predix · FrankGasparovic · Mar 15, 2017 · Mar 14, 2017
diff --git a/...tests/src/test/java/com/ge/predix/integration/test/AttributeConnectorConfigurationIT.java b/...tests/src/test/java/com/ge/predix/integration/test/AttributeConnectorConfigurationIT.java
@@ -0,0 +1,187 @@
+package com.ge.predix.integration.test;
+
+import static com.ge.predix.acs.commons.web.AcsApiUriTemplates.RESOURCE_CONNECTOR_URL;
+import static com.ge.predix.acs.commons.web.AcsApiUriTemplates.V1;
+import static com.ge.predix.test.utils.PolicyHelper.PREDIX_ZONE_ID;
+
+import java.util.Arrays;
+import java.util.Collections;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.env.Environment;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.testng.AbstractTestNGSpringContextTests;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import com.ge.predix.acs.rest.AttributeAdapterConnection;
+import com.ge.predix.acs.rest.AttributeConnector;
+import com.ge.predix.test.TestConfig;
+import com.ge.predix.test.utils.ACSRestTemplateFactory;
+import com.ge.predix.test.utils.UaaTestUtil;
+import com.ge.predix.test.utils.ZacTestUtil;
+import com.ge.predix.test.utils.ZoneHelper;
+
+@ContextConfiguration("classpath:integration-test-spring-context.xml")
+@Test
+public class AttributeConnectorConfigurationIT extends AbstractTestNGSpringContextTests {
+
+    @Autowired
+    private ACSRestTemplateFactory acsRestTemplateFactory;
+    @Autowired
+    private ZoneHelper zoneHelper;
+    @Autowired
+    private ZacTestUtil zacTestUtil;
+    @Autowired
+    private Environment env;
+
+    @Value("${ZONE1_NAME:testzone1}")
+    private String acsZone1Name;
+    @Value("${ACS_UAA_URL}")
+    private String uaaUrl;
+    @Value("${zone1UaaUrl}/oauth/token")
+    private String zone1TokenUrl;
+    @Value("${connectorReadClientId:acs_connector_read_only_client}")
+    private String zone1ConnectorReadClientId;
+    @Value("${connectorReadClientSecret:s3cr3t}")
+    private String zone1ConnectorReadClientSecret;
+    @Value("${connectorAdminClientId:acs_connector_admin_client}")
+    private String zone1ConnectorAdminClientId;
+    @Value("${connectorAdminClientSecret:s3cr3t}")
+    private String zone1ConnectorAdminClientSecret;
+    @Value("${zone1AdminClientId:zone1AdminClient}")
+    private String zone1AdminClientId;
+    @Value("${zone1AdminClientSecret:zone1AdminClientSecret}")
+    private String zone1AdminClientSecret;
+
+    private String acsUrl;
+    private OAuth2RestTemplate acsAdmin;
+    private OAuth2RestTemplate zone1Admin;
+    private OAuth2RestTemplate zone1ConnectorAdmin;
+    private OAuth2RestTemplate zone1ConnectorReadClient;
+    private HttpHeaders zone1Headers;
+
+    @BeforeClass
+    public void setup() throws Exception {
+        TestConfig.setupForEclipse(); // Starts ACS when running the test in eclipse.
+
+        this.acsUrl = this.zoneHelper.getAcsBaseURL();
+        this.zone1ConnectorAdmin = this.acsRestTemplateFactory.getOAuth2RestTemplateForClient(this.zone1TokenUrl,
+                this.zone1ConnectorAdminClientId, this.zone1ConnectorAdminClientSecret);
+        this.zone1ConnectorReadClient = this.acsRestTemplateFactory.getOAuth2RestTemplateForClient(this.zone1TokenUrl,
+                this.zone1ConnectorReadClientId, this.zone1ConnectorReadClientSecret);
+
+        this.zone1Headers = new HttpHeaders();
+        this.zone1Headers.set(PREDIX_ZONE_ID, this.acsZone1Name);
+
+        if (Arrays.asList(this.env.getActiveProfiles()).contains("public")) {
+            setupPublicACS();
+        } else {
+            setupPredixACS();
+        }
+    }
+
+    private void setupPredixACS() throws Exception {
+        this.zacTestUtil.assumeZacServerAvailable();
+        this.acsAdmin = this.acsRestTemplateFactory.getACSTemplateWithPolicyScope();
+        this.zone1Admin = this.acsRestTemplateFactory.getACSZone1Template();
+        this.zoneHelper.createTestZone(this.acsAdmin, this.acsZone1Name, true);
+    }
+
+    private void setupPublicACS() throws Exception {
+        UaaTestUtil uaaTestUtil = new UaaTestUtil(this.acsRestTemplateFactory.getOAuth2RestTemplateForUaaAdmin(),
+                this.uaaUrl);
+        uaaTestUtil.setup(Arrays.asList(new String[] { this.acsZone1Name }));
+        uaaTestUtil.setupAcsZoneClient(this.acsZone1Name, this.zone1AdminClientId, this.zone1AdminClientSecret);
+
+        this.acsAdmin = this.acsRestTemplateFactory.getOAuth2RestTemplateForAcsAdmin();
+        this.zone1Admin = this.acsRestTemplateFactory.getOAuth2RestTemplateForZone1AdminClient();
+        this.zoneHelper.createTestZone(this.acsAdmin, this.acsZone1Name, false);
+    }
+
+    public void testPutGetDeleteConnector() throws Exception {
+        AttributeConnector expectedConnector = new AttributeConnector();
+        expectedConnector.setMaxCachedIntervalMinutes(100);
+        expectedConnector.setAdapters(Collections.singleton(new AttributeAdapterConnection("http://my-endpoint.com",
+                "http://my-uaa.com", "my-client", "my-secret")));
+        try {
+            this.zone1ConnectorAdmin.put(this.acsUrl + V1 + RESOURCE_CONNECTOR_URL,
+                    new HttpEntity<>(expectedConnector, this.zone1Headers));
+        } catch (Exception e) {
+            Assert.fail("Unable to create attribute connector. " + e.getMessage());
+        }
+
+        try {
+            ResponseEntity<AttributeConnector> response = this.zone1ConnectorReadClient.exchange(
+                    this.acsUrl + V1 + RESOURCE_CONNECTOR_URL, HttpMethod.GET, new HttpEntity<>(this.zone1Headers),
+                    AttributeConnector.class);
+            Assert.assertEquals(response.getBody(), expectedConnector);
+        } catch (Exception e) {
+            Assert.fail("Unable to retrieve attribute connector." + e.getMessage());
+        } finally {
+            this.zone1ConnectorAdmin.exchange(this.acsUrl + V1 + RESOURCE_CONNECTOR_URL, HttpMethod.DELETE,
+                    new HttpEntity<>(this.zone1Headers), String.class);
+        }
+    }
+
+    public void testCreateConnectorDeniedWithoutOauthToken() throws Exception {
+        RestTemplate acs = new RestTemplate();
+        try {
+            acs.put(this.acsUrl + V1 + RESOURCE_CONNECTOR_URL,
+                    new HttpEntity<>(new AttributeConnector(), this.zone1Headers));
+            Assert.fail("No exception thrown when configuring connector without a token.");
+        } catch (HttpClientErrorException e) {
+            Assert.assertEquals(e.getStatusCode(), HttpStatus.UNAUTHORIZED);
+        }
+    }
+
+    public void testCreateConnectorDeniedWithoutSufficientScope() throws Exception {
+        try {
+            this.zone1ConnectorReadClient.put(this.acsUrl + V1 + RESOURCE_CONNECTOR_URL,
+                    new HttpEntity<>(new AttributeConnector(), this.zone1Headers));
+            Assert.fail("No exception thrown when creating connector without sufficient scope.");
+        } catch (HttpClientErrorException e) {
+            Assert.assertEquals(e.getStatusCode(), HttpStatus.FORBIDDEN);
+        }
+    }
+
+    // Due to the issue in spring security, 403 Forbidden response from the server, is received as a 400 Bad Request
+    // error code because error is not correctly translated by the JSON deserializer
+    //https://github.com/spring-projects/spring-security-oauth/issues/191
+    public void testGetConnectorDeniedWithoutSufficientScope() throws Exception {
+        try {
+            this.zone1Admin.exchange(
+                    this.acsUrl + V1 + RESOURCE_CONNECTOR_URL, HttpMethod.GET,
+                    new HttpEntity<>(this.zone1Headers), AttributeConnector.class);
+            Assert.fail("No exception thrown when retrieving connector without sufficient scope.");
+        } catch (HttpClientErrorException e) {
+            e.printStackTrace();
+            Assert.assertEquals(e.getStatusCode(), HttpStatus.FORBIDDEN);
+        } catch (OAuth2Exception e) {
+            e.printStackTrace();
+            Assert.assertEquals(e.getHttpErrorCode(), HttpStatus.BAD_REQUEST.value());
+        }
+    }
+
+    public void testDeleteConnectorDeniedWithoutSufficientScope() throws Exception {
+        try {
+            this.zone1ConnectorReadClient.exchange(
+                    this.acsUrl + V1 + RESOURCE_CONNECTOR_URL, HttpMethod.DELETE,
+                    new HttpEntity<>(this.zone1Headers), String.class);
+            Assert.fail("No exception thrown when deleting connector without sufficient scope.");
+        } catch (HttpClientErrorException e) {
+            Assert.assertEquals(e.getStatusCode(), HttpStatus.FORBIDDEN);
+        }
+    }
+}
diff --git a/acs-integration-tests/src/test/java/com/ge/predix/test/utils/ACSRestTemplateFactory.java b/acs-integration-tests/src/test/java/com/ge/predix/test/utils/ACSRestTemplateFactory.java
@@ -113,8 +113,8 @@ public class ACSRestTemplateFactory {
     public OAuth2RestTemplate getACSTemplateWithPolicyScope() {
         if (this.authorizedACSTemplate == null) {
             this.authorizedACSTemplate = new OAuth2RestTemplate(getUserWithPolicyScope());
+            this.authorizedACSTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
         }
-
         return this.authorizedACSTemplate;
     }
 
@@ -168,20 +168,22 @@ public OAuth2RestTemplate getOAuth2RestTemplateForUaaAdmin() {
     }
 
     public OAuth2RestTemplate getOAuth2RestTemplateForAcsAdmin() {
-        return getOAuth2RestTemplateForClient(this.acsAdminClientId, this.acsAdminClientSecret);
+        return getOAuth2RestTemplateForClient(this.uaaTokenUrl, this.acsAdminClientId, this.acsAdminClientSecret);
     }
 
     public OAuth2RestTemplate getOAuth2RestTemplateForReadOnlyClient() {
-        return getOAuth2RestTemplateForClient(this.acsReadOnlyClientId, this.acsReadOnlyClientSecret);
+        return getOAuth2RestTemplateForClient(this.uaaTokenUrl, this.acsReadOnlyClientId, this.acsReadOnlyClientSecret);
     }
 
     public OAuth2RestTemplate getOAuth2RestTemplateForNoPolicyScopeClient() {
-        return getOAuth2RestTemplateForClient(this.acsNoPolicyScopeClientId, this.acsNoPolicyScopeClientSecret);
+        return getOAuth2RestTemplateForClient(this.uaaTokenUrl, this.acsNoPolicyScopeClientId,
+                this.acsNoPolicyScopeClientSecret);
     }
 
-    public OAuth2RestTemplate getOAuth2RestTemplateForClient(final String clientId, final String clientSecret) {
+    public OAuth2RestTemplate getOAuth2RestTemplateForClient(final String tokenUrl, final String clientId,
+            final String clientSecret) {
         ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
-        resource.setAccessTokenUri(this.uaaTokenUrl);
+        resource.setAccessTokenUri(tokenUrl);
         resource.setClientId(clientId);
         resource.setClientSecret(clientSecret);
         OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource);

diff --git a/acs-integration-tests/src/test/java/com/ge/predix/test/utils/UaaTestUtil.java b/acs-integration-tests/src/test/java/com/ge/predix/test/utils/UaaTestUtil.java
@@ -63,6 +63,8 @@ public void setup(final List<String> acsZones) {
         createAcsAdminClient(acsZones, "acs_admin", "acs_admin_secret");
         createNoPolicyScopeClient(acsZones);
         createReadOnlyPolicyScopeClient(acsZones);
+        createReadOnlyConnectorScopeClient(acsZones);
+        createAdminConnectorScopeClient(acsZones);
     }
 
     public void setupAcsZoneClient(final String acsZone, final String clientId, final String clientSecret) {
@@ -108,29 +110,42 @@ private void createAcsAdminClient(final List<String> acsZones, final String clie
     }
 
     private void createReadOnlyPolicyScopeClient(final List<String> acsZones) {
-        BaseClientDetails readOnlyPolicyScopeClient = new BaseClientDetails();
-        Collection<? extends GrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority[] {
-                new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(0) + ".user"),
-                new SimpleGrantedAuthority("acs.policies.read") });
-        readOnlyPolicyScopeClient.setAuthorities(authorities);
-        readOnlyPolicyScopeClient.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" }));
-        readOnlyPolicyScopeClient.setClientId("acs_read_only_client");
-        readOnlyPolicyScopeClient.setClientSecret("acs_read_only_secret");
-        readOnlyPolicyScopeClient.setResourceIds(Arrays.asList(new String[] { "uaa.none" }));
-        createOrUpdateClient(readOnlyPolicyScopeClient);
-
+        this.createClientWithAuthorities("acs_read_only_client", "acs_read_only_secret",
+                Arrays.asList(new SimpleGrantedAuthority[] {
+                        new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(0) + ".user"),
+                        new SimpleGrantedAuthority("acs.policies.read") }));
     }
 
     private void createNoPolicyScopeClient(final List<String> acsZones) {
-        BaseClientDetails noPolicyScopeClient = new BaseClientDetails();
-        Collection<? extends GrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority[] {
-                new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(0) + ".user") });
-        noPolicyScopeClient.setAuthorities(authorities);
-        noPolicyScopeClient.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" }));
-        noPolicyScopeClient.setClientId("acs_no_policy_client");
-        noPolicyScopeClient.setClientSecret("acs_no_policy_secret");
-        noPolicyScopeClient.setResourceIds(Arrays.asList(new String[] { "uaa.none" }));
-        createOrUpdateClient(noPolicyScopeClient);
+        this.createClientWithAuthorities("acs_no_policy_client", "acs_no_policy_secret",
+                Arrays.asList(new SimpleGrantedAuthority[] {
+                        new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(0) + ".user") }));
+    }
+
+    private void createReadOnlyConnectorScopeClient(final List<String> acsZones) {
+        this.createClientWithAuthorities("acs_connector_read_only_client", "s3cr3t",
+                Arrays.asList(new SimpleGrantedAuthority[] {
+                        new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(0) + ".user"),
+                        new SimpleGrantedAuthority("acs.connectors.read") }));
+    }
+
+    private void createAdminConnectorScopeClient(final List<String> acsZones) {
+        this.createClientWithAuthorities("acs_connector_admin_client", "s3cr3t",
+                Arrays.asList(new SimpleGrantedAuthority[] {
+                        new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(0) + ".user"),
+                        new SimpleGrantedAuthority("acs.connectors.read"), 
+                        new SimpleGrantedAuthority("acs.connectors.write") }));
+    }
+
+    private void createClientWithAuthorities(final String clientId, final String clientSecret,
+            final Collection<? extends GrantedAuthority> authorities) {
+        BaseClientDetails client = new BaseClientDetails();
+        client.setAuthorities(authorities);
+        client.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" }));
+        client.setClientId(clientId);
+        client.setClientSecret(clientSecret);
+        client.setResourceIds(Arrays.asList(new String[] { "uaa.none" }));
+        createOrUpdateClient(client);
     }
 
     private BaseClientDetails createOrUpdateClient(final BaseClientDetails client) {

diff --git a/acs-integration-tests/testng-public-titan.xml b/acs-integration-tests/testng-public-titan.xml
@@ -4,6 +4,7 @@
     <test name="public-titan">
         <classes>
           <class name="com.ge.predix.test.TestConfig"/>
+          <class name="com.ge.predix.integration.test.AttributeConnectorConfigurationIT" />
           <class name="com.ge.predix.acceptance.test.ACSAcceptanceIT"/>
           <class name="com.ge.predix.integration.test.AccessControlServiceIT"/>
           <class name="com.ge.predix.integration.test.PrivilegeManagementAccessControlServiceIT"/>

diff --git a/acs-integration-tests/testng-public.xml b/acs-integration-tests/testng-public.xml
@@ -4,6 +4,7 @@
     <test name="public">
         <classes>
           <class name="com.ge.predix.test.TestConfig"/>
+          <class name="com.ge.predix.integration.test.AttributeConnectorConfigurationIT" />
           <class name="com.ge.predix.acceptance.test.ACSAcceptanceIT"/>
           <class name="com.ge.predix.integration.test.AccessControlServiceIT"/>
           <class name="com.ge.predix.integration.test.PrivilegeManagementAccessControlServiceIT"/>

diff --git a/commons/src/main/java/com/ge/predix/acs/commons/web/AcsApiUriTemplates.java b/commons/src/main/java/com/ge/predix/acs/commons/web/AcsApiUriTemplates.java
@@ -55,4 +55,6 @@ private AcsApiUriTemplates() {
     public static final String ZONE_URL = "/zone/{zoneName}";
 
     public static final String ZONECLIENT_URL = "/client";
+
+    public static final String RESOURCE_CONNECTOR_URL = "/connector/resource";
 }