public async Task ApplySecurityContractDefaultsAsync_WithValidNoSectionsInput_NoExceptionsThrown()
{
// Set up the required security contract defaults service with all its dependencies mocked.
var roleRepository = Substitute.For <IRoleRepository>();
var userRepository = Substitute.For <IUserRepository>();
var functionRepository = Substitute.For <IFunctionRepository>();
var teamRepository = Substitute.For <ITeamRepository>();
var applicationRepository = Substitute.For <IApplicationRepository>();
var applicationDataPolicyRepository = Substitute.For <IApplicationDataPolicyRepository>();
var ldapAuthenticationModeRepository = Substitute.For <ILdapAuthenticationModeRepository>();
securityContractDefaultConfigurationService = new SecurityContractDefaultConfigurationService(roleRepository, userRepository, functionRepository, teamRepository, applicationRepository, applicationDataPolicyRepository, ldapAuthenticationModeRepository);
// Create a security contract with a default configuration section, but dont set any of the sub components.
var securityContract = new SecurityContract();
securityContract.DefaultConfigurations = new List <SecurityContractDefaultConfiguration> {
new SecurityContractDefaultConfiguration
{
Name = "Test without sub sections"
}
};
try
{
await securityContractDefaultConfigurationService.ApplyDefaultConfigurationDefinitionAsync(securityContract.DefaultConfigurations.First(), Guid.NewGuid(), false, new SecurityContractDryRunResult());
Assert.True(true);
}
catch (Exception e)
{
Assert.True(false, $"Unexpected Exception: '{e.Message}' thrown when applying security contract");
}
}
public async Task ApplySecurityContractDefinitionAsync(SecurityContract securityContract, Guid updatedById, bool dryRun = false)
{
// Start transactions to allow complete rollback in case of an error
BeginAllTransactions();
try
{
SecurityContractDryRunResult securityContractDryRunResult = new SecurityContractDryRunResult();
// First apply all of the application(micro-service) definitions that present within the Security Contract.
// All the components of a security contract are optional, so check for this here.
if (securityContract.Applications != null && securityContract.Applications.Count > 0)
{
foreach (var applicationSecurityContractDefinition in securityContract.Applications)
{
await securityContractApplicationService.ApplyResourceServerDefinitionAsync(applicationSecurityContractDefinition, updatedById, dryRun, securityContractDryRunResult);
}
}
// Apply any clients that may be defined within the security contract.
if (securityContract.Clients != null && securityContract.Clients.Count > 0)
{
foreach (var clientSecurityContractDefinition in securityContract.Clients)
{
await clientService.ApplyClientDefinitionAsync(clientSecurityContractDefinition, dryRun, securityContractDryRunResult);
}
}
// Apply any default configurations that may be defined within the security contract.
if (securityContract.DefaultConfigurations != null && securityContract.DefaultConfigurations.Count > 0)
{
foreach (var defaultConfiguration in securityContract.DefaultConfigurations)
{
await securityContractDefaultConfigurationService.ApplyDefaultConfigurationDefinitionAsync(defaultConfiguration, updatedById, dryRun, securityContractDryRunResult);
}
}
if (!dryRun)
{
// All successful
CommitAllTransactions();
}
else
{
var securityContractDryRunException = new SecurityContractDryRunException
{
ValidationErrors = securityContractDryRunResult.ValidationErrors,
ValidationWarnings = securityContractDryRunResult.ValidationWarnings
};
throw securityContractDryRunException;
}
}
catch
{
RollbackAllTransactions();
throw;
}
}
public async Task ApplySecurityContractDefinitionAsync(SecurityContract securityContract, Guid updatedById)
{
// Start transactions to allow complete rollback in case of an error
BeginAllTransactions();
try
{
// First apply all of the application(micro-service) definitions that present within the Security Contract.
// All the components of a security contract are optional, so check for this here.
if (securityContract.Applications != null && securityContract.Applications.Count > 0)
{
foreach (var applicationSecurityContractDefinition in securityContract.Applications)
{
await securityContractApplicationService.ApplyResourceServerDefinitionAsync(applicationSecurityContractDefinition, updatedById);
}
}
// Apply any clients that may be defined within the security contract.
if (securityContract.Clients != null && securityContract.Clients.Count > 0)
{
foreach (var clientSecurityContractDefinition in securityContract.Clients)
{
await clientService.ApplyClientDefinitionAsync(clientSecurityContractDefinition);
}
}
// Apply any default configurations that may be defined within the security contract.
if (securityContract.DefaultConfigurations != null && securityContract.DefaultConfigurations.Count > 0)
{
foreach (var defaultConfiguration in securityContract.DefaultConfigurations)
{
await securityContractDefaultConfigurationService.ApplyDefaultConfigurationDefinitionAsync(defaultConfiguration, updatedById);
}
}
// All successful
CommitAllTransactions();
}
catch (Exception ex)
{
logger.Error(ex);
RollbackAllTransactions();
throw;
}
}
public async Task ApplySecurityContractDefaultsAsync_UsersWithRolesInInput_UsersAndRolesExistInDB_NoExceptionsThrown()
{
// Set up the required security contract defaults service with all its dependencies mocked.
var roleRepository = Substitute.For <IRoleRepository>();
var userRepository = Substitute.For <IUserRepository>();
var functionRepository = Substitute.For <IFunctionRepository>();
var teamRepository = Substitute.For <ITeamRepository>();
var applicationRepository = Substitute.For <IApplicationRepository>();
var applicationDataPolicyRepository = Substitute.For <IApplicationDataPolicyRepository>();
var ldapAuthenticationModeRepository = Substitute.For <ILdapAuthenticationModeRepository>();
// The service will check for existing roles within the database, we want a result to test existing role.
roleRepository.GetByNameAsync(Arg.Any <string>()).Returns(new RoleModel
{
Name = "Test Role Model",
RoleFunctions = new List <RoleFunctionModel>
{
new RoleFunctionModel
{
Function = new FunctionModel
{
Name = "Function in role test"
}
}
}
});
// The service will also check that the users exist. Ensure the repo returns one to test that flow.
userRepository.GetByUsernameAsync(Arg.Any <string>(), Arg.Any <bool>()).Returns(new UserModel
{
UserName = "******",
Email = "*****@*****.**"
});
// The service should attempt an update on the users, ensure this is possible.
userRepository.UpdateAsync(Arg.Any <UserModel>()).Returns(new UserModel
{
UserName = "******",
Email = "*****@*****.**"
});
securityContractDefaultConfigurationService = new SecurityContractDefaultConfigurationService(roleRepository, userRepository, functionRepository, teamRepository, applicationRepository, applicationDataPolicyRepository, ldapAuthenticationModeRepository);
// Create a security contract with a default configuration section, but dont set any of the sub components.
var securityContract = new SecurityContract();
securityContract.DefaultConfigurations = new List <SecurityContractDefaultConfiguration> {
new SecurityContractDefaultConfiguration
{
Name = "Test with application section",
Users = new List <SecurityContractDefaultConfigurationUser>
{
new SecurityContractDefaultConfigurationUser
{
Username = "******",
Email = "*****@*****.**"
}
}
}
};
try
{
await securityContractDefaultConfigurationService.ApplyDefaultConfigurationDefinitionAsync(securityContract.DefaultConfigurations.First(), Guid.NewGuid(), false, new SecurityContractDryRunResult());
Assert.True(true);
}
catch (Exception e)
{
Assert.True(false, $"Unexpected Exception: '{e.Message}' thrown when applying security contract");
}
}
public async Task ApplySecurityContractDefaultsAsync_TeamsWithUsersInInput_UsersAndTeamsExistInDB_NoExceptionsThrown()
{
// Set up the required security contract defaults service with all its dependencies mocked.
var roleRepository = Substitute.For <IRoleRepository>();
var userRepository = Substitute.For <IUserRepository>();
var functionRepository = Substitute.For <IFunctionRepository>();
var teamRepository = Substitute.For <ITeamRepository>();
var applicationRepository = Substitute.For <IApplicationRepository>();
var applicationDataPolicyRepository = Substitute.For <IApplicationDataPolicyRepository>();
var ldapAuthenticationModeRepository = Substitute.For <ILdapAuthenticationModeRepository>();
// The service will check for existing teams within the database, we a null here to test new role creation.
teamRepository.GetByNameAsync(Arg.Any <string>(), Arg.Any <bool>()).Returns(new TeamModel {
Name = "Test existing team model"
});
// Owing to the fact that all roles are found, the service will update the team model. Ensure that this can happen.
teamRepository.UpdateAsync(Arg.Any <TeamModel>()).Returns(new TeamModel
{
Name = "Test existing team model"
});
// The service will also check that the users attached to the teams exist. Ensure the repo returns one to test that flow.
userRepository.GetByUsernameAsync(Arg.Any <string>(), Arg.Any <bool>()).Returns(new UserModel
{
UserName = "******",
});
securityContractDefaultConfigurationService = new SecurityContractDefaultConfigurationService(roleRepository, userRepository, functionRepository, teamRepository, applicationRepository, applicationDataPolicyRepository, ldapAuthenticationModeRepository);
// Create a security contract with a default configuration section, but dont set any of the sub components.
var securityContract = new SecurityContract();
securityContract.DefaultConfigurations = new List <SecurityContractDefaultConfiguration> {
new SecurityContractDefaultConfiguration
{
Name = "Test with application section",
Teams = new List <SecurityContractDefaultConfigurationTeam>
{
new SecurityContractDefaultConfigurationTeam
{
Name = "Test Team",
Users = new List <string>
{
"test user name"
}
}
}
}
};
try
{
await securityContractDefaultConfigurationService.ApplyDefaultConfigurationDefinitionAsync(securityContract.DefaultConfigurations.First(), Guid.NewGuid(), false, new SecurityContractDryRunResult());
Assert.True(true);
}
catch (Exception e)
{
Assert.True(false, $"Unexpected Exception: '{e.Message}' thrown when applying security contract");
}
}
public async Task ApplySecurityContractDefaultsAsync_RolesWithFunctionsInInput_FunctionsExistInDBRoleIsNew_NoExceptionsThrown()
{
// Set up the required security contract defaults service with all its dependencies mocked.
var roleRepository = Substitute.For <IRoleRepository>();
var userRepository = Substitute.For <IUserRepository>();
var functionRepository = Substitute.For <IFunctionRepository>();
var teamRepository = Substitute.For <ITeamRepository>();
var applicationRepository = Substitute.For <IApplicationRepository>();
var applicationDataPolicyRepository = Substitute.For <IApplicationDataPolicyRepository>();
var ldapAuthenticationModeRepository = Substitute.For <ILdapAuthenticationModeRepository>();
// The service will check for existing roles within the database, we a null here to test new role creation.
roleRepository.GetByNameAsync(Arg.Any <string>()).Returns((RoleModel)null);
// Owing to the fact that all roles are found, the service will update model. Ensure that this can happen.
roleRepository.CreateAsync(Arg.Any <RoleModel>()).Returns(new RoleModel
{
Name = "Test Role Model",
RoleFunctions = new List <RoleFunctionModel>
{
new RoleFunctionModel
{
Function = new FunctionModel
{
Name = "Function in role test"
}
}
}
});
// The service will also check that the functions attached to the roles exist. Ensure the repo returns one to test that flow.
functionRepository.GetByNameAsync(Arg.Any <string>()).Returns(new FunctionModel
{
Name = "Test Role Model",
});
securityContractDefaultConfigurationService = new SecurityContractDefaultConfigurationService(roleRepository, userRepository, functionRepository, teamRepository, applicationRepository, applicationDataPolicyRepository, ldapAuthenticationModeRepository);
// Create a security contract with a default configuration section, but dont set any of the sub components.
var securityContract = new SecurityContract();
securityContract.DefaultConfigurations = new List <SecurityContractDefaultConfiguration> {
new SecurityContractDefaultConfiguration
{
Name = "Test with application section",
Roles = new List <SecurityContractDefaultConfigurationRole>
{
new SecurityContractDefaultConfigurationRole
{
Name = "Test security contract role",
Functions = new List <string>
{
"Test function in contract"
}
}
}
}
};
try
{
await securityContractDefaultConfigurationService.ApplyDefaultConfigurationDefinitionAsync(securityContract.DefaultConfigurations.First(), Guid.NewGuid(), false, new SecurityContractDryRunResult());
Assert.True(true);
}
catch (Exception e)
{
Assert.True(false, $"Unexpected Exception: '{e.Message}' thrown when applying security contract");
}
}
