fix: integration tests require specific group for permissions

- upgrade testng version - upgrade springboot version
Nike-Inc · Feb 29, 2020 · 9d47010 · 9d47010
1 parent 8b8ded3
commit 9d47010
Show file tree

Hide file tree

Showing 10 changed files with 521 additions and 1,580 deletions.
diff --git a/cerberus-api-tests/cerberus-api-tests.gradle b/cerberus-api-tests/cerberus-api-tests.gradle
@@ -23,7 +23,7 @@ repositories {
 
 dependencies {
   compile project(':cerberus-core').sourceSets.test.output
-  compile group: 'org.testng', name: 'testng', version: '6.14.3'
+  compile group: 'org.testng', name: 'testng', version: '7.1.0'
   compile 'junit:junit:4.12'
   compile 'org.slf4j:slf4j-api:1.7.21'
   compile group: 'org.codehaus.groovy', name: 'groovy-all', version: '2.5.9'

diff --git a/...ests/src/integration-test/groovy/com/nike/cerberus/api/CerberusCompositeApiActions.groovy b/...ests/src/integration-test/groovy/com/nike/cerberus/api/CerberusCompositeApiActions.groovy
@@ -134,12 +134,10 @@ class CerberusCompositeApiActions {
         assertTrue(list.contains(path.toString()))
     }
 
-    static void "v1 create, read, list, update and then delete a safe deposit box"(Map cerberusAuthPayloadData) {
+    static void "v1 create, read, list, update and then delete a safe deposit box"(Map cerberusAuthPayloadData, String group) {
         String accountId = PropUtils.getPropWithDefaultValue("TEST_ACCOUNT_ID", "1111111111")
         String roleName = PropUtils.getPropWithDefaultValue("TEST_ROLE_NAME", "fake_role")
         String cerberusAuthToken = cerberusAuthPayloadData.'client_token'
-        String groups = cerberusAuthPayloadData.metadata.groups
-        def group = groups.split(/,/)[0]
 
         // Create a map of category ids to names'
         JsonPath getCategoriesResponse = getCategories(cerberusAuthToken)
@@ -154,85 +152,85 @@ class CerberusCompositeApiActions {
             roleMap.put role.name, role.id
         }
 
-        String name = "${RandomStringUtils.randomAlphabetic(5,10)} ${RandomStringUtils.randomAlphabetic(5,10)}"
+        String name = "${RandomStringUtils.randomAlphabetic(5, 10)} ${RandomStringUtils.randomAlphabetic(5, 10)}"
         String description = "${Lorem.getWords(50)}"
         String categoryId = catMap.Applications
         String owner = group
         def userGroupPermissions = [
-            [
-                "name": 'foo',
-                "role_id": roleMap.read
-            ]
+                [
+                        "name"   : 'foo',
+                        "role_id": roleMap.read
+                ]
         ]
         def iamRolePermissions = [
-            [
-                "account_id": accountId,
-                "iam_role_name": roleName,
-                "role_id": roleMap.owner
-            ]
+                [
+                        "account_id"   : accountId,
+                        "iam_role_name": roleName,
+                        "role_id"      : roleMap.owner
+                ]
         ]
 
         def sdbId = createSdbV1(cerberusAuthToken, name, description, categoryId, owner, userGroupPermissions, iamRolePermissions)
-        JsonPath sdb = readSdb(cerberusAuthToken, sdbId, V1_SAFE_DEPOSIT_BOX_PATH)
+        try {
+            JsonPath sdb = readSdb(cerberusAuthToken, sdbId, V1_SAFE_DEPOSIT_BOX_PATH)
 
-        // verify that the sdb we created contains the data we expect
-        assertSafeDepositBoxV1HasFields(sdb, name, description, categoryId, owner, userGroupPermissions, iamRolePermissions)
+            // verify that the sdb we created contains the data we expect
+            assertSafeDepositBoxV1HasFields(sdb, name, description, categoryId, owner, userGroupPermissions, iamRolePermissions)
 
-        // verify that the listing call contains our new SDB
-        def sdbList = listSdbs(cerberusAuthToken, V1_SAFE_DEPOSIT_BOX_PATH)
-        def foundNewSdb = false
-        def listSdb
+            // verify that the listing call contains our new SDB
+            def sdbList = listSdbs(cerberusAuthToken, V1_SAFE_DEPOSIT_BOX_PATH)
+            def foundNewSdb = false
+            def listSdb
 
-        sdbList.getList("").each { sdbMeta ->
-            if (sdbMeta.id == sdbId) {
-                foundNewSdb = true
-                listSdb = sdbMeta
+            sdbList.getList("").each { sdbMeta ->
+                if (sdbMeta.id == sdbId) {
+                    foundNewSdb = true
+                    listSdb = sdbMeta
+                }
             }
-        }
-        assertTrue("Failed to find the newly created SDB in the list results", foundNewSdb)
-        assertEquals(listSdb.name, sdb.get('name'))
-        assertEquals(listSdb.id, sdb.get('id'))
-        assertEquals(listSdb.path, sdb.get('path'))
-        assertEquals(listSdb.'category_id', sdb.get('category_id'))
-
-        // update the sdb
-        description = "${Lorem.getWords(60)}"
-        userGroupPermissions.add([
-            "name": 'bar',
-            "role_id": roleMap.write
-        ])
-        iamRolePermissions.add([
-            "account_id": "1111111111",
-            "iam_role_name": "fake_role2",
-            "role_id": roleMap.read
-        ])
-        updateSdbV1(cerberusAuthToken, sdbId, description, owner, userGroupPermissions, iamRolePermissions)
-        JsonPath sdbUpdated = readSdb(cerberusAuthToken, sdbId, V1_SAFE_DEPOSIT_BOX_PATH)
-
-        // verify that the sdbUpdated we created contains the data we expect
-        assertSafeDepositBoxV1HasFields(sdbUpdated, name, description, categoryId, owner, userGroupPermissions, iamRolePermissions)
-
-        // delete the SDB
-        deleteSdb(cerberusAuthToken, sdbId, V1_SAFE_DEPOSIT_BOX_PATH)
-
-        // verify that the sdb is not longer in the list
-        def updatedSdbList = listSdbs(cerberusAuthToken, V1_SAFE_DEPOSIT_BOX_PATH)
-        def isSdbPresentInUpdatedList = false
-
-        updatedSdbList.getList("").each { sdbMeta ->
-            if (sdbMeta.id == sdbId) {
-                isSdbPresentInUpdatedList = true
+            assertTrue("Failed to find the newly created SDB in the list results", foundNewSdb)
+            assertEquals(listSdb.name, sdb.get('name'))
+            assertEquals(listSdb.id, sdb.get('id'))
+            assertEquals(listSdb.path, sdb.get('path'))
+            assertEquals(listSdb.'category_id', sdb.get('category_id'))
+
+            // update the sdb
+            description = "${Lorem.getWords(60)}"
+            userGroupPermissions.add([
+                    "name"   : 'bar',
+                    "role_id": roleMap.write
+            ])
+            iamRolePermissions.add([
+                    "account_id"   : "1111111111",
+                    "iam_role_name": "fake_role2",
+                    "role_id"      : roleMap.read
+            ])
+            updateSdbV1(cerberusAuthToken, sdbId, description, owner, userGroupPermissions, iamRolePermissions)
+            JsonPath sdbUpdated = readSdb(cerberusAuthToken, sdbId, V1_SAFE_DEPOSIT_BOX_PATH)
+
+            // verify that the sdbUpdated we created contains the data we expect
+            assertSafeDepositBoxV1HasFields(sdbUpdated, name, description, categoryId, owner, userGroupPermissions, iamRolePermissions)
+        } finally {
+            // delete the SDB
+            deleteSdb(cerberusAuthToken, sdbId, V1_SAFE_DEPOSIT_BOX_PATH)
+
+            // verify that the sdb is not longer in the list
+            def updatedSdbList = listSdbs(cerberusAuthToken, V1_SAFE_DEPOSIT_BOX_PATH)
+            def isSdbPresentInUpdatedList = false
+
+            updatedSdbList.getList("").each { sdbMeta ->
+                if (sdbMeta.id == sdbId) {
+                    isSdbPresentInUpdatedList = true
+                }
             }
+            assertFalse("The created sdb should not be in the sdb listing call after deleting it", isSdbPresentInUpdatedList)
         }
-        assertFalse("The created sdb should not be in the sdb listing call after deleting it", isSdbPresentInUpdatedList)
     }
 
-    static void "v2 create, read, list, update and then delete a safe deposit box"(Map cerberusAuthPayloadData) {
+    static void "v2 create, read, list, update and then delete a safe deposit box"(Map cerberusAuthPayloadData, String group) {
         String accountId = PropUtils.getPropWithDefaultValue("TEST_ACCOUNT_ID", "1111111111")
         String roleName = PropUtils.getPropWithDefaultValue("TEST_ROLE_NAME", "fake_role")
         String cerberusAuthToken = cerberusAuthPayloadData.'client_token'
-        String groups = cerberusAuthPayloadData.metadata.groups
-        def group = groups.split(/,/)[0]
 
         // Create a map of category ids to names'
         JsonPath getCategoriesResponse = getCategories(cerberusAuthToken)
@@ -265,64 +263,68 @@ class CerberusCompositeApiActions {
                 "role_id": roleMap.owner
             ]
         ]
-
         // verify that the sdb we created contains the data we expect
         def createdSdb = createSdbV2(cerberusAuthToken, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
-        assertSafeDepositBoxV2HasFields(createdSdb, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
-
         // test read sdb returns returns expected data
         def sdbId = createdSdb.getString("id")
-        JsonPath sdb = readSdb(cerberusAuthToken, sdbId, V2_SAFE_DEPOSIT_BOX_PATH)
-        assertSafeDepositBoxV2HasFields(sdb, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
-
-        // verify that the listing call contains our new SDB
-        def sdbList = listSdbs(cerberusAuthToken, V2_SAFE_DEPOSIT_BOX_PATH)
-        def foundNewSdb = false
-        def listSdb
-
-        sdbList.getList("").each { sdbMeta ->
-            if (sdbMeta.id == sdbId) {
-                foundNewSdb = true
-                listSdb = sdbMeta
+
+        try {
+            // verify that the sdb we created contains the data we expect
+            assertSafeDepositBoxV2HasFields(createdSdb, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
+
+            // test read sdb returns returns expected data
+            JsonPath sdb = readSdb(cerberusAuthToken, sdbId, V2_SAFE_DEPOSIT_BOX_PATH)
+            assertSafeDepositBoxV2HasFields(sdb, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
+
+            // verify that the listing call contains our new SDB
+            def sdbList = listSdbs(cerberusAuthToken, V2_SAFE_DEPOSIT_BOX_PATH)
+            def foundNewSdb = false
+            def listSdb
+
+            sdbList.getList("").each { sdbMeta ->
+                if (sdbMeta.id == sdbId) {
+                    foundNewSdb = true
+                    listSdb = sdbMeta
+                }
             }
-        }
-        assertTrue("Failed to find the newly created SDB in the list results", foundNewSdb)
-        assertEquals(listSdb.name, sdb.get('name'))
-        assertEquals(listSdb.id, sdb.get('id'))
-        assertEquals(listSdb.path, sdb.get('path'))
-        assertEquals(listSdb.'category_id', sdb.get('category_id'))
-
-        // update the sdb
-        description = "${Lorem.getWords(60)}"
-        userGroupPermissions.add([
-            "name": 'bar',
-            "role_id": roleMap.write
-        ])
-        iamPrincipalPermissions.add([
-            "iam_principal_arn": "arn:aws:iam::1111111111:role/fake_role2",
-            "role_id": roleMap.read
-        ])
-        JsonPath sdbUpdatedUpdate = updateSdbV2(cerberusAuthToken, sdbId, description, owner, userGroupPermissions, iamPrincipalPermissions)
-
-        // verify that the sdbUpdated we created contains the data we expect
-        assertSafeDepositBoxV2HasFields(sdbUpdatedUpdate, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
-
-        JsonPath sdbUpdatedRead = readSdb(cerberusAuthToken, sdbId, V2_SAFE_DEPOSIT_BOX_PATH)
-        assertSafeDepositBoxV2HasFields(sdbUpdatedRead, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
-
-        // delete the SDB
-        deleteSdb(cerberusAuthToken, sdbId, V2_SAFE_DEPOSIT_BOX_PATH)
-
-        // verify that the sdb is not longer in the list
-        def updatedSdbList = listSdbs(cerberusAuthToken, V2_SAFE_DEPOSIT_BOX_PATH)
-        def isSdbPresentInUpdatedList = false
-
-        updatedSdbList.getList("").each { sdbMeta ->
-            if (sdbMeta.id == sdbId) {
-                isSdbPresentInUpdatedList = true
+            assertTrue("Failed to find the newly created SDB in the list results", foundNewSdb)
+            assertEquals(listSdb.name, sdb.get('name'))
+            assertEquals(listSdb.id, sdb.get('id'))
+            assertEquals(listSdb.path, sdb.get('path'))
+            assertEquals(listSdb.'category_id', sdb.get('category_id'))
+
+            // update the sdb
+            description = "${Lorem.getWords(60)}"
+            userGroupPermissions.add([
+                    "name"   : 'bar',
+                    "role_id": roleMap.write
+            ])
+            iamPrincipalPermissions.add([
+                    "iam_principal_arn": "arn:aws:iam::1111111111:role/fake_role2",
+                    "role_id"          : roleMap.read
+            ])
+            JsonPath sdbUpdatedUpdate = updateSdbV2(cerberusAuthToken, sdbId, description, owner, userGroupPermissions, iamPrincipalPermissions)
+
+            // verify that the sdbUpdated we created contains the data we expect
+            assertSafeDepositBoxV2HasFields(sdbUpdatedUpdate, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
+
+            JsonPath sdbUpdatedRead = readSdb(cerberusAuthToken, sdbId, V2_SAFE_DEPOSIT_BOX_PATH)
+            assertSafeDepositBoxV2HasFields(sdbUpdatedRead, name, description, categoryId, owner, userGroupPermissions, iamPrincipalPermissions)
+        } finally {
+            // delete the SDB
+            deleteSdb(cerberusAuthToken, sdbId, V2_SAFE_DEPOSIT_BOX_PATH)
+
+            // verify that the sdb is not longer in the list
+            def updatedSdbList = listSdbs(cerberusAuthToken, V2_SAFE_DEPOSIT_BOX_PATH)
+            def isSdbPresentInUpdatedList = false
+
+            updatedSdbList.getList("").each { sdbMeta ->
+                if (sdbMeta.id == sdbId) {
+                    isSdbPresentInUpdatedList = true
+                }
             }
+            assertFalse("The created sdb should not be in the sdb listing call after deleting it", isSdbPresentInUpdatedList)
         }
-        assertFalse("The created sdb should not be in the sdb listing call after deleting it", isSdbPresentInUpdatedList)
     }
 
     static Map "login user with multi factor authentication (or skip mfa if not required) and return auth data"(

diff --git a/...us-api-tests/src/integration-test/groovy/com/nike/cerberus/api/CerberusIamApiTests.groovy b/...us-api-tests/src/integration-test/groovy/com/nike/cerberus/api/CerberusIamApiTests.groovy
@@ -33,6 +33,7 @@ class CerberusIamApiTests {
     private String accountId
     private String roleName
     private String region
+    private String ownerGroup
     private String cerberusAuthToken
     private def cerberusAuthData
 
@@ -61,6 +62,9 @@ class CerberusIamApiTests {
 
         region = PropUtils.getRequiredProperty("TEST_REGION",
                 "The region to use when authenticating with Cerberus using the IAM Auth endpoint")
+
+        ownerGroup = PropUtils.getRequiredProperty("TEST_OWNER_GROUP",
+                "The owner group to use when creating an SDB")
     }
 
     @Test
@@ -80,12 +84,12 @@ class CerberusIamApiTests {
 
     @Test
     void "test that an authenticated IAM role can create, read, update then delete a safe deposit box v1"() {
-        "v1 create, read, list, update and then delete a safe deposit box"(cerberusAuthData)
+        "v1 create, read, list, update and then delete a safe deposit box"(cerberusAuthData as Map, ownerGroup)
     }
 
     @Test
     void "test that an authenticated IAM role can create, read, update then delete a safe deposit box v2"() {
-        "v2 create, read, list, update and then delete a safe deposit box"(cerberusAuthData)
+        "v2 create, read, list, update and then delete a safe deposit box"(cerberusAuthData as Map, ownerGroup)
     }
 
     @Test

diff --git a/...-api-tests/src/integration-test/groovy/com/nike/cerberus/api/CerberusIamApiV2Tests.groovy b/...-api-tests/src/integration-test/groovy/com/nike/cerberus/api/CerberusIamApiV2Tests.groovy
@@ -36,6 +36,7 @@ class CerberusIamApiV2Tests {
     private String accountId
     private String roleName
     private String region
+    private String ownerGroup
     private String cerberusAuthToken
     private def cerberusAuthData
 
@@ -64,6 +65,8 @@ class CerberusIamApiV2Tests {
 
         region = PropUtils.getRequiredProperty("TEST_REGION",
                 "The region to use when authenticating with Cerberus using the IAM Auth endpoint")
+        ownerGroup = PropUtils.getRequiredProperty("TEST_OWNER_GROUP",
+                "The owner group to use when creating an SDB")
     }
 
     @Test
@@ -83,12 +86,12 @@ class CerberusIamApiV2Tests {
 
     @Test
     void "test that an authenticated IAM role can create, read, update then delete a safe deposit box v1"() {
-        "v1 create, read, list, update and then delete a safe deposit box"(cerberusAuthData)
+        "v1 create, read, list, update and then delete a safe deposit box"(cerberusAuthData as Map, ownerGroup)
     }
 
     @Test
     void "test that an authenticated IAM role can create, read, update then delete a safe deposit box v2"() {
-        "v2 create, read, list, update and then delete a safe deposit box"(cerberusAuthData)
+        "v2 create, read, list, update and then delete a safe deposit box"(cerberusAuthData as Map, ownerGroup)
     }
 
     @Test

diff --git a/...s-api-tests/src/integration-test/groovy/com/nike/cerberus/api/CerberusUserApiTests.groovy b/...s-api-tests/src/integration-test/groovy/com/nike/cerberus/api/CerberusUserApiTests.groovy
@@ -31,6 +31,7 @@ class CerberusUserApiTests {
     private String password
     private String otpDeviceId
     private String otpSecret
+    private String ownerGroup
     private String cerberusAuthToken
     private Map cerberusAuthData
 
@@ -63,12 +64,12 @@ class CerberusUserApiTests {
 
     @Test
     void "test that an authenticated user can create, read, update then delete a safe deposit box v1"() {
-        "v1 create, read, list, update and then delete a safe deposit box"(cerberusAuthData)
+        "v1 create, read, list, update and then delete a safe deposit box"(cerberusAuthData as Map, ownerGroup)
     }
 
     @Test
     void "test that an authenticated user can create, read, update then delete a safe deposit box v2"() {
-        "v2 create, read, list, update and then delete a safe deposit box"(cerberusAuthData)
+        "v2 create, read, list, update and then delete a safe deposit box"(cerberusAuthData as Map, ownerGroup)
     }
 
     @Test
@@ -99,5 +100,8 @@ class CerberusUserApiTests {
 
         otpDeviceId = PropUtils.getRequiredProperty("TEST_USER_OTP_DEVICE_ID",
                 "The device id for the test users OTP MFA (OTP == Google auth)")
+
+        ownerGroup = PropUtils.getRequiredProperty("TEST_OWNER_GROUP",
+                "The owner group to use when creating an SDB")
     }
 }