Add test cases dealing with group configurations

Signed-off-by: Michael Edgar <medgar@redhat.com>

Author: MikeEdgar

api/src/main/java/com/github/streamshub/console/api/model/Group.java

@@ -94,8 +94,8 @@ STATE, nullsLast(comparing(Group::state)),
                 ", " + STATE +
                 ", " + MEMBERS +
                 ", " + COORDINATOR +
-                ", " + OFFSETS
-                + ", " + SIMPLE_CONSUMER_GROUP;
+                ", " + OFFSETS +
+                ", " + SIMPLE_CONSUMER_GROUP;
 
         private Fields() {
             // Prevent instances

api/src/main/java/com/github/streamshub/console/api/service/GroupService.java

@@ -915,27 +915,27 @@ private void addOffsets(Group group,
     }
 
     CompletableFuture<Void> maybeDescribeConfigs(Admin adminClient, Map<String, Group> groups, List<String> fields) {
-        if (fields.contains(Group.Fields.CONFIGS)) {
-            List<ConfigResource> keys = groups.values()
-                    .stream()
-                    .map(Group::groupId)
-                    .filter(groupId -> {
-                        if (permissionService.permitted(ResourceTypes.Kafka.GROUP_CONFIGS, Privilege.GET, groupId)) {
-                            return true;
-                        }
-                        var error = permissionService.forbidden(ResourceTypes.Kafka.GROUP_CONFIGS, Privilege.GET, groupId);
-                        groups.get(groupId).addConfigs(Either.ofAlternate(error));
-                        return false;
-                    })
-                    .map(groupId -> new ConfigResource(ConfigResource.Type.GROUP, groupId))
-                    .toList();
-
-            return configService.describeConfigs(adminClient, keys)
-                .thenAccept(configs ->
-                    configs.forEach((groupId, either) -> groups.get(groupId).addConfigs(either)))
-                .toCompletableFuture();
+        if (!fields.contains(Group.Fields.CONFIGS)) {
+            return CompletableFuture.completedFuture(null);
         }
 
-        return CompletableFuture.completedFuture(null);
+        List<ConfigResource> keys = groups.values()
+                .stream()
+                .map(Group::groupId)
+                .filter(groupId -> {
+                    if (permissionService.permitted(ResourceTypes.Kafka.GROUP_CONFIGS, Privilege.GET, groupId)) {
+                        return true;
+                    }
+                    var error = permissionService.forbidden(ResourceTypes.Kafka.GROUP_CONFIGS, Privilege.GET, groupId);
+                    groups.get(groupId).addConfigs(Either.ofAlternate(error));
+                    return false;
+                })
+                .map(groupId -> new ConfigResource(ConfigResource.Type.GROUP, groupId))
+                .toList();
+
+        return configService.describeConfigs(adminClient, keys)
+            .thenAccept(configs ->
+                configs.forEach((groupId, either) -> groups.get(groupId).addConfigs(either)))
+            .toCompletableFuture();
     }
 }

api/src/test/java/com/github/streamshub/console/api/GroupsResourceIT.java

@@ -29,6 +29,7 @@
 import org.apache.kafka.clients.admin.ListOffsetsResult;
 import org.apache.kafka.clients.admin.ListOffsetsResult.ListOffsetsResultInfo;
 import org.apache.kafka.clients.admin.ListShareGroupOffsetsResult;
+import org.apache.kafka.clients.admin.ListStreamsGroupOffsetsResult;
 import org.apache.kafka.clients.admin.OffsetSpec;
 import org.apache.kafka.clients.admin.SharePartitionOffsetInfo;
 import org.apache.kafka.clients.consumer.OffsetAndMetadata;
@@ -53,12 +54,17 @@
 import org.skyscreamer.jsonassert.JSONAssert;
 import org.skyscreamer.jsonassert.JSONCompareMode;
 
+import com.github.streamshub.console.api.model.Group;
 import com.github.streamshub.console.api.support.Holder;
 import com.github.streamshub.console.api.support.Promises;
 import com.github.streamshub.console.config.ConsoleConfig;
+import com.github.streamshub.console.config.security.GlobalSecurityConfigBuilder;
+import com.github.streamshub.console.config.security.KafkaSecurityConfigBuilder;
+import com.github.streamshub.console.config.security.Privilege;
 import com.github.streamshub.console.kafka.systemtest.TestPlainProfile;
 import com.github.streamshub.console.kafka.systemtest.utils.ConsumerUtils;
 import com.github.streamshub.console.kafka.systemtest.utils.ConsumerUtils.ConsumerType;
+import com.github.streamshub.console.kafka.systemtest.utils.TokenUtils;
 import com.github.streamshub.console.support.Identifiers;
 import com.github.streamshub.console.test.AdminClientSpy;
 import com.github.streamshub.console.test.TestHelper;
@@ -71,10 +77,12 @@
 import io.quarkus.test.junit.TestProfile;
 import io.strimzi.api.kafka.model.kafka.Kafka;
 
+import static com.github.streamshub.console.test.EveryEntry.everyEntry;
 import static com.github.streamshub.console.test.TestHelper.whenRequesting;
 import static java.util.regex.Pattern.compile;
 import static org.awaitility.Awaitility.await;
 import static org.hamcrest.Matchers.allOf;
+import static org.hamcrest.Matchers.anEmptyMap;
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.everyItem;
@@ -84,6 +92,7 @@
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.matchesPattern;
+import static org.hamcrest.Matchers.not;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
 import static org.hamcrest.Matchers.startsWith;
@@ -92,6 +101,7 @@
 import static org.mockito.ArgumentMatchers.anyCollection;
 import static org.mockito.ArgumentMatchers.anyMap;
 import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.when;
 
 @QuarkusTest
 @TestHTTPEndpoint(GroupsResource.class)
@@ -451,7 +461,7 @@ void testListConsumerGroupsWithDescribeError() {
         "SHARE, ", // startOffset for share groups is not reliable so we just check for a numeric value
         "STREAMS, 5"
     })
-    void testDescribeGroupDefault(ConsumerType consumerType, Integer expectedOffset) {
+    void testDescribeGroupExtendedFields(ConsumerType consumerType, Integer expectedOffset) {
         String topic1 = "t1-" + consumerType.name() + "-" + UUID.randomUUID().toString();
         String group1 = "g1-" + consumerType.name() +  "-" + UUID.randomUUID().toString();
 
@@ -467,7 +477,9 @@ void testDescribeGroupDefault(ConsumerType consumerType, Integer expectedOffset)
                 .autoClose(false)
                 .consume()) {
 
-            whenRequesting(req -> req.get("{groupId}", clusterId1, Identifiers.encode(group1)))
+            whenRequesting(req -> req
+                    .param("fields[groups]", Group.Fields.DESCRIBE_DEFAULT + "," + Group.Fields.CONFIGS)
+                    .get("{groupId}", clusterId1, Identifiers.encode(group1)))
                 .assertThat()
                 .statusCode(is(Status.OK.getStatusCode()))
                 .body("data.attributes.groupId", is(group1))
@@ -485,7 +497,17 @@ void testDescribeGroupDefault(ConsumerType consumerType, Integer expectedOffset)
                 .body("data.attributes.offsets[0].offset", offsetMatcher)
                 .body("data.attributes.offsets[1].topicName", is(topic1))
                 .body("data.attributes.offsets[1].partition", is(1))
-                .body("data.attributes.offsets[1].offset", offsetMatcher);
+                .body("data.attributes.offsets[1].offset", offsetMatcher)
+                .body("data.attributes.configs", not(anEmptyMap()))
+                .body("data.attributes.configs", everyEntry(
+                        Matchers.any(String.class), // any string key
+                        // all entries have same keys
+                        allOf(
+                            hasKey("value"),
+                            hasKey("source"),
+                            hasKey("sensitive"),
+                            hasKey("readOnly"),
+                            hasKey("type"))));
         }
     }
 
@@ -585,6 +607,42 @@ void testDescribeShareGroupWithFetchGroupOffsetsError() throws Exception {
         }
     }
 
+    @Test
+    void testDescribeStreamsGroupWithFetchTopicOffsetsError() throws Exception {
+        String topic1 = "t1-" + UUID.randomUUID().toString();
+        String group1 = "g1-" + UUID.randomUUID().toString();
+        String group1Id = Identifiers.encode(group1);
+        String client1 = "c1-" + UUID.randomUUID().toString();
+
+        Answer<ListStreamsGroupOffsetsResult> listOffsetsFailed = args -> {
+            KafkaFutureImpl<Map<TopicPartition, OffsetAndMetadata>> failure = new KafkaFutureImpl<>();
+            failure.completeExceptionally(new ApiException("EXPECTED TEST EXCEPTION"));
+
+            ListStreamsGroupOffsetsResult result = Mockito.mock(ListStreamsGroupOffsetsResult.class);
+            when(result.partitionsToOffsetAndMetadata(group1)).thenReturn(failure);
+            return result;
+        };
+
+        AdminClientSpy.install(adminClient -> {
+            // Mock listOffsets
+            doAnswer(listOffsetsFailed)
+                .when(adminClient)
+                .listStreamsGroupOffsets(anyMap());
+        });
+
+        try (var consumer = groupUtils.consume(ConsumerType.STREAMS, group1, topic1, client1, 2, false)) {
+            whenRequesting(req -> req
+                    .param("fields[groups]", "offsets")
+                    .get("{groupId}", clusterId1, group1Id))
+                .assertThat()
+                .statusCode(is(Status.OK.getStatusCode()))
+                .body("data.id", is(group1Id))
+                .body("data.meta.errors", hasSize(1))
+                .body("data.meta.errors.title", everyItem(startsWith("Unable to list group offsets")))
+                .body("data.meta.errors.detail", everyItem(is("EXPECTED TEST EXCEPTION")));
+        }
+    }
+
     @Test
     void testDescribeConsumerGroupWithFetchTopicOffsetsError() {
         Answer<ListOffsetsResult> listOffsetsFailed = args -> {
@@ -623,6 +681,82 @@ void testDescribeConsumerGroupWithFetchTopicOffsetsError() {
         }
     }
 
+    @Test
+    void testDescribeGroupConfigsWithLimitedAuthorization() {
+        utils.resetSecurity(consoleConfig, true);
+        TokenUtils tokens = new TokenUtils(config);
+
+        utils.updateSecurity(consoleConfig.getSecurity(), new GlobalSecurityConfigBuilder()
+                .addNewSubject()
+                    .withInclude("alice")
+                    .withRoleNames("limited-group-configs-role")
+                .endSubject()
+            .build());
+
+        String topic1 = "t1-" + UUID.randomUUID().toString();
+        String group1 = "g1-" + UUID.randomUUID().toString();
+        String client1 = "c1-" + UUID.randomUUID().toString();
+
+        String topic2 = "t2-" + UUID.randomUUID().toString();
+        String group2 = "g2-" + UUID.randomUUID().toString();
+        String client2 = "c2-" + UUID.randomUUID().toString();
+
+        consoleConfig.getKafka().getClusterById(clusterId1).ifPresent(cfg -> {
+            cfg.setSecurity(new KafkaSecurityConfigBuilder()
+                    .addNewRole()
+                        .withName("limited-group-configs-role")
+                        .addNewRule()
+                            .withResources("groups")
+                            .withResourceNames("*")
+                            .withPrivileges(Privilege.GET)
+                        .endRule()
+                        .addNewRule()
+                            .withResources("groups/configs")
+                            .withResourceNames(group1)
+                            .withPrivileges(Privilege.GET)
+                        .endRule()
+                        // access to group2 configs is not granted
+                    .endRole()
+                    .build());
+        });
+
+        try (var consumer1 = groupUtils.consume(group1, topic1, client1, 2, false);
+            var consumer2 = groupUtils.consume(group2, topic2, client2, 2, false)) {
+            whenRequesting(req -> req
+                    .auth()
+                        .oauth2(tokens.getToken("alice"))
+                    .param("fields[groups]", "groupId,configs")
+                    .get("{groupId}", clusterId1, Identifiers.encode(group1)))
+                .assertThat()
+                .statusCode(is(Status.OK.getStatusCode()))
+                .body("data.attributes.groupId", is(group1))
+                .body("data.attributes.configs", not(anEmptyMap()))
+                .body("data.attributes.configs", everyEntry(
+                        Matchers.any(String.class), // any string key
+                        // all entries have same keys
+                        allOf(
+                            hasKey("value"),
+                            hasKey("source"),
+                            hasKey("sensitive"),
+                            hasKey("readOnly"),
+                            hasKey("type"))));
+
+            whenRequesting(req -> req
+                    .auth()
+                        .oauth2(tokens.getToken("alice"))
+                    .param("fields[groups]", "groupId,configs")
+                    .get("{groupId}", clusterId1, Identifiers.encode(group2)))
+                .assertThat()
+                .statusCode(is(Status.OK.getStatusCode()))
+                .body("data.attributes.groupId", is(group2))
+                .body("data.attributes.configs", not(anEmptyMap()))
+                .body("data.attributes.configs", hasEntry(is("meta"), hasEntry("type", "error")))
+                .body("data.attributes.configs", allOf(
+                            hasEntry("title", "Unable to describe group configs"),
+                            hasEntry(is("detail"), startsWith("Access denied:"))));
+        }
+    }
+
     @Test
     void testDeleteConsumerGroupWithMembers() {
         String topic1 = "t1-" + UUID.randomUUID().toString();

api/src/test/java/com/github/streamshub/console/api/TopicsResourceIT.java

@@ -63,6 +63,7 @@
 import org.awaitility.core.EvaluatedCondition;
 import org.eclipse.microprofile.config.Config;
 import org.hamcrest.Description;
+import org.hamcrest.Matchers;
 import org.hamcrest.TypeSafeMatcher;
 import org.jboss.logging.Logger;
 import org.json.JSONException;
@@ -114,6 +115,7 @@
 import io.strimzi.api.kafka.model.topic.KafkaTopic;
 import io.strimzi.api.kafka.model.topic.KafkaTopicBuilder;
 
+import static com.github.streamshub.console.test.EveryEntry.everyEntry;
 import static com.github.streamshub.console.test.TestHelper.whenRequesting;
 import static org.awaitility.Awaitility.await;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -278,15 +280,18 @@ void testListTopicsWithNameAndConfigsIncluded() {
             .assertThat()
             .statusCode(is(Status.OK.getStatusCode()))
             .body("data.size()", is(1))
-            .body("data.attributes", contains(aMapWithSize(2)))
-            .body("data.attributes.name", contains(topicName))
-            .body("data.attributes.configs[0]", not(anEmptyMap()))
-            .body("data.attributes.configs[0].findAll { it }.collect { it.value }",
-                    everyItem(allOf(
-                            hasKey("source"),
-                            hasKey("sensitive"),
-                            hasKey("readOnly"),
-                            hasKey("type"))));
+            .body("data[0].attributes", is(aMapWithSize(2)))
+            .body("data[0].attributes.name", is(topicName))
+            .body("data[0].attributes.configs", not(anEmptyMap()))
+            .body("data[0].attributes.configs", everyEntry(
+                    Matchers.any(String.class), // any string key
+                    // all entries have same keys
+                    allOf(
+                        hasKey("value"),
+                        hasKey("source"),
+                        hasKey("sensitive"),
+                        hasKey("readOnly"),
+                        hasKey("type"))));
     }
 
     @Test

api/src/test/java/com/github/streamshub/console/test/EveryEntry.java

@@ -0,0 +1,71 @@
+package com.github.streamshub.console.test;
+
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
+import org.hamcrest.TypeSafeMatcher;
+
+import static org.hamcrest.core.IsAnything.anything;
+import static org.hamcrest.core.IsEqual.equalTo;
+
+// XXX: consider contributing this to Hamcrest
+public class EveryEntry<K, V> extends TypeSafeMatcher<Map<? extends K, ? extends V>> {
+
+    private final Matcher<? super K> keyMatcher;
+    private final Matcher<? super V> valueMatcher;
+
+    public EveryEntry(Matcher<? super K> keyMatcher, Matcher<? super V> valueMatcher) {
+        this.keyMatcher = keyMatcher;
+        this.valueMatcher = valueMatcher;
+    }
+
+    @Override
+    public boolean matchesSafely(Map<? extends K, ? extends V> map) {
+        for (Entry<? extends K, ? extends V> entry : map.entrySet()) {
+            if (!keyMatcher.matches(entry.getKey()) || !valueMatcher.matches(entry.getValue())) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    @Override
+    public void describeMismatchSafely(Map<? extends K, ? extends V> map, Description mismatchDescription) {
+        mismatchDescription.appendText("map was ").appendValueList("[", ", ", "]", map.entrySet());
+    }
+
+    @Override
+    public void describeTo(Description description) {
+        description.appendText("map with every entry [")
+                   .appendDescriptionOf(keyMatcher)
+                   .appendText("->")
+                   .appendDescriptionOf(valueMatcher)
+                   .appendText("]");
+    }
+
+    public static <K, V> Matcher<Map<? extends K, ? extends V>> everyEntry(Matcher<? super K> keyMatcher, Matcher<? super V> valueMatcher) {
+        return new EveryEntry<>(keyMatcher, valueMatcher);
+    }
+
+    public static <K, V> Matcher<Map<? extends K, ? extends V>> everyEntry(K key, V value) {
+        return new EveryEntry<>(equalTo(key), equalTo(value));
+    }
+
+    public static <K> Matcher<Map<? extends K, ?>> everyKey(Matcher<? super K> keyMatcher) {
+        return new EveryEntry<>(keyMatcher, anything());
+    }
+
+    public static <K> Matcher<Map<? extends K, ?>> everyKey(K key) {
+        return new EveryEntry<>(equalTo(key), anything());
+    }
+
+    public static <V> Matcher<Map<?, ? extends V>> everyValue(Matcher<? super V> valueMatcher) {
+        return new EveryEntry<>(anything(), valueMatcher);
+    }
+
+    public static <V> Matcher<Map<?, ? extends V>> everyValue(V value) {
+        return new EveryEntry<>(anything(), equalTo(value));
+    }
+}