def seed_gov(container, process=FakeProcess()): dp_client = DataProductManagementServiceProcessClient(node=container.node, process=process) dp_obj = IonObject(RT.DataProduct, name='DataProd1', description='some new dp') dp_client.create_data_product(dp_obj) dp_obj = IonObject(RT.DataProduct, name='DataProd2', description='and of course another new dp') dp_client.create_data_product(dp_obj,) dp_obj = IonObject(RT.DataProduct, name='DataProd3', description='yet another new dp') dp_client.create_data_product(dp_obj,) log.debug('Data Products') dp_list = dp_client.find_data_products() for dp_obj in dp_list: log.debug( str(dp_obj)) ims_client = InstrumentManagementServiceProcessClient(node=container.node, process=process) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') ims_client.create_instrument_agent(ia_obj) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent2', description='The second Instrument Agent') ims_client.create_instrument_agent(ia_obj) log.debug( 'Instrument Agents') ia_list = ims_client.find_instrument_agents() for ia_obj in ia_list: log.debug( str(ia_obj)) org_client = OrgManagementServiceProcessClient(node=container.node, process=process) ion_org = org_client.find_org() policy_client = PolicyManagementServiceProcessClient(node=container.node, process=process) role_obj = IonObject(RT.UserRole, name='Instrument Operator', description='Users assigned to this role are instrument operators') role_id = policy_client.create_role(role_obj) org_client.add_user_role(ion_org._id, role_id) try: role_id = policy_client.create_role(role_obj) org_client.add_user_role(ion_org._id, role_id) except Exception, e: log.info("This should fail") log.info(e.message)
class TestGovernanceInt(IonIntegrationTestCase): def setUp(self): # Start container self._start_container() #Load a deploy file self.container.start_rel_from_url('res/deploy/r2deploy.yml') #Instantiate a process to represent the test process = GovernanceTestProcess() #Load system policies after container has started all of the services LoadSystemPolicy.op_load_system_policies(process) self.rr_client = ResourceRegistryServiceProcessClient( node=self.container.node, process=process) self.id_client = IdentityManagementServiceProcessClient( node=self.container.node, process=process) self.pol_client = PolicyManagementServiceProcessClient( node=self.container.node, process=process) self.org_client = OrgManagementServiceProcessClient( node=self.container.node, process=process) self.ims_client = InstrumentManagementServiceProcessClient( node=self.container.node, process=process) self.ems_client = ExchangeManagementServiceProcessClient( node=self.container.node, process=process) self.ion_org = self.org_client.find_org() self.system_actor = self.id_client.find_actor_identity_by_name( name=CFG.system.system_actor) log.debug('system actor:' + self.system_actor._id) sa_header_roles = get_role_message_headers( self.org_client.find_all_roles_by_user(self.system_actor._id)) self.sa_user_header = { 'ion-actor-id': self.system_actor._id, 'ion-actor-roles': sa_header_roles } @attr('LOCOINT') @unittest.skipIf(os.getenv('CEI_LAUNCH_TEST', False), 'Not integrated for CEI') def test_basic_policy(self): #Make sure that the system policies have been loaded policy_list, _ = self.rr_client.find_resources(restype=RT.Policy) self.assertNotEqual( len(policy_list), 0, "The system policies have not been loaded into the Resource Registry" ) #Attempt to access an operation in service which does not have specific policies set es_obj = IonObject(RT.ExchangeSpace, description='ION test XS', name='ioncore2') with self.assertRaises(Unauthorized) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'exchange_management(create_exchange_space) has been denied', cm.exception.message) #Add a new policy to allow the the above service call. policy_obj = IonObject( RT.Policy, name='Exchange_Management_Test_Policy', definition_type="Service", rule=TEST_POLICY_TEXT, description= 'Allow specific operations in the Exchange Management Service for anonymous user' ) test_policy_id = self.pol_client.create_policy( policy_obj, headers=self.sa_user_header) self.pol_client.add_service_policy('exchange_management', test_policy_id, headers=self.sa_user_header) log.info('Policy created: ' + policy_obj.name) gevent.sleep(2) # Wait for events to be fired and policy updated #The previous attempt at this operations should now be allowed. es_obj = IonObject(RT.ExchangeSpace, description='ION test XS', name='ioncore2') with self.assertRaises(BadRequest) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn('Arguments not set', cm.exception.message) #disable the test policy to try again self.pol_client.disable_policy(test_policy_id, headers=self.sa_user_header) gevent.sleep(2) # Wait for events to be fired and policy updated #The same request that previously was allowed should not be denied es_obj = IonObject(RT.ExchangeSpace, description='ION test XS', name='ioncore2') with self.assertRaises(Unauthorized) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'exchange_management(create_exchange_space) has been denied', cm.exception.message) #now enable the test policy to try again self.pol_client.enable_policy(test_policy_id, headers=self.sa_user_header) gevent.sleep(2) # Wait for events to be fired and policy updated #The previous attempt at this operations should now be allowed. es_obj = IonObject(RT.ExchangeSpace, description='ION test XS', name='ioncore2') with self.assertRaises(BadRequest) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn('Arguments not set', cm.exception.message) self.pol_client.remove_service_policy('exchange_management', test_policy_id, headers=self.sa_user_header) self.pol_client.delete_policy(test_policy_id, headers=self.sa_user_header) gevent.sleep(2) # Wait for events to be fired and policy updated #The same request that previously was allowed should not be denied es_obj = IonObject(RT.ExchangeSpace, description='ION test XS', name='ioncore2') with self.assertRaises(Unauthorized) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'exchange_management(create_exchange_space) has been denied', cm.exception.message) @attr('LOCOINT') @unittest.skipIf(os.getenv('CEI_LAUNCH_TEST', False), 'Not integrated for CEI') def test_org_policy(self): #Make sure that the system policies have been loaded policy_list, _ = self.rr_client.find_resources(restype=RT.Policy) self.assertNotEqual( len(policy_list), 0, "The system policies have not been loaded into the Resource Registry" ) with self.assertRaises(BadRequest) as cm: myorg = self.org_client.read_org() self.assertTrue( cm.exception.message == 'The org_id parameter is missing') user_id, valid_until, registered = self.id_client.signon( USER1_CERTIFICATE, True) log.debug("user id=" + user_id) user_roles = get_role_message_headers( self.org_client.find_all_roles_by_user(user_id)) user_header = {'ion-actor-id': user_id, 'ion-actor-roles': user_roles} #Attempt to enroll a user anonymously - should not be allowed with self.assertRaises(Unauthorized) as cm: self.org_client.enroll_member(self.ion_org._id, user_id) self.assertIn('org_management(enroll_member) has been denied', cm.exception.message) #Attempt to let a user enroll themselves - should not be allowed with self.assertRaises(Unauthorized) as cm: self.org_client.enroll_member(self.ion_org._id, user_id, headers=user_header) self.assertIn('org_management(enroll_member) has been denied', cm.exception.message) #Attept to enroll the user in the ION Root org as a manager - should not be allowed since #registration with the system implies membership in the ROOT Org. with self.assertRaises(BadRequest) as cm: self.org_client.enroll_member(self.ion_org._id, user_id, headers=self.sa_user_header) self.assertTrue( cm.exception.message == 'A request to enroll in the root ION Org is not allowed') with self.assertRaises(Unauthorized) as cm: users = self.org_client.find_enrolled_users(self.ion_org._id) self.assertIn('org_management(find_enrolled_users) has been denied', cm.exception.message) with self.assertRaises(Unauthorized) as cm: users = self.org_client.find_enrolled_users(self.ion_org._id, headers=user_header) self.assertIn('org_management(find_enrolled_users) has been denied', cm.exception.message) users = self.org_client.find_enrolled_users( self.ion_org._id, headers=self.sa_user_header) self.assertEqual(len(users), 2) ## test_org_roles and policies roles = self.org_client.find_org_roles(self.ion_org._id) self.assertEqual(len(roles), 3) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE, ION_MANAGER]) roles = self.org_client.find_roles_by_user(self.ion_org._id, self.system_actor._id, headers=self.sa_user_header) self.assertEqual(len(roles), 3) self.assertItemsEqual([r.name for r in roles], [MEMBER_ROLE, MANAGER_ROLE, ION_MANAGER]) roles = self.org_client.find_roles_by_user(self.ion_org._id, user_id, headers=self.sa_user_header) self.assertEqual(len(roles), 1) self.assertItemsEqual([r.name for r in roles], [MEMBER_ROLE]) with self.assertRaises(NotFound) as nf: org2 = self.org_client.find_org(ORG2) self.assertIn('The Org with name Org2 does not exist', nf.exception.message) org2 = IonObject(RT.Org, name=ORG2, description='A second Org') org2_id = self.org_client.create_org(org2, headers=self.sa_user_header) org2 = self.org_client.find_org(ORG2) self.assertEqual(org2_id, org2._id) roles = self.org_client.find_org_roles(org2_id) self.assertEqual(len(roles), 2) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE]) operator_role = IonObject(RT.UserRole, name=INSTRUMENT_OPERATOR, label='Instrument Operator', description='Instrument Operator') #First try to add the user role anonymously with self.assertRaises(Unauthorized) as cm: self.org_client.add_user_role(org2_id, operator_role) self.assertIn('org_management(add_user_role) has been denied', cm.exception.message) self.org_client.add_user_role(org2_id, operator_role, headers=self.sa_user_header) roles = self.org_client.find_org_roles(org2_id) self.assertEqual(len(roles), 3) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE, INSTRUMENT_OPERATOR]) # test requests for enrollments and roles. #First try to find user requests anonymously with self.assertRaises(Unauthorized) as cm: requests = self.org_client.find_requests(org2_id) self.assertIn('org_management(find_requests) has been denied', cm.exception.message) #Next try to find user requests as as a basic member with self.assertRaises(Unauthorized) as cm: requests = self.org_client.find_requests(org2_id, headers=user_header) self.assertIn('org_management(find_requests) has been denied', cm.exception.message) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 0) # First try to request a role without being a member with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_role(org2_id, user_id, INSTRUMENT_OPERATOR, headers=user_header) self.assertIn( 'A precondition for this request has not been satisfied: is_enrolled(org_id,user_id)', cm.exception.message) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 0) req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 1) requests = self.org_client.find_user_requests( user_id, org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 1) #User tried requesting enrollment again - this should fail with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header) self.assertIn( 'A precondition for this request has not been satisfied: enroll_req_not_exist(org_id,user_id)', cm.exception.message) #Manager denies the request self.org_client.deny_request(org2_id, req_id, 'To test the deny process', headers=self.sa_user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 1) self.assertEqual(requests[0].status, REQUEST_DENIED) #Manager approves request self.org_client.approve_request(org2_id, req_id, headers=self.sa_user_header) users = self.org_client.find_enrolled_users( org2_id, headers=self.sa_user_header) self.assertEqual(len(users), 0) #User Accepts request self.org_client.accept_request(org2_id, req_id, headers=user_header) users = self.org_client.find_enrolled_users( org2_id, headers=self.sa_user_header) self.assertEqual(len(users), 1) #User tried requesting enrollment again - this should fail with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header) self.assertIn( 'A precondition for this request has not been satisfied: is_not_enrolled(org_id,user_id)', cm.exception.message) req_id = self.org_client.request_role(org2_id, user_id, INSTRUMENT_OPERATOR, headers=user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 2) requests = self.org_client.find_requests(org2_id, request_status='Open', headers=self.sa_user_header) self.assertEqual(len(requests), 1) requests = self.org_client.find_user_requests(user_id, org2_id, headers=user_header) self.assertEqual(len(requests), 2) requests = self.org_client.find_user_requests( user_id, org2_id, request_type=RT.RoleRequest, headers=user_header) self.assertEqual(len(requests), 1) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests), 1) ia_list, _ = self.rr_client.find_resources(restype=RT.InstrumentAgent) self.assertEqual(len(ia_list), 0) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') with self.assertRaises(Unauthorized) as cm: self.ims_client.create_instrument_agent(ia_obj) self.assertIn( 'instrument_management(create_instrument_agent) has been denied', cm.exception.message) with self.assertRaises(Unauthorized) as cm: self.ims_client.create_instrument_agent(ia_obj, headers=user_header) self.assertIn( 'instrument_management(create_instrument_agent) has been denied', cm.exception.message) #Manager approves request self.org_client.approve_request(org2_id, req_id, headers=self.sa_user_header) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests), 0) #User accepts request self.org_client.accept_request(org2_id, req_id, headers=user_header) #Refresh headers with new role user_roles = get_role_message_headers( self.org_client.find_all_roles_by_user(user_id)) user_header = {'ion-actor-id': user_id, 'ion-actor-roles': user_roles} self.ims_client.create_instrument_agent(ia_obj, headers=user_header) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent2', description='The second Instrument Agent') self.ims_client.create_instrument_agent(ia_obj, headers=user_header) ia_list, _ = self.rr_client.find_resources(restype=RT.InstrumentAgent) self.assertEqual(len(ia_list), 2) #First make a acquire resource request with an non-enrolled user. with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_acquire_resource( org2_id, self.system_actor._id, ia_list[0]._id, headers=self.sa_user_header) self.assertIn( 'A precondition for this request has not been satisfied: is_enrolled(org_id,user_id)', cm.exception.message) req_id = self.org_client.request_acquire_resource(org2_id, user_id, ia_list[0]._id, headers=user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests), 3) requests = self.org_client.find_user_requests(user_id, org2_id, headers=user_header) self.assertEqual(len(requests), 3) requests = self.org_client.find_user_requests( user_id, org2_id, request_type=RT.ResourceRequest, headers=user_header) self.assertEqual(len(requests), 1) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests), 1) self.assertEqual(requests[0]._id, req_id) #Manager approves Instrument request self.org_client.approve_request(org2_id, req_id, headers=self.sa_user_header) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests), 0) #User accepts request self.org_client.accept_request(org2_id, req_id, headers=user_header) #Check commitments commitments, _ = self.rr_client.find_objects(ia_list[0]._id, PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments), 1) commitments, _ = self.rr_client.find_objects(user_id, PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments), 1) #Release the resource self.org_client.release_resource( org2_id, user_id, ia_list[0]._id, headers=self.sa_user_header, timeout=15) #TODO - Refactor release_resource #Check commitments commitments, _ = self.rr_client.find_objects(ia_list[0]._id, PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments), 0) commitments, _ = self.rr_client.find_objects(user_id, PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments), 0)
dp_list = dp_client.find_data_products() for dp_obj in dp_list: log.debug( str(dp_obj)) results = find_data_products() log.info(results) header_roles = get_role_message_headers(org_client.find_all_roles_by_user(user._id)) ims_client = InstrumentManagementServiceProcessClient(node=container.node, process=process) try: ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') ims_client.create_instrument_agent(ia_obj, headers={'ion-actor-id': user._id, 'ion-actor-roles': header_roles }) except Exception, e: log.info('This operation should be denied: ' + e.message) header_roles = get_role_message_headers(org_client.find_all_roles_by_user(system_actor._id)) org_client.grant_role(ion_org._id, user._id, 'INSTRUMENT_OPERATOR', headers={'ion-actor-id': system_actor._id, 'ion-actor-roles': header_roles }) header_roles = get_role_message_headers(org_client.find_all_roles_by_user(user._id)) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') ims_client.create_instrument_agent(ia_obj, headers={'ion-actor-id': user._id, 'ion-actor-roles': header_roles }) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent2', description='The second Instrument Agent')
class TestGovernanceInt(IonIntegrationTestCase): def setUp(self): # Start container self._start_container() #Load a deploy file self.container.start_rel_from_url('res/deploy/r2deploy.yml') #Instantiate a process to represent the test process=GovernanceTestProcess() #Load system policies after container has started all of the services LoadSystemPolicy.op_load_system_policies(process) self.rr_client = ResourceRegistryServiceProcessClient(node=self.container.node, process=process) self.id_client = IdentityManagementServiceProcessClient(node=self.container.node, process=process) self.pol_client = PolicyManagementServiceProcessClient(node=self.container.node, process=process) self.org_client = OrgManagementServiceProcessClient(node=self.container.node, process=process) self.ims_client = InstrumentManagementServiceProcessClient(node=self.container.node, process=process) self.ems_client = ExchangeManagementServiceProcessClient(node=self.container.node, process=process) self.ion_org = self.org_client.find_org() self.system_actor = self.id_client.find_actor_identity_by_name(name=CFG.system.system_actor) log.debug('system actor:' + self.system_actor._id) sa_header_roles = get_role_message_headers(self.org_client.find_all_roles_by_user(self.system_actor._id)) self.sa_user_header = {'ion-actor-id': self.system_actor._id, 'ion-actor-roles': sa_header_roles } @attr('LOCOINT') @unittest.skipIf(os.getenv('CEI_LAUNCH_TEST', False),'Not integrated for CEI') def test_basic_policy(self): #Make sure that the system policies have been loaded policy_list,_ = self.rr_client.find_resources(restype=RT.Policy) self.assertNotEqual(len(policy_list),0,"The system policies have not been loaded into the Resource Registry") #Attempt to access an operation in service which does not have specific policies set es_obj = IonObject(RT.ExchangeSpace, description= 'ION test XS', name='ioncore2' ) with self.assertRaises(Unauthorized) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'exchange_management(create_exchange_space) has been denied',cm.exception.message) #Add a new policy to allow the the above service call. policy_obj = IonObject(RT.Policy, name='Exchange_Management_Test_Policy', definition_type="Service", rule=TEST_POLICY_TEXT, description='Allow specific operations in the Exchange Management Service for anonymous user') test_policy_id = self.pol_client.create_policy(policy_obj, headers=self.sa_user_header) self.pol_client.add_service_policy('exchange_management', test_policy_id, headers=self.sa_user_header) log.info('Policy created: ' + policy_obj.name) gevent.sleep(2) # Wait for events to be fired and policy updated #The previous attempt at this operations should now be allowed. es_obj = IonObject(RT.ExchangeSpace, description= 'ION test XS', name='ioncore2' ) with self.assertRaises(BadRequest) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'Arguments not set',cm.exception.message) #disable the test policy to try again self.pol_client.disable_policy(test_policy_id, headers=self.sa_user_header) gevent.sleep(2) # Wait for events to be fired and policy updated #The same request that previously was allowed should not be denied es_obj = IonObject(RT.ExchangeSpace, description= 'ION test XS', name='ioncore2' ) with self.assertRaises(Unauthorized) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'exchange_management(create_exchange_space) has been denied',cm.exception.message) #now enable the test policy to try again self.pol_client.enable_policy(test_policy_id, headers=self.sa_user_header) gevent.sleep(2) # Wait for events to be fired and policy updated #The previous attempt at this operations should now be allowed. es_obj = IonObject(RT.ExchangeSpace, description= 'ION test XS', name='ioncore2' ) with self.assertRaises(BadRequest) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'Arguments not set',cm.exception.message) self.pol_client.remove_service_policy('exchange_management', test_policy_id, headers=self.sa_user_header) self.pol_client.delete_policy(test_policy_id, headers=self.sa_user_header) gevent.sleep(2) # Wait for events to be fired and policy updated #The same request that previously was allowed should not be denied es_obj = IonObject(RT.ExchangeSpace, description= 'ION test XS', name='ioncore2' ) with self.assertRaises(Unauthorized) as cm: self.ems_client.create_exchange_space(es_obj) self.assertIn( 'exchange_management(create_exchange_space) has been denied',cm.exception.message) @attr('LOCOINT') @unittest.skipIf(os.getenv('CEI_LAUNCH_TEST', False),'Not integrated for CEI') def test_org_policy(self): #Make sure that the system policies have been loaded policy_list,_ = self.rr_client.find_resources(restype=RT.Policy) self.assertNotEqual(len(policy_list),0,"The system policies have not been loaded into the Resource Registry") with self.assertRaises(BadRequest) as cm: myorg = self.org_client.read_org() self.assertTrue(cm.exception.message == 'The org_id parameter is missing') user_id, valid_until, registered = self.id_client.signon(USER1_CERTIFICATE, True) log.debug( "user id=" + user_id) user_roles = get_role_message_headers(self.org_client.find_all_roles_by_user(user_id)) user_header = {'ion-actor-id': user_id, 'ion-actor-roles': user_roles } #Attempt to enroll a user anonymously - should not be allowed with self.assertRaises(Unauthorized) as cm: self.org_client.enroll_member(self.ion_org._id,user_id) self.assertIn( 'org_management(enroll_member) has been denied',cm.exception.message) #Attempt to let a user enroll themselves - should not be allowed with self.assertRaises(Unauthorized) as cm: self.org_client.enroll_member(self.ion_org._id,user_id, headers=user_header) self.assertIn( 'org_management(enroll_member) has been denied',cm.exception.message) #Attept to enroll the user in the ION Root org as a manager - should not be allowed since #registration with the system implies membership in the ROOT Org. with self.assertRaises(BadRequest) as cm: self.org_client.enroll_member(self.ion_org._id,user_id, headers=self.sa_user_header) self.assertTrue(cm.exception.message == 'A request to enroll in the root ION Org is not allowed') with self.assertRaises(Unauthorized) as cm: users = self.org_client.find_enrolled_users(self.ion_org._id) self.assertIn('org_management(find_enrolled_users) has been denied',cm.exception.message) with self.assertRaises(Unauthorized) as cm: users = self.org_client.find_enrolled_users(self.ion_org._id, headers=user_header) self.assertIn( 'org_management(find_enrolled_users) has been denied',cm.exception.message) users = self.org_client.find_enrolled_users(self.ion_org._id, headers=self.sa_user_header) self.assertEqual(len(users),2) ## test_org_roles and policies roles = self.org_client.find_org_roles(self.ion_org._id) self.assertEqual(len(roles),3) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE, ION_MANAGER]) roles = self.org_client.find_roles_by_user(self.ion_org._id, self.system_actor._id, headers=self.sa_user_header) self.assertEqual(len(roles),3) self.assertItemsEqual([r.name for r in roles], [MEMBER_ROLE, MANAGER_ROLE, ION_MANAGER]) roles = self.org_client.find_roles_by_user(self.ion_org._id, user_id, headers=self.sa_user_header) self.assertEqual(len(roles),1) self.assertItemsEqual([r.name for r in roles], [MEMBER_ROLE]) with self.assertRaises(NotFound) as nf: org2 = self.org_client.find_org(ORG2) self.assertIn('The Org with name Org2 does not exist',nf.exception.message) org2 = IonObject(RT.Org, name=ORG2, description='A second Org') org2_id = self.org_client.create_org(org2, headers=self.sa_user_header) org2 = self.org_client.find_org(ORG2) self.assertEqual(org2_id, org2._id) roles = self.org_client.find_org_roles(org2_id) self.assertEqual(len(roles),2) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE]) operator_role = IonObject(RT.UserRole, name=INSTRUMENT_OPERATOR,label='Instrument Operator', description='Instrument Operator') #First try to add the user role anonymously with self.assertRaises(Unauthorized) as cm: self.org_client.add_user_role(org2_id, operator_role) self.assertIn('org_management(add_user_role) has been denied',cm.exception.message) self.org_client.add_user_role(org2_id, operator_role, headers=self.sa_user_header) roles = self.org_client.find_org_roles(org2_id) self.assertEqual(len(roles),3) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE, INSTRUMENT_OPERATOR]) # test requests for enrollments and roles. #First try to find user requests anonymously with self.assertRaises(Unauthorized) as cm: requests = self.org_client.find_requests(org2_id) self.assertIn('org_management(find_requests) has been denied',cm.exception.message) #Next try to find user requests as as a basic member with self.assertRaises(Unauthorized) as cm: requests = self.org_client.find_requests(org2_id, headers=user_header) self.assertIn('org_management(find_requests) has been denied',cm.exception.message) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),0) # First try to request a role without being a member with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_role(org2_id, user_id, INSTRUMENT_OPERATOR, headers=user_header ) self.assertIn('A precondition for this request has not been satisfied: is_enrolled(org_id,user_id)',cm.exception.message) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),0) req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header ) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),1) #User tried requesting enrollment again - this should fail with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header ) self.assertIn('A precondition for this request has not been satisfied: enroll_req_not_exist(org_id,user_id)',cm.exception.message) #Manager denies the request self.org_client.deny_request(org2_id,req_id,'To test the deny process', headers=self.sa_user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),1) self.assertEqual(requests[0].status, REQUEST_DENIED) #Manager approves request self.org_client.approve_request(org2_id,req_id, headers=self.sa_user_header) users = self.org_client.find_enrolled_users(org2_id, headers=self.sa_user_header) self.assertEqual(len(users),0) #User Accepts request self.org_client.accept_request(org2_id,req_id, headers=user_header) users = self.org_client.find_enrolled_users(org2_id, headers=self.sa_user_header) self.assertEqual(len(users),1) #User tried requesting enrollment again - this should fail with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header ) self.assertIn('A precondition for this request has not been satisfied: is_not_enrolled(org_id,user_id)',cm.exception.message) req_id = self.org_client.request_role(org2_id, user_id, INSTRUMENT_OPERATOR, headers=user_header ) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),2) requests = self.org_client.find_requests(org2_id,request_status='Open', headers=self.sa_user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, headers=user_header) self.assertEqual(len(requests),2) requests = self.org_client.find_user_requests(user_id, org2_id, request_type=RT.RoleRequest, headers=user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),1) ia_list,_ = self.rr_client.find_resources(restype=RT.InstrumentAgent) self.assertEqual(len(ia_list),0) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') with self.assertRaises(Unauthorized) as cm: self.ims_client.create_instrument_agent(ia_obj) self.assertIn('instrument_management(create_instrument_agent) has been denied',cm.exception.message) with self.assertRaises(Unauthorized) as cm: self.ims_client.create_instrument_agent(ia_obj, headers=user_header) self.assertIn('instrument_management(create_instrument_agent) has been denied',cm.exception.message) #Manager approves request self.org_client.approve_request(org2_id,req_id, headers=self.sa_user_header) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),0) #User accepts request self.org_client.accept_request(org2_id, req_id, headers=user_header) #Refresh headers with new role user_roles = get_role_message_headers(self.org_client.find_all_roles_by_user(user_id)) user_header = {'ion-actor-id': user_id, 'ion-actor-roles': user_roles } self.ims_client.create_instrument_agent(ia_obj, headers=user_header) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent2', description='The second Instrument Agent') self.ims_client.create_instrument_agent(ia_obj, headers=user_header) ia_list,_ = self.rr_client.find_resources(restype=RT.InstrumentAgent) self.assertEqual(len(ia_list),2) #First make a acquire resource request with an non-enrolled user. with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_acquire_resource(org2_id,self.system_actor._id,ia_list[0]._id , headers=self.sa_user_header) self.assertIn('A precondition for this request has not been satisfied: is_enrolled(org_id,user_id)',cm.exception.message) req_id = self.org_client.request_acquire_resource(org2_id,user_id,ia_list[0]._id , headers=user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),3) requests = self.org_client.find_user_requests(user_id, org2_id, headers=user_header) self.assertEqual(len(requests),3) requests = self.org_client.find_user_requests(user_id, org2_id, request_type=RT.ResourceRequest, headers=user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),1) self.assertEqual(requests[0]._id, req_id) #Manager approves Instrument request self.org_client.approve_request(org2_id,req_id, headers=self.sa_user_header) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),0) #User accepts request self.org_client.accept_request(org2_id,req_id, headers=user_header) #Check commitments commitments, _ = self.rr_client.find_objects(ia_list[0]._id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),1) commitments, _ = self.rr_client.find_objects(user_id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),1) #Release the resource self.org_client.release_resource(org2_id,user_id ,ia_list[0]._id, headers=self.sa_user_header,timeout=15) #TODO - Refactor release_resource #Check commitments commitments, _ = self.rr_client.find_objects(ia_list[0]._id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),0) commitments, _ = self.rr_client.find_objects(user_id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),0)
class TestGovernanceInt(IonIntegrationTestCase): def setUp(self): # Start container self._start_container() #Load a deploy file that also loads basic policy. self.container.start_rel_from_url('res/deploy/r2gov.yml') process=FakeProcess() self.rr_client = ResourceRegistryServiceProcessClient(node=self.container.node, process=process) self.id_client = IdentityManagementServiceProcessClient(node=self.container.node, process=process) self.org_client = OrgManagementServiceProcessClient(node=self.container.node, process=process) self.ims_client = InstrumentManagementServiceProcessClient(node=self.container.node, process=process) self.ion_org = self.org_client.find_org() self.system_actor = self.id_client.find_actor_identity_by_name(name=CFG.system.system_actor) log.debug('system actor:' + self.system_actor._id) sa_header_roles = get_role_message_headers(self.org_client.find_all_roles_by_user(self.system_actor._id)) self.sa_user_header = {'ion-actor-id': self.system_actor._id, 'ion-actor-roles': sa_header_roles } @attr('LOCOINT') @unittest.skipIf(os.getenv('CEI_LAUNCH_TEST', False),'Not integrated for CEI') @unittest.skip("Not working on buildbot for some reason but works on Mac") def test_org_policy(self): with self.assertRaises(BadRequest) as cm: myorg = self.org_client.read_org() self.assertTrue(cm.exception.message == 'The org_id parameter is missing') user_id, valid_until, registered = self.id_client.signon(USER1_CERTIFICATE, True) log.debug( "user id=" + user_id) user_roles = get_role_message_headers(self.org_client.find_all_roles_by_user(user_id)) user_header = {'ion-actor-id': user_id, 'ion-actor-roles': user_roles } #Attempt to enroll a user anonymously - should not be allowed with self.assertRaises(Unauthorized) as cm: self.org_client.enroll_member(self.ion_org._id,user_id) self.assertIn( 'org_management(enroll_member) has been denied',cm.exception.message) #Attempt to let a user enroll themselves - should not be allowed with self.assertRaises(Unauthorized) as cm: self.org_client.enroll_member(self.ion_org._id,user_id, headers=user_header) self.assertIn( 'org_management(enroll_member) has been denied',cm.exception.message) #Attept to enroll the user in the ION Root org as a manager - should not be allowed since #registration with the system implies membership in the ROOT Org. with self.assertRaises(BadRequest) as cm: self.org_client.enroll_member(self.ion_org._id,user_id, headers=self.sa_user_header) self.assertTrue(cm.exception.message == 'A request to enroll in the root ION Org is not allowed') with self.assertRaises(Unauthorized) as cm: users = self.org_client.find_enrolled_users(self.ion_org._id) self.assertIn('org_management(find_enrolled_users) has been denied',cm.exception.message) with self.assertRaises(Unauthorized) as cm: users = self.org_client.find_enrolled_users(self.ion_org._id, headers=user_header) self.assertIn( 'org_management(find_enrolled_users) has been denied',cm.exception.message) users = self.org_client.find_enrolled_users(self.ion_org._id, headers=self.sa_user_header) self.assertEqual(len(users),2) ## test_org_roles and policies roles = self.org_client.find_org_roles(self.ion_org._id) self.assertEqual(len(roles),3) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE, ION_MANAGER]) roles = self.org_client.find_roles_by_user(self.ion_org._id, self.system_actor._id, headers=self.sa_user_header) self.assertEqual(len(roles),3) self.assertItemsEqual([r.name for r in roles], [MEMBER_ROLE, MANAGER_ROLE, ION_MANAGER]) roles = self.org_client.find_roles_by_user(self.ion_org._id, user_id, headers=self.sa_user_header) self.assertEqual(len(roles),1) self.assertItemsEqual([r.name for r in roles], [MEMBER_ROLE]) with self.assertRaises(NotFound) as nf: org2 = self.org_client.find_org(ORG2) self.assertIn('The Org with name Org2 does not exist',nf.exception.message) org2 = IonObject(RT.Org, name=ORG2, description='A second Org') org2_id = self.org_client.create_org(org2, headers=self.sa_user_header) org2 = self.org_client.find_org(ORG2) self.assertEqual(org2_id, org2._id) roles = self.org_client.find_org_roles(org2_id) self.assertEqual(len(roles),2) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE]) operator_role = IonObject(RT.UserRole, name=INSTRUMENT_OPERATOR,label='Instrument Operator', description='Instrument Operator') #First try to add the user role anonymously with self.assertRaises(Unauthorized) as cm: self.org_client.add_user_role(org2_id, operator_role) self.assertIn('org_management(add_user_role) has been denied',cm.exception.message) self.org_client.add_user_role(org2_id, operator_role, headers=self.sa_user_header) roles = self.org_client.find_org_roles(org2_id) self.assertEqual(len(roles),3) self.assertItemsEqual([r.name for r in roles], [MANAGER_ROLE, MEMBER_ROLE, INSTRUMENT_OPERATOR]) # test requests for enrollments and roles. #First try to find user requests anonymously with self.assertRaises(Unauthorized) as cm: requests = self.org_client.find_requests(org2_id) self.assertIn('org_management(find_requests) has been denied',cm.exception.message) #Next try to find user requests as as a basic member with self.assertRaises(Unauthorized) as cm: requests = self.org_client.find_requests(org2_id, headers=user_header) self.assertIn('org_management(find_requests) has been denied',cm.exception.message) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),0) # First try to request a role without being a member with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_role(org2_id, user_id, INSTRUMENT_OPERATOR, headers=user_header ) self.assertIn('A precondition for this request has not been satisfied: is_enrolled(org_id,user_id) == True',cm.exception.message) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),0) req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header ) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),1) #User tried requesting enrollment again - this should fail with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_enroll(org2_id, user_id, headers=user_header ) self.assertIn('A precondition for this request has not been satisfied: enroll_req_exists(org_id,user_id) == False',cm.exception.message) #Manager denies the request self.org_client.deny_request(org2_id,req_id,'To test the deny process', headers=self.sa_user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),1) self.assertEqual(requests[0].status, REQUEST_DENIED) #Manager approves request self.org_client.approve_request(org2_id,req_id, headers=self.sa_user_header) users = self.org_client.find_enrolled_users(org2_id, headers=self.sa_user_header) self.assertEqual(len(users),0) #User Accepts request self.org_client.accept_request(org2_id,req_id, headers=user_header) users = self.org_client.find_enrolled_users(org2_id, headers=self.sa_user_header) self.assertEqual(len(users),1) req_id = self.org_client.request_role(org2_id, user_id, INSTRUMENT_OPERATOR, headers=user_header ) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),2) requests = self.org_client.find_requests(org2_id,request_status='Open', headers=self.sa_user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, headers=user_header) self.assertEqual(len(requests),2) requests = self.org_client.find_user_requests(user_id, org2_id, request_type=RT.RoleRequest, headers=user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),1) ia_list = self.ims_client.find_instrument_agents() self.assertEqual(len(ia_list),0) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') with self.assertRaises(Unauthorized) as cm: self.ims_client.create_instrument_agent(ia_obj) self.assertIn('instrument_management(create_instrument_agent) has been denied',cm.exception.message) with self.assertRaises(Unauthorized) as cm: self.ims_client.create_instrument_agent(ia_obj, headers=user_header) self.assertIn('instrument_management(create_instrument_agent) has been denied',cm.exception.message) #Manager approves request self.org_client.approve_request(org2_id,req_id, headers=self.sa_user_header) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),0) #User accepts request self.org_client.accept_request(org2_id, req_id, headers=user_header) #Refresh headers with new role user_roles = get_role_message_headers(self.org_client.find_all_roles_by_user(user_id)) user_header = {'ion-actor-id': user_id, 'ion-actor-roles': user_roles } self.ims_client.create_instrument_agent(ia_obj, headers=user_header) ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent2', description='The second Instrument Agent') self.ims_client.create_instrument_agent(ia_obj, headers=user_header) ia_list = self.ims_client.find_instrument_agents() self.assertEqual(len(ia_list),2) #First make a acquire resource request with an non-enrolled user. with self.assertRaises(BadRequest) as cm: req_id = self.org_client.request_acquire_resource(org2_id,self.system_actor._id,ia_list[0]._id , headers=self.sa_user_header) self.assertIn('A precondition for this request has not been satisfied: is_enrolled(org_id,user_id) == True',cm.exception.message) req_id = self.org_client.request_acquire_resource(org2_id,user_id,ia_list[0]._id , headers=user_header) requests = self.org_client.find_requests(org2_id, headers=self.sa_user_header) self.assertEqual(len(requests),3) requests = self.org_client.find_user_requests(user_id, org2_id, headers=user_header) self.assertEqual(len(requests),3) requests = self.org_client.find_user_requests(user_id, org2_id, request_type=RT.ResourceRequest, headers=user_header) self.assertEqual(len(requests),1) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),1) self.assertEqual(requests[0]._id, req_id) #Manager approves Instrument request self.org_client.approve_request(org2_id,req_id, headers=self.sa_user_header) requests = self.org_client.find_user_requests(user_id, org2_id, request_status="Open", headers=user_header) self.assertEqual(len(requests),0) #User accepts request self.org_client.accept_request(org2_id,req_id, headers=user_header) #Check commitments commitments, _ = self.rr_client.find_objects(ia_list[0]._id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),1) commitments, _ = self.rr_client.find_objects(user_id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),1) #Release the resource self.org_client.release_resource(org2_id,user_id ,ia_list[0]._id, headers=self.sa_user_header) #Check commitments commitments, _ = self.rr_client.find_objects(ia_list[0]._id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),0) commitments, _ = self.rr_client.find_objects(user_id,PRED.hasCommitment, RT.ResourceCommitment) self.assertEqual(len(commitments),0)
log.info(results) header_roles = get_role_message_headers( org_client.find_all_roles_by_user(user._id)) ims_client = InstrumentManagementServiceProcessClient(node=container.node, process=process) try: ia_obj = IonObject(RT.InstrumentAgent, name='Instrument Agent1', description='The first Instrument Agent') ims_client.create_instrument_agent(ia_obj, headers={ 'ion-actor-id': user._id, 'ion-actor-roles': header_roles }) except Exception, e: log.info('This operation should be denied: ' + e.message) header_roles = get_role_message_headers( org_client.find_all_roles_by_user(system_actor._id)) org_client.grant_role(ion_org._id, user._id, 'INSTRUMENT_OPERATOR', headers={ 'ion-actor-id': system_actor._id, 'ion-actor-roles': header_roles })
class AgentManagementService(BaseAgentManagementService): """The Agent Management Service is the service that manages Agent Definitions, Agent Instance configurations and running Agents in the system. @see https://confluence.oceanobservatories.org/display/syseng/CIAD+COI+OV+Agent+Management+Service """ def on_init(self): self.ims_client = InstrumentManagementServiceProcessClient(process=self) self.dams_client = DataAcquisitionManagementServiceProcessClient(process=self) def create_agent_definition(self, agent_definition=None): """Creates an Agent Definition resource from the parameter AgentDefinition object. @param agent_definition AgentDefinition @retval agent_definition_id str @throws BadRequest if object passed has _id or _rev attribute """ atype, ainst, svc_client = self._get_agent_type(agent_definition) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.create_instrument_agent(agent_definition) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.create_platform_agent(agent_definition) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.create_external_dataset_agent(agent_definition) else: raise BadRequest("Unknown agent type: %s" % atype) return res def update_agent_definition(self, agent_definition=None): """Updates an existing Agent Definition resource. @param agent_definition AgentDefinition @throws BadRequest if object does not have _id or _rev attribute @throws NotFound object with specified id does not exist @throws Conflict object not based on latest persisted object version """ atype, ainst, svc_client = self._get_agent_type(agent_definition) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.update_instrument_agent(agent_definition) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.update_platform_agent(agent_definition) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.update_external_dataset_agent(agent_definition) else: raise BadRequest("Unknown agent type: %s" % atype) return res def read_agent_definition(self, agent_definition_id=''): """Returns an existing Agent Definition resource. @param agent_definition_id str @retval agent_definition AgentDefinition @throws NotFound object with specified id does not exist """ atype, ainst, svc_client = self._get_agent_type(agent_definition_id) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.read_instrument_agent(agent_definition_id) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.read_platform_agent(agent_definition_id) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.read_external_dataset_agent(agent_definition_id) else: raise BadRequest("Unknown agent type: %s" % atype) return res def delete_agent_definition(self, agent_definition_id=''): """Deletes an existing Agent Definition resource. @param agent_definition_id str @throws NotFound object with specified id does not exist """ atype, ainst, svc_client = self._get_agent_type(agent_definition_id) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.delete_instrument_agent(agent_definition_id) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.delete_platform_agent(agent_definition_id) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.delete_external_dataset_agent(agent_definition_id) else: raise BadRequest("Unknown agent type: %s" % atype) return res def create_agent_instance(self, agent_instance=None): """Creates an Agent Instance resource from the parameter AgentInstance object. @param agent_instance AgentInstance @retval agent_instance_id str @throws BadRequest if object passed has _id or _rev attribute """ atype, ainst, svc_client = self._get_agent_type(agent_instance) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.create_instrument_agent_instance_(agent_instance) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.create_platform_agent_instance(agent_instance) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.create_external_dataset_agent_instance(agent_instance) else: raise BadRequest("Unknown agent type: %s" % atype) return res def update_agent_instance(self, agent_instance=None): """Updates an existing Agent Instance resource. @param agent_instance AgentInstance @throws BadRequest if object does not have _id or _rev attribute @throws NotFound object with specified id does not exist @throws Conflict object not based on latest persisted object version """ atype, ainst, svc_client = self._get_agent_type(agent_instance) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.update_instrument_agent_instance(agent_instance) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.update_platform_agent_instance(agent_instance) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.update_data_source_agent_instance(agent_instance) else: raise BadRequest("Unknown agent type: %s" % atype) return res def read_agent_instance(self, agent_instance_id=''): """Returns an existing Agent Instance resource. @param agent_instance_id str @retval agent_instance AgentInstance @throws NotFound object with specified id does not exist """ atype, ainst, svc_client = self._get_agent_type(agent_instance_id) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.read_instrument_agent_instance(agent_instance_id) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.read_platform_agent_instance(agent_instance_id) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.read_external_dataset_agent_instance(agent_instance_id) else: raise BadRequest("Unknown agent type: %s" % atype) return res def delete_agent_instance(self, agent_instance_id=''): """Deletes an existing Agent Instance resource. @param agent_instance_id str @throws NotFound object with specified id does not exist """ atype, ainst, svc_client = self._get_agent_type(agent_instance_id) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.delete_instrument_agent_instance(agent_instance_id) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.delete_platform_agent_instance(agent_instance_id) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.delete_external_dataset_agent_instance(agent_instance_id) else: raise BadRequest("Unknown agent type: %s" % atype) return res def start_agent_instance(self, agent_instance_id=''): """Start the given Agent Instance. Delegates to the type specific service. @param agent_instance_id str @retval process_id str @throws NotFound object with specified id does not exist """ atype, ainst, svc_client = self._get_agent_type(agent_instance_id) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.start_instrument_agent_instance(agent_instance_id) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.start_platform_agent_instance(agent_instance_id) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.start_external_dataset_agent_instance(agent_instance_id) else: raise BadRequest("Unknown agent type: %s" % atype) return res def stop_agent_instance(self, agent_instance_id=''): """Stop the given Agent Instance. Delegates to the type specific service. @param agent_instance_id str @throws NotFound object with specified id does not exist """ atype, ainst, svc_client = self._get_agent_type(agent_instance_id) if atype == AT_INSTUMENT_AGENT: res = self.ims_client.stop_instrument_agent_instance(agent_instance_id) elif atype == AT_PLATFORM_AGENT: res = self.ims_client.stop_platform_agent_instance(agent_instance_id) elif atype == AT_EXTDATASET_AGENT: res = self.dams_client.stop_external_dataset_agent_instance(agent_instance_id) else: raise BadRequest("Unknown agent type: %s" % atype) return res def _get_agent_type(self, agent=''): if isinstance(agent, str): res_obj = self.clients.resource_registry.read(agent) elif isinstance(agent, AgentInstance) or isinstance(agent, AgentDefinition): res_obj = agent else: raise BadRequest("Resource must be AgentInstance or AgentDefinition, is: %s" % agent.type_) atype = None svc_client = None is_instance = res_obj.type_.endswith("Instance") if isinstance(res_obj, InstrumentAgentInstance) or isinstance(res_obj, InstrumentAgent): atype = AT_INSTUMENT_AGENT svc_client = self.ims_client elif isinstance(res_obj, PlatformAgentInstance) or isinstance(res_obj, PlatformAgent): atype = AT_PLATFORM_AGENT svc_client = self.ims_client elif isinstance(res_obj, ExternalDatasetAgentInstance) or isinstance(res_obj, ExternalDatasetAgent): atype = AT_EXTDATASET_AGENT svc_client = self.dams_client else: raise BadRequest("Resource must is unknown AgentInstance: %s" % res_obj.type_) return atype, res_obj, svc_client