APMT (AEM Permission Matrix Tester) is a new library built on top of JUnit5, which allows to cover big part of permission test cases with little effort. Ease of use and readability, which are the main goals of the tool, are achieved through the use of DSL written in Kotlin.
Permission tests are an inseparable part of the development of many web applications. This is especially true for AEM-based applications where the existence of multiple roles such as authors, reviewers, publishers, or super authors, is standard. Nevertheless, these tests are often performed manually and any attempt to automate them is abandoned. And here is where APMT comes to the rescue. APMT provides a suite of tests that checks permissions to perform read and write operations on resources. The only thing to configure is to provide the paths and users for which they will be run. Little effort, huge benefits.
At the beginning, we need to create a file with general settings. It's called apmt.yaml, and contains credentials of apmt user and the addresses of author and publish instances. The APMT user is a special user, which should be able to perform all actions on tested paths: creating, updating, reading and deleting resources. It's required because it prepares environment for tests, and cleans it up when tests are done. AEM instances have to be accessible from the machine where test are being executed. APMT connects to them, and performs CRUD operations on given paths, using HTTP requests.
Currently there is no different way to provide password for the APMT user. But you may get around the problem using resource filtering mechanism available in many build tools like gradle or maven. Resource filtering would be a great choice also for handling different sets of environments. You may find simple configuration in example project.