Merge pull request #483 from cloudant/iam-testing

Enabled IAM auth for testing

Author: ricellis

CONTRIBUTING.md

@@ -112,11 +112,11 @@ CouchDB. To run tests with a remote CouchDB or Cloudant, you need set the
 details of this CouchDB server, including access credentials:
 
 ```
-systemProp.test.couch.username=yourUsername
-systemProp.test.couch.password=yourPassword
-systemProp.test.couch.host=couchdbHost # default localhost
-systemProp.test.couch.port=couchdbPort # default 5984
-systemProp.test.couch.http=[http|https] # default http
+systemProp.test.server.user=yourUsername
+systemProp.test.server.password=yourPassword
+systemProp.test.server.host=couchdborcloudanthost # default localhost
+systemProp.test.server.port=5984 # default 5984
+systemProp.test.server.protocol=[http|https] # default http
 ```
 Alternatively, provide a URL containing all the above information:
 ```

Jenkinsfile

@@ -27,10 +27,9 @@ def runTests(testEnv, isServiceTests) {
 
         //Set up the environment and run the tests
         withEnv(testEnv) {
-            withCredentials([usernamePassword(credentialsId: env.CREDS_ID, usernameVariable: 'DB_USER', passwordVariable: 'DB_PASSWORD'),
-                string(credentialsId: 'clientlibs-test-iam', variable: 'DB_IAM_API_KEY')]) {
+            withCredentials([(env.CREDS_ID.contains('iam')) ? string(credentialsId: env.CREDS_ID, variable: 'IAM_API_KEY') : usernamePassword(credentialsId: env.CREDS_ID, usernameVariable: 'DB_USER', passwordVariable: 'DB_PASSWORD')]) {
                 try {
-                    sh './gradlew -Dtest.couch.username=$DB_USER -Dtest.couch.password=$DB_PASSWORD -Dtest.couch.host=$DB_HOST -Dtest.couch.port=$DB_PORT -Dtest.couch.http=$DB_HTTP $GRADLE_TARGET'
+                    sh "./gradlew ${(env.DB_USER?.trim()) ? '-Dtest.server.user=$DB_USER -Dtest.server.password=$DB_PASSWORD' : ''} -Dtest.server.host=\$DB_HOST -Dtest.server.port=\$DB_PORT -Dtest.server.protocol=\$DB_HTTP \$GRADLE_TARGET"
                 } finally {
                     junit '**/build/test-results/**/*.xml'
                 }
@@ -51,6 +50,7 @@ stage('Build') {
 stage('QA') {
     // Define the matrix environments
     def CLOUDANT_ENV = ['DB_HTTP=https', 'DB_HOST=clientlibs-test.cloudant.com', 'DB_PORT=443', 'DB_IGNORE_COMPACTION=true', 'CREDS_ID=clientlibs-test']
+    def CLOUDANT_IAM_ENV = ['DB_HTTP=https', 'DB_HOST=clientlibs-test.cloudant.com', 'DB_PORT=443', 'DB_IGNORE_COMPACTION=true', 'CREDS_ID=clientlibs-test-iam']
     def COUCH1_6_ENV = ['DB_HTTP=http', 'DB_HOST=cloudantsync002.bristol.uk.ibm.com', 'DB_PORT=5984', 'DB_IGNORE_COMPACTION=false', 'CREDS_ID=couchdb']
     def COUCH2_0_ENV = ['DB_HTTP=http', 'DB_HOST=cloudantsync002.bristol.uk.ibm.com', 'DB_PORT=5985', 'DB_IGNORE_COMPACTION=true', 'CREDS_ID=couchdb']
     def CLOUDANT_LOCAL_ENV = ['DB_HTTP=http', 'DB_HOST=cloudantsync002.bristol.uk.ibm.com', 'DB_PORT=8081', 'DB_IGNORE_COMPACTION=true', 'CREDS_ID=couchdb']
@@ -86,6 +86,9 @@ stage('QA') {
                 },
                 CloudantLocal: {
                     runTests(CLOUDANT_LOCAL_ENV, false)
+                },
+                CloudantIam: {
+                    runTests(CLOUDANT_IAM_ENV, true)
                 }
         )
     }

cloudant-client/build.gradle

@@ -110,9 +110,9 @@ task cloudantServiceTest(type: Test) {
 
 task integrationTest(type: Test) {
     // Special environment variables for integration tests
-    [SERVER_URL:'test.couch.url',
-     SERVER_USER:'test.couch.username',
-     SERVER_PASSWORD:'test.couch.password',
+    [SERVER_URL:'test.server.url',
+     SERVER_USER:'test.server.user',
+     SERVER_PASSWORD:'test.server.password',
      TEST_REPLICATION_SOURCE_URL:'test.replication.source.url'].each { k,v ->
         def e = System.getenv(k)
         if (e) {

cloudant-client/src/test/java/com/cloudant/tests/CloudFoundryServiceTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright © 2016, 2018 IBM Corp. All rights reserved.
+ * Copyright © 2016, 2019 IBM Corp. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
  * except in compliance with the License. You may obtain a copy of the License at
@@ -14,18 +14,14 @@
 
 package com.cloudant.tests;
 
+import static com.cloudant.tests.util.MockWebServerResources.IAM_API_KEY;
 import static com.cloudant.tests.util.MockWebServerResources.IAM_TOKEN;
 import static com.cloudant.tests.util.MockWebServerResources.OK_IAM_COOKIE;
-import static com.cloudant.tests.util.MockWebServerResources.IAM_API_KEY;
 import static com.cloudant.tests.util.MockWebServerResources.iamTokenEndpoint;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import com.cloudant.client.api.ClientBuilder;
 import com.cloudant.client.api.CloudantClient;
-import com.cloudant.http.Http;
-import com.cloudant.http.HttpConnection;
 import com.cloudant.tests.extensions.MockWebServerExtension;
 import com.cloudant.tests.util.IamSystemPropertyMock;
 import com.cloudant.tests.util.MockWebServerResources;
@@ -52,6 +48,10 @@ public class CloudFoundryServiceTest {
 
     public static IamSystemPropertyMock iamSystemPropertyMock;
 
+    private static String TEST_HOST = "https://cloudant.example";
+    private static String TEST_USER = "user";
+    private static String TEST_PASSWORD = "pass";
+
     private String mockServerHostPort;
 
     @RegisterExtension
@@ -167,8 +167,7 @@ public void vcapMissingServiceNameSpecified() {
             public void execute() throws Throwable {
                 VCAPGenerator vcap = new CloudFoundryServiceTest.VCAPGenerator();
                 vcap.createNewLegacyService("test_bluemix_service_1",
-                        CloudantClientHelper.COUCH_HOST,
-                        CloudantClientHelper.COUCH_USERNAME, CloudantClientHelper.COUCH_PASSWORD);
+                        TEST_HOST, TEST_USER, TEST_PASSWORD);
                 ClientBuilder.bluemix(vcap.toJson(), "missingService", "test_bluemix_service_1")
                         .build();
             }
@@ -182,8 +181,7 @@ public void vcapNullServiceNameSpecified() {
             public void execute() throws Throwable {
                 VCAPGenerator vcap = new CloudFoundryServiceTest.VCAPGenerator();
                 vcap.createNewLegacyService("test_bluemix_service_1",
-                        CloudantClientHelper.COUCH_HOST,
-                        CloudantClientHelper.COUCH_USERNAME, CloudantClientHelper.COUCH_PASSWORD);
+                        TEST_HOST, TEST_USER, TEST_PASSWORD);
                 ClientBuilder.bluemix(vcap.toJson(), null, "test_bluemix_service_1").build();
             }
         });
@@ -254,7 +252,7 @@ public void vcapSingleServiceEmptyCredentials() {
             public void execute() throws Throwable {
                 VCAPGenerator vcap = new CloudFoundryServiceTest.VCAPGenerator();
                 vcap.createNewLegacyServiceWithEmptyCredentials("test_bluemix_service_1",
-                        CloudantClientHelper.COUCH_HOST);
+                        CloudantClientHelper.SERVER_HOST);
                 ClientBuilder.bluemix(vcap.toJson(), "test_bluemix_service_1");
             }
         });
@@ -279,7 +277,7 @@ public void vcapSingleServiceEmptyIAM() {
             public void execute() throws Throwable {
                 VCAPGenerator vcap = new CloudFoundryServiceTest.VCAPGenerator();
                 vcap.createNewServiceWithEmptyIAM("test_bluemix_service_1",
-                        CloudantClientHelper.COUCH_HOST);
+                        CloudantClientHelper.SERVER_HOST);
                 ClientBuilder.bluemix(vcap.toJson(), "test_bluemix_service_1");
             }
         });
@@ -384,7 +382,7 @@ public void execute() throws Throwable {
                 vcap.createNewLegacyService("test_bluemix_service_2", "foo2.bar", "admin2",
                         "pass2");
                 vcap.createNewLegacyServiceWithEmptyCredentials("test_bluemix_service_3",
-                        CloudantClientHelper.COUCH_HOST);
+                        CloudantClientHelper.SERVER_HOST);
                 ClientBuilder.bluemix(vcap.toJson(), "test_bluemix_service_3");
             }
         });
@@ -399,7 +397,7 @@ public void execute() throws Throwable {
                 vcap.createNewService("test_bluemix_service_1", "admin1", "apikey1");
                 vcap.createNewService("test_bluemix_service_2", "admin2", "apikey2");
                 vcap.createNewServiceWithEmptyIAM("test_bluemix_service_3",
-                        CloudantClientHelper.COUCH_HOST);
+                        CloudantClientHelper.SERVER_HOST);
                 ClientBuilder.bluemix(vcap.toJson(), "test_bluemix_service_3");
             }
         });

cloudant-client/src/test/java/com/cloudant/tests/CloudantClientHelper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright © 2015, 2018 IBM Corp. All rights reserved.
+ * Copyright © 2015, 2019 IBM Corp. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
  * except in compliance with the License. You may obtain a copy of the License at
@@ -16,6 +16,7 @@
 
 import com.cloudant.client.api.ClientBuilder;
 import com.cloudant.client.api.CloudantClient;
+import com.cloudant.tests.extensions.IamAuthCondition;
 
 import okhttp3.mockwebserver.MockWebServer;
 
@@ -32,53 +33,54 @@ public abstract class CloudantClientHelper {
     //some tests need access to the URI with user info (e.g. replication)
     public static final String SERVER_URI_WITH_USER_INFO;
     //some tests need access to the credentials (e.g. auth interceptors, vcap)
-    public static final String COUCH_USERNAME;
-    public static final String COUCH_PASSWORD;
-    public static final String COUCH_HOST;
+    static final String SERVER_USER;
+    static final String SERVER_PASSWORD;
+    static final String SERVER_HOST;
 
-    protected static final CloudantClient CLIENT_INSTANCE;
+    private static final CloudantClient CLIENT_INSTANCE;
 
-    private static final String COUCH_PORT;
-    private static final String HTTP_PROTOCOL;
+    private static final String SERVER_PORT;
+    private static final String SERVER_PROTOCOL;
     private static final URL SERVER_URL;
 
     static {
 
         try {
             //a URL might be supplied, otherwise use the separate properties
-            String URL = System.getProperty("test.couch.url");
+            String URL = System.getProperty("test.server.url");
             if (URL != null) {
                 URL couch = new URL(URL);
-                HTTP_PROTOCOL = couch.getProtocol();
-                COUCH_HOST = couch.getHost();
-                COUCH_PORT = (couch.getPort() < 0) ? null : Integer.toString(couch.getPort());
+                SERVER_PROTOCOL = couch.getProtocol();
+                SERVER_HOST = couch.getHost();
+                SERVER_PORT = (couch.getPort() < 0) ? null : Integer.toString(couch.getPort());
                 String userInfo = couch.getUserInfo();
                 if (userInfo != null) {
-                    COUCH_USERNAME = userInfo.substring(0, userInfo.indexOf(":"));
-                    COUCH_PASSWORD = userInfo.substring(userInfo.indexOf(":") + 1);
+                    SERVER_USER = userInfo.substring(0, userInfo.indexOf(":"));
+                    SERVER_PASSWORD = userInfo.substring(userInfo.indexOf(":") + 1);
                 } else {
-                    COUCH_USERNAME = System.getProperty("test.couch.username");
-                    COUCH_PASSWORD = System.getProperty("test.couch.password");
+                    SERVER_USER = System.getProperty("test.server.user");
+                    SERVER_PASSWORD = System.getProperty("test.server.password");
                 }
             } else {
-                COUCH_USERNAME = System.getProperty("test.couch.username");
-                COUCH_PASSWORD = System.getProperty("test.couch.password");
-                COUCH_HOST = System.getProperty("test.couch.host", "localhost");
-                COUCH_PORT = System.getProperty("test.couch.port", "5984");
-                HTTP_PROTOCOL = System.getProperty("test.couch.http", "http"); //should either be
+                SERVER_USER = System.getProperty("test.server.user");
+                SERVER_PASSWORD = System.getProperty("test.server.password");
+                SERVER_HOST = System.getProperty("test.server.host", "localhost");
+                SERVER_PORT = System.getProperty("test.server.port", "5984");
+                SERVER_PROTOCOL = System.getProperty("test.server.protocol", "http"); //should either be
                 // http or https
             }
 
             //now build the URLs
-            SERVER_URL = new URL(HTTP_PROTOCOL + "://"
-                    + COUCH_HOST
-                    + ((COUCH_PORT != null) ? ":" + COUCH_PORT : "")); //port if supplied
+            SERVER_URL = new URL(SERVER_PROTOCOL + "://"
+                    + SERVER_HOST
+                    + ((SERVER_PORT != null) ? ":" + SERVER_PORT : "")); //port if supplied
 
             // Ensure username and password are correctly URL encoded when included in the URI
-            SERVER_URI_WITH_USER_INFO = HTTP_PROTOCOL + "://"
-                    + ((COUCH_USERNAME != null) ? URLEncoder.encode(COUCH_USERNAME, "UTF-8") +
-                    ":" + URLEncoder.encode(COUCH_PASSWORD, "UTF-8") + "@" : "") + COUCH_HOST + (
-                    (COUCH_PORT != null) ? ":" + COUCH_PORT : ""); //port if supplied
+            SERVER_URI_WITH_USER_INFO = SERVER_PROTOCOL + "://"
+                    + ((!IamAuthCondition.IS_IAM_ENABLED && SERVER_USER != null) ?
+                    URLEncoder.encode(SERVER_USER, "UTF-8") +
+                    ":" + URLEncoder.encode(SERVER_PASSWORD, "UTF-8") + "@" : "") + SERVER_HOST + (
+                    (SERVER_PORT != null) ? ":" + SERVER_PORT : ""); //port if supplied
         } catch (Throwable t) {
             throw new RuntimeException(t);
         }
@@ -116,9 +118,14 @@ public static ClientBuilder newMockWebServerClientBuilder(MockWebServer mockServ
     }
 
     public static ClientBuilder getClientBuilder() {
-        return ClientBuilder.url(SERVER_URL)
-                .username(COUCH_USERNAME)
-                .password(COUCH_PASSWORD);
+        ClientBuilder builder = ClientBuilder.url(SERVER_URL);
+        if (IamAuthCondition.IS_IAM_ENABLED) {
+            builder.iamApiKey(IamAuthCondition.IAM_API_KEY);
+        } else {
+            builder.username(SERVER_USER)
+                    .password(SERVER_PASSWORD);
+        }
+        return builder;
     }
 
     static String REP_SOURCE = null;

cloudant-client/src/test/java/com/cloudant/tests/CloudantClientTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright © 2015, 2018 IBM Corp. All rights reserved.
+ * Copyright © 2015, 2019 IBM Corp. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
  * except in compliance with the License. You may obtain a copy of the License at
@@ -37,6 +37,7 @@
 import com.cloudant.test.main.RequiresCloudantService;
 import com.cloudant.test.main.RequiresDB;
 import com.cloudant.tests.base.TestWithDbPerClass;
+import com.cloudant.tests.extensions.DisabledWithIam;
 import com.cloudant.tests.extensions.MockWebServerExtension;
 import com.cloudant.tests.util.MockWebServerResources;
 import com.cloudant.tests.util.Utils;
@@ -88,6 +89,7 @@ public void beforeEach() {
     }
 
     @Test
+    @DisabledWithIam
     @RequiresCloudantService
     public void apiKey() {
         ApiKey key = account.generateApiKey();
@@ -491,13 +493,14 @@ public void sessionDeleteOnShutdown() throws Exception {
      * Test that adding the Basic Authentication interceptor to CloudantClient works.
      */
     @Test
+    @DisabledWithIam
     @RequiresCloudant
     public void testBasicAuth() throws IOException {
         BasicAuthInterceptor interceptor =
-                new BasicAuthInterceptor(CloudantClientHelper.COUCH_USERNAME
-                        + ":" + CloudantClientHelper.COUCH_PASSWORD);
+                new BasicAuthInterceptor(CloudantClientHelper.SERVER_USER
+                        + ":" + CloudantClientHelper.SERVER_PASSWORD);
 
-        CloudantClient client = ClientBuilder.account(CloudantClientHelper.COUCH_USERNAME)
+        CloudantClient client = ClientBuilder.account(CloudantClientHelper.SERVER_USER)
                 .interceptors(interceptor).build();
 
         // Test passes if there are no exceptions

cloudant-client/src/test/java/com/cloudant/tests/DatabaseTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright © 2015, 2018 IBM Corp. All rights reserved.
+ * Copyright © 2015, 2019 IBM Corp. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
  * except in compliance with the License. You may obtain a copy of the License at
@@ -31,6 +31,7 @@
 import com.cloudant.test.main.RequiresCouch;
 import com.cloudant.test.main.RequiresDB;
 import com.cloudant.tests.base.TestWithDbPerClass;
+import com.cloudant.tests.extensions.DisabledWithIam;
 import com.cloudant.tests.extensions.MockWebServerExtension;
 import com.cloudant.tests.util.MockWebServerResources;
 import com.google.gson.GsonBuilder;
@@ -70,10 +71,12 @@ public static void beforeAll() throws Exception {
         r.source(getReplicationSourceUrl("animaldb"));
         r.createTarget(true);
         r.target(dbResource.getDbURIWithUserInfo());
+        dbResource.appendReplicationAuth(r);
         r.trigger();
     }
 
     @Test
+    @DisabledWithIam
     @RequiresCloudantService
     public void permissions() {
         Map<String, EnumSet<Permissions>> userPerms = db.getPermissions();

cloudant-client/src/test/java/com/cloudant/tests/HttpTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright © 2017, 2018 IBM Corp. All rights reserved.
+ * Copyright © 2017, 2019 IBM Corp. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
  * except in compliance with the License. You may obtain a copy of the License at
@@ -41,6 +41,7 @@
 import com.cloudant.test.main.RequiresCloudant;
 import com.cloudant.tests.extensions.CloudantClientExtension;
 import com.cloudant.tests.extensions.DatabaseExtension;
+import com.cloudant.tests.extensions.DisabledWithIam;
 import com.cloudant.tests.extensions.MockWebServerExtension;
 import com.cloudant.tests.extensions.MultiExtension;
 import com.cloudant.tests.util.HttpFactoryParameterizedTest;
@@ -163,6 +164,7 @@ public void beforeEach() {
      * Basic test that we can write a document body by POSTing to a known database
      */
     @TestTemplate
+    @DisabledWithIam
     public void testWriteToServerOk() throws Exception {
         HttpConnection conn = new HttpConnection("POST", new URL(dbResource.getDbURIWithUserInfo()),
                 "application/json");
@@ -221,10 +223,11 @@ public void testReadBeforeExecute() throws Exception {
     // be named cookie_test
     //
     @TestTemplate
+    @DisabledWithIam
     @RequiresCloudant
     public void testCookieAuthWithoutRetry() throws IOException {
-        CookieInterceptor interceptor = new CookieInterceptor(CloudantClientHelper.COUCH_USERNAME,
-                CloudantClientHelper.COUCH_PASSWORD, clientResource.get().getBaseUri().toString());
+        CookieInterceptor interceptor = new CookieInterceptor(CloudantClientHelper.SERVER_USER,
+                CloudantClientHelper.SERVER_PASSWORD, clientResource.get().getBaseUri().toString());
 
         HttpConnection conn = new HttpConnection("POST", dbResource.get().getDBUri().toURL(),
                 "application/json");
@@ -278,11 +281,12 @@ public void testCookieAuthWithPath() throws Exception {
      * is expected to hold the newly created document's id and rev.
      */
     @TestTemplate
+    @DisabledWithIam
     @RequiresCloudant
     public void testBasicAuth() throws IOException {
         BasicAuthInterceptor interceptor =
-                new BasicAuthInterceptor(CloudantClientHelper.COUCH_USERNAME
-                        + ":" + CloudantClientHelper.COUCH_PASSWORD);
+                new BasicAuthInterceptor(CloudantClientHelper.SERVER_USER
+                        + ":" + CloudantClientHelper.SERVER_PASSWORD);
 
         HttpConnection conn = new HttpConnection("POST", dbResource.get().getDBUri().toURL(),
                 "application/json");