hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

introduce-hosting-module (#46)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/46
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
This commit is contained in:
Michael Hoennig
2024-04-23 11:14:48 +02:00
parent 9806bcd78f
commit 66332b6de2
28 changed files with 3308 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java
View File

@@ -51,6 +51,7 @@ public class ArchitectureTest {
"..hs.office.relation",
"..hs.office.sepamandate",
"..hs.booking.item",
"..hs.hosting.asset",
"..errors",
"..mapper",
"..ping",
@@ -130,6 +131,7 @@ public class ArchitectureTest {
.resideInAnyPackage(
"..hs.office.(*)..",
"..hs.booking.(*)..",
"..hs.hosting.(*)..",
"..rbac.rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest
);
@@ -140,7 +142,16 @@ public class ArchitectureTest {
.should().onlyBeAccessed().byClassesThat()
.resideInAnyPackage(
"..hs.booking.(*)..",
"..rbac.rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest
"..hs.hosting.(*).."
);
@ArchTest
@SuppressWarnings("unused")
public static final ArchRule hsHostingPackageAccessRule = classes()
.that().resideInAPackage("..hs.hosting.(*)..")
.should().onlyBeAccessed().byClassesThat()
.resideInAnyPackage(
"..hs.hosting.(*).."
);
@ArchTest

5
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java
View File

@@ -118,17 +118,16 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
// insert+delete
// global-admin
"{ grant perm:hs_booking_item#D-1000111-somenewbookingitem:DELETE to role:global#global:ADMIN by system and assume }",
// owner
//"{ grant perm:hs_booking_item#D-1000111-somenewbookingitem:UPDATE to role:hs_booking_item#D-1000111-somenewbookingitem:OWNER by system and assume }",
"{ grant role:hs_booking_item#D-1000111-somenewbookingitem:OWNER to role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:AGENT by system and assume }",
// admin
"{ grant perm:hs_booking_item#D-1000111-somenewbookingitem:UPDATE to role:hs_booking_item#D-1000111-somenewbookingitem:ADMIN by system and assume }",
"{ grant role:hs_booking_item#D-1000111-somenewbookingitem:ADMIN to role:hs_booking_item#D-1000111-somenewbookingitem:OWNER by system and assume }",
//"{ grant role:hs_booking_item#D-1000111-somenewbookingitem:TENANT to role:hs_booking_item#D-1000111-somenewbookingitem:ADMIN by system and assume }",
"{ grant perm:hs_booking_item#D-1000111-somenewbookingitem:INSERT>hs_hosting_asset to role:hs_booking_item#D-1000111-somenewbookingitem:AGENT by system and assume }",
// agent
"{ grant role:hs_booking_item#D-1000111-somenewbookingitem:ADMIN to role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:AGENT by system and assume }",

24
src/test/java/net/hostsharing/hsadminng/hs/booking/item/TestHsBookingItem.java Normal file
View File

@@ -0,0 +1,24 @@
package net.hostsharing.hsadminng.hs.booking.item;
import io.hypersistence.utils.hibernate.type.range.Range;
import lombok.experimental.UtilityClass;
import java.time.LocalDate;
import java.util.Map;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.hs.office.debitor.TestHsOfficeDebitor.TEST_DEBITOR;
@UtilityClass
public class TestHsBookingItem {
public static final HsBookingItemEntity TEST_BOOKING_ITEM = HsBookingItemEntity.builder()
.debitor(TEST_DEBITOR)
.caption("test booking item")
.resources(Map.ofEntries(
entry("someThing", 1),
entry("anotherThing", "blue")
))
.validity(Range.closedInfinite(LocalDate.of(2020, 1, 15)))
.build();
}

346
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java Normal file
View File

@@ -0,0 +1,346 @@
package net.hostsharing.hsadminng.hs.hosting.asset;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.server.LocalServerPort;
import org.springframework.transaction.annotation.Transactional;
import java.util.Map;
import java.util.UUID;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, JpaAttempt.class }
)
@Transactional
class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
private Integer port;
@Autowired
HsHostingAssetRepository assetRepo;
@Autowired
HsBookingItemRepository bookingItemRepo;
@Autowired
HsOfficeDebitorRepository debitorRepo;
@Autowired
JpaAttempt jpaAttempt;
@Nested
class ListAssets {
@Test
void globalAdmin_canViewAllAssetsOfArbitraryDebitor() {
// given
context("superuser-alex@hostsharing.net");
final var givenDebitor = debitorRepo.findDebitorByDebitorNumber(1000111).get(0);
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets?debitorUuid=" + givenDebitor.getUuid())
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
[
{
"type": "MANAGED_WEBSPACE",
"identifier": "aaa01",
"caption": "some Webspace",
"config": {
"HDD": 2048,
"RAM": 1,
"SDD": 512,
"extra": 42
}
},
{
"type": "MANAGED_SERVER",
"identifier": "vm1011",
"caption": "some ManagedServer",
"config": {
"CPU": 2,
"SDD": 512,
"extra": 42
}
},
{
"type": "CLOUD_SERVER",
"identifier": "vm2011",
"caption": "another CloudServer",
"config": {
"CPU": 2,
"HDD": 1024,
"extra": 42
}
}
]
"""));
// @formatter:on
}
}
@Nested
class AddServer {
@Test
void globalAdmin_canAddAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenBookingItem = givenBookingItem("First", "some PrivateCloud");
final var location = RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
"bookingItemUuid": "%s",
"type": "MANAGED_SERVER",
"identifier": "vm1400",
"caption": "some new CloudServer",
"config": { "CPU": 3, "extra": 42 }
}
""".formatted(givenBookingItem.getUuid()))
.port(port)
.when()
.post("http://localhost/api/hs/hosting/assets")
.then().log().all().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"type": "MANAGED_SERVER",
"identifier": "vm1400",
"caption": "some new CloudServer",
"config": { "CPU": 3, "extra": 42 }
}
"""))
.header("Location", matchesRegex("http://localhost:[1-9][0-9]*/api/hs/hosting/assets/[^/]*"))
.extract().header("Location"); // @formatter:on
// finally, the new asset can be accessed under the generated UUID
final var newUserUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
assertThat(newUserUuid).isNotNull();
}
}
@Nested
class GetASset {
@Test
void globalAdmin_canGetArbitraryAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findAll().stream()
.filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000111)
.filter(item -> item.getCaption().equals("some ManagedServer"))
.findAny().orElseThrow().getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
{
"caption": "some ManagedServer",
"config": {
"CPU": 2,
"SDD": 512,
"extra": 42
}
}
""")); // @formatter:on
}
@Test
void normalUser_canNotGetUnrelatedAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findAll().stream()
.filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000212)
.map(HsHostingAssetEntity::getUuid)
.findAny().orElseThrow();
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
.then().log().body().assertThat()
.statusCode(404); // @formatter:on
}
@Test
void debitorAgentUser_canGetRelatedAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenAssetUuid = assetRepo.findAll().stream()
.filter(bi -> bi.getBookingItem().getDebitor().getDebitorNumber() == 1000313)
.filter(bi -> bi.getCaption().equals("some ManagedServer"))
.findAny().orElseThrow().getUuid();
RestAssured // @formatter:off
.given()
.header("current-user", "person-TuckerJack@example.com")
.port(port)
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
{
"identifier": "vm1013",
"caption": "some ManagedServer",
"config": {
"CPU": 2,
"SDD": 512,
"extra": 42
}
}
""")); // @formatter:on
}
}
@Nested
class PatchAsset {
@Test
void globalAdmin_canPatchAllUpdatablePropertiesOfAsset() {
final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2001", entry("something", 1));
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
{
"config": {
"CPU": "4",
"HDD": null,
"SSD": "4096"
}
}
""")
.port(port)
.when()
.patch("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().all().assertThat()
.statusCode(200)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"type": "CLOUD_SERVER",
"identifier": "vm2001",
"caption": "some test-asset",
"config": {
"CPU": "4",
"SSD": "4096",
"something": 1
}
}
""")); // @formatter:on
// finally, the asset is actually updated
context.define("superuser-alex@hostsharing.net");
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent().get()
.matches(asset -> {
assertThat(asset.toString()).isEqualTo("HsHostingAssetEntity(D-1000111:some CloudServer, CLOUD_SERVER, vm2001, some test-asset, { CPU: 4, SSD: 4096, something: 1 })");
return true;
});
}
}
@Nested
class DeleteAsset {
@Test
void globalAdmin_canDeleteArbitraryAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2002", entry("something", 1));
RestAssured // @formatter:off
.given()
.header("current-user", "superuser-alex@hostsharing.net")
.port(port)
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().body().assertThat()
.statusCode(204); // @formatter:on
// then the given assets is gone
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isEmpty();
}
@Test
void normalUser_canNotDeleteUnrelatedAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenAsset = givenSomeTemporaryAssetForDebitorNumber("2003", entry("something", 1));
RestAssured // @formatter:off
.given()
.header("current-user", "selfregistered-user-drew@hostsharing.org")
.port(port)
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().body().assertThat()
.statusCode(404); // @formatter:on
// then the given asset is still there
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isNotEmpty();
}
}
HsBookingItemEntity givenBookingItem(final String debitorName, final String bookingItemCaption) {
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike(debitorName).stream().findAny().orElseThrow();
return bookingItemRepo.findAllByDebitorUuid(givenDebitor.getUuid()).stream()
.filter(i -> i.getCaption().equals(bookingItemCaption))
.findAny().orElseThrow();
}
private HsHostingAssetEntity givenSomeTemporaryAssetForDebitorNumber(final String identifierSuffix,
final Map.Entry<String, Integer> resources) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
final var newAsset = HsHostingAssetEntity.builder()
.uuid(UUID.randomUUID())
.bookingItem(givenBookingItem("First", "some CloudServer"))
.type(HsHostingAssetType.CLOUD_SERVER)
.identifier("vm" + identifierSuffix)
.caption("some test-asset")
.config(Map.ofEntries(resources))
.build();
return assetRepo.save(newAsset);
}).assertSuccessful().returnedValue();
}
}

102
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetEntityPatcherUnitTest.java Normal file
View File

@@ -0,0 +1,102 @@
package net.hostsharing.hsadminng.hs.hosting.asset;
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetPatchResource;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
import net.hostsharing.hsadminng.mapper.KeyValueMap;
import net.hostsharing.hsadminng.rbac.test.PatchUnitTestBase;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import jakarta.persistence.EntityManager;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Stream;
import static net.hostsharing.hsadminng.hs.booking.item.TestHsBookingItem.TEST_BOOKING_ITEM;
import static net.hostsharing.hsadminng.mapper.PatchMap.entry;
import static net.hostsharing.hsadminng.mapper.PatchMap.patchMap;
import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.lenient;
@TestInstance(PER_CLASS)
@ExtendWith(MockitoExtension.class)
class HsHostingAssetEntityPatcherUnitTest extends PatchUnitTestBase<
HsHostingAssetPatchResource,
HsHostingAssetEntity
> {
private static final UUID INITIAL_BOOKING_ITEM_UUID = UUID.randomUUID();
private static final Map<String, Object> INITIAL_CONFIG = patchMap(
entry("CPU", 1),
entry("HDD", 1024),
entry("MEM", 64)
);
private static final Map<String, Object> PATCH_CONFIG = patchMap(
entry("CPU", 2),
entry("HDD", null),
entry("SDD", 256)
);
private static final Map<String, Object> PATCHED_CONFIG = patchMap(
entry("CPU", 2),
entry("SDD", 256),
entry("MEM", 64)
);
private static final String INITIAL_CAPTION = "initial caption";
private static final String PATCHED_CAPTION = "patched caption";
@Mock
private EntityManager em;
@BeforeEach
void initMocks() {
lenient().when(em.getReference(eq(HsOfficeDebitorEntity.class), any())).thenAnswer(invocation ->
HsOfficeDebitorEntity.builder().uuid(invocation.getArgument(1)).build());
lenient().when(em.getReference(eq(HsHostingAssetEntity.class), any())).thenAnswer(invocation ->
HsHostingAssetEntity.builder().uuid(invocation.getArgument(1)).build());
}
@Override
protected HsHostingAssetEntity newInitialEntity() {
final var entity = new HsHostingAssetEntity();
entity.setUuid(INITIAL_BOOKING_ITEM_UUID);
entity.setBookingItem(TEST_BOOKING_ITEM);
entity.getConfig().putAll(KeyValueMap.from(INITIAL_CONFIG));
entity.setCaption(INITIAL_CAPTION);
return entity;
}
@Override
protected HsHostingAssetPatchResource newPatchResource() {
return new HsHostingAssetPatchResource();
}
@Override
protected HsHostingAssetEntityPatcher createPatcher(final HsHostingAssetEntity server) {
return new HsHostingAssetEntityPatcher(server);
}
@Override
protected Stream<Property> propertyTestDescriptors() {
return Stream.of(
new JsonNullableProperty<>(
"caption",
HsHostingAssetPatchResource::setCaption,
PATCHED_CAPTION,
HsHostingAssetEntity::setCaption),
new SimpleProperty<>(
"config",
HsHostingAssetPatchResource::setConfig,
PATCH_CONFIG,
HsHostingAssetEntity::putConfig,
PATCHED_CONFIG)
.notNullable()
);
}
}

49
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetEntityUnitTest.java Normal file
View File

@@ -0,0 +1,49 @@
package net.hostsharing.hsadminng.hs.hosting.asset;
import org.junit.jupiter.api.Test;
import java.util.Map;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.hs.booking.item.TestHsBookingItem.TEST_BOOKING_ITEM;
import static org.assertj.core.api.Assertions.assertThat;
class HsHostingAssetEntityUnitTest {
final HsHostingAssetEntity givenParentAsset = HsHostingAssetEntity.builder()
.bookingItem(TEST_BOOKING_ITEM)
.type(HsHostingAssetType.MANAGED_SERVER)
.identifier("vm1234")
.caption("some managed asset")
.config(Map.ofEntries(
entry("CPUs", 2),
entry("SSD-storage", 512),
entry("HDD-storage", 2048)))
.build();
final HsHostingAssetEntity givenServer = HsHostingAssetEntity.builder()
.bookingItem(TEST_BOOKING_ITEM)
.type(HsHostingAssetType.MANAGED_WEBSPACE)
.parentAsset(givenParentAsset)
.identifier("xyz00")
.caption("some managed webspace")
.config(Map.ofEntries(
entry("CPUs", 2),
entry("SSD-storage", 512),
entry("HDD-storage", 2048)))
.build();
@Test
void toStringContainsAllPropertiesAndResourcesSortedByKey() {
final var result = givenServer.toString();
assertThat(result).isEqualTo(
"HsHostingAssetEntity(D-1000100:test booking item, MANAGED_WEBSPACE, D-1000100:test booking item:vm1234, xyz00, some managed webspace, { CPUs: 2, HDD-storage: 2048, SSD-storage: 512 })");
}
@Test
void toShortStringContainsOnlyMemberNumberAndCaption() {
final var result = givenServer.toShortString();
assertThat(result).isEqualTo("D-1000100:test booking item:xyz00");
}
}

368
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java Normal file
View File

@@ -0,0 +1,368 @@
package net.hostsharing.hsadminng.hs.hosting.asset;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository;
import net.hostsharing.hsadminng.rbac.test.Array;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.context.annotation.Import;
import org.springframework.orm.jpa.JpaSystemException;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER;
import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.test.Array.fromFormatted;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@Import({ Context.class, JpaAttempt.class })
class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanup {
@Autowired
HsHostingAssetRepository assetRepo;
@Autowired
HsBookingItemRepository bookingItemRepo;
@Autowired
HsOfficeDebitorRepository debitorRepo;
@Autowired
RawRbacRoleRepository rawRoleRepo;
@Autowired
RawRbacGrantRepository rawGrantRepo;
@Autowired
JpaAttempt jpaAttempt;
@PersistenceContext
EntityManager em;
@MockBean
HttpServletRequest request;
@Nested
class CreateAsset {
@Test
public void testHostsharingAdmin_withoutAssumedRole_canCreateNewAsset() {
// given
context("superuser-alex@hostsharing.net");
final var count = assetRepo.count();
final var givenBookingItem = givenBookingItem("First", "some CloudServer");
// when
final var result = attempt(em, () -> {
final var newAsset = HsHostingAssetEntity.builder()
.bookingItem(givenBookingItem)
.caption("some new managed webspace")
.type(HsHostingAssetType.MANAGED_WEBSPACE)
.identifier("xyz90")
.build();
return toCleanup(assetRepo.save(newAsset));
});
// then
result.assertSuccessful();
assertThat(result.returnedValue()).isNotNull().extracting(HsHostingAssetEntity::getUuid).isNotNull();
assertThatAssetIsPersisted(result.returnedValue());
assertThat(assetRepo.count()).isEqualTo(count + 1);
}
@Test
public void createsAndGrantsRoles() {
// given
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", ""))
.toList();
final var givenBookingItem = givenBookingItem("First", "some CloudServer");
// when
final var result = attempt(em, () -> {
final var newAsset = HsHostingAssetEntity.builder()
.bookingItem(givenBookingItem)
.type(HsHostingAssetType.MANAGED_WEBSPACE)
.identifier("xyz91")
.caption("some new managed webspace")
.build();
return toCleanup(assetRepo.save(newAsset));
});
// then
result.assertSuccessful();
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_hosting_asset#D-1000111-someCloudServer-xyz91:ADMIN",
"hs_hosting_asset#D-1000111-someCloudServer-xyz91:OWNER",
"hs_hosting_asset#D-1000111-someCloudServer-xyz91:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
// global-admin
// owner
"{ grant perm:hs_hosting_asset#D-1000111-someCloudServer-xyz91:DELETE to role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:OWNER by system and assume }",
// admin
"{ grant perm:hs_hosting_asset#D-1000111-someCloudServer-xyz91:UPDATE to role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:ADMIN by system and assume }",
"{ grant role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:ADMIN to role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:OWNER by system and assume }",
"{ grant role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:OWNER to role:hs_booking_item#D-1000111-someCloudServer:ADMIN by system and assume }",
// tenant
"{ grant perm:hs_hosting_asset#D-1000111-someCloudServer-xyz91:SELECT to role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:TENANT by system and assume }",
"{ grant role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:TENANT to role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:ADMIN by system and assume }",
"{ grant role:hs_booking_item#D-1000111-someCloudServer:TENANT to role:hs_hosting_asset#D-1000111-someCloudServer-xyz91:TENANT by system and assume }",
null));
}
private void assertThatAssetIsPersisted(final HsHostingAssetEntity saved) {
final var found = assetRepo.findByUuid(saved.getUuid());
assertThat(found).isNotEmpty().map(HsHostingAssetEntity::toString).get().isEqualTo(saved.toString());
}
}
@Nested
class FindByDebitorUuid {
@Test
public void globalAdmin_withoutAssumedRole_canViewAllAssetsOfArbitraryDebitor() {
// given
context("superuser-alex@hostsharing.net");
final var debitorUuid = debitorRepo.findDebitorByDebitorNumber(1000212).stream()
.findAny().orElseThrow().getUuid();
// when
final var result = assetRepo.findAllByDebitorUuid(debitorUuid);
// then
allTheseServersAreReturned(
result,
"HsHostingAssetEntity(D-1000212:some PrivateCloud, MANAGED_WEBSPACE, bbb01, some Webspace, { HDD: 2048, RAM: 1, SDD: 512, extra: 42 })",
"HsHostingAssetEntity(D-1000212:some PrivateCloud, MANAGED_SERVER, vm1012, some ManagedServer, { CPU: 2, SDD: 512, extra: 42 })",
"HsHostingAssetEntity(D-1000212:some PrivateCloud, CLOUD_SERVER, vm2012, another CloudServer, { CPU: 2, HDD: 1024, extra: 42 })");
}
@Test
public void normalUser_canViewOnlyRelatedAsset() {
// given:
context("person-FirbySusan@example.com");
final var debitorUuid = debitorRepo.findDebitorByDebitorNumber(1000111).stream().findAny().orElseThrow().getUuid();
// when:
final var result = assetRepo.findAllByDebitorUuid(debitorUuid);
// then:
exactlyTheseAssetsAreReturned(
result,
"HsHostingAssetEntity(D-1000111:some PrivateCloud, MANAGED_WEBSPACE, aaa01, some Webspace, { HDD: 2048, RAM: 1, SDD: 512, extra: 42 })",
"HsHostingAssetEntity(D-1000111:some PrivateCloud, MANAGED_SERVER, vm1011, some ManagedServer, { CPU: 2, SDD: 512, extra: 42 })",
"HsHostingAssetEntity(D-1000111:some PrivateCloud, CLOUD_SERVER, vm2011, another CloudServer, { CPU: 2, HDD: 1024, extra: 42 })");
}
}
@Nested
class UpdateAsset {
@Test
public void hostsharingAdmin_canUpdateArbitraryServer() {
// given
final var givenAssetUuid = givenSomeTemporaryAsset("First", "vm1000").getUuid();
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
final var foundAsset = em.find(HsHostingAssetEntity.class, givenAssetUuid);
foundAsset.getConfig().put("CPUs", 2);
foundAsset.getConfig().remove("SSD-storage");
foundAsset.getConfig().put("HSD-storage", 2048);
return toCleanup(assetRepo.save(foundAsset));
});
// then
result.assertSuccessful();
jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
assertThatAssetActuallyInDatabase(result.returnedValue());
}).assertSuccessful();
}
private void assertThatAssetActuallyInDatabase(final HsHostingAssetEntity saved) {
final var found = assetRepo.findByUuid(saved.getUuid());
assertThat(found).isNotEmpty().get().isNotSameAs(saved)
.extracting(Object::toString).isEqualTo(saved.toString());
}
}
@Nested
class DeleteByUuid {
@Test
public void globalAdmin_withoutAssumedRole_canDeleteAnyAsset() {
// given
context("superuser-alex@hostsharing.net", null);
final var givenAsset = givenSomeTemporaryAsset("First", "vm1000");
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
assetRepo.deleteByUuid(givenAsset.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("superuser-fran@hostsharing.net", null);
return assetRepo.findByUuid(givenAsset.getUuid());
}).assertSuccessful().returnedValue()).isEmpty();
}
@Test
public void relatedOwner_canDeleteTheirRelatedAsset() {
// given
context("superuser-alex@hostsharing.net", null);
final var givenAsset = givenSomeTemporaryAsset("First", "vm1000");
// when
final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com");
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent();
assetRepo.deleteByUuid(givenAsset.getUuid());
});
// then
result.assertSuccessful();
assertThat(jpaAttempt.transacted(() -> {
context("superuser-fran@hostsharing.net", null);
return assetRepo.findByUuid(givenAsset.getUuid());
}).assertSuccessful().returnedValue()).isEmpty();
}
@Test
public void relatedAdmin_canNotDeleteTheirRelatedAsset() {
// given
context("superuser-alex@hostsharing.net", null);
final var givenAsset = givenSomeTemporaryAsset("First", "vm1000");
// when
final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com", "hs_hosting_asset#D-1000111-someCloudServer-vm1000:ADMIN");
assertThat(assetRepo.findByUuid(givenAsset.getUuid())).isPresent();
assetRepo.deleteByUuid(givenAsset.getUuid());
});
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " is not allowed to delete hs_hosting_asset");
assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return assetRepo.findByUuid(givenAsset.getUuid());
}).assertSuccessful().returnedValue()).isPresent(); // still there
}
@Test
public void deletingAnAssetAlsoDeletesRelatedRolesAndGrants() {
// given
context("superuser-alex@hostsharing.net");
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
final var givenAsset = givenSomeTemporaryAsset("First", "vm1000");
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return assetRepo.deleteByUuid(givenAsset.getUuid());
});
// then
result.assertSuccessful();
assertThat(result.returnedValue()).isEqualTo(1);
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(initialRoleNames);
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(initialGrantNames);
}
}
@Test
public void auditJournalLogIsAvailable() {
// given
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp
from tx_journal_v
where targettable = 'hs_hosting_asset';
""");
// when
@SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList();
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating hosting-asset test-data 1000111, hs_hosting_asset, INSERT]",
"[creating hosting-asset test-data 1000212, hs_hosting_asset, INSERT]",
"[creating hosting-asset test-data 1000313, hs_hosting_asset, INSERT]");
}
private HsHostingAssetEntity givenSomeTemporaryAsset(final String debitorName, final String identifier) {
return jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
final var givenBookingItem = givenBookingItem(debitorName, "some CloudServer");
final var newAsset = HsHostingAssetEntity.builder()
.bookingItem(givenBookingItem)
.type(CLOUD_SERVER)
.identifier(identifier)
.caption("some temp cloud asset")
.config(Map.ofEntries(
entry("CPUs", 1),
entry("SSD-storage", 256)))
.build();
return toCleanup(assetRepo.save(newAsset));
}).assertSuccessful().returnedValue();
}
HsBookingItemEntity givenBookingItem(final String debitorName, final String bookingItemCaption) {
final var givenDebitor = debitorRepo.findDebitorByOptionalNameLike(debitorName).stream().findAny().orElseThrow();
return bookingItemRepo.findAllByDebitorUuid(givenDebitor.getUuid()).stream()
.filter(i -> i.getCaption().equals(bookingItemCaption))
.findAny().orElseThrow();
}
void exactlyTheseAssetsAreReturned(
final List<HsHostingAssetEntity> actualResult,
final String... serverNames) {
assertThat(actualResult)
.extracting(HsHostingAssetEntity::toString)
.containsExactlyInAnyOrder(serverNames);
}
void allTheseServersAreReturned(final List<HsHostingAssetEntity> actualResult, final String... serverNames) {
assertThat(actualResult)
.extracting(HsHostingAssetEntity::toString)
.contains(serverNames);
}
}

1
src/test/java/net/hostsharing/hsadminng/hs/office/migration/ImportOfficeData.java
View File

@@ -620,6 +620,7 @@ public class ImportOfficeData extends ContextBasedTest {
private void deleteTestDataFromHsOfficeTables() {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
em.createNativeQuery("delete from hs_hosting_asset where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_item where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate();