This repository has been archived by the owner on Jan 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tests for AuditLoggingFilterTest & IamPrincipalPermissionServiceTest
- Loading branch information
Showing
2 changed files
with
403 additions
and
0 deletions.
There are no files selected for viewing
131 changes: 131 additions & 0 deletions
131
cerberus-web/src/test/java/com/nike/cerberus/event/filter/AuditLoggingFilterTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
package com.nike.cerberus.event.filter; | ||
|
||
import static com.nike.cerberus.CerberusHttpHeaders.UNKNOWN; | ||
|
||
import com.nike.cerberus.event.AuditableEvent; | ||
import com.nike.cerberus.event.AuditableEventContext; | ||
import com.nike.cerberus.util.SdbAccessRequest; | ||
import java.io.IOException; | ||
import java.time.OffsetDateTime; | ||
import javax.servlet.FilterChain; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import org.junit.Assert; | ||
import org.junit.Before; | ||
import org.junit.Test; | ||
import org.mockito.ArgumentCaptor; | ||
import org.mockito.Captor; | ||
import org.mockito.InjectMocks; | ||
import org.mockito.Mock; | ||
import org.mockito.Mockito; | ||
import org.mockito.MockitoAnnotations; | ||
import org.springframework.boot.info.BuildProperties; | ||
import org.springframework.context.ApplicationEventPublisher; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
|
||
public class AuditLoggingFilterTest { | ||
@Mock private SdbAccessRequest sdbAccessRequest; | ||
@Mock private AuditLoggingFilterDetails auditLoggingFilterDetails; | ||
@Mock private BuildProperties buildProperties; | ||
@Mock private ApplicationEventPublisher applicationEventPublisher; | ||
@InjectMocks private AuditLoggingFilter auditLoggingFilter; | ||
|
||
@Captor private ArgumentCaptor<AuditableEvent> auditableEventArgumentCaptor; | ||
|
||
@Before | ||
public void setup() { | ||
MockitoAnnotations.initMocks(this); | ||
} | ||
|
||
@Test | ||
public void testShouldNotFilterReturnFalseIfServletPathIsNotMatched() { | ||
HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class); | ||
Mockito.when(httpServletRequest.getServletPath()).thenReturn("/sample/*"); | ||
boolean isFiltered = auditLoggingFilter.shouldNotFilter(httpServletRequest); | ||
Assert.assertFalse(isFiltered); | ||
} | ||
|
||
@Test | ||
public void testShouldNotFilterReturnTrueIfServletPathIsMatched() { | ||
HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class); | ||
Mockito.when(httpServletRequest.getServletPath()).thenReturn("/dashboard/resource"); | ||
boolean isFiltered = auditLoggingFilter.shouldNotFilter(httpServletRequest); | ||
Assert.assertTrue(isFiltered); | ||
} | ||
|
||
@Test | ||
public void testDoFilterInternal() throws ServletException, IOException { | ||
HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class); | ||
HttpServletResponse httpServletResponse = Mockito.mock(HttpServletResponse.class); | ||
FilterChain filterChain = Mockito.mock(FilterChain.class); | ||
Authentication authentication = Mockito.mock(Authentication.class); | ||
SecurityContextHolder.getContext().setAuthentication(authentication); | ||
Mockito.when(httpServletRequest.getMethod()).thenReturn("GET"); | ||
Mockito.when(httpServletRequest.getServletPath()).thenReturn("/servletPath"); | ||
Mockito.when(httpServletResponse.getStatus()).thenReturn(200); | ||
Mockito.when(auditLoggingFilterDetails.getAction()).thenReturn("action"); | ||
Mockito.when(auditLoggingFilterDetails.getSdbNameSlug()).thenReturn("sdbNameSlug"); | ||
Mockito.when(buildProperties.getVersion()).thenReturn("version"); | ||
auditLoggingFilter.doFilterInternal(httpServletRequest, httpServletResponse, filterChain); | ||
Mockito.verify(filterChain).doFilter(httpServletRequest, httpServletResponse); | ||
Mockito.verify(applicationEventPublisher).publishEvent(auditableEventArgumentCaptor.capture()); | ||
AuditableEvent auditableEvent = auditableEventArgumentCaptor.getValue(); | ||
AuditableEventContext expectedAuditableEventContext = | ||
getExpectedAuditableEventContext(OffsetDateTime.MAX, "action", "sdbNameSlug"); | ||
AuditableEventContext actualAuditableEventContext = auditableEvent.getAuditableEventContext(); | ||
actualAuditableEventContext.setTimestamp(OffsetDateTime.MAX); | ||
Assert.assertEquals( | ||
expectedAuditableEventContext.toString(), actualAuditableEventContext.toString()); | ||
} | ||
|
||
@Test | ||
public void testDoFilterInternalActionIsEmptyInAuditLoggingFilterDetails() | ||
throws ServletException, IOException { | ||
HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class); | ||
HttpServletResponse httpServletResponse = Mockito.mock(HttpServletResponse.class); | ||
FilterChain filterChain = Mockito.mock(FilterChain.class); | ||
Authentication authentication = Mockito.mock(Authentication.class); | ||
SecurityContextHolder.getContext().setAuthentication(authentication); | ||
Mockito.when(httpServletRequest.getMethod()).thenReturn("GET"); | ||
Mockito.when(httpServletRequest.getServletPath()).thenReturn("/servletPath"); | ||
Mockito.when(httpServletResponse.getStatus()).thenReturn(200); | ||
Mockito.when(sdbAccessRequest.getSdbSlug()).thenReturn("sdbNameSlug"); | ||
Mockito.when(buildProperties.getVersion()).thenReturn("version"); | ||
auditLoggingFilter.doFilterInternal(httpServletRequest, httpServletResponse, filterChain); | ||
Mockito.verify(filterChain).doFilter(httpServletRequest, httpServletResponse); | ||
Mockito.verify(applicationEventPublisher).publishEvent(auditableEventArgumentCaptor.capture()); | ||
AuditableEvent auditableEvent = auditableEventArgumentCaptor.getValue(); | ||
AuditableEventContext expectedAuditableEventContext = | ||
getExpectedAuditableEventContext( | ||
OffsetDateTime.MAX, "Unknown read /servletPath", "sdbNameSlug"); | ||
AuditableEventContext actualAuditableEventContext = auditableEvent.getAuditableEventContext(); | ||
actualAuditableEventContext.setTimestamp(OffsetDateTime.MAX); | ||
Assert.assertEquals( | ||
expectedAuditableEventContext.toString(), actualAuditableEventContext.toString()); | ||
} | ||
|
||
private AuditableEventContext getExpectedAuditableEventContext( | ||
OffsetDateTime offsetDateTime, String action, String sdbNameSlug) { | ||
AuditableEventContext auditableEventContext = | ||
AuditableEventContext.builder() | ||
.eventName("Audit Logging Filter Event") | ||
.principal("Unknown") | ||
.action(action) | ||
.method("GET") | ||
.statusCode(200) | ||
.success(true) | ||
.path("/servletPath") | ||
.ipAddress(UNKNOWN) | ||
.xForwardedFor(UNKNOWN) | ||
.clientVersion(UNKNOWN) | ||
.version("version") | ||
.originatingClass(AuditLoggingFilter.class.getSimpleName()) | ||
.traceId(AuditableEventContext.UNKNOWN) | ||
.sdbNameSlug(sdbNameSlug) | ||
.timestamp(offsetDateTime) | ||
.build(); | ||
return auditableEventContext; | ||
} | ||
} |
Oops, something went wrong.