Resource and AccessList setup for Automated Bruno tests in Authorizat…

…ion (#491) * Resource and AccessList setup for Automated Bruno tests in Authorization Altinn/altinn-access-management#748 Added requests for setup of testdata to use in automated tests of accesslist integration in authorization and access-management: - Two new resources w/policies -- One for testing without ActionFilter resource-connection -- One for testing with ActionFilter resource-connection - Creating a new accesslist: authz-bruno - Adding both resource-connection with and without ActionFilter - Adding the member organization to use in positive access tests * Removed old expired test tokens from requests --------- Co-authored-by: Jon Kjetil Øye <[email protected]>
Altinn · Dec 10, 2024 · 8e72904 · 8e72904
1 parent 78f966a
commit 8e72904
Show file tree

Hide file tree

Showing 15 changed files with 536 additions and 0 deletions.
diff --git a/...o/Altinn.ResourceRegistry/AccessLists/authz-bruno/Get authz-bruno access list members.bru b/...o/Altinn.ResourceRegistry/AccessLists/authz-bruno/Get authz-bruno access list members.bru
@@ -0,0 +1,21 @@
+meta {
+  name: Get authz-bruno access list members
+  type: http
+  seq: 7
+}
+
+get {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}/members
+  body: none
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+}
diff --git a/...urceRegistry/AccessLists/authz-bruno/Get authz-bruno access list resource-connections.bru b/...urceRegistry/AccessLists/authz-bruno/Get authz-bruno access list resource-connections.bru
@@ -0,0 +1,21 @@
+meta {
+  name: Get authz-bruno access list resource-connections
+  type: http
+  seq: 5
+}
+
+get {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}/resource-connections
+  body: none
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+}
diff --git a/test/Bruno/Altinn.ResourceRegistry/AccessLists/authz-bruno/Get authz-bruno access lists.bru b/test/Bruno/Altinn.ResourceRegistry/AccessLists/authz-bruno/Get authz-bruno access lists.bru
@@ -0,0 +1,21 @@
+meta {
+  name: Get authz-bruno access lists
+  type: http
+  seq: 2
+}
+
+get {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}
+  body: none
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+}
diff --git a/...rceRegistry/AccessLists/authz-bruno/Get authz-bruno actionfilter resource memberships.bru b/...rceRegistry/AccessLists/authz-bruno/Get authz-bruno actionfilter resource memberships.bru
@@ -0,0 +1,24 @@
+meta {
+  name: Get authz-bruno actionfilter resource memberships
+  type: http
+  seq: 9
+}
+
+get {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/memberships?party=urn:altinn:organization:identifier-no:313776735&resource=urn:altinn:resource:devtest_gar_bruno_accesslist
+  body: none
+  auth: bearer
+}
+
+params:query {
+  party: urn:altinn:organization:identifier-no:313776735
+  resource: urn:altinn:resource:devtest_gar_bruno_accesslist
+}
+
+auth:bearer {
+  token: 
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+}
diff --git a/...esourceRegistry/AccessLists/authz-bruno/Get authz-bruno nofilter resource memberships.bru b/...esourceRegistry/AccessLists/authz-bruno/Get authz-bruno nofilter resource memberships.bru
@@ -0,0 +1,24 @@
+meta {
+  name: Get authz-bruno nofilter resource memberships
+  type: http
+  seq: 8
+}
+
+get {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/memberships?party=urn:altinn:organization:identifier-no:313776735&resource=urn:altinn:resource:devtest_gar_bruno_accesslist
+  body: none
+  auth: bearer
+}
+
+params:query {
+  party: urn:altinn:organization:identifier-no:313776735
+  resource: urn:altinn:resource:devtest_gar_bruno_accesslist
+}
+
+auth:bearer {
+  token: 
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+}
diff --git a/...o/Altinn.ResourceRegistry/AccessLists/authz-bruno/Put authz-bruno access list members.bru b/...o/Altinn.ResourceRegistry/AccessLists/authz-bruno/Put authz-bruno access list members.bru
@@ -0,0 +1,29 @@
+meta {
+  name: Put authz-bruno access list members
+  type: http
+  seq: 6
+}
+
+put {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}/members
+  body: json
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+body:json {
+  {
+    "data": [
+      "urn:altinn:organization:identifier-no:313776735"
+    ]
+  }
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+}
diff --git a/test/Bruno/Altinn.ResourceRegistry/AccessLists/authz-bruno/Put authz-bruno access list.bru b/test/Bruno/Altinn.ResourceRegistry/AccessLists/authz-bruno/Put authz-bruno access list.bru
@@ -0,0 +1,28 @@
+meta {
+  name: Put authz-bruno access list
+  type: http
+  seq: 1
+}
+
+put {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}
+  body: json
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+body:json {
+  {
+    "name": "Authorization Bruno Access List",
+    "description": "AccessList used for testdata in automated Bruno tests for Authorization"
+  }
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+}
diff --git a/...urceRegistry/AccessLists/authz-bruno/Put authz-bruno actionfilter resource-connection.bru b/...urceRegistry/AccessLists/authz-bruno/Put authz-bruno actionfilter resource-connection.bru
@@ -0,0 +1,30 @@
+meta {
+  name: Put authz-bruno actionfilter resource-connection
+  type: http
+  seq: 4
+}
+
+put {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}/resource-connections/{{resourceId}}
+  body: json
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+body:json {
+  {
+    "actionFilters": [
+      "read"
+    ]
+  }
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+  resourceId: devtest_gar_bruno_accesslist_actionfilter
+}
diff --git a/...ResourceRegistry/AccessLists/authz-bruno/Put authz-bruno nofilter resource-connection.bru b/...ResourceRegistry/AccessLists/authz-bruno/Put authz-bruno nofilter resource-connection.bru
@@ -0,0 +1,30 @@
+meta {
+  name: Put authz-bruno nofilter resource-connection
+  type: http
+  seq: 3
+}
+
+put {
+  url: {{baseUrl}}/resourceregistry/api/v1/access-lists/{{resourceOwner}}/{{listIdentifier}}/resource-connections/{{resourceId}}
+  body: json
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+body:json {
+  {
+  //  "actionFilters": [
+   //   "read"
+   // ]
+  }
+}
+
+vars:pre-request {
+  auth_tokenType: Enterprise
+  resourceOwner: ttd
+  listIdentifier: authz-bruno
+  resourceId: devtest_gar_bruno_accesslist
+}
diff --git a/...esourceRegistry/Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist.bru b/...esourceRegistry/Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist.bru
@@ -0,0 +1,27 @@
+meta {
+  name: devtest_gar_bruno_accesslist
+  type: http
+  seq: 2
+}
+
+post {
+  url: {{baseUrl}}/resourceregistry/api/v1/resource/{{resourceId}}/policy
+  body: multipartForm
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+body:multipart-form {
+  policyFile: @file(Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist.xml)
+}
+
+vars:pre-request {
+  resourceId: devtest_gar_bruno_accesslist
+  auth_tokenType: Enterprise
+  auth_scopes: altinn:resourceregistry/resource.write
+  auth_org: ttd
+  auth_orgNo: 991825827
+}
diff --git a/...esourceRegistry/Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist.xml b/...esourceRegistry/Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xacml:Policy xmlns:xsl="http://www.w3.org/2001/XMLSchema-instance" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:altinn:devtest:bruno_accesslist:policyid:1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
+  <xacml:Description>Policy for a Generic Access Resource requiring AccessList authorization for Development Tests in Altinn 3</xacml:Description>
+  <xacml:Target/>
+  <xacml:Rule RuleId="urn:altinn:devtest:bruno_accesslist:ruleid:1" Effect="Permit">
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">PRIV</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+		<xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+		<xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">INNH</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+		<xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">A0237</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+		<xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">A0239</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">devtest_gar_bruno_accesslist</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:resource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:ObligationExpressions>
+    <xacml:ObligationExpression FulfillOn="Permit" ObligationId="urn:altinn:obligation:authenticationLevel1">
+      <xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation1-assignment1" Category="urn:altinn:minimum-authenticationlevel">
+        <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">2</xacml:AttributeValue>
+      </xacml:AttributeAssignmentExpression>
+    </xacml:ObligationExpression>
+  </xacml:ObligationExpressions>
+</xacml:Policy>
diff --git a/...ry/Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist_actionfilter.bru b/...ry/Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist_actionfilter.bru
@@ -0,0 +1,27 @@
+meta {
+  name: devtest_gar_bruno_accesslist_actionfilter
+  type: http
+  seq: 3
+}
+
+post {
+  url: {{baseUrl}}/resourceregistry/api/v1/resource/{{resourceId}}/policy
+  body: multipartForm
+  auth: bearer
+}
+
+auth:bearer {
+  token: 
+}
+
+body:multipart-form {
+  policyFile: @file(Resource/DevTest Resources/Create policy/devtest_gar_bruno_accesslist_actionfilter.xml)
+}
+
+vars:pre-request {
+  resourceId: devtest_gar_bruno_accesslist_actionfilter
+  auth_tokenType: Enterprise
+  auth_scopes: altinn:resourceregistry/resource.write
+  auth_org: ttd
+  auth_orgNo: 991825827
+}