def test_invalid_caps(): # Invalid capabilities req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["capabilities"] = ["hello", "world"] r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["capabilities"] = "temporal" r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_file_server_caps(): body = {"request": [fileresource_id + "/someitem"]} r = consumer.get_token(body) assert r['success'] is False assert r['status_code'] == 403 # Invalid capabilities for file server req = { "user_email": email, "user_role": 'consumer', "item_id": fileresource_id, "item_type": "resourcegroup" } req["capabilities"] = ["temporal", "complex"] r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 # Valid capabilities req["capabilities"] = ["download"] r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200 # token successful r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200
def test_multiple_duplicate_subs(): r = untrusted.provider_access([_req2, _req2]) assert r['success'] == False assert r['status_code'] == 400 r = untrusted.provider_access([_req2, _req]) assert r['success'] == False assert r['status_code'] == 403
def test_token_invalid_rid(): # invalid resource ID global req req["item_id"] = '/aaaaa/sssss/sada/' r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 req["item_id"] = '/aaaaa/sssss' r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_sessionId_multiple_sucess(): #get session id for multiple end points and check if success body = { "apis": [{ "method": "get", "endpoint": "/auth/v1/provider/access" }, { "method": "post", "endpoint": "/auth/v1/provider/access" }] } r = untrusted.get_session_id(body) assert r['success'] is True untrusted.set_user_session_id(fetch_sessionId('*****@*****.**')) r = untrusted.get_provider_access() assert r['success'] is True assert r['status_code'] == 200 resource_group = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) resource_id = provider_id + '/rs.iudx.io/' + resource_group req = { "user_email": email, "user_role": 'consumer', 'capabilities': ['temporal'], "item_id": resource_id, "item_type": "resourcegroup" } r = untrusted.provider_access([req]) assert r['success'] is True assert r['status_code'] == 200
def test_invalid_caps(): # Invalid capabilities global req req["capabilities"] = ["hello", "world"] r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_multiple_complex_sub_success(): global _req # success _req["capabilities"] = ["complex"] r = untrusted.provider_access([_req2, _req]) assert r['success'] == True assert r['status_code'] == 200
def test_get_same_cap_in_set(): # temporal rule already exists global req req["capabilities"] = ['subscription', 'temporal'] r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 403
def test_set_rule_for_invalid_user(): # user does not exist global req req["user_role"] = "onboarder" r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 403
def test_set_delegate_rule(): global req req["user_role"] = "delegate" r = untrusted.provider_access([req]) print(r) assert r['success'] == True assert r['status_code'] == 200
def test_delegate_updating_other_policy(): resource_group = ''.join(random.choice(string.ascii_lowercase) for _ in range(10)) resource_id = provider_id + '/rs.iudx.io/' + resource_group #create policy req = { "user_email": email, "user_role":'consumer', "item_id":resource_id, "item_type":"resourcegroup", "capabilities": ['temporal'], "expiry_time": "2027-01-01T12:00:00Z" } r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200 #get access_id r = untrusted.get_provider_access() assert r['success'] == True assert r['status_code'] == 200 rules = r['response'] #get access_id for set policy for r in rules: if r['email'] == email and r['role'] == 'consumer' and resource_id == r['item']['cat_id']: consumer_id = r['id'] break #set expiry to now assert expire_rule(consumer_id) is True #delegate update expired policy req = { "expiry_time":"2025-01-01T12:00:00Z", "id": consumer_id } r = alt_provider.update_rule([req],"*****@*****.**") assert r['success'] == True assert r['status_code'] == 200
def test_get_complex_cap(): # complex global req req["capabilities"] = ['complex'] r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200
def test_multiple_onb_temporal(): r = untrusted.provider_access( [_req1, _req, { "user_email": remail, "user_role": 'delegate' }]) assert r['success'] == True assert r['status_code'] == 200
def test_get_all_caps(): # try all 3 caps global req req["item_id"] = provider_id + '/rs.example.co.in/' + resource_group req["capabilities"] = ['complex', 'subscription', 'temporal'] r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200
def test_set_ingester_rule(): global req req["user_role"] = "data ingester" req["item_id"] = diresource_id req["item_type"] = "resourcegroup" r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200
def test_invalid_resource_type(): # invalid resource type global req req["user_role"] = "data ingester" req["item_id"] = diresource_id req["item_type"] = "catalogue" r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_set_access_invalid_rid(): # invalid resource ID req = { "user_email": email, "user_role": 'data ingester', "item_id": diresource_id, "item_type": "resourcegroup" } req["item_id"] = '/aaaaa/sssss/sada/' r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 req["item_id"] = '/aaaaa/sssss' r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_multiple_delegates(): # tests with 2 delegates # make consumer a delegate req = {"user_email": email, "user_role": 'delegate'} r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200 resource_group = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) resource_id = provider_id + '/rs.example.com/' + resource_group req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["capabilities"] = ['complex'] r = consumer.provider_access([req], '*****@*****.**') assert r['success'] == True assert r['status_code'] == 200 # cannot update rule set by other provider req["capabilities"] = ['subscription'] r = alt_provider.provider_access([req], '*****@*****.**') assert r['success'] == True assert r['status_code'] == 200 r = consumer.get_provider_access('*****@*****.**') assert r['success'] == True assert r['status_code'] == 200 rules = r['response'] for r in rules: if r['email'] == email and r[ 'role'] == 'consumer' and resource_id == r['item']['cat_id']: consumer_id = r['id'] # delegate can delete other delegate's rule body = {"id": consumer_id} r = alt_provider.delete_rule([body], '*****@*****.**') assert r['success'] == True assert r['status_code'] == 200 # already deleted body = {"id": consumer_id} r = consumer.delete_rule([body], '*****@*****.**') assert r['success'] == False assert r['status_code'] == 403 # delegate cannot delete delegate rule r = consumer.delete_rule([{"id": delegate_id}], '*****@*****.**') assert r['success'] == False assert r['status_code'] == 403
def test_invalid_email(): req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["temporal"] } bad_email = 'a@b.' req['user_email'] = bad_email r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 bad_email = '[email protected]' req['user_email'] = bad_email r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 bad_email = '[email protected]' req['user_email'] = bad_email r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 bad_email = '*****@*****.**' req['user_email'] = bad_email r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400 bad_email = '*****@*****.**' req['user_email'] = bad_email r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_multiple_ingester_consumer(): global _req2, _req _req2["user_role"] = "data ingester" r = untrusted.provider_access([_req2, _req]) assert r['success'] == False assert r['status_code'] == 403 r = untrusted.provider_access([_req2, _req2]) assert r['success'] == False assert r['status_code'] == 400 resource_group = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) resource_id = provider_id + "/rs.example.com/" + resource_group _req["item_id"] = resource_id r = untrusted.provider_access([_req2, _req]) assert r['success'] == True assert r['status_code'] == 200
def test_set_ingester_rule(): req = { "user_email": email, "user_role": 'data ingester', "item_id": diresource_id, "item_type": "resourcegroup" } r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200
def test_multiple_ingester_duplicate(): req = { "user_email": memail, "user_role": 'data ingester', "item_id": resource_id, "item_type": "resourcegroup" } r = untrusted.provider_access([req, req]) assert r['success'] == False assert r['status_code'] == 400
def test_get_complex_cap(): req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["capabilities"] = ['complex'] r = untrusted.provider_access([req]) assert r['success'] == True assert r['status_code'] == 200
def test_invalid_resource_type(): # invalid resource type req = { "user_email": email, "user_role": 'data ingester', "item_id": diresource_id, "item_type": "catalogue" } r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_unauthorized_session(): #session id not valid for endpoint req = { "user_email": email, "user_role": 'consumer', 'capabilities': ['temporal'], "item_id": resource_id, "item_type": "resourcegroup" } r = untrusted.provider_access([req]) assert r['success'] is False assert r['status_code'] == 403
def test_provider_update_rule_set_by_delegate(): # provider can update consumer rule set by delegate req = {"user_email": email, "user_role":'consumer', "item_id":resource_id, "item_type":"resourcegroup"} req["capabilities"] = ['complex', 'subscription']; r = untrusted.provider_access([req], '*****@*****.**') assert r['success'] == True assert r['status_code'] == 200 body = {"request" : [resource_id + "/someitem"]} r = consumer.get_token(body) assert r['success'] is True
def test_consumer_rule_no_caps(): # No capabilities req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 400
def test_set_rule_for_invalid_user(): req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["user_role"] = "onboarder" r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 403
def test_set_existing_rule(): req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["item_id"] = provider_id + '/rs.iudx.org.in/' + resource_group req["capabilities"] = ['complex', 'subscription', 'temporal'] r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 403
def test_get_same_cap_in_set(): # temporal rule already exists req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup" } req["capabilities"] = ['subscription', 'temporal'] r = untrusted.provider_access([req]) assert r['success'] == False assert r['status_code'] == 403