diff --git a/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/KeyManagerDTO.java b/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/KeyManagerDTO.java index fd76c2e521..d44ba21ece 100644 --- a/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/KeyManagerDTO.java +++ b/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/KeyManagerDTO.java @@ -27,6 +27,7 @@ import java.util.List; import org.wso2.am.integration.clients.admin.api.dto.ClaimMappingEntryDTO; import org.wso2.am.integration.clients.admin.api.dto.KeyManagerCertificatesDTO; +import org.wso2.am.integration.clients.admin.api.dto.KeyManagerPermissionsDTO; import org.wso2.am.integration.clients.admin.api.dto.TokenValidationDTO; import com.fasterxml.jackson.annotation.JsonCreator; /** @@ -158,6 +159,10 @@ public class KeyManagerDTO { @SerializedName(SERIALIZED_NAME_ADDITIONAL_PROPERTIES) private Object additionalProperties; + public static final String SERIALIZED_NAME_PERMISSIONS = "permissions"; + @SerializedName(SERIALIZED_NAME_PERMISSIONS) + private KeyManagerPermissionsDTO permissions; + /** * The type of the tokens to be used (exchanged or without exchanged). Accepted values are EXCHANGED and DIRECT. */ @@ -923,6 +928,29 @@ public void setAdditionalProperties(Object additionalProperties) { } + public KeyManagerDTO permissions(KeyManagerPermissionsDTO permissions) { + + this.permissions = permissions; + return this; + } + + /** + * Get permissions + * @return permissions + **/ + @javax.annotation.Nullable + @ApiModelProperty(value = "") + + public KeyManagerPermissionsDTO getPermissions() { + return permissions; + } + + + public void setPermissions(KeyManagerPermissionsDTO permissions) { + this.permissions = permissions; + } + + public KeyManagerDTO tokenType(TokenTypeEnum tokenType) { this.tokenType = tokenType; @@ -986,12 +1014,13 @@ public boolean equals(Object o) { Objects.equals(this.tokenValidation, keyManager.tokenValidation) && Objects.equals(this.enabled, keyManager.enabled) && Objects.equals(this.additionalProperties, keyManager.additionalProperties) && + Objects.equals(this.permissions, keyManager.permissions) && Objects.equals(this.tokenType, keyManager.tokenType); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, type, description, wellKnownEndpoint, introspectionEndpoint, clientRegistrationEndpoint, tokenEndpoint, displayTokenEndpoint, revokeEndpoint, displayRevokeEndpoint, userInfoEndpoint, authorizeEndpoint, certificates, issuer, alias, scopeManagementEndpoint, availableGrantTypes, enableTokenGeneration, enableTokenEncryption, enableTokenHashing, enableMapOAuthConsumerApps, enableOAuthAppCreation, enableSelfValidationJWT, claimMapping, consumerKeyClaim, scopesClaim, tokenValidation, enabled, additionalProperties, tokenType); + return Objects.hash(id, name, displayName, type, description, wellKnownEndpoint, introspectionEndpoint, clientRegistrationEndpoint, tokenEndpoint, displayTokenEndpoint, revokeEndpoint, displayRevokeEndpoint, userInfoEndpoint, authorizeEndpoint, certificates, issuer, alias, scopeManagementEndpoint, availableGrantTypes, enableTokenGeneration, enableTokenEncryption, enableTokenHashing, enableMapOAuthConsumerApps, enableOAuthAppCreation, enableSelfValidationJWT, claimMapping, consumerKeyClaim, scopesClaim, tokenValidation, enabled, additionalProperties, permissions, tokenType); } @@ -1030,6 +1059,7 @@ public String toString() { sb.append(" tokenValidation: ").append(toIndentedString(tokenValidation)).append("\n"); sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n"); sb.append(" tokenType: ").append(toIndentedString(tokenType)).append("\n"); sb.append("}"); return sb.toString(); diff --git a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml index 4ca28e7a34..4cab2802f0 100644 --- a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml +++ b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml @@ -5595,6 +5595,22 @@ components: self_validate_jwt: true Username: admin Password: admin + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/subscriber tokenType: type: string description: The type of the tokens to be used (exchanged or without exchanged). diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/KeyManagersTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/KeyManagersTestCase.java index 0d7426ae09..b1ad03e2fa 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/KeyManagersTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/KeyManagersTestCase.java @@ -25,24 +25,62 @@ import org.testng.annotations.DataProvider; import org.testng.annotations.Factory; import org.testng.annotations.Test; +import static org.testng.Assert.assertEquals; import org.wso2.am.integration.clients.admin.ApiException; import org.wso2.am.integration.clients.admin.ApiResponse; import org.wso2.am.integration.clients.admin.api.dto.KeyManagerCertificatesDTO; import org.wso2.am.integration.clients.admin.api.dto.KeyManagerDTO; +import org.wso2.am.integration.clients.admin.api.dto.KeyManagerPermissionsDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.SubscriptionDTO; import org.wso2.am.integration.test.helpers.AdminApiTestHelper; import org.wso2.am.integration.test.impl.DtoFactory; +import org.wso2.am.integration.test.impl.RestAPIStoreImpl; import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest; +import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants; +import org.wso2.am.integration.test.utils.bean.APICreationRequestBean; +import org.wso2.am.integration.test.utils.bean.APILifeCycleAction; +import org.wso2.am.integration.test.utils.bean.APIRequest; +import org.wso2.am.integration.test.utils.clients.APIPublisherRestClient; +import org.wso2.am.integration.test.utils.clients.APIStoreRestClient; +import org.wso2.carbon.apimgt.api.model.APIIdentifier; import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; +import java.net.URL; import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Map; import java.util.UUID; +import java.util.ArrayList; public class KeyManagersTestCase extends APIMIntegrationBaseTest { private AdminApiTestHelper adminApiTestHelper; private KeyManagerDTO keyManagerDTO; + private final String API_VERSION_1_0_0 = "1.0.0"; + private final String USER_TEST = "test"; + private final String USER_TEST_PASSWORD = "test123"; + private String apiEndPointUrl; + private APIPublisherRestClient apiPublisher; + private APIStoreRestClient apiStore; + private APIIdentifier apiIdentifier; + private String API_NAME = "DummyApi"; + private String apiId; + private String appId; + private String applicationId; + private String API_SUBSCRIBER = "APISubscriberRole"; + private String apiCreatorStoreDomain; + private RestAPIStoreImpl restAPIStoreClient1; + private String[] API_SUBSCRIBER_PERMISSIONS = { + "/permission/admin/login", + "/permission/admin/manage/api/create", + "/permission/admin/manage/api/subscriber" + }; + String[] ROLE_LIST = { "Internal/publisher", "Internal/subscriber", "Internal/everyone"}; + private APICreationRequestBean apiCreationRequestBean; @Factory(dataProvider = "userModeDataProvider") public KeyManagersTestCase(TestUserMode userMode) { @@ -59,6 +97,12 @@ public static Object[][] userModeDataProvider() { public void setEnvironment() throws Exception { super.init(userMode); adminApiTestHelper = new AdminApiTestHelper(); + apiPublisher = new APIPublisherRestClient(getPublisherURLHttp()); + apiStore = new APIStoreRestClient(getStoreURLHttp()); + apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + "jaxrs_basic/services/customers/customerservice/"; + apiIdentifier = new APIIdentifier(USER_TEST, API_NAME, API_VERSION_1_0_0); + userManagementClient.addUser(USER_TEST, USER_TEST_PASSWORD, ROLE_LIST, USER_TEST); + userManagementClient.addRole(API_SUBSCRIBER, new String[]{ USER_TEST }, API_SUBSCRIBER_PERMISSIONS); } //1. Auth0 Key Manager @@ -1104,8 +1148,91 @@ public void testAddKeyManagerWithExistingKeyManagerName() throws ApiException { } } + @Test(groups = {"wso2.am"}, description = "Test key manager permissions with WSO2IS with permissions" + ,dependsOnMethods = "testDeleteKeyManagerWithAuth0") + public void testKeyManagerPermissions() throws Exception { + + String providerName = user.getUserName(); + + APIRequest apiRequest; + apiRequest = new APIRequest("KMPermissionTestAPI", "KMPermissionTest", new URL(apiEndPointUrl)); + apiRequest.setVersion(API_VERSION_1_0_0); + apiRequest.setProvider(providerName); + apiRequest.setTier(APIMIntegrationConstants.API_TIER.GOLD); + + //add KMPermissionTestAPI api + HttpResponse serviceResponse = restAPIPublisher.addAPI(apiRequest); + apiId = serviceResponse.getData(); + + //publish KMPermissionTestAPI api + restAPIPublisher.changeAPILifeCycleStatus(apiId, APILifeCycleAction.PUBLISH.getAction(), null); + + String name = "Wso2ISKeyManagerWithPermission"; + String type = "WSO2-IS"; + String displayName = "Test Key Manager Permissions WSO2IS"; + String introspectionEndpoint = "https://localhost:9444/oauth2/introspect"; + String clientRegistrationEndpoint = "https://localhost:9444/keymanager-operations/dcr/register"; + String scopeManagementEndpoint = "https://wso2is.com:9444/api/identity/oauth2/v1.0/scopes"; + String tokenEndpoint = "https://wso2is.com:9444/oauth2/token"; + String revokeEndpoint = "https://wso2is.com:9444/oauth2/revoke"; + String consumerKeyClaim = "azp"; + String scopesClaim = "scope"; + List availableGrantTypes = Collections.emptyList(); + JsonObject jsonObject = new JsonObject(); + jsonObject.addProperty("Username", "admin"); + jsonObject.addProperty("Password", "admin"); + jsonObject.addProperty("self_validate_jwt", true); + Object additionalProperties = new Gson().fromJson(jsonObject, Map.class); + List rolesList = new ArrayList<>(); + rolesList.add(API_SUBSCRIBER); + KeyManagerPermissionsDTO keyManagerPermissionsDTO = new KeyManagerPermissionsDTO(); + keyManagerPermissionsDTO.setPermissionType(KeyManagerPermissionsDTO.PermissionTypeEnum.DENY); + keyManagerPermissionsDTO.setRoles(rolesList); + keyManagerDTO = DtoFactory.createKeyManagerDTO(name, null, type, displayName, introspectionEndpoint, + null, clientRegistrationEndpoint, tokenEndpoint, revokeEndpoint, null, null, + scopeManagementEndpoint, consumerKeyClaim, scopesClaim, availableGrantTypes, additionalProperties, + null); + keyManagerDTO.setPermissions(keyManagerPermissionsDTO); + + //Add the WSO2 IS key manager + ApiResponse addedKeyManagers = restAPIAdmin.addKeyManager(keyManagerDTO); + Assert.assertEquals(addedKeyManagers.getStatusCode(), HttpStatus.SC_CREATED); + KeyManagerDTO addedKeyManagerDTO = addedKeyManagers.getData(); + String keyManagerId = addedKeyManagerDTO.getId(); + + //Assert the status code and key manager ID + Assert.assertNotNull(keyManagerId, "The Key Manager ID cannot be null or empty"); + keyManagerDTO.setId(keyManagerId); + //Verify the created key manager DTO + adminApiTestHelper.verifyKeyManagerDTO(keyManagerDTO, addedKeyManagerDTO); + restAPIStore = new RestAPIStoreImpl(USER_TEST, USER_TEST_PASSWORD, + this.storeContext.getContextTenant().getDomain(), this.storeURLHttps); + HttpResponse applicationResponse = restAPIStore.createApplication("KMPermissionApplication7", + "KMPermissionTestApp", APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, + ApplicationDTO.TokenTypeEnum.OAUTH); + assertEquals(applicationResponse.getResponseCode(), org.apache.commons.httpclient.HttpStatus.SC_OK, "Response code is not as expected"); + appId = applicationResponse.getData(); + + SubscriptionDTO subscriptionDto = restAPIStore.subscribeToAPI(apiId, appId, APIMIntegrationConstants.API_TIER.GOLD); + + org.wso2.am.integration.clients.store.api.ApiResponse generateKeyResponse; + ArrayList grantTypes = new ArrayList<>(); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL); + + try { + generateKeyResponse = restAPIStore.generateKeysWithApiResponse(appId, "3600", null, + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, null, + grantTypes, null, keyManagerId); + } catch (org.wso2.am.integration.clients.store.api.ApiException e) { + Assert.assertEquals(e.getCode(), HttpStatus.SC_FORBIDDEN); + } + restAPIAdmin.deleteKeyManager(keyManagerId); + } + @AfterClass(alwaysRun = true) public void destroy() throws Exception { + userManagementClient.deleteUser(USER_TEST); + userManagementClient.deleteRole(API_SUBSCRIBER); super.cleanUp(); } }