-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make delegations PIP cachekey great again (#1097)
* Make delegations PIP cachekey great again #1096 * Added integration tests and Bruno automated tests - Multi-request test for two Altinn Apps based on delegations - Multi-request test for two Resourceregistry Resources based on delegations --------- Co-authored-by: Jon Kjetil Øye <acn-joye@ai-dev.no>
- Loading branch information
1 parent
b196999
commit 711e6f1
Showing
14 changed files
with
1,191 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
157 changes: 157 additions & 0 deletions
157
...Bruno/Altinn.Authorization/Automatic Test Collection/Authorize/MultiReqAppDelegations.bru
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,157 @@ | ||
meta { | ||
name: MultiReqAppDelegations | ||
type: http | ||
seq: 12 | ||
} | ||
|
||
post { | ||
url: {{baseUrl}}/authorization/api/v1/authorize | ||
body: json | ||
auth: inherit | ||
} | ||
|
||
headers { | ||
Content-Type: application/json | ||
Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}} | ||
} | ||
|
||
body:json { | ||
{ | ||
"Request": { | ||
"ReturnPolicyIdList": false, | ||
"AccessSubject": [ | ||
{ | ||
"Id": "s1", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:altinn:person:identifier-no", | ||
"Value": "24925798149", | ||
"IncludeInResult": true | ||
} | ||
] | ||
} | ||
], | ||
"Action": [ | ||
{ | ||
"Id": "a1", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id", | ||
"Value": "read", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
} | ||
] | ||
} | ||
], | ||
"Resource": [ | ||
{ | ||
"Id": "r1", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:altinn:org", | ||
"Value": "ttd", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
}, | ||
{ | ||
"AttributeId": "urn:altinn:app", | ||
"Value": "authz-bruno-testapp1", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
}, | ||
{ | ||
"AttributeId": "urn:altinn:organization:identifier-no", | ||
"Value": "313332330", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
} | ||
] | ||
}, | ||
{ | ||
"Id": "r2", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:altinn:org", | ||
"Value": "ttd", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
}, | ||
{ | ||
"AttributeId": "urn:altinn:app", | ||
"Value": "authz-bruno-testapp2", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
}, | ||
{ | ||
"AttributeId": "urn:altinn:organization:identifier-no", | ||
"Value": "313332330", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
} | ||
] | ||
} | ||
], | ||
"MultiRequests": { | ||
"RequestReference": [ | ||
{ | ||
"ReferenceId": [ | ||
"s1", | ||
"a1", | ||
"r1" | ||
] | ||
}, | ||
{ | ||
"ReferenceId": [ | ||
"s1", | ||
"a1", | ||
"r2" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} | ||
} | ||
|
||
assert { | ||
~res.status: eq 200 | ||
~res.body: contains created | ||
} | ||
|
||
script:pre-request { | ||
const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`); | ||
const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`); | ||
|
||
var getTokenParameters = { | ||
auth_tokenType: sharedtestdata.authTokenType.enterprise, | ||
auth_scopes: sharedtestdata.auth_scopes.authorize, | ||
auth_org: "digdir", | ||
auth_orgNo: "991825827" | ||
} | ||
|
||
const token = await testTokenGenerator.getToken(getTokenParameters); | ||
|
||
bru.setVar("bearerToken", token); | ||
} | ||
|
||
tests { | ||
|
||
test("MultiReqAppDelegations Decision result on read is permit", function() { | ||
const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`); | ||
const data = res.getBody(); | ||
expect(res.status).to.equal(200); | ||
expect(data.response[0]).to.have.property('decision', "Permit"); | ||
expect(data.response[1]).to.have.property('decision', "Permit"); | ||
}); | ||
} | ||
|
||
docs { | ||
Get a decision from PDP with appOwner details and validate response to have Permit. | ||
|
||
AccessSubject: ['urn:altinn:org'] | ||
|
||
Action: ['read'] | ||
|
||
Resource: ['urn:altinn:app', 'urn:altinn:org'] | ||
} |
140 changes: 140 additions & 0 deletions
140
.../Altinn.Authorization/Automatic Test Collection/Authorize/MultiReqResourceDelegations.bru
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
meta { | ||
name: MultiReqResourceDelegations | ||
type: http | ||
seq: 11 | ||
} | ||
|
||
post { | ||
url: {{baseUrl}}/authorization/api/v1/authorize | ||
body: json | ||
auth: inherit | ||
} | ||
|
||
headers { | ||
Content-Type: application/json | ||
Ocp-Apim-Subscription-Key: {{apimSubscriptionKey}} | ||
} | ||
|
||
body:json { | ||
{ | ||
"Request": { | ||
"ReturnPolicyIdList": true, | ||
"AccessSubject": [ | ||
{ | ||
"Id": "s1", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:altinn:person:identifier-no", | ||
"Value": "01866696531" | ||
} | ||
] | ||
} | ||
], | ||
"Action": [ | ||
{ | ||
"Id": "a1", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id", | ||
"Value": "read", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string", | ||
"IncludeInResult": true | ||
} | ||
] | ||
} | ||
], | ||
"Resource": [ | ||
{ | ||
"Id": "r1", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:altinn:resource", | ||
"Value": "authz_bruno_gar_resource1", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string" | ||
}, | ||
{ | ||
"AttributeId": "urn:altinn:organization:identifier-no", | ||
"Value": "311694936", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string" | ||
} | ||
] | ||
}, | ||
{ | ||
"Id": "r2", | ||
"Attribute": [ | ||
{ | ||
"AttributeId": "urn:altinn:resource", | ||
"Value": "authz_bruno_gar_resource2", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string" | ||
}, | ||
{ | ||
"AttributeId": "urn:altinn:organization:identifier-no", | ||
"Value": "311694936", | ||
"DataType": "http://www.w3.org/2001/XMLSchema#string" | ||
} | ||
] | ||
} | ||
], | ||
"MultiRequests": { | ||
"RequestReference": [ | ||
{ | ||
"ReferenceId": [ | ||
"s1", | ||
"a1", | ||
"r1" | ||
] | ||
}, | ||
{ | ||
"ReferenceId": [ | ||
"s1", | ||
"a1", | ||
"r2" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} | ||
} | ||
|
||
assert { | ||
~res.status: eq 200 | ||
~res.body: contains created | ||
} | ||
|
||
script:pre-request { | ||
const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`); | ||
const sharedtestdata = require(`./Testdata/Authorization/sharedtestdata.json`); | ||
|
||
var getTokenParameters = { | ||
auth_tokenType: sharedtestdata.authTokenType.enterprise, | ||
auth_scopes: sharedtestdata.auth_scopes.authorize, | ||
auth_org: "digdir", | ||
auth_orgNo: "991825827" | ||
} | ||
|
||
const token = await testTokenGenerator.getToken(getTokenParameters); | ||
|
||
bru.setVar("bearerToken", token); | ||
} | ||
|
||
tests { | ||
|
||
test("MultiReqResourceDelegations Decision result on read is permit", function() { | ||
const testdata = require(`./Testdata/Authorization/${bru.getEnvVar("tokenEnv")}testdata.json`); | ||
const data = res.getBody(); | ||
expect(res.status).to.equal(200); | ||
expect(data.response[0]).to.have.property('decision', "Permit"); | ||
expect(data.response[1]).to.have.property('decision', "Permit"); | ||
}); | ||
} | ||
|
||
docs { | ||
Get a decision from PDP with appOwner details and validate response to have Permit. | ||
|
||
AccessSubject: ['urn:altinn:org'] | ||
|
||
Action: ['read'] | ||
|
||
Resource: ['urn:altinn:app', 'urn:altinn:org'] | ||
} |
Oops, something went wrong.