class TestOrgManagementServiceInt(IonIntegrationTestCase):
def setUp(self):
# Start container
self._start_container()
self.container.start_rel_from_url("res/deploy/r2coi.yml")
self.resource_registry = ResourceRegistryServiceClient(node=self.container.node)
self.org_management_service = OrgManagementServiceClient(node=self.container.node)
def test_org_crud(self):
with self.assertRaises(BadRequest) as br:
self.org_management_service.create_org(
IonObject("Org", {"name": "Test Facility", "org_governance_name": "Test Facility"})
)
self.assertTrue("can only contain alphanumeric and underscore characters" in br.exception.message)
with self.assertRaises(BadRequest):
self.org_management_service.create_org()
org_obj = IonObject("Org", {"name": "Test Facility"})
org_id = self.org_management_service.create_org(org_obj)
self.assertNotEqual(org_id, None)
org = None
org = self.org_management_service.read_org(org_id)
self.assertNotEqual(org, None)
self.assertEqual(org.org_governance_name, "Test_Facility")
# Check that the roles got associated to them
role_list = self.org_management_service.find_org_roles(org_id)
self.assertEqual(len(role_list), 2)
with self.assertRaises(BadRequest):
self.org_management_service.update_org()
org.name = "Updated Test Facility"
self.org_management_service.update_org(org)
org = None
org = self.org_management_service.read_org(org_id)
self.assertNotEqual(org, None)
self.assertEqual(org.name, "Updated Test Facility")
self.assertEqual(org.org_governance_name, "Test_Facility")
user_role = self.org_management_service.find_org_role_by_name(org_id, ORG_MANAGER_ROLE)
self.assertNotEqual(user_role, None)
self.org_management_service.remove_user_role(org_id, ORG_MANAGER_ROLE)
with self.assertRaises(BadRequest) as cm:
user_role = self.org_management_service.find_org_role_by_name(org_id, ORG_MANAGER_ROLE)
self.assertIn("The User Role 'ORG_MANAGER' does not exist for this Org", cm.exception.message)
with self.assertRaises(BadRequest):
self.org_management_service.delete_org()
self.org_management_service.delete_org(org_id)
with self.assertRaises(NotFound) as cm:
self.org_management_service.read_org(org_id)
self.assertIn("does not exist", cm.exception.message)
with self.assertRaises(NotFound) as cm:
self.org_management_service.delete_org(org_id)
self.assertIn("does not exist", cm.exception.message)
def test_org_affiliation(self):
root_org = None
root_org = self.org_management_service.find_org()
self.assertNotEqual(root_org, None)
org_obj = IonObject("Org", {"name": "TestFacility"})
org_id = self.org_management_service.create_org(org_obj)
self.assertNotEqual(org_id, None)
ret = self.org_management_service.affiliate_org(root_org._id, org_id)
self.assertTrue(ret)
ret = self.org_management_service.unaffiliate_org(root_org._id, org_id)
self.assertTrue(ret)
def test_find_org_containers(self):
root_org = None
root_org = self.org_management_service.find_org()
self.assertNotEqual(root_org, None)
containers = self.org_management_service.find_org_containers(root_org._id)
all_containers, _ = self.resource_registry.find_resources(restype=RT.CapabilityContainer, id_only=True)
self.assertEqual(len(containers), len(all_containers))
class TestOrgManagementServiceInt(IonIntegrationTestCase):
def setUp(self):
# Start container
self._start_container()
self.container.start_rel_from_url('res/deploy/r2coi.yml')
self.resource_registry = ResourceRegistryServiceClient(
node=self.container.node)
self.org_management_service = OrgManagementServiceClient(
node=self.container.node)
def test_org_crud(self):
with self.assertRaises(BadRequest) as br:
self.org_management_service.create_org(
IonObject("Org", {"name": "Test Facility"}))
self.assertTrue(
"can only contain alphanumeric and underscore characters" in
br.exception.message)
with self.assertRaises(BadRequest):
self.org_management_service.create_org()
org_obj = IonObject("Org", {"name": "TestFacility"})
org_id = self.org_management_service.create_org(org_obj)
self.assertNotEqual(org_id, None)
org = None
org = self.org_management_service.read_org(org_id)
self.assertNotEqual(org, None)
#Check that the roles got associated to them
role_list = self.org_management_service.find_org_roles(org_id)
self.assertEqual(len(role_list), 2)
with self.assertRaises(BadRequest):
self.org_management_service.update_org()
org.name = 'Updated_TestFacility'
self.org_management_service.update_org(org)
org = None
org = self.org_management_service.read_org(org_id)
self.assertNotEqual(org, None)
self.assertEqual(org.name, 'Updated_TestFacility')
user_role = self.org_management_service.find_org_role_by_name(
org_id, ORG_MANAGER_ROLE)
self.assertNotEqual(user_role, None)
#find_org = self.org_management_service.remove_user_role(org_id, ORG_MANAGER_ROLE)
#self.assertEqual(find_org, True)
with self.assertRaises(BadRequest):
self.org_management_service.delete_org()
self.org_management_service.delete_org(org_id)
with self.assertRaises(NotFound) as cm:
self.org_management_service.read_org(org_id)
self.assertIn("does not exist", cm.exception.message)
with self.assertRaises(NotFound) as cm:
self.org_management_service.delete_org(org_id)
self.assertIn("does not exist", cm.exception.message)
def test_org_affiliation(self):
root_org = None
root_org = self.org_management_service.find_org()
self.assertNotEqual(root_org, None)
org_obj = IonObject("Org", {"name": "TestFacility"})
org_id = self.org_management_service.create_org(org_obj)
self.assertNotEqual(org_id, None)
ret = self.org_management_service.affiliate_org(root_org._id, org_id)
self.assertTrue(ret)
ret = self.org_management_service.unaffiliate_org(root_org._id, org_id)
self.assertTrue(ret)
def test_find_org_containers(self):
root_org = None
root_org = self.org_management_service.find_org()
self.assertNotEqual(root_org, None)
containers = self.org_management_service.find_org_containers(
root_org._id)
all_containers, _ = self.resource_registry.find_resources(
restype=RT.CapabilityContainer, id_only=True)
self.assertEqual(len(containers), len(all_containers))
def test_user_role_cache(self):
# Create a user
id_client = IdentityManagementServiceClient()
actor_id, valid_until, registered = id_client.signon(USER1_CERTIFICATE, True)
# Make a request with this new user to get it into the cache
response = self.test_app.get(
"/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=" + actor_id
)
self.check_response_headers(response)
self.assertIn(GATEWAY_RESPONSE, response.json["data"])
# Check the contents of the user role cache for this user
service_gateway_user_role_cache = self.container.proc_manager.procs_by_name["service_gateway"].user_role_cache
self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), True)
role_header = service_gateway_user_role_cache.get(actor_id)
self.assertIn("ION", role_header)
self.assertEqual(len(role_header["ION"]), 1)
self.assertIn("ORG_MEMBER", role_header["ION"])
org_client = OrgManagementServiceClient()
ion_org = org_client.find_org()
manager_role = org_client.find_org_role_by_name(org_id=ion_org._id, role_name="ORG_MANAGER")
org_client.grant_role(org_id=ion_org._id, actor_id=actor_id, role_name="ORG_MANAGER")
# Just allow some time for event processing on slower platforms
gevent.sleep(2)
# The user should be evicted from the cache due to a change in roles
self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), False)
# Do it again to check for new roles
response = self.test_app.get(
"/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=" + actor_id
)
self.check_response_headers(response)
self.assertIn(GATEWAY_RESPONSE, response.json["data"])
# Check the contents of the user role cache for this user
self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), True)
role_header = service_gateway_user_role_cache.get(actor_id)
self.assertIn("ION", role_header)
self.assertEqual(len(role_header["ION"]), 2)
self.assertIn("ORG_MEMBER", role_header["ION"])
self.assertIn("ORG_MANAGER", role_header["ION"])
# Now flush the user_role_cache and make sure it was flushed
event_publisher = EventPublisher()
event_publisher.publish_event(event_type=OT.UserRoleCacheResetEvent)
# Just allow some time for event processing on slower platforms
gevent.sleep(2)
self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), False)
self.assertEqual(service_gateway_user_role_cache.size(), 0)
# Change the role once again and see if it is there again
org_client.revoke_role(org_id=ion_org._id, actor_id=actor_id, role_name="ORG_MANAGER")
# Just allow some time for event processing on slower platforms
gevent.sleep(2)
# The user should still not be there
self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), False)
# Do it again to check for new roles
response = self.test_app.get(
"/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=" + actor_id
)
self.check_response_headers(response)
self.assertIn(GATEWAY_RESPONSE, response.json["data"])
# Check the contents of the user role cache for this user
self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), True)
role_header = service_gateway_user_role_cache.get(actor_id)
self.assertIn("ION", role_header)
self.assertEqual(len(role_header["ION"]), 1)
self.assertIn("ORG_MEMBER", role_header["ION"])
id_client.delete_actor_identity(actor_id)
def test_user_role_cache(self):
#Create a user
id_client = IdentityManagementServiceClient(node=self.container.node)
actor_id, valid_until, registered = id_client.signon(
USER1_CERTIFICATE, True)
#Make a request with this new user to get it into the cache
response = self.test_app.get(
'/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester='
+ actor_id)
self.check_response_headers(response)
self.assertIn(GATEWAY_RESPONSE, response.json['data'])
#Check the contents of the user role cache for this user
service_gateway_user_cache = self.container.proc_manager.procs_by_name[
'service_gateway'].user_data_cache
self.assertEqual(service_gateway_user_cache.has_key(actor_id), True)
role_header = service_gateway_user_cache.get(actor_id)
self.assertIn('ION', role_header)
self.assertEqual(len(role_header['ION']), 1)
self.assertIn('ORG_MEMBER', role_header['ION'])
org_client = OrgManagementServiceClient(node=self.container.node)
ion_org = org_client.find_org()
manager_role = org_client.find_org_role_by_name(
org_id=ion_org._id, role_name='ORG_MANAGER')
org_client.grant_role(org_id=ion_org._id,
user_id=actor_id,
role_name='ORG_MANAGER')
#Just allow some time for event processing on slower platforms
gevent.sleep(2)
#The user should be evicted from the cache due to a change in roles
self.assertEqual(service_gateway_user_cache.has_key(actor_id), False)
#Do it again to check for new roles
response = self.test_app.get(
'/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester='
+ actor_id)
self.check_response_headers(response)
self.assertIn(GATEWAY_RESPONSE, response.json['data'])
#Check the contents of the user role cache for this user
self.assertEqual(service_gateway_user_cache.has_key(actor_id), True)
role_header = service_gateway_user_cache.get(actor_id)
self.assertIn('ION', role_header)
self.assertEqual(len(role_header['ION']), 2)
self.assertIn('ORG_MEMBER', role_header['ION'])
self.assertIn('ORG_MANAGER', role_header['ION'])
#Now flush the user_role_cache and make sure it was flushed
event_publisher = EventPublisher()
event_publisher.publish_event(event_type=OT.UserRoleCacheResetEvent)
#Just allow some time for event processing on slower platforms
gevent.sleep(2)
self.assertEqual(service_gateway_user_cache.has_key(actor_id), False)
self.assertEqual(service_gateway_user_cache.size(), 0)
#Change the role once again and see if it is there again
org_client.revoke_role(org_id=ion_org._id,
user_id=actor_id,
role_name='ORG_MANAGER')
#Just allow some time for event processing on slower platforms
gevent.sleep(2)
#The user should still not be there
self.assertEqual(service_gateway_user_cache.has_key(actor_id), False)
#Do it again to check for new roles
response = self.test_app.get(
'/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester='
+ actor_id)
self.check_response_headers(response)
self.assertIn(GATEWAY_RESPONSE, response.json['data'])
#Check the contents of the user role cache for this user
self.assertEqual(service_gateway_user_cache.has_key(actor_id), True)
role_header = service_gateway_user_cache.get(actor_id)
self.assertIn('ION', role_header)
self.assertEqual(len(role_header['ION']), 1)
self.assertIn('ORG_MEMBER', role_header['ION'])
id_client.delete_actor_identity(actor_id)
