![[Jenkins]](/kapua/static/dff81f37/images/svgs/logo.svg){kind=logo}
Package: AclCreator
AclCreator
| name | instruction | branch | complexity | line | method | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AclCreator() |
|
|
|
|
|
||||||||||||||||||||
| accessInfoCreatorCreator(List, User, Account) |
|
|
|
|
|
||||||||||||||||||||
| attachBrokerPermissions(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| attachDataManagePermissions(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| attachDataViewPermissions(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| attachDevicePermissions(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| attachFullPermissions(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| attachUserCredentials(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| attachUserCredentials(Account, User, String) |
|
|
|
|
|
||||||||||||||||||||
| configureAccountService(KapuaId, KapuaId) |
|
|
|
|
|
||||||||||||||||||||
| configureUserService(KapuaId, KapuaId) |
|
|
|
|
|
||||||||||||||||||||
| createAccount(String, String, String) |
|
|
|
|
|
||||||||||||||||||||
| createPermissions(List, User, Account) |
|
|
|
|
|
||||||||||||||||||||
| createUser(Account, String) |
|
|
|
|
|
||||||||||||||||||||
| lambda$attachUserCredentials$1(Account, User) |
|
|
|
|
|
||||||||||||||||||||
| lambda$attachUserCredentials$2(Account, User, String) |
|
|
|
|
|
||||||||||||||||||||
| lambda$createPermissions$0(List, User, Account) |
|
|
|
|
|
||||||||||||||||||||
| static {...} |
|
|
|
|
|
||||||||||||||||||||
Coverage
1: /*******************************************************************************
2: * Copyright (c) 2017, 2022 Eurotech and/or its affiliates and others
3: *
4: * This program and the accompanying materials are made
5: * available under the terms of the Eclipse Public License 2.0
6: * which is available at https://www.eclipse.org/legal/epl-2.0/
7: *
8: * SPDX-License-Identifier: EPL-2.0
9: *
10: * Contributors:
11: * Eurotech
12: * Red Hat Inc
13: *******************************************************************************/
14: package org.eclipse.kapua.service.device.registry.steps;
15:
16: import org.eclipse.kapua.KapuaException;
17: import org.eclipse.kapua.broker.BrokerDomains;
18: import org.eclipse.kapua.commons.model.id.KapuaEid;
19: import org.eclipse.kapua.commons.security.KapuaSecurityUtils;
20: import org.eclipse.kapua.locator.KapuaLocator;
21: import org.eclipse.kapua.model.domain.Actions;
22: import org.eclipse.kapua.model.domain.Domain;
23: import org.eclipse.kapua.model.id.KapuaId;
24: import org.eclipse.kapua.service.account.Account;
25: import org.eclipse.kapua.service.account.AccountCreator;
26: import org.eclipse.kapua.service.account.AccountFactory;
27: import org.eclipse.kapua.service.account.AccountService;
28: import org.eclipse.kapua.service.authentication.credential.CredentialCreator;
29: import org.eclipse.kapua.service.authentication.credential.CredentialFactory;
30: import org.eclipse.kapua.service.authentication.credential.CredentialService;
31: import org.eclipse.kapua.service.authentication.credential.CredentialStatus;
32: import org.eclipse.kapua.service.authentication.credential.CredentialType;
33: import org.eclipse.kapua.service.authorization.access.AccessInfoCreator;
34: import org.eclipse.kapua.service.authorization.access.AccessInfoFactory;
35: import org.eclipse.kapua.service.authorization.access.AccessInfoService;
36: import org.eclipse.kapua.service.authorization.permission.Permission;
37: import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
38: import org.eclipse.kapua.service.datastore.DatastoreDomains;
39: import org.eclipse.kapua.service.device.management.DeviceManagementDomains;
40: import org.eclipse.kapua.service.device.registry.DeviceDomains;
41: import org.eclipse.kapua.service.user.User;
42: import org.eclipse.kapua.service.user.UserCreator;
43: import org.eclipse.kapua.service.user.UserFactory;
44: import org.eclipse.kapua.service.user.UserService;
45:
46: import java.math.BigInteger;
47: import java.util.ArrayList;
48: import java.util.HashMap;
49: import java.util.HashSet;
50: import java.util.List;
51: import java.util.Map;
52: import java.util.Set;
53:
54: /**
55: * Creator of Accounts, Users, Permissions that are used in ACL tests
56: */
57: public class AclCreator {
58:
59: private static final KapuaId SYS_ID = new KapuaEid(BigInteger.ONE);
60:
61: private static final KapuaId ROOT_SCOPE_ID = new KapuaEid(BigInteger.ONE);
62:
63: /**
64: * Credential service.
65: */
66: private CredentialService credentialService;
67: private CredentialFactory credentialFactory;
68: private PermissionFactory permissionFactory;
69:
70: /**
71: * User service.
72: */
73: private UserService userService;
74: private UserFactory userFactory;
75:
76: /**
77: * Accessinfo service.
78: */
79: private AccessInfoService accessInfoService;
80: private AccessInfoFactory accessInfoFactory;
81:
82: /**
83: * Account service.
84: */
85: private AccountService accountService;
86:
87: /**
88: * Account factory.
89: */
90: private AccountFactory accountFactory;
91:
92:
93: /**
94: * Constructor with all support services.
95: */
96: public AclCreator() {
97: KapuaLocator locator = KapuaLocator.getInstance();
98:
99: accountService = locator.getService(AccountService.class);
100: accountFactory = locator.getFactory(AccountFactory.class);
101:
102: userService = locator.getService(UserService.class);
103: userFactory = locator.getFactory(UserFactory.class);
104:
105: accessInfoService = locator.getService(AccessInfoService.class);
106: accessInfoFactory = locator.getFactory(AccessInfoFactory.class);
107:
108: credentialService = locator.getService(CredentialService.class);
109: credentialFactory = locator.getFactory(CredentialFactory.class);
110: permissionFactory = locator.getFactory(PermissionFactory.class);
111: }
112:
113: /**
114: * Configure user service with reasonable default values.
115: *
116: * @param accId account id
117: * @param scopeId scope id
118: */
119: private void configureUserService(KapuaId accId, KapuaId scopeId) {
120:
121: Map<String, Object> valueMap = new HashMap<>();
122: valueMap.put("infiniteChildEntities", true);
123: valueMap.put("maxNumberChildEntities", 5);
124: valueMap.put("lockoutPolicy.enabled", false);
125: valueMap.put("lockoutPolicy.maxFailures", 3);
126: valueMap.put("lockoutPolicy.resetAfter", 300);
127: valueMap.put("lockoutPolicy.lockDuration", 3);
128:
129: try {
130: userService.setConfigValues(accId, scopeId, valueMap);
131: } catch (KapuaException ex) {
132: ex.printStackTrace();
133: }
134: }
135:
136: /**
137: * Configure account service with reasonable default values.
138: *
139: * @param accId account id
140: * @param scopeId scope id
141: */
142: private void configureAccountService(KapuaId accId, KapuaId scopeId) {
143:
144: Map<String, Object> valueMap = new HashMap<>();
145: valueMap.put("infiniteChildEntities", true);
146: valueMap.put("maxNumberChildEntities", 5);
147:
148: try {
149: userService.setConfigValues(accId, scopeId, valueMap);
150: } catch (KapuaException ex) {
151: ex.printStackTrace();
152: }
153: }
154:
155: /**
156: * Creates permissions for user with specified account. Permissions are created in privileged mode.
157: *
158: * @param permissionList list of permissions for user, if targetScopeId is not set user scope that is
159: * specified as account
160: * @param user user for whom permissions are set
161: * @param account account in which user is defined
162: * @throws Exception
163: */
164: private void createPermissions(List<AclPermission> permissionList, User user, Account account)
165: throws Exception {
166:
167: KapuaSecurityUtils.doPrivileged(() -> {
168: try {
169: accessInfoService.create(accessInfoCreatorCreator(permissionList, user, account));
170: } catch (KapuaException ke) {
171: ke.printStackTrace();
172: //skip
173: }
174:
175: return null;
176: });
177: }
178:
179: /**
180: * Create accessInfoCreator instance with data about user permissions.
181: * If target scope is not defined in permission list use account scope.
182: *
183: * @param permissionList list of all permissions
184: * @param user user for which permissions are set
185: * @param account that user belongs to
186: * @return AccessInfoCreator instance for creating user permissions
187: */
188: private AccessInfoCreator accessInfoCreatorCreator(List<AclPermission> permissionList,
189: User user, Account account) {
190:
191: AccessInfoCreator accessInfoCreator = accessInfoFactory.newCreator(account.getId());
192: accessInfoCreator.setUserId(user.getId());
193: accessInfoCreator.setScopeId(user.getScopeId());
194: Set<Permission> permissions = new HashSet<>();
195:• for (AclPermission permissionData : permissionList) {
196: Actions action = permissionData.getAction();
197: KapuaEid targetScopeId = permissionData.getTargetScopeId();
198:• if (targetScopeId == null) {
199: targetScopeId = (KapuaEid) account.getId();
200: }
201: Domain domain = permissionData.getDomain();
202: Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
203: permissions.add(permission);
204: }
205: accessInfoCreator.setPermissions(permissions);
206:
207: return accessInfoCreator;
208: }
209:
210: public void attachUserCredentials(Account account, User user) throws KapuaException {
211: KapuaSecurityUtils.doPrivileged(() -> {
212: CredentialCreator credentialCreator;
213: credentialCreator = credentialFactory.newCreator(account.getId(), user.getId(), CredentialType.PASSWORD, "KeepCalm123.", CredentialStatus.ENABLED, null);
214: try {
215: credentialService.create(credentialCreator);
216: } catch (KapuaException ke) {
217: // skip
218: }
219:
220: return null;
221: });
222: }
223:
224: public void attachUserCredentials(Account account, User user, String password) throws KapuaException {
225: KapuaSecurityUtils.doPrivileged(() -> {
226: CredentialCreator credentialCreator;
227: credentialCreator = credentialFactory.newCreator(account.getId(), user.getId(), CredentialType.PASSWORD, password, CredentialStatus.ENABLED, null);
228: try {
229: credentialService.create(credentialCreator);
230: } catch (KapuaException ke) {
231: // skip
232: }
233:
234: return null;
235: });
236: }
237:
238: public User createUser(Account account, String name) throws KapuaException {
239: configureUserService(account.getId(), SYS_ID);
240: UserCreator userCreator = userFactory.newCreator(account.getId(), name);
241: return userService.create(userCreator);
242: }
243:
244: Account createAccount(String name, String orgName, String orgEmail) throws KapuaException {
245: configureAccountService(ROOT_SCOPE_ID, SYS_ID);
246:
247: AccountCreator accountCreator = accountFactory.newCreator(ROOT_SCOPE_ID);
248: accountCreator.setName(name);
249: accountCreator.setOrganizationName(orgName);
250: accountCreator.setOrganizationEmail(orgEmail);
251:
252: return accountService.create(accountCreator);
253: }
254:
255: void attachBrokerPermissions(Account account, User user) throws Exception {
256: List<AclPermission> permissionList = new ArrayList<>();
257: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
258: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.write, (KapuaEid) user.getScopeId()));
259: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.read, (KapuaEid) user.getScopeId()));
260: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.delete, (KapuaEid) user.getScopeId()));
261: createPermissions(permissionList, user, account);
262: }
263:
264: void attachDevicePermissions(Account account, User user) throws Exception {
265: List<AclPermission> permissionList = new ArrayList<>();
266: permissionList.add(new AclPermission(DeviceManagementDomains.DEVICE_MANAGEMENT_DOMAIN, Actions.write, (KapuaEid) user.getScopeId()));
267: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
268: createPermissions(permissionList, user, account);
269: }
270:
271: void attachDataViewPermissions(Account account, User user) throws Exception {
272: List<AclPermission> permissionList = new ArrayList<>();
273: permissionList.add(new AclPermission(DatastoreDomains.DATASTORE_DOMAIN, Actions.read, (KapuaEid) user.getScopeId()));
274: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
275: createPermissions(permissionList, user, account);
276: }
277:
278: void attachDataManagePermissions(Account account, User user) throws Exception {
279: List<AclPermission> permissionList = new ArrayList<>();
280: permissionList.add(new AclPermission(DatastoreDomains.DATASTORE_DOMAIN, Actions.write, (KapuaEid) user.getScopeId()));
281: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
282: createPermissions(permissionList, user, account);
283: }
284:
285: public void attachFullPermissions(Account account, User user) throws Exception {
286: List<AclPermission> permissionList = new ArrayList<>();
287: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
288: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.write, (KapuaEid) user.getScopeId()));
289: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.read, (KapuaEid) user.getScopeId()));
290: permissionList.add(new AclPermission(BrokerDomains.BROKER_DOMAIN, Actions.delete, (KapuaEid) user.getScopeId()));
291:
292: permissionList.add(new AclPermission(DeviceDomains.DEVICE_CONNECTION_DOMAIN, Actions.read, (KapuaEid) user.getScopeId()));
293: permissionList.add(new AclPermission(DeviceDomains.DEVICE_CONNECTION_DOMAIN, Actions.write, (KapuaEid) user.getScopeId()));
294: permissionList.add(new AclPermission(DeviceDomains.DEVICE_CONNECTION_DOMAIN, Actions.delete, (KapuaEid) user.getScopeId()));
295: permissionList.add(new AclPermission(DeviceDomains.DEVICE_CONNECTION_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
296:
297: permissionList.add(new AclPermission(DeviceDomains.DEVICE_DOMAIN, Actions.read, (KapuaEid) user.getScopeId()));
298: permissionList.add(new AclPermission(DeviceDomains.DEVICE_DOMAIN, Actions.write, (KapuaEid) user.getScopeId()));
299: permissionList.add(new AclPermission(DeviceDomains.DEVICE_DOMAIN, Actions.delete, (KapuaEid) user.getScopeId()));
300: permissionList.add(new AclPermission(DeviceDomains.DEVICE_DOMAIN, Actions.connect, (KapuaEid) user.getScopeId()));
301:
302: createPermissions(permissionList, user, account);
303: }
304: }