From 0b989b8a89c7615064b3646436d32952f53e94d7 Mon Sep 17 00:00:00 2001 From: rusirijayodaillesinghe Date: Tue, 10 Oct 2023 00:07:57 +0530 Subject: [PATCH] Add integration tests to security disabled api get Integration test for https://github.com/wso2/api-manager/issues/2200 --- ...sourceWithElkAnalyticsEnabledTestCase.java | 211 ++++++++++++++ .../configFiles/ElkAnalytics/deployment.toml | 260 ++++++++++++++++++ .../src/test/resources/testng.xml | 1 + 3 files changed, 472 insertions(+) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java new file mode 100644 index 0000000000..67ca3159cb --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.am.integration.tests.api.lifecycle; + +import org.json.JSONException; +import org.testng.ITestContext; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; +import org.wso2.am.integration.clients.publisher.api.ApiException; +import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException; +import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil; +import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; +import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; + +import javax.xml.xpath.XPathExpressionException; +import java.io.File; +import java.io.IOException; +import java.util.HashMap; + +import static org.junit.Assert.assertNotEquals; +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertTrue; +import static org.testng.AssertJUnit.assertNotNull; + +/** + * Add , edit and remove rest resource and test the invocation of API + */ +public class DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase extends APIManagerLifecycleBaseTest { + private final String API_VERSION_1_0_0 = "1.0.0"; + private final String INVOKABLE_API_CONTEXT = API_VERSION_1_0_0 + "/api"; + + private final String RESPONSE_GET = "123John"; + private final String API_GET_ENDPOINT_METHOD = "/customers/123"; + + private HashMap requestHeadersGet; + private ITestContext ctx; + + private ServerConfigurationManager serverConfigurationManager; + + @BeforeClass(alwaysRun = true) + public void initialize(ITestContext ctx) throws APIManagerIntegrationTestException, XPathExpressionException, + JSONException, ApiException, IOException, AutomationUtilException { + + super.init(); + serverConfigurationManager = new ServerConfigurationManager(superTenantKeyManagerContext); + + serverConfigurationManager.applyConfiguration(new File(getAMResourceLocation() + + File.separator + "configFiles" + File.separator + "ElkAnalytics" + + File.separator + "deployment.toml")); + + requestHeadersGet = new HashMap(); + requestHeadersGet.put("accept", "text/xml"); + + this.ctx = ctx; + String apiId = (String) ctx.getAttribute("apiId"); + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher); + waitForAPIDeployment(); + } + + @Test(groups = {"webapp"}, description = "Test the invocation of GET resource") + public void testTurnOffSecurityAndInvokeGETResource(ITestContext ctx) throws Exception { + String apiId = (String) ctx.getAttribute("apiId"); + + String oldSwagger = restAPIPublisher.getSwaggerByID(apiId); + // resource are modified by using swagger doc. create the swagger doc with modified information. + + String modifiedResource = "{\n" + + " \"openapi\" : \"3.0.1\",\n" + + " \"info\" : {\n" + + " \"title\" : \"APITest\",\n" + + " \"description\" : \"description\",\n" + + " \"version\" : \"1.0.0\"\n" + + " },\n" + + " \"servers\" : [ {\n" + + " \"url\" : \"/\"\n" + + " } ],\n" + + " \"security\" : [ {\n" + + " \"default\" : [ ]\n" + + " } ],\n" + + " \"paths\" : {\n" + + " \"/\" : {\n" + + " \"get\" : {\n" + + " \"responses\" : {\n" + + " \"200\" : {\n" + + " \"description\" : \"OK\"\n" + + " }\n" + + " },\n" + + " \"security\" : [ ],\n" + + " \"x-auth-type\" : \"Application & Application User\",\n" + + " \"x-throttling-tier\" : \"Unlimited\",\n" + + " \"x-wso2-application-security\" : {\n" + + " \"security-types\" : [ \"oauth2\" ],\n" + + " \"optional\" : false\n" + + " }\n" + + " }\n" + + " },\n" + + " \"/customers/{id}\" : {\n" + + " \"get\" : {\n" + + " \"parameters\" : [ {\n" + + " \"name\" : \"id\",\n" + + " \"in\" : \"path\",\n" + + " \"required\" : true,\n" + + " \"style\" : \"simple\",\n" + + " \"explode\" : false,\n" + + " \"schema\" : {\n" + + " \"type\" : \"string\"\n" + + " }\n" + + " } ],\n" + + " \"responses\" : {\n" + + " \"200\" : {\n" + + " \"description\" : \"OK\"\n" + + " }\n" + + " },\n" + + " \"security\" : [ ],\n" + + " \"x-auth-type\" : \"None\",\n" + + " \"x-throttling-tier\" : \"Unlimited\",\n" + + " \"x-wso2-application-security\" : {\n" + + " \"security-types\" : [ \"oauth2\" ],\n" + + " \"optional\" : false\n" + + " }\n" + + " }\n" + + " }\n" + + " },\n" + + " \"components\" : {\n" + + " \"securitySchemes\" : {\n" + + " \"default\" : {\n" + + " \"type\" : \"oauth2\",\n" + + " \"flows\" : {\n" + + " \"implicit\" : {\n" + + " \"authorizationUrl\" : \"https://test.com\",\n" + + " \"scopes\" : { }\n" + + " }\n" + + " }\n" + + " }\n" + + " }\n" + + " },\n" + + " \"x-wso2-auth-header\" : \"Authorization\",\n" + + " \"x-wso2-api-key-header\" : \"ApiKey\",\n" + + " \"x-wso2-cors\" : {\n" + + " \"corsConfigurationEnabled\" : false,\n" + + " \"accessControlAllowOrigins\" : [ ],\n" + + " \"accessControlAllowCredentials\" : false,\n" + + " \"accessControlAllowHeaders\" : [ ],\n" + + " \"accessControlAllowMethods\" : [ ]\n" + + " },\n" + + " \"x-wso2-production-endpoints\" : {\n" + + " \"urls\" : [ \"http://localhost:10263/jaxrs_basic/services/customers/customerservice/\" ],\n" + + " \"type\" : \"http\"\n" + + " },\n" + + " \"x-wso2-sandbox-endpoints\" : {\n" + + " \"urls\" : [ \"http://localhost:10263/jaxrs_basic/services/customers/customerservice/\" ],\n" + + " \"type\" : \"http\"\n" + + " },\n" + + " \"x-wso2-basePath\" : \"/1.0.0/api\",\n" + + " \"x-wso2-transports\" : [ \"http\", \"https\" ],\n" + + " \"x-wso2-application-security\" : {\n" + + " \"security-types\" : [ \"oauth2\" ],\n" + + " \"optional\" : false\n" + + " },\n" + + " \"x-wso2-response-cache\" : {\n" + + " \"enabled\" : false,\n" + + " \"cacheTimeoutInSeconds\" : 100\n" + + " }\n" + + "}"; + String swaggerResponse = restAPIPublisher.updateSwagger(apiId, modifiedResource); + assertNotNull(swaggerResponse); + + String updatedSwagger = restAPIPublisher.getSwaggerByID(apiId); + assertNotEquals(updatedSwagger, oldSwagger, "Modifying resources failed for API"); + + createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher); + waitForAPIDeployment(); + + requestHeadersGet.remove("Authorization"); + + //Send GET Request + + HttpResponse httpResponse = + HttpRequestUtil.doGet(getAPIInvocationURLHttp(INVOKABLE_API_CONTEXT) + API_GET_ENDPOINT_METHOD, + requestHeadersGet); + assertEquals(httpResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Invocation fails for GET request"); + assertTrue(httpResponse.getData().contains(RESPONSE_GET), "Response Data not match for GET request." + + " Expected value :\"" + RESPONSE_GET + "\" not contains in response data:\"" + httpResponse.getData() + "\""); + + } + + @AfterClass(alwaysRun = true) + public void removeApplicationSharingConfig() throws Exception { + serverConfigurationManager.restoreToLastConfiguration(false); + } + +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml new file mode 100644 index 0000000000..b98a21b1a7 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml @@ -0,0 +1,260 @@ +[server] +hostname = "localhost" +#offset=0 +base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" +#discard_empty_caches = false +server_role = "default" + +[super_admin] +username = "admin" +password = "admin" +create_admin_account = true + +[user_store] +type = "database_unique_id" + +[database.apim_db] +type = "h2" +url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE" +username = "wso2carbon" +password = "wso2carbon" + +[database.shared_db] +type = "h2" +url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE" +username = "wso2carbon" +password = "wso2carbon" + +[keystore.tls] +file_name = "wso2carbon.jks" +type = "JKS" +password = "wso2carbon" +alias = "wso2carbon" +key_password = "wso2carbon" + +#[keystore.listener_profile] +#bind_address = "0.0.0.0" + +#[keystore.primary] +#file_name = "wso2carbon.jks" +#type = "JKS" +#password = "wso2carbon" +#alias = "wso2carbon" +#key_password = "wso2carbon" + +#[keystore.internal] +#file_name = "wso2carbon.jks" +#type = "JKS" +#password = "wso2carbon" +#alias = "wso2carbon" +#key_password = "wso2carbon" + +[[apim.gateway.environment]] +name = "Default" +type = "hybrid" +provider = "wso2" +display_in_api_console = true +description = "This is a hybrid gateway that handles both production and sandbox token traffic." +show_as_token_endpoint_url = true +service_url = "https://localhost:${mgt.transport.https.port}/services/" +username= "${admin.username}" +password= "${admin.password}" +ws_endpoint = "ws://localhost:9099" +wss_endpoint = "wss://localhost:8099" +http_endpoint = "http://localhost:${http.nio.port}" +https_endpoint = "https://localhost:${https.nio.port}" +websub_event_receiver_http_endpoint = "http://localhost:9021" +websub_event_receiver_https_endpoint = "https://localhost:8021" + +[apim.sync_runtime_artifacts.gateway] +gateway_labels =["Default"] + +#[apim.cache.gateway_token] +#enable = true +#expiry_time = "900s" + +#[apim.cache.resource] +#enable = true +#expiry_time = "900s" + +#[apim.cache.km_token] +#enable = false +#expiry_time = "15m" + +#[apim.cache.recent_apis] +#enable = false + +#[apim.cache.scopes] +#enable = true + +#[apim.cache.publisher_roles] +#enable = true + +#[apim.cache.jwt_claim] +#enable = true +#expiry_time = "15m" + +#[apim.cache.tags] +#expiry_time = "2m" + +[apim.analytics] +enable = true +type = "elk" + +[apim.key_manager] +enable_apikey_subscription_validation = true +#service_url = "https://localhost:${mgt.transport.https.port}/services/" +#username = "$ref{super_admin.username}" +#password = "$ref{super_admin.password}" +#pool.init_idle_capacity = 50 +#pool.max_idle = 100 +#key_validation_handler_type = "default" +#key_validation_handler_type = "custom" +#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" + +#[apim.idp] +#server_url = "https://localhost:${mgt.transport.https.port}" +#authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize" +#oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout" +#oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession" + +#[apim.jwt] +#enable = true +#encoding = "base64" # base64,base64url +#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" +#claim_dialect = "http://wso2.org/claims" +#convert_dialect = false +#header = "X-JWT-Assertion" +#signing_algorithm = "SHA256withRSA" +#enable_user_claims = true +#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" + +#[apim.oauth_config] +#enable_outbound_auth_header = false +#auth_header = "Authorization" +#revoke_endpoint = "https://localhost:${https.nio.port}/revoke" +#enable_token_encryption = false +#enable_token_hashing = false + +#[apim.devportal] +#url = "https://localhost:${mgt.transport.https.port}/devportal" +#enable_application_sharing = false +#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl +#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api +#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" +#display_multiple_versions = false +#display_deprecated_apis = false +#enable_comments = true +#enable_ratings = true +#enable_forum = true +#enable_anonymous_mode=true +#enable_cross_tenant_subscriptions = true +#default_reserved_username = "apim_reserved_user" + +[apim.cors] +allow_origins = "*" +allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] +allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] +allow_credentials = false + +#[apim.throttling] +#enable_data_publishing = true +#enable_policy_deploy = true +#enable_blacklist_condition = true +#enable_persistence = true +#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"] + +#[apim.throttling.blacklist_condition] +#start_delay = "5m" +#period = "1h" + +#[apim.throttling.jms] +#start_delay = "5m" + +#[apim.throttling.event_sync] +#hostName = "0.0.0.0" +#port = 11224 + +#[apim.throttling.event_management] +#hostName = "0.0.0.0" +#port = 10005 + +#[[apim.throttling.url_group]] +#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] +#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] +#type = "loadbalance" + +#[[apim.throttling.url_group]] +#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] +#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] +#type = "failover" + +#[apim.workflow] +#enable = false +#service_url = "https://localhost:9445/bpmn" +#username = "$ref{super_admin.username}" +#password = "$ref{super_admin.password}" +#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" +#token_endpoint = "https://localhost:${https.nio.port}/token" +#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" +#client_registration_username = "$ref{super_admin.username}" +#client_registration_password = "$ref{super_admin.password}" + +#data bridge config +#[transport.receiver] +#type = "binary" +#worker_threads = 10 +#session_timeout = "30m" +#keystore.file_name = "$ref{keystore.tls.file_name}" +#keystore.password = "$ref{keystore.tls.password}" +#tcp_port = 9611 +#ssl_port = 9711 +#ssl_receiver_thread_pool_size = 100 +#tcp_receiver_thread_pool_size = 100 +#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] +#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] + +#[apim.notification] +#from_address = "APIM.com" +#username = "APIM" +#password = "APIM+123" +#hostname = "localhost" +#port = 3025 +#enable_start_tls = false +#enable_authentication = true + +#[apim.token.revocation] +#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" +#enable_realtime_notifier = true +#realtime_notifier.ttl = 5000 +#enable_persistent_notifier = true +#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" +#persistent_notifier.ttl = 5000 +#persistent_notifier.username = "root" +#persistent_notifier.password = "root" + +[[event_handler]] +name="userPostSelfRegistration" +subscriptions=["POST_ADD_USER"] + +[service_provider] +sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" + +[database.local] +url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" + +[[event_listener]] +id = "token_revocation" +type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" +name = "org.wso2.is.notification.ApimOauthEventInterceptor" +order = 1 +[event_listener.properties] +notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" +username = "${admin.username}" +password = "${admin.password}" +'header.X-WSO2-KEY-MANAGER' = "default" + +[oauth.grant_type.token_exchange] +enable = true +allow_refresh_tokens = true +iat_validity_period = "1h" \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index 03901f9726..94e3be90d3 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -28,6 +28,7 @@ +