com.streamreduce.datasource.BootstrapDatabaseDataPopulatorITCase.java Source code

Java tutorial

Introduction

Here is the source code for com.streamreduce.datasource.BootstrapDatabaseDataPopulatorITCase.java

Source

/*
 * Copyright 2012 Nodeable Inc
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package com.streamreduce.datasource;

import com.mongodb.BasicDBObject;
import com.streamreduce.AbstractInContainerTestCase;
import com.streamreduce.Constants;
import com.streamreduce.connections.CloudProvider;
import com.streamreduce.core.model.Account;
import com.streamreduce.core.model.InventoryItem;
import com.streamreduce.core.model.User;
import com.streamreduce.core.service.ConnectionService;
import com.streamreduce.core.service.InventoryService;
import com.streamreduce.rest.dto.response.ConnectionInventoryResponseDTO;
import com.streamreduce.rest.dto.response.ConnectionResponseDTO;
import com.streamreduce.rest.dto.response.InventoryItemResponseDTO;

import java.util.List;

import junit.framework.Assert;
import net.sf.json.JSONObject;
import org.codehaus.jackson.map.type.TypeFactory;
import org.junit.Ignore;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * Tests that {@link com.streamreduce.datasource.BootstrapDatabaseDataPopulator} works as expected.
 */
public class BootstrapDatabaseDataPopulatorITCase extends AbstractInContainerTestCase {

    private Account rootAccount = null;
    private Account integrationsAccount = null;

    @Autowired
    private ConnectionService connectionService;
    @Autowired
    private InventoryService inventoryService;

    @Override
    public void setUp() throws Exception {
        super.setUp();

        for (Account account : userService.getAccounts()) {
            if (account.getName().equals(Constants.NODEABLE_SUPER_ACCOUNT_NAME)) {
                rootAccount = account;
            }
            if (rootAccount != null) {
                break;
            }
        }
    }

    /**
     * Make sure the proper accounts and users have been bootstrapped.
     *
     * @throws Exception if anything goes wrong
     */
    @Test
    @Ignore
    public void testAccountsAndUsersCreatedProperly() throws Exception {
        Assert.assertNotNull(rootAccount);
        Assert.assertNotNull(integrationsAccount);

        User rootUser = null;

        for (User user : userService.allUsersForAccount(rootAccount)) {
            if (user.getUsername().equals(Constants.NODEABLE_SUPER_USERNAME)) {
                rootUser = user;
            }
            if (rootUser != null) {
                break;
            }
        }

        Assert.assertNotNull(rootUser);
    }

    /**
     * Make sure connections and inventory items that are public do not leak sensitive information.
     *
     * @throws Exception if anything goes wrong
     */
    @Test
    @Ignore
    public void testForSecurityLeaks() throws Exception {
        // NOTE: This could be put elsewhere but since it was written as part of SOBA-1855, here it sits for now

        String authnToken = login(testUsername, testUsername);
        List<ConnectionResponseDTO> allConnections = jsonToObject(
                makeRequest(connectionsBaseUrl, "GET", null, authnToken),
                TypeFactory.defaultInstance().constructCollectionType(List.class, ConnectionResponseDTO.class));
        String awsAccessKeyId = cloudProperties.getString("nodeable.integrations.aws.accessKeyId");
        String awsSecretKey = cloudProperties.getString("nodeable.integrations.aws.secretKey");

        Assert.assertEquals(26, allConnections.size());

        for (ConnectionResponseDTO connection : allConnections) {
            // Make sure public connections do not have the connection credentials in them
            Assert.assertFalse(connection.isOwner());
            Assert.assertNull(connection.getIdentity());

            // Only cloud inventory items can be leaked so let's filter our inventory items
            if (connection.getType().equals(CloudProvider.TYPE)) {
                inventoryService.refreshInventoryItemCache(connectionService.getConnection(connection.getId()));

                List<InventoryItem> rawInventoryItems = inventoryService.getInventoryItems(connection.getId());
                int retry = 0;

                while (rawInventoryItems.size() == 0 && retry < 3) {
                    Thread.sleep(30000);
                    rawInventoryItems = inventoryService.getInventoryItems(connection.getId());
                    retry++;
                }

                if (rawInventoryItems.size() == 0) {
                    throw new Exception("Unable to prepare for the test so tests are unable to run.");
                }

                // Make sure public inventory items do not have anything sensitive in them
                String rawResponse = makeRequest(connectionsBaseUrl + "/" + connection.getId() + "/inventory",
                        "GET", null, authnToken);
                ConnectionInventoryResponseDTO responseDTO = jsonToObject(rawResponse,
                        TypeFactory.defaultInstance().constructType(ConnectionInventoryResponseDTO.class));

                for (InventoryItemResponseDTO inventoryItem : responseDTO.getInventoryItems()) {
                    BasicDBObject payload = inventoryItem.getPayload();

                    Assert.assertFalse(JSONObject.fromObject(payload).toString().contains(awsAccessKeyId));
                    Assert.assertFalse(JSONObject.fromObject(payload).toString().contains(awsSecretKey));
                    Assert.assertFalse(payload.containsField("adminPassword"));
                    Assert.assertFalse(payload.containsField("credentials"));
                }

            }
        }
    }

}