toList(); + } + + /** + * Find all ACLs that a given namespace granted to other namespaces. + * + * @param namespace The namespace + * @return A list of ACLs + */ + public List findAllGrantedByNamespace(Namespace namespace) { + return accessControlEntryRepository.findAll() + .stream() + .filter(acl -> acl.getMetadata().getNamespace().equals(namespace.getMetadata().getName())) + .filter(acl -> !acl.getSpec().getGrantedTo().equals(namespace.getMetadata().getName())) + .toList(); + } + + /** + * Find all ACLs where the given namespace is either the grantor or the grantee, or the ACL is public. + * + * @param namespace The namespace + * @return A list of ACLs + */ + public List findAllRelatedToNamespace(Namespace namespace) { + return accessControlEntryRepository.findAll() + .stream() + .filter(acl -> acl.getMetadata().getNamespace().equals(namespace.getMetadata().getName()) + || acl.getSpec().getGrantedTo().equals(namespace.getMetadata().getName()) + || acl.getSpec().getGrantedTo().equals(PUBLIC_GRANTED_TO)) + .toList(); + } + + /** + * Find all ACLs granted to given namespace, filtered by name parameter. + * Will also return public granted ACLs. + * + * @param namespace The namespace + * @param name The name parameter + * @return A list of ACLs + */ + public List findAllGrantedToNamespaceByWildcardName(Namespace namespace, String name) { + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); + return findAllGrantedToNamespace(namespace) + .stream() + .filter(acl -> RegexUtils.isResourceCoveredByRegex(acl.getMetadata().getName(), nameFilterPatterns)) + .toList(); + } + + /** + * Find all ACLs that a given namespace granted to other namespaces, filtered by name parameter. + * + * @param namespace The namespace + * @param name The name parameter + * @return A list of ACLs + */ + public List findAllGrantedByNamespaceByWildcardName(Namespace namespace, String name) { + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); + return findAllGrantedByNamespace(namespace) + .stream() + .filter(acl -> RegexUtils.isResourceCoveredByRegex(acl.getMetadata().getName(), nameFilterPatterns)) + .toList(); + } + + /** + * Find all ACLs that a given namespace granted to other namespaces, filtered by name parameter. + * + * @param namespace The namespace + * @param name The name parameter + * @return A list of ACLs + */ + public List findAllRelatedToNamespaceByWildcardName(Namespace namespace, String name) { + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); + return findAllRelatedToNamespace(namespace) + .stream() + .filter(acl -> RegexUtils.isResourceCoveredByRegex(acl.getMetadata().getName(), nameFilterPatterns)) .toList(); } @@ -312,7 +387,8 @@ public List findAllForNamespace(Namespace namespace) { * @return A list of ACLs */ public List findAllForCluster(String cluster) { - return accessControlEntryRepository.findAll().stream() + return accessControlEntryRepository.findAll() + .stream() .filter(accessControlEntry -> accessControlEntry.getMetadata().getCluster().equals(cluster)) .toList(); } @@ -360,13 +436,13 @@ public Optional findByName(String namespace, String name) { } /** - * Check if there is any ACL concerning the given resource. + * Check if the given resource is covered by any given ACLs. * * @param acls The OWNER ACL list on resource * @param resourceName The resource name to check ACL against * @return true if there is any OWNER ACL concerning the given resource, false otherwise */ - public boolean isAnyAclOfResource(List acls, String resourceName) { + public boolean isResourceCoveredByAcls(List acls, String resourceName) { return acls .stream() .anyMatch(acl -> switch (acl.getSpec().getResourcePatternType()) { diff --git a/src/main/java/com/michelin/ns4kafka/service/ConnectClusterService.java b/src/main/java/com/michelin/ns4kafka/service/ConnectClusterService.java index 1f5fd90e..afbb935e 100644 --- a/src/main/java/com/michelin/ns4kafka/service/ConnectClusterService.java +++ b/src/main/java/com/michelin/ns4kafka/service/ConnectClusterService.java @@ -133,7 +133,7 @@ public List findAllForNamespaceByPermissions(Namespace namespace return connectClusterRepository.findAllForCluster(namespace.getMetadata().getCluster()) .stream() - .filter(connectCluster -> aclService.isAnyAclOfResource(acls, connectCluster.getMetadata().getName())) + .filter(connectCluster -> aclService.isResourceCoveredByAcls(acls, connectCluster.getMetadata().getName())) .toList(); } @@ -157,10 +157,10 @@ public List findAllForNamespaceWithOwnerPermission(Namespace nam * @return The list of owned Connect cluster */ public List findByWildcardNameWithOwnerPermission(Namespace namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAllForNamespaceWithOwnerPermission(namespace) .stream() - .filter(cc -> RegexUtils.filterByPattern(cc.getMetadata().getName(), nameFilterPatterns)) + .filter(cc -> RegexUtils.isResourceCoveredByRegex(cc.getMetadata().getName(), nameFilterPatterns)) .map(this::buildConnectClusterWithDecryptedInformation) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/service/ConnectorService.java b/src/main/java/com/michelin/ns4kafka/service/ConnectorService.java index 04acc1d7..cb307201 100644 --- a/src/main/java/com/michelin/ns4kafka/service/ConnectorService.java +++ b/src/main/java/com/michelin/ns4kafka/service/ConnectorService.java @@ -62,7 +62,7 @@ public List findAllForNamespace(Namespace namespace) { .findResourceOwnerGrantedToNamespace(namespace, AccessControlEntry.ResourceType.CONNECT); return connectorRepository.findAllForCluster(namespace.getMetadata().getCluster()) .stream() - .filter(connector -> aclService.isAnyAclOfResource(acls, connector.getMetadata().getName())) + .filter(connector -> aclService.isResourceCoveredByAcls(acls, connector.getMetadata().getName())) .toList(); } @@ -74,10 +74,11 @@ public List findAllForNamespace(Namespace namespace) { * @return A list of connectors */ public List findByWildcardName(Namespace namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAllForNamespace(namespace) .stream() - .filter(connector -> RegexUtils.filterByPattern(connector.getMetadata().getName(), nameFilterPatterns)) + .filter(connector -> RegexUtils + .isResourceCoveredByRegex(connector.getMetadata().getName(), nameFilterPatterns)) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/service/NamespaceService.java b/src/main/java/com/michelin/ns4kafka/service/NamespaceService.java index 2c475590..e5e491a2 100644 --- a/src/main/java/com/michelin/ns4kafka/service/NamespaceService.java +++ b/src/main/java/com/michelin/ns4kafka/service/NamespaceService.java @@ -73,10 +73,10 @@ public List findAll() { * @return The list of namespaces */ public List findByWildcardName(String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAll() .stream() - .filter(ns -> RegexUtils.filterByPattern(ns.getMetadata().getName(), nameFilterPatterns)) + .filter(ns -> RegexUtils.isResourceCoveredByRegex(ns.getMetadata().getName(), nameFilterPatterns)) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/service/ResourceQuotaService.java b/src/main/java/com/michelin/ns4kafka/service/ResourceQuotaService.java index cb339b99..4b3b55f3 100644 --- a/src/main/java/com/michelin/ns4kafka/service/ResourceQuotaService.java +++ b/src/main/java/com/michelin/ns4kafka/service/ResourceQuotaService.java @@ -72,10 +72,10 @@ public Optional findForNamespace(String namespace) { * @return The researched resource quota */ public List findByWildcardName(String namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findForNamespace(namespace) .stream() - .filter(quota -> RegexUtils.filterByPattern(quota.getMetadata().getName(), nameFilterPatterns)) + .filter(quota -> RegexUtils.isResourceCoveredByRegex(quota.getMetadata().getName(), nameFilterPatterns)) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/service/RoleBindingService.java b/src/main/java/com/michelin/ns4kafka/service/RoleBindingService.java index 7e3423fe..1000ddcd 100644 --- a/src/main/java/com/michelin/ns4kafka/service/RoleBindingService.java +++ b/src/main/java/com/michelin/ns4kafka/service/RoleBindingService.java @@ -35,10 +35,10 @@ public List findAllForNamespace(String namespace) { * @return The list of associated role bindings */ public List findByWildcardName(String namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAllForNamespace(namespace) .stream() - .filter(rb -> RegexUtils.filterByPattern(rb.getMetadata().getName(), nameFilterPatterns)) + .filter(rb -> RegexUtils.isResourceCoveredByRegex(rb.getMetadata().getName(), nameFilterPatterns)) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/service/SchemaService.java b/src/main/java/com/michelin/ns4kafka/service/SchemaService.java index 0578426e..b6c716bb 100644 --- a/src/main/java/com/michelin/ns4kafka/service/SchemaService.java +++ b/src/main/java/com/michelin/ns4kafka/service/SchemaService.java @@ -55,7 +55,7 @@ public Flux findAllForNamespace(Namespace namespace) { .getSubjects(namespace.getMetadata().getCluster()) .filter(subject -> { String underlyingTopicName = subject.replaceAll("-(key|value)$", ""); - return aclService.isAnyAclOfResource(acls, underlyingTopicName); + return aclService.isResourceCoveredByAcls(acls, underlyingTopicName); }) .map(subject -> SchemaList.builder() .metadata(Metadata.builder() @@ -74,9 +74,10 @@ public Flux findAllForNamespace(Namespace namespace) { * @return A list of schemas */ public Flux findByWildcardName(Namespace namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAllForNamespace(namespace) - .filter(schemaList -> RegexUtils.filterByPattern(schemaList.getMetadata().getName(), nameFilterPatterns)); + .filter(schemaList -> RegexUtils + .isResourceCoveredByRegex(schemaList.getMetadata().getName(), nameFilterPatterns)); } /** diff --git a/src/main/java/com/michelin/ns4kafka/service/StreamService.java b/src/main/java/com/michelin/ns4kafka/service/StreamService.java index 775c14fd..f8f8ced8 100644 --- a/src/main/java/com/michelin/ns4kafka/service/StreamService.java +++ b/src/main/java/com/michelin/ns4kafka/service/StreamService.java @@ -48,10 +48,10 @@ public List findAllForNamespace(Namespace namespace) { * @return A list of Kafka Streams */ public List findByWildcardName(Namespace namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAllForNamespace(namespace) .stream() - .filter(stream -> RegexUtils.filterByPattern(stream.getMetadata().getName(), nameFilterPatterns)) + .filter(stream -> RegexUtils.isResourceCoveredByRegex(stream.getMetadata().getName(), nameFilterPatterns)) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/service/TopicService.java b/src/main/java/com/michelin/ns4kafka/service/TopicService.java index 751a9e42..7a4837e5 100644 --- a/src/main/java/com/michelin/ns4kafka/service/TopicService.java +++ b/src/main/java/com/michelin/ns4kafka/service/TopicService.java @@ -68,7 +68,7 @@ public List findAllForNamespace(Namespace namespace) { .findResourceOwnerGrantedToNamespace(namespace, AccessControlEntry.ResourceType.TOPIC); return topicRepository.findAllForCluster(namespace.getMetadata().getCluster()) .stream() - .filter(topic -> aclService.isAnyAclOfResource(acls, topic.getMetadata().getName())) + .filter(topic -> aclService.isResourceCoveredByAcls(acls, topic.getMetadata().getName())) .toList(); } @@ -80,10 +80,10 @@ public List findAllForNamespace(Namespace namespace) { * @return A list of topics */ public List findByWildcardName(Namespace namespace, String name) { - List nameFilterPatterns = RegexUtils.wildcardStringsToRegexPatterns(List.of(name)); + List nameFilterPatterns = RegexUtils.convertWildcardStringsToRegex(List.of(name)); return findAllForNamespace(namespace) .stream() - .filter(topic -> RegexUtils.filterByPattern(topic.getMetadata().getName(), nameFilterPatterns)) + .filter(topic -> RegexUtils.isResourceCoveredByRegex(topic.getMetadata().getName(), nameFilterPatterns)) .toList(); } diff --git a/src/main/java/com/michelin/ns4kafka/util/RegexUtils.java b/src/main/java/com/michelin/ns4kafka/util/RegexUtils.java index 6938c324..7afdb3ea 100644 --- a/src/main/java/com/michelin/ns4kafka/util/RegexUtils.java +++ b/src/main/java/com/michelin/ns4kafka/util/RegexUtils.java @@ -16,8 +16,9 @@ public class RegexUtils { * @param wildcardStrings The list of wildcard strings * @return A list of regex patterns */ - public static List wildcardStringsToRegexPatterns(List wildcardStrings) { - return wildcardStrings.stream() + public static List convertWildcardStringsToRegex(List wildcardStrings) { + return wildcardStrings + .stream() .map(wildcardString -> "^" + wildcardString .replace(".", "\\.") .replace("*", ".*") @@ -33,8 +34,9 @@ public static List wildcardStringsToRegexPatterns(List wildcardS * @param regexPatterns The regex patterns * @return true if any regex pattern matches the resourceName, false otherwise */ - public static boolean filterByPattern(String resourceName, List regexPatterns) { - return regexPatterns.stream() + public static boolean isResourceCoveredByRegex(String resourceName, List regexPatterns) { + return regexPatterns + .stream() .anyMatch(pattern -> Pattern.compile(pattern).matcher(resourceName).matches()); } } diff --git a/src/test/java/com/michelin/ns4kafka/controller/AclControllerTest.java b/src/test/java/com/michelin/ns4kafka/controller/AclControllerTest.java index 9aacd7bd..05787420 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/AclControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controller/AclControllerTest.java @@ -53,7 +53,7 @@ class AclControllerTest { AclController accessControlListController; @Test - void shouldListAcls() { + void shouldListAclsWithoutNameParameter() { Namespace namespace = Namespace.builder() .metadata(Metadata.builder() .name("test") @@ -103,20 +103,6 @@ void shouldListAcls() { .build()) .build(); - AccessControlEntry aceTopicPrefixedOwnerAdminToNamespaceOther = AccessControlEntry.builder() - .metadata(Metadata.builder() - .namespace("admin") - .cluster("local") - .build()) - .spec(AccessControlEntry.AccessControlEntrySpec.builder() - .resourceType(AccessControlEntry.ResourceType.TOPIC) - .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) - .permission(AccessControlEntry.Permission.OWNER) - .resource("other-prefix") - .grantedTo("namespace-other") - .build()) - .build(); - AccessControlEntry aceTopicPrefixedReadNamespaceOtherToTest = AccessControlEntry.builder() .metadata(Metadata.builder() .namespace("namespace-other") @@ -146,16 +132,18 @@ void shouldListAcls() { .build(); when(namespaceService.findByName("test")).thenReturn(Optional.of(namespace)); - when(aclService.findAllGrantedToNamespace(namespace)).thenReturn( - List.of(aceTopicPrefixedOwnerAdminToTest, aceConnectPrefixedOwnerAdminToTest, - aceTopicPrefixedReadNamespaceOtherToTest, aceTopicPrefixedReadAdminToAll)); - when(aclService.findAllForCluster("local")).thenReturn( + when(aclService.findAllGrantedToNamespaceByWildcardName(namespace, "*")).thenReturn( List.of(aceTopicPrefixedOwnerAdminToTest, aceConnectPrefixedOwnerAdminToTest, - aceTopicPrefixedReadTestToNamespaceOther, aceTopicPrefixedOwnerAdminToNamespaceOther, aceTopicPrefixedReadNamespaceOtherToTest, aceTopicPrefixedReadAdminToAll)); + when(aclService.findAllGrantedByNamespaceByWildcardName(namespace, "*")) + .thenReturn(List.of(aceTopicPrefixedReadTestToNamespaceOther)); + when(aclService.findAllRelatedToNamespaceByWildcardName(namespace, "*")).thenReturn( + List.of(aceTopicPrefixedReadTestToNamespaceOther, aceTopicPrefixedOwnerAdminToTest, + aceConnectPrefixedOwnerAdminToTest, aceTopicPrefixedReadNamespaceOtherToTest, + aceTopicPrefixedReadAdminToAll)); List actual = accessControlListController - .list("test", Optional.of(AclController.AclLimit.GRANTEE)); + .list("test", Optional.of(AclController.AclLimit.GRANTEE), "*"); assertEquals(4, actual.size()); assertTrue(actual.contains(aceTopicPrefixedOwnerAdminToTest)); @@ -163,11 +151,11 @@ void shouldListAcls() { assertTrue(actual.contains(aceTopicPrefixedReadNamespaceOtherToTest)); assertTrue(actual.contains(aceTopicPrefixedReadAdminToAll)); - actual = accessControlListController.list("test", Optional.of(AclController.AclLimit.GRANTOR)); + actual = accessControlListController.list("test", Optional.of(AclController.AclLimit.GRANTOR), "*"); assertEquals(1, actual.size()); assertTrue(actual.contains(aceTopicPrefixedReadTestToNamespaceOther)); - actual = accessControlListController.list("test", Optional.of(AclController.AclLimit.ALL)); + actual = accessControlListController.list("test", Optional.of(AclController.AclLimit.ALL), "*"); assertEquals(5, actual.size()); assertTrue(actual.contains(aceTopicPrefixedOwnerAdminToTest)); assertTrue(actual.contains(aceConnectPrefixedOwnerAdminToTest)); @@ -177,7 +165,7 @@ void shouldListAcls() { } @Test - void shouldGetAcl() { + void shouldListAclsWithNameParameter() { Namespace namespace = Namespace.builder() .metadata(Metadata.builder() .name("test") @@ -185,9 +173,9 @@ void shouldGetAcl() { .build()) .build(); - AccessControlEntry aceTopicPrefixedOwnerTestToTest = AccessControlEntry.builder() + AccessControlEntry ownerAcl = AccessControlEntry.builder() .metadata(Metadata.builder() - .name("ace1") + .name("ownerAcl") .namespace("test") .cluster("local") .build()) @@ -200,24 +188,24 @@ void shouldGetAcl() { .build()) .build(); - AccessControlEntry aceConnectPrefixedOwnerTestToTest = AccessControlEntry.builder() + AccessControlEntry aclGrantedByNamespace = AccessControlEntry.builder() .metadata(Metadata.builder() - .name("ace2") - .namespace("test") + .name("aclGrantedByNamespace") + .namespace("admin") .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() - .resourceType(AccessControlEntry.ResourceType.CONNECT) + .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) - .permission(AccessControlEntry.Permission.OWNER) + .permission(AccessControlEntry.Permission.WRITE) .resource("prefix") .grantedTo("test") .build()) .build(); - AccessControlEntry aceTopicPrefixedReadTestToNamespaceOther = AccessControlEntry.builder() + AccessControlEntry aclGrantedToNamespace = AccessControlEntry.builder() .metadata(Metadata.builder() - .name("ace3") + .name("aclGrantedToNamespace") .namespace("test") .cluster("local") .build()) @@ -226,21 +214,59 @@ void shouldGetAcl() { .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) .permission(AccessControlEntry.Permission.READ) .resource("prefix") - .grantedTo("namespace-other") + .grantedTo("admin") .build()) .build(); - AccessControlEntry aceTopicPrefixedOwnerAdminToNamespaceOther = AccessControlEntry.builder() + when(namespaceService.findByName("test")).thenReturn(Optional.of(namespace)); + when(aclService.findAllGrantedToNamespaceByWildcardName(namespace, "aclGrantedToNamespace")) + .thenReturn(List.of(aclGrantedToNamespace)); + when(aclService.findAllGrantedToNamespaceByWildcardName(namespace, "ownerAcl")) + .thenReturn(List.of()); + when(aclService.findAllGrantedByNamespaceByWildcardName(namespace, "aclGrantedByNamespace")) + .thenReturn(List.of(aclGrantedByNamespace)); + when(aclService.findAllGrantedToNamespaceByWildcardName(namespace, "ownerAcl")) + .thenReturn(List.of()); + when(aclService.findAllRelatedToNamespaceByWildcardName(namespace, "ownerAcl")) + .thenReturn(List.of(ownerAcl)); + + assertEquals(List.of(aclGrantedToNamespace), accessControlListController.list("test", + Optional.of(AclController.AclLimit.GRANTEE), "aclGrantedToNamespace")); + + assertEquals(List.of(), accessControlListController.list("test", + Optional.of(AclController.AclLimit.GRANTEE), "ownerAcl")); + + assertEquals(List.of(aclGrantedByNamespace), accessControlListController.list("test", + Optional.of(AclController.AclLimit.GRANTOR), "aclGrantedByNamespace")); + + assertEquals(List.of(), accessControlListController.list("test", + Optional.of(AclController.AclLimit.GRANTOR), "ownerAcl")); + + assertEquals(List.of(ownerAcl), accessControlListController.list("test", + Optional.of(AclController.AclLimit.ALL), "ownerAcl")); + } + + @Test + @SuppressWarnings("deprecation") + void shouldGetAcl() { + Namespace namespace = Namespace.builder() .metadata(Metadata.builder() - .name("ace4") - .namespace("admin") + .name("test") + .cluster("local") + .build()) + .build(); + + AccessControlEntry aceTopicPrefixedReadTestToNamespaceOther = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ace3") + .namespace("test") .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) - .permission(AccessControlEntry.Permission.OWNER) - .resource("other-prefix") + .permission(AccessControlEntry.Permission.READ) + .resource("prefix") .grantedTo("namespace-other") .build()) .build(); @@ -261,19 +287,14 @@ void shouldGetAcl() { .build(); when(namespaceService.findByName("test")).thenReturn(Optional.of(namespace)); - when(aclService.findAllForCluster("local")).thenReturn( - List.of(aceTopicPrefixedOwnerTestToTest, aceConnectPrefixedOwnerTestToTest, - aceTopicPrefixedReadTestToNamespaceOther, aceTopicPrefixedOwnerAdminToNamespaceOther, - aceTopicPrefixedReadNamespaceOtherToTest)); + when(aclService.findAllRelatedToNamespace(namespace)).thenReturn( + List.of(aceTopicPrefixedReadTestToNamespaceOther, aceTopicPrefixedReadNamespaceOtherToTest)); // Name not in list - Optional result1 = accessControlListController.get("test", "ace6"); - assertTrue(result1.isEmpty()); + assertTrue(accessControlListController.get("test", "ace6").isEmpty()); // Not granted to or assigned by me - Optional result2 = accessControlListController.get("test", "ace4"); - - assertTrue(result2.isEmpty()); + assertTrue(accessControlListController.get("test", "ace4").isEmpty()); // Assigned by me Optional result3 = accessControlListController.get("test", "ace3"); @@ -510,7 +531,7 @@ void shouldApplyFailWhenSpecChanges() { () -> accessControlListController.apply(authentication, "test", accessControlEntry, false)); assertEquals(1, actual.getValidationErrors().size()); assertEquals("Invalid \"apply\" operation: field \"spec\" is immutable.", - actual.getValidationErrors().get(0)); + actual.getValidationErrors().getFirst()); } @Test @@ -694,7 +715,7 @@ void shouldDeleteAclFailWhenNotFound() { () -> accessControlListController.delete(authentication, "test", "ace1", false)); assertEquals("Invalid value \"ace1\" for field \"name\": resource not found.", - actual.getValidationErrors().get(0)); + actual.getValidationErrors().getFirst()); } @Test @@ -721,7 +742,7 @@ void shouldDeleteSelfAssignedAclFailWhenNotAdmin() { () -> accessControlListController.delete(authentication, "test", "ace1", false)); assertEquals("Invalid value \"ace1\" for field \"name\": only administrators can delete this ACL.", - actual.getValidationErrors().get(0)); + actual.getValidationErrors().getFirst()); } @Test diff --git a/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerTest.java b/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerTest.java index edb70327..19757379 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerTest.java @@ -37,7 +37,7 @@ class AkhqClaimProviderControllerTest { AkhqProperties akhqProperties = getAkhqClaimProviderControllerConfig(); @Test - void computeAllowedRegexListTestEmpty() { + void shouldComputeAllowedRegexEmpty() { List inputAcls = List.of( AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() @@ -59,11 +59,11 @@ void computeAllowedRegexListTestEmpty() { AccessControlEntry.ResourceType.CONNECT); assertEquals(1, actual.size()); - assertEquals("^none$", actual.get(0)); + assertEquals("^none$", actual.getFirst()); } @Test - void computeAllowedRegexListTestSuccess() { + void shouldComputeAllowedRegexList() { List inputAcls = List.of( AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() @@ -94,6 +94,7 @@ void computeAllowedRegexListTestSuccess() { .build()) .build() ); + List actual = akhqClaimProviderController.computeAllowedRegexListForResourceType(inputAcls, AccessControlEntry.ResourceType.TOPIC); @@ -105,11 +106,12 @@ void computeAllowedRegexListTestSuccess() { ), actual ); + assertFalse(actual.contains("^\\Qproject1.connects\\E.*$")); } @Test - void computeAllowedRegexListTestSuccessDistinct() { + void shouldComputeAllowedRegexListWithDistinct() { List inputAcls = List.of( AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() @@ -139,24 +141,24 @@ void computeAllowedRegexListTestSuccessDistinct() { } @Test - void generateClaimTestNullOrEmptyRequest() { + void shouldGenerateClaimTestWhenNullOrEmptyRequest() { AkhqClaimProviderController.AkhqClaimResponse actual = akhqClaimProviderController.generateClaim(null); assertEquals(1, actual.getAttributes().get("topicsFilterRegexp").size()); - assertEquals("^none$", actual.getAttributes().get("topicsFilterRegexp").get(0)); + assertEquals("^none$", actual.getAttributes().get("topicsFilterRegexp").getFirst()); AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder().build(); actual = akhqClaimProviderController.generateClaim(request); assertEquals(1, actual.getAttributes().get("topicsFilterRegexp").size()); - assertEquals("^none$", actual.getAttributes().get("topicsFilterRegexp").get(0)); + assertEquals("^none$", actual.getAttributes().get("topicsFilterRegexp").getFirst()); request = AkhqClaimProviderController.AkhqClaimRequest.builder().groups(List.of()).build(); actual = akhqClaimProviderController.generateClaim(request); assertEquals(1, actual.getAttributes().get("topicsFilterRegexp").size()); - assertEquals("^none$", actual.getAttributes().get("topicsFilterRegexp").get(0)); + assertEquals("^none$", actual.getAttributes().get("topicsFilterRegexp").getFirst()); assertLinesMatch( List.of( @@ -172,7 +174,7 @@ void generateClaimTestNullOrEmptyRequest() { } @Test - void generateClaimTestSuccess() { + void shouldGenerateClaim() { Namespace ns1 = Namespace.builder() .metadata(Metadata.builder() .name("ns1") @@ -296,7 +298,7 @@ void generateClaimTestSuccess() { } @Test - void generateClaimTestSuccessAdmin() { + void shouldGenerateClaimForAdmin() { AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder() .groups(List.of("GP-ADMIN")) .build(); @@ -313,6 +315,7 @@ void generateClaimTestSuccessAdmin() { ), actual.getRoles() ); + // Admin Regexp assertLinesMatch(List.of(".*$"), actual.getAttributes().get("topicsFilterRegexp")); assertLinesMatch(List.of(".*$"), actual.getAttributes().get("connectsFilterRegexp")); @@ -320,7 +323,7 @@ void generateClaimTestSuccessAdmin() { } @Test - void generateClaimV2TestSuccess() { + void shouldGenerateClaimV2() { Namespace ns1 = Namespace.builder() .metadata(Metadata.builder() .name("ns1") @@ -437,24 +440,24 @@ void generateClaimV2TestSuccess() { } @Test - void generateClaimV2TestNullOrEmptyRequest() { + void shouldGenerateClaimV2WhenNullOrEmptyRequest() { AkhqClaimProviderController.AkhqClaimResponseV2 actual = akhqClaimProviderController.generateClaimV2(null); assertEquals(1, actual.getTopicsFilterRegexp().size()); - assertEquals("^none$", actual.getTopicsFilterRegexp().get(0)); + assertEquals("^none$", actual.getTopicsFilterRegexp().getFirst()); AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder().build(); actual = akhqClaimProviderController.generateClaimV2(request); assertEquals(1, actual.getTopicsFilterRegexp().size()); - assertEquals("^none$", actual.getTopicsFilterRegexp().get(0)); + assertEquals("^none$", actual.getTopicsFilterRegexp().getFirst()); request = AkhqClaimProviderController.AkhqClaimRequest.builder().groups(List.of()).build(); actual = akhqClaimProviderController.generateClaimV2(request); assertEquals(1, actual.getTopicsFilterRegexp().size()); - assertEquals("^none$", actual.getTopicsFilterRegexp().get(0)); + assertEquals("^none$", actual.getTopicsFilterRegexp().getFirst()); assertLinesMatch( List.of( @@ -470,7 +473,7 @@ void generateClaimV2TestNullOrEmptyRequest() { } @Test - void generateClaimV2TestSuccessAdmin() { + void shouldGenerateClaimV2ForAdmin() { AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder() .groups(List.of("GP-ADMIN")) .build(); @@ -495,7 +498,7 @@ void generateClaimV2TestSuccessAdmin() { } @Test - void computeAllowedRegexListTestSuccessFilterStartWith() { + void shouldComputeAllowedRegexListFilterStartWith() { List inputAcls = List.of( AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() diff --git a/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerV3Test.java b/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerV3Test.java index c3a8ba25..c22ee9d9 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerV3Test.java +++ b/src/test/java/com/michelin/ns4kafka/controller/AkhqClaimProviderControllerV3Test.java @@ -34,31 +34,20 @@ class AkhqClaimProviderControllerV3Test { @Spy AkhqProperties akhqProperties = getAkhqClaimProviderControllerConfig(); - private AkhqProperties getAkhqClaimProviderControllerConfig() { - AkhqProperties config = new AkhqProperties(); - config.setGroupLabel("support-group"); - config.setAdminGroup("GP-ADMIN"); - config.setRoles(Map.of(AccessControlEntry.ResourceType.TOPIC, "topic-read", - AccessControlEntry.ResourceType.CONNECT, "connect-rw", - AccessControlEntry.ResourceType.SCHEMA, "registry-read", - AccessControlEntry.ResourceType.GROUP, "group-read")); - config.setAdminRoles(Map.of(AccessControlEntry.ResourceType.TOPIC, "topic-admin", - AccessControlEntry.ResourceType.CONNECT, "connect-admin", - AccessControlEntry.ResourceType.SCHEMA, "registry-admin", - AccessControlEntry.ResourceType.GROUP, "group-read")); - return config; - } - @Test - void generateClaimHappyPath() { + void shouldGenerateClaimHappyPath() { Namespace ns1Cluster1 = Namespace.builder() - .metadata(Metadata.builder().name("ns1").cluster("cluster1") + .metadata(Metadata.builder() + .name("ns1") + .cluster("cluster1") .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); AccessControlEntry ace1Ns1Cluster1 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -66,8 +55,11 @@ void generateClaimHappyPath() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + when(namespaceService.findAll()) .thenReturn(List.of(ns1Cluster1)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) @@ -92,7 +84,9 @@ void generateClaimHappyPath() { @Test void shouldGrantAllAccessToGroup() { Namespace ns1Cluster1 = Namespace.builder() - .metadata(Metadata.builder().name("ns1").cluster("cluster1") + .metadata(Metadata.builder() + .name("ns1") + .cluster("cluster1") .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); @@ -115,8 +109,11 @@ void shouldGrantAllAccessToGroup() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + when(namespaceService.findAll()) .thenReturn(List.of(ns1Cluster1)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) @@ -140,9 +137,11 @@ void shouldGrantAllAccessToGroup() { } @Test - void generateClaimMultipleSupportGroups() { + void shouldGenerateClaimWithMultipleSupportGroups() { Namespace ns1Cluster1 = Namespace.builder() - .metadata(Metadata.builder().name("ns1").cluster("cluster1") + .metadata(Metadata.builder() + .name("ns1") + .cluster("cluster1") .labels(Map.of("support-group", "GP-PROJECT1-DEV,GP-PROJECT1-SUPPORT,GP-PROJECT1-OPS")) .build()) .build(); @@ -156,8 +155,11 @@ void generateClaimMultipleSupportGroups() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + when(namespaceService.findAll()) .thenReturn(List.of(ns1Cluster1)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) @@ -180,16 +182,22 @@ void generateClaimMultipleSupportGroups() { } @Test - void generateClaimNoPermissions() { + void shouldGenerateClaimNoPermissions() { Namespace ns1Cluster1 = Namespace.builder() - .metadata(Metadata.builder().name("ns1").cluster("cluster1") + .metadata(Metadata.builder() + .name("ns1") + .cluster("cluster1") .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1)); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1)); AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder() .groups(List.of("GP-PROJECT2-SUPPORT")) @@ -200,15 +208,20 @@ void generateClaimNoPermissions() { } @Test - void generateClaimWithOptimizedClusters() { + void shouldGenerateClaimWithOptimizedClusters() { Namespace ns1Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) + .name("ns1") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); + Namespace ns1Cluster2 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster2").labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) + .name("ns1") + .cluster("cluster2") + .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); @@ -221,14 +234,20 @@ void generateClaimWithOptimizedClusters() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1, ns1Cluster2)); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1, ns1Cluster2)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) .thenReturn(List.of(ace1Ns1Cluster1)); AccessControlEntry ace1Ns1Cluster2 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster2").build()) + .metadata(Metadata.builder() + .cluster("cluster2") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -256,20 +275,27 @@ void generateClaimWithOptimizedClusters() { } @Test - void generateClaimWithMultiplePatternsOnSameCluster() { + void shouldGenerateClaimWithMultiplePatternsOnSameCluster() { Namespace ns1Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) + .name("ns1") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) .build()) .build(); + Namespace ns2Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns2").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) + .name("ns2") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) .build()) .build(); AccessControlEntry ace1Ns1Cluster1 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -277,14 +303,20 @@ void generateClaimWithMultiplePatternsOnSameCluster() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1, ns2Cluster1)); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1, ns2Cluster1)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) .thenReturn(List.of(ace1Ns1Cluster1)); AccessControlEntry ace2Ns2Cluster1 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -312,20 +344,27 @@ void generateClaimWithMultiplePatternsOnSameCluster() { } @Test - void generateClaimWithMultipleGroups() { + void shouldGenerateClaimWithMultipleGroups() { Namespace ns1Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) + .name("ns1") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); + Namespace ns1Cluster2 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster2").labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) + .name("ns1") + .cluster("cluster2") + .labels(Map.of("support-group", "GP-PROJECT1-SUPPORT")) .build()) .build(); AccessControlEntry ace1Cluster1 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -333,14 +372,20 @@ void generateClaimWithMultipleGroups() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1, ns1Cluster2)); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1, ns1Cluster2)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) .thenReturn(List.of(ace1Cluster1)); AccessControlEntry ace1Cluster2 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster2").build()) + .metadata(Metadata.builder() + .cluster("cluster2") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -368,15 +413,20 @@ void generateClaimWithMultipleGroups() { } @Test - void generateClaimWithPatternOnMultipleClusters() { + void shouldGenerateClaimWithPatternOnMultipleClusters() { Namespace ns1Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) + .name("ns1") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) .build()) .build(); + Namespace ns2Cluster2 = Namespace.builder() .metadata(Metadata.builder() - .name("ns2").cluster("cluster2").labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) + .name("ns2") + .cluster("cluster2") + .labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) .build()) .build(); @@ -389,14 +439,20 @@ void generateClaimWithPatternOnMultipleClusters() { .build()) .build(); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1, ns2Cluster2)); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1, ns2Cluster2)); when(aclService.findAllGrantedToNamespace(ns1Cluster1)) .thenReturn(List.of(ace1Ns1Cluster1)); AccessControlEntry ace1Ns2Cluster2 = AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster2").build()) + .metadata(Metadata.builder() + .cluster("cluster2") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -432,16 +488,20 @@ void generateClaimWithPatternOnMultipleClusters() { } @Test - void generateClaimAndOptimizePatterns() { + void shouldGenerateClaimAndOptimizePatterns() { Namespace ns1Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) + .name("ns1") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) .build()) .build(); List inputAcls = List.of( AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -449,7 +509,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -457,7 +519,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -465,7 +529,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -473,7 +539,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -481,7 +549,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -489,7 +559,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -497,7 +569,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -505,7 +579,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.LITERAL) @@ -513,7 +589,9 @@ void generateClaimAndOptimizePatterns() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -521,10 +599,16 @@ void generateClaimAndOptimizePatterns() { .build()) .build() ); - akhqClaimProviderController.managedClusters = - List.of(new ManagedClusterProperties("cluster1"), new ManagedClusterProperties("cluster2")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1)); - when(aclService.findAllGrantedToNamespace(ns1Cluster1)).thenReturn(inputAcls); + + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1)); + when(aclService.findAllGrantedToNamespace(ns1Cluster1)) + .thenReturn(inputAcls); AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder() .groups(List.of("GP-PROJECT1&2-SUPPORT")) @@ -533,11 +617,11 @@ void generateClaimAndOptimizePatterns() { List groups = actual.getGroups().get("group"); assertEquals(3, groups.size()); - assertEquals("topic-read", groups.get(0).getRole()); + assertEquals("topic-read", groups.getFirst().getRole()); assertEquals( List.of("^\\Qproject1.\\E.*$", "^\\Qproject2.topic2\\E$", "^\\Qproject2.topic2a\\E$", "^\\Qproject2.topic3\\E$", "^\\Qproject3.\\E.*$"), - groups.get(0).getPatterns() + groups.getFirst().getPatterns() ); assertEquals("connect-rw", groups.get(1).getRole()); assertEquals( @@ -553,16 +637,20 @@ void generateClaimAndOptimizePatterns() { } @Test - void generateClaimAndOptimizePatternsForDifferentClusters() { + void shouldGenerateClaimAndOptimizePatternsForDifferentClusters() { Namespace ns1Cluster1 = Namespace.builder() .metadata(Metadata.builder() - .name("ns1").cluster("cluster1").labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) + .name("ns1") + .cluster("cluster1") + .labels(Map.of("support-group", "GP-PROJECT1&2-SUPPORT")) .build()) .build(); List inputAcls = List.of( AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -570,7 +658,9 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster2").build()) + .metadata(Metadata.builder() + .cluster("cluster2") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -578,7 +668,9 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -586,7 +678,9 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster1").build()) + .metadata(Metadata.builder() + .cluster("cluster1") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -594,7 +688,9 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster2").build()) + .metadata(Metadata.builder() + .cluster("cluster2") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -602,7 +698,9 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { .build()) .build(), AccessControlEntry.builder() - .metadata(Metadata.builder().cluster("cluster3").build()) + .metadata(Metadata.builder() + .cluster("cluster3") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .resourcePatternType(AccessControlEntry.ResourcePatternType.PREFIXED) @@ -610,11 +708,17 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { .build()) .build() ); - akhqClaimProviderController.managedClusters = List.of(new ManagedClusterProperties("cluster1"), - new ManagedClusterProperties("cluster2"), new ManagedClusterProperties("cluster3"), - new ManagedClusterProperties("cluster4")); - when(namespaceService.findAll()).thenReturn(List.of(ns1Cluster1)); - when(aclService.findAllGrantedToNamespace(ns1Cluster1)).thenReturn(inputAcls); + akhqClaimProviderController.managedClusters = List.of( + new ManagedClusterProperties("cluster1"), + new ManagedClusterProperties("cluster2"), + new ManagedClusterProperties("cluster3"), + new ManagedClusterProperties("cluster4") + ); + + when(namespaceService.findAll()) + .thenReturn(List.of(ns1Cluster1)); + when(aclService.findAllGrantedToNamespace(ns1Cluster1)) + .thenReturn(inputAcls); AkhqClaimProviderController.AkhqClaimRequest request = AkhqClaimProviderController.AkhqClaimRequest.builder() .groups(List.of("GP-PROJECT1&2-SUPPORT")) @@ -633,4 +737,19 @@ void generateClaimAndOptimizePatternsForDifferentClusters() { assertEquals(List.of("^\\Qproject3.\\E.*$"), groups.get(2).getPatterns()); assertEquals(List.of("^cluster1$", "^cluster2$", "^cluster3$"), groups.get(2).getClusters()); } + + private AkhqProperties getAkhqClaimProviderControllerConfig() { + AkhqProperties config = new AkhqProperties(); + config.setGroupLabel("support-group"); + config.setAdminGroup("GP-ADMIN"); + config.setRoles(Map.of(AccessControlEntry.ResourceType.TOPIC, "topic-read", + AccessControlEntry.ResourceType.CONNECT, "connect-rw", + AccessControlEntry.ResourceType.SCHEMA, "registry-read", + AccessControlEntry.ResourceType.GROUP, "group-read")); + config.setAdminRoles(Map.of(AccessControlEntry.ResourceType.TOPIC, "topic-admin", + AccessControlEntry.ResourceType.CONNECT, "connect-admin", + AccessControlEntry.ResourceType.SCHEMA, "registry-admin", + AccessControlEntry.ResourceType.GROUP, "group-read")); + return config; + } } diff --git a/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterControllerTest.java b/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterControllerTest.java index f8d6cde2..cf08a9f2 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterControllerTest.java @@ -38,9 +38,6 @@ import reactor.core.publisher.Mono; import reactor.test.StepVerifier; -/** - * Connect cluster controller test. - */ @ExtendWith(MockitoExtension.class) class ConnectClusterControllerTest { @Mock diff --git a/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterNonNamespacedControllerTest.java b/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterNonNamespacedControllerTest.java index 31987e67..69971321 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterNonNamespacedControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controller/ConnectClusterNonNamespacedControllerTest.java @@ -17,9 +17,6 @@ import reactor.core.publisher.Flux; import reactor.test.StepVerifier; -/** - * Connect cluster non namespaced controller test. - */ @ExtendWith(MockitoExtension.class) class ConnectClusterNonNamespacedControllerTest { @Mock diff --git a/src/test/java/com/michelin/ns4kafka/controller/ConsumerGroupControllerTest.java b/src/test/java/com/michelin/ns4kafka/controller/ConsumerGroupControllerTest.java index 9e6d5dd6..be244b94 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/ConsumerGroupControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controller/ConsumerGroupControllerTest.java @@ -309,6 +309,6 @@ void shouldNotResetConsumerGroupWhenItIsActive() throws ExecutionException, Inte assertEquals( "Invalid \"reset offset\" operation: assignments can only be reset if the consumer group " + "\"groupID\" is inactive but the current state is active.", - result.getValidationErrors().get(0)); + result.getValidationErrors().getFirst()); } } diff --git a/src/test/java/com/michelin/ns4kafka/controller/ResourceQuotaNonNamespacedControllerTest.java b/src/test/java/com/michelin/ns4kafka/controller/ResourceQuotaNonNamespacedControllerTest.java index 8dec9017..645be231 100644 --- a/src/test/java/com/michelin/ns4kafka/controller/ResourceQuotaNonNamespacedControllerTest.java +++ b/src/test/java/com/michelin/ns4kafka/controller/ResourceQuotaNonNamespacedControllerTest.java @@ -29,7 +29,7 @@ class ResourceQuotaNonNamespacedControllerTest { NamespaceService namespaceService; @Test - void listAll() { + void shouldFindAll() { Namespace namespace = Namespace.builder() .metadata(Metadata.builder() .name("namespace") @@ -48,11 +48,13 @@ void listAll() { .build()) .build(); - when(namespaceService.findAll()).thenReturn(List.of(namespace)); - when(resourceQuotaService.getUsedQuotaByNamespaces(any())).thenReturn(List.of(response)); + when(namespaceService.findAll()) + .thenReturn(List.of(namespace)); + when(resourceQuotaService.getUsedQuotaByNamespaces(any())) + .thenReturn(List.of(response)); List actual = resourceQuotaController.listAll(); assertEquals(1, actual.size()); - assertEquals(response, actual.get(0)); + assertEquals(response, actual.getFirst()); } } diff --git a/src/test/java/com/michelin/ns4kafka/integration/AclIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/AclIntegrationTest.java index 13a7d286..30661dff 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/AclIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/AclIntegrationTest.java @@ -90,9 +90,10 @@ void init() { .build(); UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("admin", "admin"); - HttpResponse response = - ns4KafkaClient.toBlocking() - .exchange(HttpRequest.POST("/login", credentials), BearerAccessRefreshToken.class); + HttpResponse response = ns4KafkaClient + .toBlocking() + .exchange(HttpRequest + .POST("/login", credentials), BearerAccessRefreshToken.class); token = response.getBody().get().getAccessToken(); @@ -165,6 +166,7 @@ void shouldCreateAndDeleteTopicReadAcl() throws InterruptedException, ExecutionE ); assertEquals(1, results.size()); + assertTrue(results.stream().findFirst().isPresent()); assertEquals(expected, results.stream().findFirst().get()); // DELETE the ACL and verify @@ -260,6 +262,7 @@ void shouldCreateAndDeletePublicAcl() throws InterruptedException, ExecutionExce ); assertEquals(1, results.size()); + assertTrue(results.stream().findFirst().isPresent()); assertEquals(expected, results.stream().findFirst().get()); // DELETE the ACLs and verify @@ -338,6 +341,7 @@ void shouldCreateAclThatDoesAlreadyExistOnBroker() throws InterruptedException, Collection results = kafkaClient.describeAcls(aclBindingFilter).values().get(); assertEquals(1, results.size()); + assertTrue(results.stream().findFirst().isPresent()); assertEquals(aclBinding, results.stream().findFirst().get()); // Remove ACL @@ -406,6 +410,7 @@ void shouldCreateConnectAclWithOwnerPermission() throws InterruptedException, Ex ); assertEquals(1, results.size()); + assertTrue(results.stream().findFirst().isPresent()); assertEquals(expected, results.stream().findFirst().get()); // DELETE the ACL and verify diff --git a/src/test/java/com/michelin/ns4kafka/integration/ApiResourcesIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/ApiResourcesIntegrationTest.java index 7fc4df98..302b0861 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/ApiResourcesIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/ApiResourcesIntegrationTest.java @@ -20,9 +20,6 @@ import java.util.List; import org.junit.jupiter.api.Test; -/** - * Api resources test. - */ @MicronautTest @Property(name = "micronaut.security.gitlab.enabled", value = "false") class ApiResourcesIntegrationTest extends AbstractIntegrationTest { diff --git a/src/test/java/com/michelin/ns4kafka/integration/ConnectIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/ConnectIntegrationTest.java index 7f930f4d..c6383869 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/ConnectIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/ConnectIntegrationTest.java @@ -476,7 +476,7 @@ void shouldRestartConnector() throws InterruptedException { .retrieve(HttpRequest.GET("/connectors/ns1-co1/status"), ConnectorStateInfo.class); assertEquals("RUNNING", actual.connector().getState()); - assertEquals("RUNNING", actual.tasks().get(0).getState()); + assertEquals("RUNNING", actual.tasks().getFirst().getState()); } @Test diff --git a/src/test/java/com/michelin/ns4kafka/integration/ExceptionHandlerIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/ExceptionHandlerIntegrationTest.java index 766888f4..c92a7556 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/ExceptionHandlerIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/ExceptionHandlerIntegrationTest.java @@ -40,9 +40,6 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; -/** - * Integration tests for ExceptionHandler. - */ @MicronautTest @Property(name = "micronaut.security.gitlab.enabled", value = "false") class ExceptionHandlerIntegrationTest extends AbstractIntegrationTest { @@ -155,7 +152,7 @@ void shouldInvalidateTopicName() { assertEquals("Constraint validation failed", exception.getMessage()); assertTrue(exception.getResponse().getBody(Status.class).isPresent()); assertEquals("topic.metadata.name: must match \"^[a-zA-Z0-9_.-]+$\"", - exception.getResponse().getBody(Status.class).get().getDetails().getCauses().get(0)); + exception.getResponse().getBody(Status.class).get().getDetails().getCauses().getFirst()); } @Test diff --git a/src/test/java/com/michelin/ns4kafka/integration/NamespaceIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/NamespaceIntegrationTest.java index 431281b7..7460d6f7 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/NamespaceIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/NamespaceIntegrationTest.java @@ -28,9 +28,6 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; -/** - * Integration test for namespaces. - */ @MicronautTest @Property(name = "micronaut.security.gitlab.enabled", value = "false") class NamespaceIntegrationTest extends AbstractIntegrationTest { @@ -75,7 +72,7 @@ void shouldValidateNamespaceNameWithAuthorizedChars() { assertEquals("Constraint validation failed", exception.getMessage()); assertEquals("namespace.metadata.name: must match \"^[a-zA-Z0-9_.-]+$\"", - exception.getResponse().getBody(Status.class).get().getDetails().getCauses().get(0)); + exception.getResponse().getBody(Status.class).get().getDetails().getCauses().getFirst()); namespace.getMetadata().setName("accepted.namespace"); diff --git a/src/test/java/com/michelin/ns4kafka/integration/SchemaIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/SchemaIntegrationTest.java index 3996d351..e79a8b2b 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/SchemaIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/SchemaIntegrationTest.java @@ -531,7 +531,7 @@ void shouldCheckSchemaStatus() { assertEquals("ns1-header-subject-value", actualHeaderV2.subject()); // Create person referencing header v2, result should be changed - newSchemaVersionPersonWithRefs.getSpec().getReferences().get(0).setVersion(2); + newSchemaVersionPersonWithRefs.getSpec().getReferences().getFirst().setVersion(2); var newPersonCreateWithV2RefResponse = ns4KafkaClient .toBlocking() diff --git a/src/test/java/com/michelin/ns4kafka/integration/StreamIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/StreamIntegrationTest.java index c0cc119f..63770089 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/StreamIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/StreamIntegrationTest.java @@ -143,12 +143,15 @@ void shouldVerifyCreationOfAcls() throws InterruptedException, ExecutionExceptio .values() .get(); - var aclTransactionalId = kafkaClient.describeAcls(new AclBindingFilter( + var aclTransactionalId = kafkaClient.describeAcls( + new AclBindingFilter( new ResourcePatternFilter( org.apache.kafka.common.resource.ResourceType.TRANSACTIONAL_ID, stream.getMetadata().getName(), - PatternType.PREFIXED), - AccessControlEntryFilter.ANY)) + PatternType.PREFIXED + ), + AccessControlEntryFilter.ANY + )) .values() .get(); @@ -159,6 +162,7 @@ void shouldVerifyCreationOfAcls() throws InterruptedException, ExecutionExceptio .contains(aclBinding.entry().operation()))); assertEquals(1, aclTransactionalId.size()); + assertTrue(aclTransactionalId.stream().findFirst().isPresent()); assertEquals(AclOperation.WRITE, aclTransactionalId.stream().findFirst().get().entry().operation()); } } diff --git a/src/test/java/com/michelin/ns4kafka/integration/TopicIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/TopicIntegrationTest.java index d6cef64f..e8e42d4f 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/TopicIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/TopicIntegrationTest.java @@ -266,19 +266,28 @@ void shouldCreateTopic() throws InterruptedException, ExecutionException { Admin kafkaClient = getAdminClient(); - List topicPartitionInfos = - kafkaClient.describeTopics(List.of("ns1-topicFirstCreate")).allTopicNames().get() - .get("ns1-topicFirstCreate").partitions(); + List topicPartitionInfos = kafkaClient + .describeTopics(List.of("ns1-topicFirstCreate")) + .allTopicNames() + .get() + .get("ns1-topicFirstCreate") + .partitions(); + assertEquals(topicFirstCreate.getSpec().getPartitions(), topicPartitionInfos.size()); Map config = topicFirstCreate.getSpec().getConfigs(); Set configKey = config.keySet(); ConfigResource configResource = new ConfigResource(ConfigResource.Type.TOPIC, "ns1-topicFirstCreate"); - List valueToVerify = - kafkaClient.describeConfigs(List.of(configResource)).all().get().get(configResource).entries().stream() - .filter(e -> configKey.contains(e.name())) - .toList(); + List valueToVerify = kafkaClient + .describeConfigs(List.of(configResource)) + .all() + .get() + .get(configResource) + .entries() + .stream() + .filter(e -> configKey.contains(e.name())) + .toList(); assertEquals(config.size(), valueToVerify.size()); valueToVerify.forEach(entry -> assertEquals(config.get(entry.name()), entry.value())); @@ -353,7 +362,8 @@ void shouldUpdateTopic() throws InterruptedException, ExecutionException { .describeTopics(List.of("ns1-topic2Create")) .allTopicNames() .get() - .get("ns1-topic2Create").partitions(); + .get("ns1-topic2Create") + .partitions(); // verify partition of the updated topic assertEquals(topicToUpdate.getSpec().getPartitions(), topicPartitionInfos.size()); @@ -404,7 +414,7 @@ void shouldInvalidateTopicName() { assertEquals("Constraint validation failed", exception.getMessage()); assertTrue(exception.getResponse().getBody(Status.class).isPresent()); assertEquals("topic.metadata.name: must match \"^[a-zA-Z0-9_.-]+$\"", - exception.getResponse().getBody(Status.class).get().getDetails().getCauses().get(0)); + exception.getResponse().getBody(Status.class).get().getDetails().getCauses().getFirst()); } @Test @@ -554,7 +564,7 @@ void shouldDeleteRecords() { } @Test - void testDeleteRecordsCompactTopic() { + void shouldDeleteRecordsOnCompactTopic() { Topic topicToDelete = Topic.builder() .metadata(Metadata.builder() .name("ns1-compactTopicToDelete") diff --git a/src/test/java/com/michelin/ns4kafka/integration/UserIntegrationTest.java b/src/test/java/com/michelin/ns4kafka/integration/UserIntegrationTest.java index 58cad0f0..c3f5c7f6 100644 --- a/src/test/java/com/michelin/ns4kafka/integration/UserIntegrationTest.java +++ b/src/test/java/com/michelin/ns4kafka/integration/UserIntegrationTest.java @@ -154,8 +154,8 @@ void shouldCheckDefaultQuotas() throws ExecutionException, InterruptedException @Test void shouldCheckCustomQuotas() throws ExecutionException, InterruptedException { Map> mapQuota = getAdminClient() - .describeClientQuotas(ClientQuotaFilter.containsOnly( - List.of(ClientQuotaFilterComponent.ofEntity("user", "user2")))) + .describeClientQuotas(ClientQuotaFilter + .containsOnly(List.of(ClientQuotaFilterComponent.ofEntity("user", "user2")))) .entities() .get(); @@ -217,8 +217,8 @@ void shouldCreateAndUpdateUser() throws ExecutionException, InterruptedException assertNotNull(response.getSpec().getNewPassword()); assertTrue(mapUser.containsKey("user1")); - assertEquals(ScramMechanism.SCRAM_SHA_512, mapUser.get("user1").credentialInfos().get(0).mechanism()); - assertEquals(4096, mapUser.get("user1").credentialInfos().get(0).iterations()); + assertEquals(ScramMechanism.SCRAM_SHA_512, mapUser.get("user1").credentialInfos().getFirst().mechanism()); + assertEquals(4096, mapUser.get("user1").credentialInfos().getFirst().iterations()); } @Test @@ -232,6 +232,6 @@ void shouldUpdateUserFailWhenItDoesNotBelongToNamespace() { assertEquals(HttpStatus.UNPROCESSABLE_ENTITY, exception.getStatus()); assertEquals("Invalid value \"user2\" for field \"user\": user does not belong to namespace.", - exception.getResponse().getBody(Status.class).get().getDetails().getCauses().get(0)); + exception.getResponse().getBody(Status.class).get().getDetails().getCauses().getFirst()); } } diff --git a/src/test/java/com/michelin/ns4kafka/model/AccessControlEntryTest.java b/src/test/java/com/michelin/ns4kafka/model/AccessControlEntryTest.java index 5902092a..94e0fd1f 100644 --- a/src/test/java/com/michelin/ns4kafka/model/AccessControlEntryTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/AccessControlEntryTest.java @@ -5,12 +5,9 @@ import org.junit.jupiter.api.Test; -/** - * Access control entry test. - */ class AccessControlEntryTest { @Test - void testEquals() { + void shouldBeEqual() { AccessControlEntry original = AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resource("resource1") diff --git a/src/test/java/com/michelin/ns4kafka/model/ConnectValidatorTest.java b/src/test/java/com/michelin/ns4kafka/model/ConnectValidatorTest.java index 670b4ec9..caffc56e 100644 --- a/src/test/java/com/michelin/ns4kafka/model/ConnectValidatorTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/ConnectValidatorTest.java @@ -13,7 +13,7 @@ class ConnectValidatorTest { @Test - void testEquals() { + void shouldBeEqual() { ConnectValidator original = ConnectValidator.builder() .validationConstraints(Map.of( "key.converter", new ResourceValidator.NonEmptyString(), @@ -145,7 +145,7 @@ void shouldNotValidateConnectorWithNoName() { List actual = validator.validate(connector, "sink"); assertEquals(1, actual.size()); - assertEquals("Invalid empty value for field \"name\": value must not be empty.", actual.get(0)); + assertEquals("Invalid empty value for field \"name\": value must not be empty.", actual.getFirst()); } @Test @@ -358,7 +358,7 @@ void shouldNotValidateSourceConnector() { List actual = validator.validate(connector, "source"); assertEquals(1, actual.size()); assertEquals("Invalid empty value for field \"producer.override.sasl.jaas.config\": value must not be null.", - actual.get(0)); + actual.getFirst()); } @Test diff --git a/src/test/java/com/michelin/ns4kafka/model/ConnectorTest.java b/src/test/java/com/michelin/ns4kafka/model/ConnectorTest.java index b5441f50..7856282c 100644 --- a/src/test/java/com/michelin/ns4kafka/model/ConnectorTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/ConnectorTest.java @@ -9,14 +9,15 @@ class ConnectorTest { @Test - void testEquals() { + void shouldBeEqual() { Connector original = Connector.builder() .metadata(Metadata.builder() .name("connect1") .build()) .spec(Connector.ConnectorSpec.builder() .connectCluster("cluster1") - .config(Map.of("k1", "v1", + .config(Map.of( + "k1", "v1", "k2", "v2")) .build()) .status(Connector.ConnectorStatus.builder() @@ -31,7 +32,8 @@ void testEquals() { .spec(Connector.ConnectorSpec.builder() .connectCluster("cluster1") // inverted map - .config(Map.of("k2", "v2", + .config(Map.of( + "k2", "v2", "k1", "v1")) .build()) // different status @@ -43,7 +45,8 @@ void testEquals() { Connector differentByConnectCluster = Connector.builder() .spec(Connector.ConnectorSpec.builder() .connectCluster("cluster2") - .config(Map.of("k1", "v1", + .config(Map.of( + "k1", "v1", "k2", "v2")) .build()) .build(); @@ -51,7 +54,8 @@ void testEquals() { Connector differentByConfig = Connector.builder() .spec(Connector.ConnectorSpec.builder() .connectCluster("cluster2") - .config(Map.of("k1", "v1", + .config(Map.of( + "k1", "v1", "k2", "v2", "k3", "v3")) .build()) diff --git a/src/test/java/com/michelin/ns4kafka/model/MetadataTest.java b/src/test/java/com/michelin/ns4kafka/model/MetadataTest.java index ebcaa57c..d1c906ee 100644 --- a/src/test/java/com/michelin/ns4kafka/model/MetadataTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/MetadataTest.java @@ -10,12 +10,13 @@ class MetadataTest { @Test - void testEquals() { + void shouldBeEqual() { Metadata original = Metadata.builder() .name("name1") .namespace("namespace1") .cluster("local") - .labels(Map.of("key1", "val1", + .labels(Map.of( + "key1", "val1", "key2", "val2")) .creationTimestamp(Date.from(Instant.now())) .generation(0) @@ -25,7 +26,8 @@ void testEquals() { .namespace("namespace1") .cluster("local") // inverted map order - .labels(Map.of("key2", "val2", + .labels(Map.of( + "key2", "val2", "key1", "val1")) // different date .creationTimestamp(Date.from(Instant.now().plusMillis(1000))) diff --git a/src/test/java/com/michelin/ns4kafka/model/NamespaceTest.java b/src/test/java/com/michelin/ns4kafka/model/NamespaceTest.java index 791f3f9e..91ab3176 100644 --- a/src/test/java/com/michelin/ns4kafka/model/NamespaceTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/NamespaceTest.java @@ -10,7 +10,7 @@ class NamespaceTest { @Test - void testEquals() { + void shouldBeEqual() { Namespace original = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") diff --git a/src/test/java/com/michelin/ns4kafka/model/ResourceValidatorTest.java b/src/test/java/com/michelin/ns4kafka/model/ResourceValidatorTest.java index 342a0bcb..f211f527 100644 --- a/src/test/java/com/michelin/ns4kafka/model/ResourceValidatorTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/ResourceValidatorTest.java @@ -11,7 +11,7 @@ class ResourceValidatorTest { @Test - void testNonEmptyString() { + void shouldValidateNonEmptyString() { ResourceValidator.Validator original = new ResourceValidator.NonEmptyString(); ResourceValidator.Validator same = new ResourceValidator.NonEmptyString(); // Test Equals @@ -25,7 +25,7 @@ void testNonEmptyString() { } @Test - void testRangeBetween() { + void shouldValidateRangeBetween() { // BETWEEN ResourceValidator.Validator original = ResourceValidator.Range.between(0, 10); ResourceValidator.Validator same = ResourceValidator.Range.between(0, 10); @@ -45,7 +45,7 @@ void testRangeBetween() { } @Test - void testOptionalRange() { + void shouldValidateOptionalRange() { // BETWEEN ResourceValidator.Validator original = new ResourceValidator.Range(0, 10, true); // test ensureValid @@ -58,11 +58,10 @@ void testOptionalRange() { assertDoesNotThrow(() -> original.ensureValid("k", "0")); assertDoesNotThrow(() -> original.ensureValid("k", "10")); assertDoesNotThrow(() -> original.ensureValid("k", "5")); - } @Test - void testRangeAtLeast() { + void shouldValidateRangeAtLeast() { ResourceValidator.Validator original = ResourceValidator.Range.atLeast(10); ResourceValidator.Validator same = ResourceValidator.Range.atLeast(10); ResourceValidator.Validator different = ResourceValidator.Range.atLeast(99); @@ -81,7 +80,7 @@ void testRangeAtLeast() { } @Test - void testValidString() { + void shouldValidateValidString() { ResourceValidator.Validator original = ResourceValidator.ValidString.in("a", "b", "c"); ResourceValidator.Validator same = ResourceValidator.ValidString.in("a", "b", "c"); ResourceValidator.Validator different = ResourceValidator.ValidString.in("b", "c", "d"); @@ -102,7 +101,7 @@ void testValidString() { } @Test - void testOptionalValidString() { + void shouldValidateOptionalValidString() { ResourceValidator.Validator original = ResourceValidator.ValidString.optionalIn("a", "b", "c"); assertThrows(FieldValidationException.class, () -> original.ensureValid("k", "")); @@ -116,7 +115,7 @@ void testOptionalValidString() { } @Test - void testValidList() { + void shouldValidateValidList() { ResourceValidator.Validator original = ResourceValidator.ValidList.in("a", "b", "c"); ResourceValidator.Validator same = ResourceValidator.ValidList.in("a", "b", "c"); ResourceValidator.Validator different = ResourceValidator.ValidList.in("b", "c", "d"); @@ -142,9 +141,8 @@ void testValidList() { } @Test - void testOptionalValidList() { + void shouldValidateOptionalValidList() { ResourceValidator.Validator original = ResourceValidator.ValidList.optionalIn("a", "b", "c"); - // test ensureValid assertThrows(FieldValidationException.class, () -> original.ensureValid("k", "")); assertThrows(FieldValidationException.class, () -> original.ensureValid("k", "A")); diff --git a/src/test/java/com/michelin/ns4kafka/model/RoleBindingTest.java b/src/test/java/com/michelin/ns4kafka/model/RoleBindingTest.java index 4399c149..08dc44f1 100644 --- a/src/test/java/com/michelin/ns4kafka/model/RoleBindingTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/RoleBindingTest.java @@ -8,7 +8,7 @@ class RoleBindingTest { @Test - void testEqualsRole() { + void shouldRoleBeEqual() { RoleBinding.Role original = RoleBinding.Role.builder() .resourceTypes(List.of("res1", "res2")) .verbs(List.of(RoleBinding.Verb.GET, RoleBinding.Verb.POST)) @@ -33,7 +33,7 @@ void testEqualsRole() { } @Test - void testEqualsSubject() { + void shouldSubjectBeEqual() { RoleBinding.Subject original = RoleBinding.Subject.builder() .subjectName("subject1") .subjectType(RoleBinding.SubjectType.GROUP) @@ -58,9 +58,11 @@ void testEqualsSubject() { } @Test - void testEqualsRoleBinding() { + void shouldRoleBindingBeEqual() { RoleBinding original = RoleBinding.builder() - .metadata(Metadata.builder().name("rb1").build()) + .metadata(Metadata.builder() + .name("rb1") + .build()) .spec(RoleBinding.RoleBindingSpec.builder() .role(RoleBinding.Role.builder() .resourceTypes(List.of("res1", "res2")) @@ -74,7 +76,9 @@ void testEqualsRoleBinding() { .build(); RoleBinding same = RoleBinding.builder() - .metadata(Metadata.builder().name("rb1").build()) + .metadata(Metadata.builder() + .name("rb1") + .build()) .spec(RoleBinding.RoleBindingSpec.builder() .role(RoleBinding.Role.builder() .resourceTypes(List.of("res1", "res2")) @@ -90,7 +94,10 @@ void testEqualsRoleBinding() { assertEquals(original, same); RoleBinding differentByMetadata = RoleBinding.builder() - .metadata(Metadata.builder().name("rb1").cluster("cluster").build()) + .metadata(Metadata.builder() + .name("rb1") + .cluster("cluster") + .build()) .spec(RoleBinding.RoleBindingSpec.builder() .role(RoleBinding.Role.builder() .resourceTypes(List.of("res1", "res2")) @@ -106,9 +113,12 @@ void testEqualsRoleBinding() { assertNotEquals(original, differentByMetadata); RoleBinding differentByRole = RoleBinding.builder() - .metadata(Metadata.builder().name("rb1").build()) + .metadata(Metadata.builder() + .name("rb1") + .build()) .spec(RoleBinding.RoleBindingSpec.builder() - .role(RoleBinding.Role.builder().build()) + .role(RoleBinding.Role.builder() + .build()) .subject(RoleBinding.Subject.builder() .subjectName("subject1") .subjectType(RoleBinding.SubjectType.GROUP) @@ -119,13 +129,16 @@ void testEqualsRoleBinding() { assertNotEquals(original, differentByRole); RoleBinding differentBySubject = RoleBinding.builder() - .metadata(Metadata.builder().name("rb1").build()) + .metadata(Metadata.builder() + .name("rb1") + .build()) .spec(RoleBinding.RoleBindingSpec.builder() .role(RoleBinding.Role.builder() .resourceTypes(List.of("res1", "res2")) .verbs(List.of(RoleBinding.Verb.GET, RoleBinding.Verb.POST)) .build()) - .subject(RoleBinding.Subject.builder().build()) + .subject(RoleBinding.Subject.builder() + .build()) .build()) .build(); diff --git a/src/test/java/com/michelin/ns4kafka/model/SchemaTest.java b/src/test/java/com/michelin/ns4kafka/model/SchemaTest.java index 99fb07e8..2856aa03 100644 --- a/src/test/java/com/michelin/ns4kafka/model/SchemaTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/SchemaTest.java @@ -9,7 +9,7 @@ class SchemaTest { @Test - void testEquals() { + void shouldBeEqual() { Schema original = Schema.builder() .metadata(Metadata.builder() .name("prefix.schema-one") @@ -104,7 +104,7 @@ void testEquals() { } @Test - void testSchemaListEquals() { + void shouldSchemaListBeEqual() { SchemaList original = SchemaList.builder() .metadata(Metadata.builder() .name("prefix.schema-one") diff --git a/src/test/java/com/michelin/ns4kafka/model/StreamTest.java b/src/test/java/com/michelin/ns4kafka/model/StreamTest.java index f6a2f25a..6acea6dd 100644 --- a/src/test/java/com/michelin/ns4kafka/model/StreamTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/StreamTest.java @@ -7,17 +7,23 @@ class StreamTest { @Test - void testEquals() { + void shouldBeEqual() { KafkaStream original = KafkaStream.builder() - .metadata(Metadata.builder().name("stream1").build()) + .metadata(Metadata.builder() + .name("stream1") + .build()) .build(); KafkaStream same = KafkaStream.builder() - .metadata(Metadata.builder().name("stream1").build()) + .metadata(Metadata.builder() + .name("stream1") + .build()) .build(); KafkaStream different = KafkaStream.builder() - .metadata(Metadata.builder().name("stream2").build()) + .metadata(Metadata.builder() + .name("stream2") + .build()) .build(); assertEquals(original, same); diff --git a/src/test/java/com/michelin/ns4kafka/model/TopicTest.java b/src/test/java/com/michelin/ns4kafka/model/TopicTest.java index 9201b07d..41fa3dc6 100644 --- a/src/test/java/com/michelin/ns4kafka/model/TopicTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/TopicTest.java @@ -8,9 +8,11 @@ class TopicTest { @Test - void testEquals() { + void shouldBeEqual() { Topic original = Topic.builder() - .metadata(Metadata.builder().name("topic1").build()) + .metadata(Metadata.builder() + .name("topic1") + .build()) .spec(Topic.TopicSpec.builder() .replicationFactor(3) .partitions(3) @@ -21,7 +23,9 @@ void testEquals() { .build(); Topic same = Topic.builder() - .metadata(Metadata.builder().name("topic1").build()) + .metadata(Metadata.builder() + .name("topic1") + .build()) .spec(Topic.TopicSpec.builder() .replicationFactor(3) .partitions(3) @@ -34,7 +38,9 @@ void testEquals() { assertEquals(original, same); Topic differentByMetadata = Topic.builder() - .metadata(Metadata.builder().name("topic2").build()) + .metadata(Metadata.builder() + .name("topic2") + .build()) .spec(Topic.TopicSpec.builder() .replicationFactor(3) .partitions(3) @@ -47,7 +53,9 @@ void testEquals() { assertNotEquals(original, differentByMetadata); Topic differentByReplicationFactor = Topic.builder() - .metadata(Metadata.builder().name("topic2").build()) + .metadata(Metadata.builder() + .name("topic2") + .build()) .spec(Topic.TopicSpec.builder() .replicationFactor(99) .partitions(3) @@ -60,7 +68,9 @@ void testEquals() { assertNotEquals(original, differentByReplicationFactor); Topic differentByPartitions = Topic.builder() - .metadata(Metadata.builder().name("topic2").build()) + .metadata(Metadata.builder() + .name("topic2") + .build()) .spec(Topic.TopicSpec.builder() .replicationFactor(3) .partitions(99) @@ -73,7 +83,9 @@ void testEquals() { assertNotEquals(original, differentByPartitions); Topic differentByConfigs = Topic.builder() - .metadata(Metadata.builder().name("topic2").build()) + .metadata(Metadata.builder() + .name("topic2") + .build()) .spec(Topic.TopicSpec.builder() .replicationFactor(3) .partitions(3) diff --git a/src/test/java/com/michelin/ns4kafka/model/TopicValidatorTest.java b/src/test/java/com/michelin/ns4kafka/model/TopicValidatorTest.java index 1a539a90..20db920e 100644 --- a/src/test/java/com/michelin/ns4kafka/model/TopicValidatorTest.java +++ b/src/test/java/com/michelin/ns4kafka/model/TopicValidatorTest.java @@ -13,7 +13,7 @@ class TopicValidatorTest { @Test - void testEquals() { + void shouldBeEqual() { TopicValidator original = TopicValidator.builder() .validationConstraints( Map.of("replication.factor", ResourceValidator.Range.between(3, 3), @@ -79,7 +79,7 @@ void testEquals() { } @Test - void testEnsureValidGlobal() { + void shouldValidateGlobally() { TopicValidator topicValidator = TopicValidator.builder() .validationConstraints( Map.of("replication.factor", ResourceValidator.Range.between(3, 3), @@ -105,7 +105,7 @@ void testEnsureValidGlobal() { } @Test - void testEnsureValidName() { + void shouldValidateName() { TopicValidator nameValidator = TopicValidator.builder() .validationConstraints(Map.of()) .build(); @@ -114,8 +114,11 @@ void testEnsureValidName() { List validationErrors; invalidTopic = Topic.builder() - .metadata(Metadata.builder().name("").build()) - .spec(Topic.TopicSpec.builder().build()) + .metadata(Metadata.builder() + .name("") + .build()) + .spec(Topic.TopicSpec.builder() + .build()) .build(); validationErrors = nameValidator.validate(invalidTopic); @@ -126,32 +129,56 @@ void testEnsureValidName() { validationErrors); invalidTopic = Topic.builder() - .metadata(Metadata.builder().name(".").build()) - .spec(Topic.TopicSpec.builder().build()).build(); + .metadata(Metadata.builder() + .name(".") + .build()) + .spec(Topic.TopicSpec.builder() + .build()) + .build(); + validationErrors = nameValidator.validate(invalidTopic); assertEquals(1, validationErrors.size()); invalidTopic = Topic.builder() - .metadata(Metadata.builder().name("..").build()) - .spec(Topic.TopicSpec.builder().build()).build(); + .metadata(Metadata.builder() + .name("..") + .build()) + .spec(Topic.TopicSpec.builder() + .build()) + .build(); + validationErrors = nameValidator.validate(invalidTopic); assertEquals(1, validationErrors.size()); invalidTopic = Topic.builder() - .metadata(Metadata.builder().name("A".repeat(260)).build()) - .spec(Topic.TopicSpec.builder().build()).build(); + .metadata(Metadata.builder() + .name("A".repeat(260)) + .build()) + .spec(Topic.TopicSpec.builder() + .build()) + .build(); + validationErrors = nameValidator.validate(invalidTopic); assertEquals(1, validationErrors.size()); invalidTopic = Topic.builder() - .metadata(Metadata.builder().name("A B").build()) - .spec(Topic.TopicSpec.builder().build()).build(); + .metadata(Metadata.builder() + .name("A B") + .build()) + .spec(Topic.TopicSpec.builder() + .build()) + .build(); + validationErrors = nameValidator.validate(invalidTopic); assertEquals(1, validationErrors.size()); invalidTopic = Topic.builder() - .metadata(Metadata.builder().name("topicname) response.getAuthentication().get().getAttributes() - .get("roleBindings")).get(0) + .get("roleBindings")).getFirst() .getNamespace()); assertTrue( ((List) response.getAuthentication().get().getAttributes() - .get("roleBindings")).get(0) + .get("roleBindings")).getFirst() .getVerbs() .containsAll(List.of(RoleBinding.Verb.POST, RoleBinding.Verb.GET))); assertTrue( ((List) response.getAuthentication().get().getAttributes() - .get("roleBindings")).get(0) + .get("roleBindings")).getFirst() .getResourceTypes() .containsAll(List.of("topics", "acls"))); } @Test + @SuppressWarnings("unchecked") void shouldReturnAuthenticationSuccessWhenUserWithGroups() { RoleBinding roleBinding = RoleBinding.builder() .metadata(Metadata.builder() @@ -159,16 +158,16 @@ void shouldReturnAuthenticationSuccessWhenUserWithGroups() { .containsKey("roleBindings")); assertEquals("ns1", ((List) response.getAuthentication().get().getAttributes() - .get("roleBindings")).get(0) + .get("roleBindings")).getFirst() .getNamespace()); assertTrue( ((List) response.getAuthentication().get().getAttributes() - .get("roleBindings")).get(0) + .get("roleBindings")).getFirst() .getVerbs() .containsAll(List.of(RoleBinding.Verb.POST, RoleBinding.Verb.GET))); assertTrue( ((List) response.getAuthentication().get().getAttributes() - .get("roleBindings")).get(0) + .get("roleBindings")).getFirst() .getResourceTypes() .containsAll(List.of("topics", "acls"))); } diff --git a/src/test/java/com/michelin/ns4kafka/security/auth/gitlab/GitlabAuthenticationProviderTest.java b/src/test/java/com/michelin/ns4kafka/security/auth/gitlab/GitlabAuthenticationProviderTest.java index 59060cc6..f5473e2c 100644 --- a/src/test/java/com/michelin/ns4kafka/security/auth/gitlab/GitlabAuthenticationProviderTest.java +++ b/src/test/java/com/michelin/ns4kafka/security/auth/gitlab/GitlabAuthenticationProviderTest.java @@ -39,6 +39,7 @@ class GitlabAuthenticationProviderTest { GitlabAuthenticationProvider gitlabAuthenticationProvider; @Test + @SuppressWarnings("unchecked") void authenticationSuccess() { AuthenticationRequest authenticationRequest = new UsernamePasswordCredentials("username", "53cu23d_70k3n"); @@ -80,6 +81,7 @@ void authenticationSuccess() { } @Test + @SuppressWarnings("unchecked") void authenticationSuccessAdmin() { AuthenticationRequest authenticationRequest = new UsernamePasswordCredentials("usernameAdmin", "53cu23d_70k3n"); diff --git a/src/test/java/com/michelin/ns4kafka/security/auth/ldap/LdapAuthenticationMapperTest.java b/src/test/java/com/michelin/ns4kafka/security/auth/ldap/LdapAuthenticationMapperTest.java index 3023171d..bb6f9112 100644 --- a/src/test/java/com/michelin/ns4kafka/security/auth/ldap/LdapAuthenticationMapperTest.java +++ b/src/test/java/com/michelin/ns4kafka/security/auth/ldap/LdapAuthenticationMapperTest.java @@ -18,9 +18,6 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; -/** - * Ldap authentication mapper test. - */ @ExtendWith(MockitoExtension.class) class LdapAuthenticationMapperTest { @Mock @@ -30,6 +27,7 @@ class LdapAuthenticationMapperTest { LdapAuthenticationMapper ldapAuthenticationMapper; @Test + @SuppressWarnings("unchecked") void shouldMapAttributesToAuthenticationResponse() { AuthenticationRoleBinding authenticationRoleBinding = AuthenticationRoleBinding.builder() .namespace("namespace") diff --git a/src/test/java/com/michelin/ns4kafka/security/auth/local/LocalUserAuthenticationProviderTest.java b/src/test/java/com/michelin/ns4kafka/security/auth/local/LocalUserAuthenticationProviderTest.java index eeeda133..f75503e5 100644 --- a/src/test/java/com/michelin/ns4kafka/security/auth/local/LocalUserAuthenticationProviderTest.java +++ b/src/test/java/com/michelin/ns4kafka/security/auth/local/LocalUserAuthenticationProviderTest.java @@ -68,6 +68,7 @@ void authenticateMatchUserNoMatchPassword() { } @Test + @SuppressWarnings("unchecked") void authenticateMatchUserMatchPassword() { UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("admin", "admin"); diff --git a/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java index 69a7f921..fdc41c3c 100644 --- a/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java @@ -21,9 +21,6 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; -/** - * Access control entry service test. - */ @ExtendWith(MockitoExtension.class) class AclServiceTest { @Mock @@ -934,13 +931,252 @@ void shouldNotCollideIfDifferentResource() { } @Test - void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { + void shouldFindAclGrantedToNamespaceByWildcardName() { + Namespace ns = Namespace.builder() + .metadata(Metadata.builder() + .name("namespace2") + .build()) + .build(); + + AccessControlEntry acl1 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns1-acl-topic") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace1").build()) + .build(); + + AccessControlEntry acl2 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("acl-ns1-read-to-ns2") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.READ) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl3 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns1-connect-write-to-ns2") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.CONNECT) + .permission(AccessControlEntry.Permission.WRITE) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl4 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns2-acl-topic") + .namespace("namespace2") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl5 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns3-read-topic-all") + .namespace("namespace3") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.READ) + .grantedTo("*").build()) + .build(); + + when(accessControlEntryRepository.findAll()).thenReturn(List.of(acl1, acl2, acl3, acl4, acl5)); + + assertEquals(List.of(acl2, acl3, acl4, acl5), aclService.findAllGrantedToNamespaceByWildcardName(ns, "*")); + assertEquals(List.of(acl2), aclService.findAllGrantedToNamespaceByWildcardName(ns, "acl-ns1-read-to-ns2")); + assertEquals(List.of(acl2, acl5), aclService.findAllGrantedToNamespaceByWildcardName(ns, "*read*")); + assertTrue(aclService.findAllGrantedToNamespaceByWildcardName(ns, "not-found").isEmpty()); + } + + @Test + void shouldFindAclGrantedByNamespaceByWildcardName() { Namespace ns = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") .build()) .build(); + AccessControlEntry acl1 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns1-acl-topic") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace1").build()) + .build(); + + AccessControlEntry acl2 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("acl-ns1-read-to-ns2") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.READ) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl3 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns1-connect-write-to-ns2") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.CONNECT) + .permission(AccessControlEntry.Permission.WRITE) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl4 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns2-acl-topic") + .namespace("namespace2") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl5 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns3-read-topic-all") + .namespace("namespace3") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.READ) + .grantedTo("*").build()) + .build(); + + when(accessControlEntryRepository.findAll()).thenReturn(List.of(acl1, acl2, acl3, acl4, acl5)); + + assertEquals(List.of(acl2, acl3), aclService.findAllGrantedByNamespaceByWildcardName(ns, "*")); + assertEquals(List.of(acl2), aclService.findAllGrantedByNamespaceByWildcardName(ns, "acl-ns1-read-to-ns2")); + assertEquals(List.of(acl2, acl3), aclService.findAllGrantedByNamespaceByWildcardName(ns, "*-to-ns2")); + assertTrue(aclService.findAllGrantedByNamespaceByWildcardName(ns, "not-found").isEmpty()); + } + + @Test + void shouldFindAclRelatedToNamespaceByWildcardName() { + AccessControlEntry acl1 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns1-acl-topic") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace1").build()) + .build(); + + AccessControlEntry acl2 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("acl-ns2-read-to-ns1") + .namespace("namespace2") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.READ) + .grantedTo("namespace1").build()) + .build(); + + AccessControlEntry acl3 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns1-acl-connect") + .namespace("namespace1") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.CONNECT) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace1").build()) + .build(); + + AccessControlEntry acl4 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns2-acl-topic") + .namespace("namespace2") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.OWNER) + .grantedTo("namespace2").build()) + .build(); + + AccessControlEntry acl5 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns3-read-topic-all") + .namespace("namespace3") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.TOPIC) + .permission(AccessControlEntry.Permission.READ) + .grantedTo("*").build()) + .build(); + + AccessControlEntry acl6 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .name("ns3-write-acl-ns1") + .namespace("namespace3") + .build()) + .spec(AccessControlEntry.AccessControlEntrySpec.builder() + .resourceType(AccessControlEntry.ResourceType.GROUP) + .permission(AccessControlEntry.Permission.WRITE) + .grantedTo("namespace1").build()) + .build(); + + when(accessControlEntryRepository.findAll()).thenReturn(List.of(acl1, acl2, acl3, acl4, acl5, acl6)); + + Namespace ns1 = Namespace.builder() + .metadata(Metadata.builder() + .name("namespace1") + .build()) + .build(); + + assertEquals(List.of(acl1, acl2, acl3, acl5, acl6), + aclService.findAllRelatedToNamespaceByWildcardName(ns1, "*")); + assertEquals(List.of(acl1, acl5), aclService.findAllRelatedToNamespaceByWildcardName(ns1, "*topic*")); + assertEquals(List.of(acl1, acl3), aclService.findAllRelatedToNamespaceByWildcardName(ns1, "ns1-acl*")); + assertTrue(aclService.findAllRelatedToNamespaceByWildcardName(ns1, "not-found").isEmpty()); + + Namespace ns2 = Namespace.builder() + .metadata(Metadata.builder() + .name("namespace2") + .build()) + .build(); + + assertEquals(List.of(acl2, acl4, acl5), aclService.findAllRelatedToNamespaceByWildcardName(ns2, "*")); + assertEquals(List.of(acl2, acl4), aclService.findAllRelatedToNamespaceByWildcardName(ns2, "*ns2*")); + + Namespace ns3 = Namespace.builder() + .metadata(Metadata.builder() + .name("namespace3") + .build()) + .build(); + + assertEquals(List.of(acl5, acl6), aclService.findAllRelatedToNamespaceByWildcardName(ns3, "*")); + assertEquals(List.of(acl6), aclService.findAllRelatedToNamespaceByWildcardName(ns3, "ns3-write-acl-ns1")); + } + + @Test + void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { + Namespace ns = Namespace.builder() + .metadata(Metadata.builder().name("namespace1").build()).build(); AccessControlEntry acl1 = AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1017,11 +1253,11 @@ void shouldPrefixedAclsMatchResource() { .build(); List acls = List.of(acl1, acl2); - assertFalse(aclService.isAnyAclOfResource(acls, "xyz.topic1")); - assertFalse(aclService.isAnyAclOfResource(acls, "topic1-abc")); - assertFalse(aclService.isAnyAclOfResource(acls, "abc-topic1")); - assertTrue(aclService.isAnyAclOfResource(acls, "abc.topic1")); - assertTrue(aclService.isAnyAclOfResource(acls, "abc_topic1")); + assertFalse(aclService.isResourceCoveredByAcls(acls, "xyz.topic1")); + assertFalse(aclService.isResourceCoveredByAcls(acls, "topic1-abc")); + assertFalse(aclService.isResourceCoveredByAcls(acls, "abc-topic1")); + assertTrue(aclService.isResourceCoveredByAcls(acls, "abc.topic1")); + assertTrue(aclService.isResourceCoveredByAcls(acls, "abc_topic1")); } @Test @@ -1047,10 +1283,10 @@ void shouldLiteralAclsMatchResource() { .build(); List acls = List.of(acl1, acl2); - assertFalse(aclService.isAnyAclOfResource(acls, "xyz.topic1")); - assertFalse(aclService.isAnyAclOfResource(acls, "abc.topic12")); - assertFalse(aclService.isAnyAclOfResource(acls, "abc_topic1")); - assertTrue(aclService.isAnyAclOfResource(acls, "abc.topic1")); - assertTrue(aclService.isAnyAclOfResource(acls, "abc-topic1")); + assertFalse(aclService.isResourceCoveredByAcls(acls, "xyz.topic1")); + assertFalse(aclService.isResourceCoveredByAcls(acls, "abc.topic12")); + assertFalse(aclService.isResourceCoveredByAcls(acls, "abc_topic1")); + assertTrue(aclService.isResourceCoveredByAcls(acls, "abc.topic1")); + assertTrue(aclService.isResourceCoveredByAcls(acls, "abc-topic1")); } } diff --git a/src/test/java/com/michelin/ns4kafka/service/ConnectClusterServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/ConnectClusterServiceTest.java index 2138cfab..536f05c1 100644 --- a/src/test/java/com/michelin/ns4kafka/service/ConnectClusterServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/ConnectClusterServiceTest.java @@ -38,9 +38,6 @@ import reactor.core.publisher.Mono; import reactor.test.StepVerifier; -/** - * Connect cluster service test. - */ @ExtendWith(MockitoExtension.class) class ConnectClusterServiceTest { @Mock @@ -221,13 +218,13 @@ void shouldFindAllConnectClustersForNamespaceWithOwnership() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix2.connect-two"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix2.connect-two"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix3.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix3.connect-cluster"))) .thenReturn(false); - when(aclService.isAnyAclOfResource(any(), eq("not-owner"))) + when(aclService.isResourceCoveredByAcls(any(), eq("not-owner"))) .thenReturn(false); assertEquals(List.of(connectCluster, connectClusterTwo), connectClusterService @@ -279,9 +276,9 @@ void shouldListConnectClusterWithNameParameter() { .thenReturn(List.of(cc1, cc2)); when(aclService.findAllGrantedToNamespace(namespace)) .thenReturn(acls); - when(aclService.isAnyAclOfResource(acls, "abc.cc")) + when(aclService.isResourceCoveredByAcls(acls, "abc.cc")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "xyz.connect-two")) + when(aclService.isResourceCoveredByAcls(acls, "xyz.connect-two")) .thenReturn(true); when(kafkaConnectClient.version(any(), any())) .thenReturn(Mono.just(HttpResponse.ok())); @@ -359,15 +356,15 @@ void shouldListConnectClusterWithWildcardNameParameter() { .thenReturn(List.of(cc1, cc2, cc3, cc4, cc5)); when(aclService.findAllGrantedToNamespace(namespace)) .thenReturn(acls); - when(aclService.isAnyAclOfResource(any(), eq("prefix.cc1"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.cc1"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix.cc2"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.cc2"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix2.connect-two"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix2.connect-two"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix3.connect1"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix3.connect1"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix3.connect2"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix3.connect2"))) .thenReturn(true); when(kafkaConnectClient.version(any(), any())) .thenReturn(Mono.just(HttpResponse.ok())); @@ -453,10 +450,10 @@ void shouldFindAllConnectClustersWithWritePermissionAndHideCredentialsWhenNotOwn .thenReturn(List.of(acl1, acl2)); when(securityProperties.getAes256EncryptionKey()).thenReturn(encryptKey); - when(aclService.isAnyAclOfResource(List.of(acl1), "prefix.connect-cluster")).thenReturn(true); - when(aclService.isAnyAclOfResource(List.of(acl2), "prefix.connect-cluster")).thenReturn(false); - when(aclService.isAnyAclOfResource(List.of(acl2), "owner.connect-cluster")).thenReturn(true); - when(aclService.isAnyAclOfResource(List.of(acl1), "owner.connect-cluster")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(List.of(acl1), "prefix.connect-cluster")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(List.of(acl2), "prefix.connect-cluster")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(List.of(acl2), "owner.connect-cluster")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(List.of(acl1), "owner.connect-cluster")).thenReturn(false); List actual = connectClusterService.findAllForNamespaceWithWritePermission(namespace); @@ -511,7 +508,7 @@ void shouldFindConnectClusterByNamespaceAndName() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); Optional actual = @@ -562,7 +559,7 @@ void shouldFindConnectClusterByNamespaceAndNameWhenStatusIsUnhealthy() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))).thenReturn(true); + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))).thenReturn(true); Optional actual = connectClusterService.findByNameWithOwnerPermission(namespace, "prefix.connect-cluster"); @@ -610,7 +607,7 @@ void shouldNotFindConnectClusterByNamespaceAndNameWhenDoesNotExist() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); assertTrue(connectClusterService.findByNameWithOwnerPermission(namespace, "does-not-exist").isEmpty()); @@ -996,11 +993,11 @@ void shouldValidateConnectClusterVaultWhenNoClusterAvailableWithAes256() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix1.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix1.connect-cluster"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix2.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix2.connect-cluster"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix3.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix3.connect-cluster"))) .thenReturn(true); List errors = @@ -1084,11 +1081,11 @@ void shouldValidateConnectClusterVaultWhenClusterNotAvailable() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix1.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix1.connect-cluster"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix2.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix2.connect-cluster"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("prefix3.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix3.connect-cluster"))) .thenReturn(true); List errors = @@ -1136,7 +1133,7 @@ void shouldValidateConnectClusterVault() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))).thenReturn(true); + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))).thenReturn(true); List errors = connectClusterService.validateConnectClusterVault(namespace, "prefix.connect-cluster"); @@ -1245,17 +1242,17 @@ void shouldFindAllByNamespaceWriteAsOwner() { .thenReturn(List.of(acl1, acl2)); when(connectClusterRepository.findAllForCluster("local")) .thenReturn(List.of(connectCluster, connectClusterOwner)); - when(aclService.isAnyAclOfResource(List.of(acl2), "owner.connect-cluster")) + when(aclService.isResourceCoveredByAcls(List.of(acl2), "owner.connect-cluster")) .thenReturn(true); - when(aclService.isAnyAclOfResource(List.of(acl2), "prefix.connect-cluster")) + when(aclService.isResourceCoveredByAcls(List.of(acl2), "prefix.connect-cluster")) .thenReturn(false); when(securityProperties.getAes256EncryptionKey()) .thenReturn(encryptKey); when(kafkaConnectClient.version(any(), any())) .thenReturn(Mono.just(HttpResponse.ok())); - when(aclService.isAnyAclOfResource(List.of(acl1), "prefix.connect-cluster")) + when(aclService.isResourceCoveredByAcls(List.of(acl1), "prefix.connect-cluster")) .thenReturn(true); - when(aclService.isAnyAclOfResource(List.of(acl1), "owner.connect-cluster")) + when(aclService.isResourceCoveredByAcls(List.of(acl1), "owner.connect-cluster")) .thenReturn(false); List actual = connectClusterService.findAllForNamespaceWithWritePermission(namespace); @@ -1364,7 +1361,7 @@ void shouldNamespaceBeAllowedToWriteToConnectCluster() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); assertTrue(connectClusterService.isNamespaceAllowedForConnectCluster(namespace, "prefix.connect-cluster")); @@ -1427,9 +1424,9 @@ void shouldNamespaceNotBeAllowedToWriteToConnectCluster() { .build() )); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); - when(aclService.isAnyAclOfResource(any(), eq("owner.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("owner.connect-cluster"))) .thenReturn(true); assertFalse(connectClusterService.isNamespaceAllowedForConnectCluster(namespace, "not-allowed-prefix.cc")); @@ -1476,7 +1473,7 @@ void shouldVaultPasswordWithoutFormat() { when(securityProperties.getAes256EncryptionKey()) .thenReturn("changeitchangeitchangeitchangeit"); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); List actual = @@ -1527,7 +1524,7 @@ void shouldVaultPasswordWithFormat() { when(securityProperties.getAes256EncryptionKey()) .thenReturn("changeitchangeitchangeitchangeit"); - when(aclService.isAnyAclOfResource(any(), eq("prefix.connect-cluster"))) + when(aclService.isResourceCoveredByAcls(any(), eq("prefix.connect-cluster"))) .thenReturn(true); List actual = diff --git a/src/test/java/com/michelin/ns4kafka/service/ConnectorServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/ConnectorServiceTest.java index 1a168172..db5dd59d 100644 --- a/src/test/java/com/michelin/ns4kafka/service/ConnectorServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/ConnectorServiceTest.java @@ -143,15 +143,15 @@ void shouldFindAllForNamespace() { when(connectorRepository.findAllForCluster("local")) .thenReturn(List.of(c1, c2, c3, c4, c5)); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-connect2")) + when(aclService.isResourceCoveredByAcls(acls, "ns-connect2")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect2")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect2")) .thenReturn(false); - when(aclService.isAnyAclOfResource(acls, "ns2-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns2-connect1")) .thenReturn(false); assertEquals(List.of(c1, c2, c3), connectorService.findAllForNamespace(ns)); @@ -216,13 +216,13 @@ void shouldFindConnectorsWithWildcardName() { when(connectorRepository.findAllForCluster("local")) .thenReturn(List.of(c1, c2, c3, c4)); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect2")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect2")) .thenReturn(false); - when(aclService.isAnyAclOfResource(acls, "ns2-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns2-connect1")) .thenReturn(false); assertEquals(List.of(c1, c2), connectorService.findByWildcardName(ns, "*")); @@ -287,13 +287,13 @@ void shouldFindConnectorsWithNameParameter() { when(connectorRepository.findAllForCluster("local")) .thenReturn(List.of(c1, c2, c3, c4)); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect2")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect2")) .thenReturn(false); - when(aclService.isAnyAclOfResource(acls, "ns2-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns2-connect1")) .thenReturn(false); assertEquals(List.of(c1), connectorService.findByWildcardName(ns, "ns-connect1")); @@ -342,11 +342,11 @@ void shouldFindConnectorWithWildcardNameParameter() { .thenReturn(acls); when(connectorRepository.findAllForCluster("local")).thenReturn(List.of(c1, c2, c3, c4, c5)); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-connect2")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect2")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns2-connect1")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-connect2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "other-connect1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "other-connect2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns2-connect1")).thenReturn(false); assertEquals(List.of(c1, c2), connectorService.findByWildcardName(ns, "ns-connect?")); assertEquals(List.of(c1, c3), connectorService.findByWildcardName(ns, "*-connect1")); @@ -425,11 +425,11 @@ void shouldFindByName() { .thenReturn(acls); when(connectorRepository.findAllForCluster("local")) .thenReturn(List.of(c1, c2, c3)); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-connect2")) + when(aclService.isResourceCoveredByAcls(acls, "ns-connect2")) .thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "other-connect1")) + when(aclService.isResourceCoveredByAcls(acls, "other-connect1")) .thenReturn(true); Optional actual = connectorService.findByName(ns, "ns-connect1"); @@ -1137,11 +1137,11 @@ void shouldListUnsynchronizedConnectorsWhenAllExistingAlready() { when(aclService.findResourceOwnerGrantedToNamespace(ns, AccessControlEntry.ResourceType.CONNECT)) .thenReturn(acls); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-connect2")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns1-connect1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns1-connect2")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns2-connect1")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-connect2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns1-connect1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns1-connect2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns2-connect1")).thenReturn(false); StepVerifier.create(connectorService.listUnsynchronizedConnectors(ns)) .verifyComplete(); @@ -1233,7 +1233,7 @@ void shouldListUnsynchronizedConnectorsWhenNotAllExisting() { when(aclService.findResourceOwnerGrantedToNamespace(ns, AccessControlEntry.ResourceType.CONNECT)) .thenReturn(acls); when(connectorRepository.findAllForCluster("local")).thenReturn(List.of(c1)); - when(aclService.isAnyAclOfResource(acls, "ns-connect1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-connect1")).thenReturn(true); StepVerifier.create(connectorService.listUnsynchronizedConnectors(ns)) .consumeNextWith(connector -> assertEquals("ns-connect2", connector.getMetadata().getName())) diff --git a/src/test/java/com/michelin/ns4kafka/service/ConsumerGroupServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/ConsumerGroupServiceTest.java index 30ed7663..1a68921d 100644 --- a/src/test/java/com/michelin/ns4kafka/service/ConsumerGroupServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/ConsumerGroupServiceTest.java @@ -202,7 +202,8 @@ void shouldNotValidateResetToOffsetWhenOptionHasWrongFormat() { .build(); List result = consumerGroupService.validateResetOffsets(consumerGroupResetOffsets); - assertEquals("Invalid value \"not-integer\" for field \"to-offset\": value must be an integer.", result.get(0)); + assertEquals("Invalid value \"not-integer\" for field \"to-offset\": value must be an integer.", + result.getFirst()); } @Test @@ -216,7 +217,7 @@ void shouldValidateResetToOffset() { .build(); List result = consumerGroupService.validateResetOffsets(consumerGroupResetOffsets); - assertEquals("Invalid value \"-1\" for field \"to-offset\": value must be >= 0.", result.get(0)); + assertEquals("Invalid value \"-1\" for field \"to-offset\": value must be >= 0.", result.getFirst()); } @Test diff --git a/src/test/java/com/michelin/ns4kafka/service/SchemaServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/SchemaServiceTest.java index 35de13e8..c41d0dab 100644 --- a/src/test/java/com/michelin/ns4kafka/service/SchemaServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/SchemaServiceTest.java @@ -72,9 +72,9 @@ void shouldListSchemasWithoutParameter() { when(schemaRegistryClient.getSubjects(namespace.getMetadata().getCluster())).thenReturn( Flux.fromIterable(subjectsResponse)); - when(aclService.isAnyAclOfResource(acls, "prefix.schema-one")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix2.schema-two")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix2.schema-three")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "prefix.schema-one")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix2.schema-two")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix2.schema-three")).thenReturn(false); StepVerifier.create(schemaService.findAllForNamespace(namespace)) .consumeNextWith(schema -> assertEquals("prefix.schema-one", schema.getMetadata().getName())) @@ -122,9 +122,9 @@ void shouldListSchemaWithNameParameter() { AccessControlEntry.ResourceType.TOPIC)).thenReturn(acls); when(schemaRegistryClient.getSubjects(namespace.getMetadata().getCluster())).thenReturn( Flux.fromIterable(subjectsResponse)); - when(aclService.isAnyAclOfResource(acls, "prefix.schema-one")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix2.schema-two")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix2.schema-three")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "prefix.schema-one")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix2.schema-two")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix2.schema-three")).thenReturn(false); StepVerifier.create(schemaService.findByWildcardName(namespace, "prefix.schema-one")) .consumeNextWith(schema -> assertEquals("prefix.schema-one", schema.getMetadata().getName())) @@ -177,7 +177,7 @@ void shouldListSchemaWithWildcardNameParameter() { AccessControlEntry.ResourceType.TOPIC)).thenReturn(acls); when(schemaRegistryClient.getSubjects(namespace.getMetadata().getCluster())).thenReturn( Flux.fromIterable(subjectsResponse)); - when(aclService.isAnyAclOfResource(eq(acls), anyString())).thenReturn(true); + when(aclService.isResourceCoveredByAcls(eq(acls), anyString())).thenReturn(true); StepVerifier.create(schemaService.findByWildcardName(namespace, "prefix1.*")) .consumeNextWith(schema -> assertEquals("prefix1.schema1-value", schema.getMetadata().getName())) diff --git a/src/test/java/com/michelin/ns4kafka/service/TopicServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/TopicServiceTest.java index 5ad1ec6d..abad5aa8 100644 --- a/src/test/java/com/michelin/ns4kafka/service/TopicServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/TopicServiceTest.java @@ -108,7 +108,7 @@ void shouldFindByName() { .resource("ns1-topic1") .build()) .build())); - when(aclService.isAnyAclOfResource(any(), anyString())).thenReturn(true); + when(aclService.isResourceCoveredByAcls(any(), anyString())).thenReturn(true); // search topic by name Optional actualTopicPrefixed = topicService.findByName(ns, "ns-topic1"); @@ -186,7 +186,7 @@ void shouldFindAllForNamespaceWhenNoAcl() { when(aclService.findResourceOwnerGrantedToNamespace(ns, AccessControlEntry.ResourceType.TOPIC)) .thenReturn(List.of()); - when(aclService.isAnyAclOfResource(any(), anyString())).thenReturn(false); + when(aclService.isResourceCoveredByAcls(any(), anyString())).thenReturn(false); assertTrue(topicService.findAllForNamespace(ns).isEmpty()); } @@ -252,7 +252,7 @@ void shouldFindAllForNamespaceWhenNoAclOnTopic() { .build()) .build())); - when(aclService.isAnyAclOfResource(any(), anyString())).thenReturn(false); + when(aclService.isResourceCoveredByAcls(any(), anyString())).thenReturn(false); assertTrue(topicService.findAllForNamespace(ns).isEmpty()); } @@ -322,11 +322,11 @@ void shouldFindAllForNamespace() { when(topicRepository.findAllForCluster("local")).thenReturn(List.of(t0, t1, t2, t3, t4)); when(aclService.findResourceOwnerGrantedToNamespace(ns, AccessControlEntry.ResourceType.TOPIC)) .thenReturn(acls); - when(aclService.isAnyAclOfResource(acls, "ns1-topic1")).thenReturn(false); - when(aclService.isAnyAclOfResource(acls, "ns2-topic1")).thenReturn(false); - when(aclService.isAnyAclOfResource(acls, "ns0-topic1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-topic1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-topic2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns1-topic1")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "ns2-topic1")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "ns0-topic1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-topic1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-topic2")).thenReturn(true); assertEquals(List.of(t0, t1, t2), topicService.findAllForNamespace(ns)); } @@ -497,10 +497,10 @@ void shouldListUnsynchronizedWhenAllExistingTopics() throws InterruptedException when(topicRepository.findAllForCluster("local")) .thenReturn(List.of(t1, t2, t3, t4)); - when(aclService.isAnyAclOfResource(acls, "ns-topic1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns-topic2")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns1-topic1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "ns2-topic1")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "ns-topic1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-topic2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns1-topic1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns2-topic1")).thenReturn(false); List actual = topicService.listUnsynchronizedTopicNames(ns); @@ -577,7 +577,7 @@ void shouldListUnsynchronizedWhenNotAllTopicsAlreadyExist() throws InterruptedEx // partial number of topics exists into ns4kfk when(topicRepository.findAllForCluster("local")).thenReturn(List.of(t1)); - when(aclService.isAnyAclOfResource(acls, "ns-topic1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "ns-topic1")).thenReturn(true); List actual = topicService.listUnsynchronizedTopicNames(ns); @@ -773,10 +773,10 @@ void shouldFindTopicsWithNameParameter() { when(aclService.findResourceOwnerGrantedToNamespace(ns, AccessControlEntry.ResourceType.TOPIC)) .thenReturn(acls); when(topicRepository.findAllForCluster("local")).thenReturn(List.of(topic1, topic2, topic3, topic4)); - when(aclService.isAnyAclOfResource(acls, "prefix.topic1")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix.topic2")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix.topic3")).thenReturn(true); - when(aclService.isAnyAclOfResource(acls, "prefix2.topic")).thenReturn(false); + when(aclService.isResourceCoveredByAcls(acls, "prefix.topic1")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix.topic2")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix.topic3")).thenReturn(true); + when(aclService.isResourceCoveredByAcls(acls, "prefix2.topic")).thenReturn(false); assertEquals(List.of(topic1, topic2, topic3), topicService.findByWildcardName(ns, "")); assertEquals(List.of(topic2), topicService.findByWildcardName(ns, "prefix.topic2")); @@ -862,7 +862,7 @@ void shouldFindTopicsWithWildcardNameParameter() { .build() )); when(topicRepository.findAllForCluster("local")).thenReturn(allTopics); - when(aclService.isAnyAclOfResource(any(), any())).thenReturn(true); + when(aclService.isResourceCoveredByAcls(any(), any())).thenReturn(true); // find one or multiple topics with wildcard assertEquals(List.of(topic1, topic2, topic3), topicService.findByWildcardName(ns, "prefix1.*")); diff --git a/src/test/java/com/michelin/ns4kafka/util/BytesUtilsTest.java b/src/test/java/com/michelin/ns4kafka/util/BytesUtilsTest.java index ac620a29..6b67e223 100644 --- a/src/test/java/com/michelin/ns4kafka/util/BytesUtilsTest.java +++ b/src/test/java/com/michelin/ns4kafka/util/BytesUtilsTest.java @@ -4,12 +4,9 @@ import org.junit.jupiter.api.Test; -/** - * Bytes utils test. - */ class BytesUtilsTest { @Test - void validateBytesToHumanReadable() { + void shouldValidateBytesToHumanReadable() { assertEquals("0B", BytesUtils.bytesToHumanReadable(0L)); assertEquals("27B", BytesUtils.bytesToHumanReadable(27L)); assertEquals("999B", BytesUtils.bytesToHumanReadable(999L)); @@ -26,7 +23,7 @@ void validateBytesToHumanReadable() { } @Test - void validateHumanReadableToBytes() { + void shouldValidateHumanReadableToBytes() { assertEquals(0L, BytesUtils.humanReadableToBytes("0B")); assertEquals(27L, BytesUtils.humanReadableToBytes("27B")); assertEquals(999L, BytesUtils.humanReadableToBytes("999B")); diff --git a/src/test/java/com/michelin/ns4kafka/util/EncryptionUtilsTest.java b/src/test/java/com/michelin/ns4kafka/util/EncryptionUtilsTest.java index c55cab9a..dd211690 100644 --- a/src/test/java/com/michelin/ns4kafka/util/EncryptionUtilsTest.java +++ b/src/test/java/com/michelin/ns4kafka/util/EncryptionUtilsTest.java @@ -11,7 +11,7 @@ */ class EncryptionUtilsTest { @Test - void validateEncryptAndDecryptAes256GcmNullText() { + void shouldValidateEncryptAndDecryptAes256GcmNullText() { String keyEncryptionKey = "myKeyEncryptionKeyWrongSize"; String stillNullText = EncryptionUtils.encryptAes256Gcm(null, keyEncryptionKey); @@ -19,7 +19,7 @@ void validateEncryptAndDecryptAes256GcmNullText() { } @Test - void validateEncryptAndDecryptAes256GcmBlankText() { + void shouldValidateEncryptAndDecryptAes256GcmBlankText() { String keyEncryptionKey = "myKeyEncryptionKeyWrongSize"; String stillBlankText = EncryptionUtils.encryptAes256Gcm("", keyEncryptionKey); @@ -27,7 +27,7 @@ void validateEncryptAndDecryptAes256GcmBlankText() { } @Test - void validateEncryptAndDecryptAes256GcmWrongKeySize() { + void shouldValidateEncryptAndDecryptAes256GcmWrongKeySize() { String clearText = "myClearText"; String keyEncryptionKey = "myKeyEncryptionKeyWrongSize"; String myClearText = EncryptionUtils.encryptAes256Gcm(clearText, keyEncryptionKey); @@ -36,7 +36,7 @@ void validateEncryptAndDecryptAes256GcmWrongKeySize() { } @Test - void validateEncryptAndDecryptAes256Gcm() { + void shouldValidateEncryptAndDecryptAes256Gcm() { String clearText = "myClearText"; String keyEncryptionKey = "olDeandATEDiCenSiTurThrepASTrole"; String encryptedText = EncryptionUtils.encryptAes256Gcm(clearText, keyEncryptionKey); @@ -46,7 +46,7 @@ void validateEncryptAndDecryptAes256Gcm() { } @Test - void validateEncryptAndDecryptAes256BlankText() { + void shouldValidateEncryptAndDecryptAes256BlankText() { final String encryptionKey = "myKeyEncryption"; final String encryptionSalt = "mySaltEncryption"; @@ -55,7 +55,7 @@ void validateEncryptAndDecryptAes256BlankText() { } @Test - void validateEncryptAndDecryptAes256NullText() { + void shouldValidateEncryptAndDecryptAes256NullText() { final String encryptionKey = "myKeyEncryption"; final String encryptionSalt = "p8t42EhY9z2eSUdpGeq7HX7RboMrsJAhUnu3EEJJVS"; @@ -64,7 +64,7 @@ void validateEncryptAndDecryptAes256NullText() { } @Test - void validateEncryptAndDecryptAes256() { + void shouldValidateEncryptAndDecryptAes256() { String clearText = "myClearText"; String encryptionKey = "myKeyEncryption"; String encryptionSalt = "p8t42EhY9z2eSUdpGeq7HX7RboMrsJAhUnu3EEJJVS"; @@ -75,7 +75,7 @@ void validateEncryptAndDecryptAes256() { } @Test - void validateEncryptNeverSameValue() { + void shouldValidateEncryptNeverSameValue() { String clearText = "myClearText"; String encryptionKey = "myKey"; String encryptionSalt = "toto"; diff --git a/src/test/java/com/michelin/ns4kafka/util/RegexUtilsTest.java b/src/test/java/com/michelin/ns4kafka/util/RegexUtilsTest.java index 8e6217e8..b2e6f67f 100644 --- a/src/test/java/com/michelin/ns4kafka/util/RegexUtilsTest.java +++ b/src/test/java/com/michelin/ns4kafka/util/RegexUtilsTest.java @@ -12,148 +12,148 @@ */ class RegexUtilsTest { @Test - void defaultStringToRegexPattern() { - assertEquals(List.of("^.*$"), RegexUtils.wildcardStringsToRegexPatterns(List.of(""))); - assertEquals(List.of("^.*$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("*"))); + void shouldConvertDefaultStringToRegexPattern() { + assertEquals(List.of("^.*$"), RegexUtils.convertWildcardStringsToRegex(List.of(""))); + assertEquals(List.of("^.*$"), RegexUtils.convertWildcardStringsToRegex(List.of("*"))); } @Test - void simpleWildcardToRegexPattern() { - assertEquals(List.of("^prefix.*$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("prefix*"))); - assertEquals(List.of("^.*suffix$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("*suffix"))); - assertEquals(List.of("^abc\\..*$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("abc.*"))); - assertEquals(List.of("^item.$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("item?"))); + void shouldConvertSimpleWildcardToRegexPattern() { + assertEquals(List.of("^prefix.*$"), RegexUtils.convertWildcardStringsToRegex(List.of("prefix*"))); + assertEquals(List.of("^.*suffix$"), RegexUtils.convertWildcardStringsToRegex(List.of("*suffix"))); + assertEquals(List.of("^abc\\..*$"), RegexUtils.convertWildcardStringsToRegex(List.of("abc.*"))); + assertEquals(List.of("^item.$"), RegexUtils.convertWildcardStringsToRegex(List.of("item?"))); } @Test - void complexWildcardToRegexPattern() { - assertEquals(List.of("^prefix.*suffix$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("prefix*suffix"))); - assertEquals(List.of("^...xyz$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("???xyz"))); - assertEquals(List.of("^.*\\.topic.$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("*.topic?"))); - assertEquals(List.of("^.*\\.topic.$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("*.topic?"))); - assertEquals(List.of("^abc.\\..*-test.$"), RegexUtils.wildcardStringsToRegexPatterns(List.of("abc?.*-test?"))); + void shouldConvertComplexWildcardToRegexPattern() { + assertEquals(List.of("^prefix.*suffix$"), RegexUtils.convertWildcardStringsToRegex(List.of("prefix*suffix"))); + assertEquals(List.of("^...xyz$"), RegexUtils.convertWildcardStringsToRegex(List.of("???xyz"))); + assertEquals(List.of("^.*\\.topic.$"), RegexUtils.convertWildcardStringsToRegex(List.of("*.topic?"))); + assertEquals(List.of("^.*\\.topic.$"), RegexUtils.convertWildcardStringsToRegex(List.of("*.topic?"))); + assertEquals(List.of("^abc.\\..*-test.$"), RegexUtils.convertWildcardStringsToRegex(List.of("abc?.*-test?"))); } @Test - void multipleWildcardsToRegexPatterns() { + void shouldConvertMultipleWildcardsToRegexPatterns() { assertEquals(List.of("^prefix.*$", "^.*suffix$"), - RegexUtils.wildcardStringsToRegexPatterns(List.of("prefix*", "*suffix"))); + RegexUtils.convertWildcardStringsToRegex(List.of("prefix*", "*suffix"))); } @Test - void noFilterRegexPattern() { - assertTrue(RegexUtils.filterByPattern("topic1", List.of("^.*$"))); + void shouldResourceBeCoveredByWildcardRegexPattern() { + assertTrue(RegexUtils.isResourceCoveredByRegex("topic1", List.of("^.*$"))); } @Test - void prefixFilterWithRegexPattern() { + void shouldResourceBeCoveredByPrefixRegexPattern() { List pattern = List.of("^prefix.*$"); - assertTrue(RegexUtils.filterByPattern("prefix.topic", pattern)); - assertTrue(RegexUtils.filterByPattern("prefix1.topic", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic", pattern)); - assertFalse(RegexUtils.filterByPattern("topic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix.topic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix1.topic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("topic", pattern)); } @Test - void suffixFilterWithRegexPattern() { + void shouldResourceBeCoveredBySuffixRegexPattern() { List pattern = List.of("^.*-dev$"); - assertTrue(RegexUtils.filterByPattern("abc.topic-dev", pattern)); - assertTrue(RegexUtils.filterByPattern("xyz.stream-dev", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic-dev2", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic-test", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic.dev", pattern)); - assertFalse(RegexUtils.filterByPattern("topic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.topic-dev", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("xyz.stream-dev", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic-dev2", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic-test", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic.dev", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("topic", pattern)); } @Test - void complexFilterWithRegexPattern() { + void shouldResourceBeCoveredByComplexFilterRegexPattern() { List pattern = List.of("^abc.\\..*-test.$"); - assertTrue(RegexUtils.filterByPattern("abc1.topic-test2", pattern)); - assertTrue(RegexUtils.filterByPattern("abc1.stream-test2", pattern)); - assertFalse(RegexUtils.filterByPattern("abc1.topic-test20", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic-test2", pattern)); - assertFalse(RegexUtils.filterByPattern("abc1.topic-test", pattern)); - assertFalse(RegexUtils.filterByPattern("abc1.topic-prod2", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc1.topic-test2", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc1.stream-test2", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc1.topic-test20", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic-test2", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc1.topic-test", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc1.topic-prod2", pattern)); } @Test - void filterWithMultipleRegexPattern() { + void shouldResourceBeCoveredByAnyRegexPattern() { List pattern = List.of("^prefix1.*$", "^prefix2.*$"); - assertTrue(RegexUtils.filterByPattern("prefix1.topic", pattern)); - assertTrue(RegexUtils.filterByPattern("prefix2.topic", pattern)); - assertFalse(RegexUtils.filterByPattern("prefix3.topic", pattern)); - assertFalse(RegexUtils.filterByPattern("topic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix1.topic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix2.topic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("prefix3.topic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("topic", pattern)); } /** * Functional tests for wildcard filter. */ @Test - void noFilterWildcard() { - List pattern1 = RegexUtils.wildcardStringsToRegexPatterns(List.of("*")); - assertTrue(RegexUtils.filterByPattern("prefix.myTopic", pattern1)); - assertTrue(RegexUtils.filterByPattern("prefix10.yourSchema", pattern1)); - assertTrue(RegexUtils.filterByPattern("whatever.whatsoever", pattern1)); - assertTrue(RegexUtils.filterByPattern("whatever", pattern1)); - - List patterns2 = RegexUtils.wildcardStringsToRegexPatterns(List.of("")); - assertTrue(RegexUtils.filterByPattern("prefix.myTopic", patterns2)); - assertTrue(RegexUtils.filterByPattern("prefix10.yourSchema", patterns2)); - assertTrue(RegexUtils.filterByPattern("whatever.whatsoever", patterns2)); - assertTrue(RegexUtils.filterByPattern("whatever", patterns2)); + void shouldResourceBeCoveredByWildcardOnly() { + List pattern1 = RegexUtils.convertWildcardStringsToRegex(List.of("*")); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix.myTopic", pattern1)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix10.yourSchema", pattern1)); + assertTrue(RegexUtils.isResourceCoveredByRegex("whatever.whatsoever", pattern1)); + assertTrue(RegexUtils.isResourceCoveredByRegex("whatever", pattern1)); + + List patterns2 = RegexUtils.convertWildcardStringsToRegex(List.of("")); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix.myTopic", patterns2)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix10.yourSchema", patterns2)); + assertTrue(RegexUtils.isResourceCoveredByRegex("whatever.whatsoever", patterns2)); + assertTrue(RegexUtils.isResourceCoveredByRegex("whatever", patterns2)); } @Test - void prefixFilterWithWildcard() { - List pattern = RegexUtils.wildcardStringsToRegexPatterns(List.of("abc.my*")); - assertTrue(RegexUtils.filterByPattern("abc.myTopic", pattern)); - assertTrue(RegexUtils.filterByPattern("abc.myStream", pattern)); - assertTrue(RegexUtils.filterByPattern("abc.myConnect.xyz", pattern)); - assertTrue(RegexUtils.filterByPattern("abc.my", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic", pattern)); - assertFalse(RegexUtils.filterByPattern("myTopic", pattern)); + void shouldResourceBeCoveredByStringPrefixedWithWildcard() { + List pattern = RegexUtils.convertWildcardStringsToRegex(List.of("abc.my*")); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTopic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myStream", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myConnect.xyz", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.my", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("myTopic", pattern)); } @Test - void suffixFilterWithWildcard() { - List pattern = RegexUtils.wildcardStringsToRegexPatterns(List.of("*-test")); - assertTrue(RegexUtils.filterByPattern("abc.myTopic-test", pattern)); - assertTrue(RegexUtils.filterByPattern("xyz.myStream-test", pattern)); - assertTrue(RegexUtils.filterByPattern("-test", pattern)); - assertTrue(RegexUtils.filterByPattern("myTopic-test", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.topic", pattern)); - assertFalse(RegexUtils.filterByPattern("myTopic-dev", pattern)); - assertFalse(RegexUtils.filterByPattern("myTopic-test1", pattern)); - assertFalse(RegexUtils.filterByPattern("myTopic-test-dev", pattern)); + void shouldResourceBeCoveredByStringSuffixedWithWildcard() { + List pattern = RegexUtils.convertWildcardStringsToRegex(List.of("*-test")); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTopic-test", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("xyz.myStream-test", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("-test", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("myTopic-test", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.topic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("myTopic-dev", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("myTopic-test1", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("myTopic-test-dev", pattern)); } @Test - void filterWithMultipleWildcard() { - List pattern = RegexUtils.wildcardStringsToRegexPatterns(List.of("abc.myT*op?c")); - assertTrue(RegexUtils.filterByPattern("abc.myTopic", pattern)); - assertTrue(RegexUtils.filterByPattern("abc.myTopicTopic", pattern)); - assertTrue(RegexUtils.filterByPattern("abc.myTaaaaaopac", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.myTopiiic", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.yourTopic", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.myTopic.suffix", pattern)); + void shouldResourceBeCoveredByStringWithMultipleWildcards() { + List pattern = RegexUtils.convertWildcardStringsToRegex(List.of("abc.myT*op?c")); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTopic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTopicTopic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTaaaaaopac", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.myTopiiic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.yourTopic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.myTopic.suffix", pattern)); } @Test - void prefixAndSuffixFilterWithWildcard() { - List pattern = RegexUtils.wildcardStringsToRegexPatterns(List.of("*.myTopic?")); - assertTrue(RegexUtils.filterByPattern("abc.myTopic1", pattern)); - assertTrue(RegexUtils.filterByPattern("prefix.myTopic2", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.myTopic", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.myTopic.suffix", pattern)); - assertFalse(RegexUtils.filterByPattern("abc.myTopic13", pattern)); + void shouldResourceBeCoveredByStringWithPrefixAndSuffixWildcards() { + List pattern = RegexUtils.convertWildcardStringsToRegex(List.of("*.myTopic?")); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTopic1", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix.myTopic2", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.myTopic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.myTopic.suffix", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("abc.myTopic13", pattern)); } @Test - void filterWithMultipleSameWildcard() { - List pattern = RegexUtils.wildcardStringsToRegexPatterns(List.of("***.myTopic")); - assertTrue(RegexUtils.filterByPattern("abc.myTopic", pattern)); - assertTrue(RegexUtils.filterByPattern("prefix.myTopic", pattern)); - assertTrue(RegexUtils.filterByPattern(".myTopic", pattern)); - assertFalse(RegexUtils.filterByPattern("prefix.myStream", pattern)); + void shouldResourceBeCoveredByStringWithMultipleSameWildcards() { + List pattern = RegexUtils.convertWildcardStringsToRegex(List.of("***.myTopic")); + assertTrue(RegexUtils.isResourceCoveredByRegex("abc.myTopic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex("prefix.myTopic", pattern)); + assertTrue(RegexUtils.isResourceCoveredByRegex(".myTopic", pattern)); + assertFalse(RegexUtils.isResourceCoveredByRegex("prefix.myStream", pattern)); } }