class GroupsTest(unittest.TestCase):
"""Integration test of group management.
"""
def _clean_up(self):
groups = self.service.get_groups_module()
my_groups = groups.get_my_memberships()
if len(my_groups) > 0:
print("Cleaning up " + str(len(my_groups)) + " groups...")
for g in my_groups:
groups.delete_group(g.get_uuid())
def setUp(self):
self.service = Service()
self.assertTrue(self.service.setup_with_test_account())
self.me = "*****@*****.**"
self._clean_up()
def tearDown(self):
self.service.teardown()
self._clean_up()
def test_group_management(self):
groups = self.service.get_groups_module()
group = groups.new_group("name", "description")
self.assertTrue(group.get_uuid() is not None)
self.assertTrue(group.get_name() == "name")
self.assertTrue(group.get_description() == "description")
groups.delete_group(group.get_uuid())
def _get_user_member_ids(self, members):
return [
member.get_id() for member in members
if member.get_type() == "USER"
]
def _get_group_member_ids(self, members):
return [
member.get_id() for member in members
if member.get_type() == "GROUP"
]
def test_membership_management(self):
groups = self.service.get_groups_module()
my_memberships = groups.get_my_memberships()
self.assertTrue(len(my_memberships) == 0)
g1 = groups.new_group("g1", "")
# Current structure:
# me -> g1
my_memberships = groups.get_my_memberships()
self.assertTrue(len(my_memberships) == 1)
self.assertTrue(
g1.get_uuid() in [g.get_uuid() for g in my_memberships])
g1_members = groups.get_group_members(g1.get_uuid())
self.assertTrue(len(self._get_group_member_ids(g1_members)) == 0)
self.assertTrue(len(self._get_user_member_ids(g1_members)) == 1)
self.assertTrue(self.me in self._get_user_member_ids(g1_members))
groups.add_user_to_group("u1", g1.get_uuid())
# Current structure:
# me -> g1
# u1 -> g1
g1_members = groups.get_group_members(g1.get_uuid())
self.assertTrue(len(self._get_group_member_ids(g1_members)) == 0)
self.assertTrue(len(self._get_user_member_ids(g1_members)) == 2)
self.assertTrue(self.me in self._get_user_member_ids(g1_members))
self.assertTrue("u1" in self._get_user_member_ids(g1_members))
g2 = groups.new_group("g2", "")
# Current structure:
# me -> g1
# u1 -> g1
# me -> g2
my_memberships = groups.get_my_memberships()
self.assertTrue(len(my_memberships) == 2)
self.assertTrue(
g1.get_uuid() in [g.get_uuid() for g in my_memberships])
self.assertTrue(
g2.get_uuid() in [g.get_uuid() for g in my_memberships])
g2_members = groups.get_group_members(g2.get_uuid())
self.assertTrue(len(self._get_group_member_ids(g2_members)) == 0)
self.assertTrue(len(self._get_user_member_ids(g2_members)) == 1)
self.assertTrue(self.me in self._get_user_member_ids(g2_members))
groups.add_group_to_group(g1.get_uuid(), g2.get_uuid())
# Current structure:
# me -> g1
# u1 -> g1
# me -> g2
# g1 -> g2
my_memberships = groups.get_my_memberships()
self.assertTrue(len(my_memberships) == 2)
self.assertTrue(
g1.get_uuid() in [g.get_uuid() for g in my_memberships])
# Should not be duplicated, even though I'm in this group two ways.
self.assertTrue(
g2.get_uuid() in [g.get_uuid() for g in my_memberships])
g2_members = groups.get_group_members(g2.get_uuid())
self.assertTrue(len(self._get_group_member_ids(g2_members)) == 1)
# u1 is now a member of g2 transitively through g1. However, members of groups
# are not retrieved recursively, so it won't show up in the list of direct
# members of g2.
self.assertTrue(len(self._get_user_member_ids(g2_members)) == 1)
self.assertTrue(self.me in self._get_user_member_ids(g2_members))
self.assertTrue(
g1.get_uuid() in self._get_group_member_ids(g2_members))
groups.delete_group(g2.get_uuid())
# Current structure:
# me -> g1
# u1 -> g1
my_memberships = groups.get_my_memberships()
self.assertTrue(len(my_memberships) == 1)
self.assertTrue(
g1.get_uuid() in [g.get_uuid() for g in my_memberships])
g1_members = groups.get_group_members(g1.get_uuid())
self.assertTrue(len(self._get_group_member_ids(g1_members)) == 0)
self.assertTrue(len(self._get_user_member_ids(g1_members)) == 2)
self.assertTrue(self.me in self._get_user_member_ids(g1_members))
self.assertTrue("u1" in self._get_user_member_ids(g1_members))
groups.delete_group(g1.get_uuid())
# Current structure:
my_memberships = groups.get_my_memberships()
self.assertTrue(len(my_memberships) == 0)
class PermissionsTest(unittest.TestCase):
"""Integration test of permissions management.
"""
def _clean_up(self):
# Clean up all the groups added as part of this test. This should
# automatically clean up any permissions associated with them.
groups = self.service.get_groups_module()
if len(self.added_groups) > 0:
print("Cleaning up " + str(len(self.added_groups)) + " groups...")
for g in self.added_groups:
try:
groups.delete_group(g.get_uuid())
except RuntimeError:
pass # No big deal. Probably it was already deleted.
def setUp(self):
config = ConfigManager(os.getcwd() +
'/test_adam_config.json').get_config()
self.service = Service(config)
self.assertTrue(self.service.setup())
self.me = "*****@*****.**"
self.added_groups = []
def tearDown(self):
self.service.teardown()
self._clean_up()
def test_permission_management(self):
permissions = self.service.get_permissions_module()
# Create three groups to grant permission to.
groups = self.service.get_groups_module()
group1 = groups.new_group("name1", "description1")
self.added_groups.append(group1)
group2 = groups.new_group("name2", "description2")
self.added_groups.append(group2)
group3 = groups.new_group("name3", "description3")
self.added_groups.append(group3)
# All permissions lists should be empty.
pms = permissions.get_group_permissions(group1.get_uuid())
self.assertEqual(pms, {group1.get_uuid(): []})
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {group2.get_uuid(): []})
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): []})
# I should have permission to all three groups.
pms = permissions.get_my_permissions()
self.assertTrue(
Permission('ADMIN', 'GROUP', group1.get_uuid()) in pms[''])
self.assertTrue(
Permission('ADMIN', 'GROUP', group2.get_uuid()) in pms[''])
self.assertTrue(
Permission('ADMIN', 'GROUP', group3.get_uuid()) in pms[''])
# Add WRITE permission for group1 on group2.
pm1 = Permission('WRITE', 'GROUP', group2.get_uuid())
permissions.grant_group_permission(group1.get_uuid(), pm1)
# group1 should have that permissions listed. Other groups should be unaffected.
pms = permissions.get_group_permissions(group1.get_uuid())
self.assertEqual(pms, {group1.get_uuid(): [pm1]})
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {group2.get_uuid(): []})
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): []})
# Add READ permission for group2 on group3.
pm2 = Permission('READ', 'GROUP', group3.get_uuid())
permissions.grant_group_permission(group2.get_uuid(), pm2)
# That should show up in group2's list.
pms = permissions.get_group_permissions(group1.get_uuid())
self.assertEqual(pms, {group1.get_uuid(): [pm1]})
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {group2.get_uuid(): [pm2]})
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): []})
# Add group1 as a member of group2. Now pm2 should show up transitively in
# group1's list as well.
groups.add_group_to_group(group1.get_uuid(), group2.get_uuid())
pms = permissions.get_group_permissions(group1.get_uuid())
self.assertEqual(pms, {
group1.get_uuid(): [pm1],
group2.get_uuid(): [pm2]
})
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {group2.get_uuid(): [pm2]})
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): []})
# Add group2 to group3 and add ADMIN permission for group3 on group1
# (yes, cycles are OK).
pm3 = Permission('ADMIN', 'GROUP', group1.get_uuid())
permissions.grant_group_permission(group3.get_uuid(), pm3)
groups.add_group_to_group(group2.get_uuid(), group3.get_uuid())
# pm3 should show up for everybody.
pms = permissions.get_group_permissions(group1.get_uuid())
self.assertEqual(
pms, {
group1.get_uuid(): [pm1],
group2.get_uuid(): [pm2],
group3.get_uuid(): [pm3]
})
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {
group2.get_uuid(): [pm2],
group3.get_uuid(): [pm3]
})
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): [pm3]})
# All of these transitive permissions should show up in my permissions.
pms = permissions.get_my_permissions()
self.assertEqual(pms[group1.get_uuid()], [pm1])
self.assertEqual(pms[group2.get_uuid()], [pm2])
self.assertEqual(pms[group3.get_uuid()], [pm3])
# Remove pm3, which should be removed from everybody's lists. The lists should
# still include an item for group3 because membership hasn't changed, just with
# no permissions directly granted.
permissions.revoke_group_permission(group3.get_uuid(), pm3)
pms = permissions.get_group_permissions(group1.get_uuid())
self.assertEqual(
pms, {
group1.get_uuid(): [pm1],
group2.get_uuid(): [pm2],
group3.get_uuid(): []
})
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {
group2.get_uuid(): [pm2],
group3.get_uuid(): []
})
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): []})
pms = permissions.get_my_permissions()
self.assertEqual(pms[group1.get_uuid()], [pm1])
self.assertEqual(pms[group2.get_uuid()], [pm2])
self.assertEqual(pms[group3.get_uuid()], [])
# Delete group1. All permissions (pm1) involving group1 should no longer exist.
groups.delete_group(group1.get_uuid())
pms = permissions.get_group_permissions(group2.get_uuid())
self.assertEqual(pms, {
group2.get_uuid(): [pm2],
group3.get_uuid(): []
}) # It's still in group3
pms = permissions.get_group_permissions(group3.get_uuid())
self.assertEqual(pms, {group3.get_uuid(): []})
pms = permissions.get_my_permissions()
self.assertFalse(group1.get_uuid() in pms)
self.assertEqual(pms[group2.get_uuid()], [pm2])
self.assertEqual(pms[group3.get_uuid()], [])
# Delete group2. This should remove pm2.
groups.delete_group(group2.get_uuid())
pms = permissions.get_my_permissions()
self.assertFalse(group1.get_uuid() in pms)
self.assertFalse(group2.get_uuid() in pms)
self.assertEqual(pms[group3.get_uuid()], [])
# Now grant and revoke a user permission, just to show it doesn't die.
permissions.grant_user_permission(
"u1", Permission('READ', 'GROUP', group3.get_uuid()))
permissions.revoke_user_permission(
"u1", Permission('READ', 'GROUP', group3.get_uuid()))
groups.delete_group(group3.get_uuid())
def test_permission_mismanagement(self):
permissions = self.service.get_permissions_module()
# Target object does not exist.
with self.assertRaises(RuntimeError):
permissions.grant_user_permission(
'u1', Permission('READ', 'GROUP', 'wat this is not a group'))
groups = self.service.get_groups_module()
group1 = groups.new_group("name1", "description1")
self.added_groups.append(group1)
# Recipient of permission does not exist.
with self.assertRaises(RuntimeError):
permissions.grant_group_permission(
'g1', Permission('READ', 'GROUP', group1.get_uuid()))
# Target does not exist.
with self.assertRaises(RuntimeError):
permissions.grant_group_permission(
group1.get_uuid(),
Permission('READ', 'GROUP', 'wat this is not a group'))
# Finally this works.
permissions.grant_group_permission(
group1.get_uuid(), Permission('READ', 'GROUP', group1.get_uuid()))
# Unable to check authorization (target does not exist).
with self.assertRaises(RuntimeError):
permissions.revoke_user_permission(
"u1", Permission('READ', 'GROUP', 'wat this is not a group'))
with self.assertRaises(RuntimeError):
permissions.revoke_group_permission(
group1.get_uuid(),
Permission('READ', 'GROUP', 'wat this is not a group'))
# But this is fine. Deleting something that doesn't exist.
permissions.revoke_group_permission(
'not a group', Permission('READ', 'GROUP', group1.get_uuid()))
# Can't inspect nonexistent things either.
with self.assertRaises(RuntimeError):
permissions.get_group_permissions('not a group')
# Not permitted to inspect other users.
with self.assertRaises(RuntimeError):
permissions.get_my_permissions(
user_superuser_only="some other user")
groups.delete_group(group1.get_uuid())
class AnonymousTest(unittest.TestCase):
"""Tests anonymous access to API.
"""
def setUp(self):
self.config = ConfigManager(os.getcwd() +
'/test_config.json').get_config()
self.config.set_token("")
self.service = Service(self.config)
self.assertTrue(self.service.setup())
def tearDown(self):
self.service.teardown()
def test_access(self):
projects_module = self.service.get_projects_module()
permissions_module = self.service.get_permissions_module()
groups_module = self.service.get_groups_module()
# Only prod has a public project.
projects = projects_module.get_projects()
if self.config.get_environment() == "prod":
self.assertEqual(1, len(projects))
self.assertEqual("public", projects[0].get_name())
else:
self.assertEqual(0, len(projects))
print("Skipping check for public objects.")
# Can't add a project to public project.
public_project = "00000000-0000-0000-0000-000000000001"
with (self.assertRaises(RuntimeError)):
projects_module.new_project(public_project, "", "")
# Can't run a batch in the public project.
batches_module = self.service.get_batches_module()
dummy_propagation_params = PropagationParams({
'start_time': 'AAA',
'end_time': 'BBB',
'project_uuid': 'CCC'
})
dummy_opm_params = OpmParams({
'epoch': 'DDD',
'state_vector': [1, 2, 3, 4, 5, 6]
})
with (self.assertRaises(RuntimeError)):
batches_module.new_batch(dummy_propagation_params,
dummy_opm_params)
# Anon should have no permissions.
permissions = permissions_module.get_my_permissions()
self.assertEqual(1, len(permissions))
self.assertEqual(0, len(permissions[""]))
# And anon is in no groups.
groups = groups_module.get_my_memberships()
self.assertEqual(0, len(groups))
# Therefore anon can grant no permissions.
with (self.assertRaises(RuntimeError)):
permissions_module.grant_user_permission(
"*****@*****.**", Permission("READ", "PROJECT",
public_project))
# And can add/modify no groups.
with (self.assertRaises(RuntimeError)):
groups_module.new_group("", "")
all_group = "00000000-0000-0000-0000-000000000001"
with (self.assertRaises(RuntimeError)):
groups_module.add_user_to_group("*****@*****.**", all_group)
# Not even allowed to see the members of the magic all group.
with (self.assertRaises(RuntimeError)):
groups_module.get_group_members(all_group)
class AnonymousTest(unittest.TestCase):
"""Tests anonymous access to API.
"""
def setUp(self):
cwd = os.getcwd()
#print("Current working dir: ", cwd)
cwd_str = str(cwd).split("/")
#print(cwd_str)
#print("length of cwd_str = ", len(cwd_str))
#matching = [s for s in cwd_str if "travis" in s]
#print(matching)
#Current working dir: /home/travis/build/RookinsAndBear/TestingTravisCI/adam_home
os.chdir("..")
#testdir = os.getcwd()
#print("Test directory (go up 1 level): ", testdir)
#Test directory (go up 1 level): /home/travis/build/RookinsAndBear/TestingTravisCI
#print(sys.path)
#self.config = ConfigManager(os.getcwd() + '/test_adam_config.json').get_config()
#config_env_token = ConfigManager(os.getcwd() + '/test_adam_config.json').get_config()
#print(config_env_token)
if len(cwd_str) > 4:
# TRAVIS CI option
if cwd_str[1] == "home" and cwd_str[2] == "travis" and cwd_str[
3] == "build":
self.config = ConfigManager(
os.getcwd() + '/adam_home/config/adam_config_template.json'
).get_config()
print(
"home/travis/build found in root dir - USE JSON TEMPLATE")
#self.config = ConfigManager(None).get_config()
self.config.set_token("")
self.service = Service(self.config)
self.assertTrue(self.service.setup())
else:
self.config = ConfigManager(
os.getcwd() + '/adam_test_config.json').get_config()
# next line used for testing Travis output with decrypted json info.
#self.config = ConfigManager(os.getcwd() + '/test_adam_config.json').read_config(os.getcwd() + '/test_adam_config.json')
self.config.set_token("")
self.service = Service(self.config)
self.assertTrue(self.service.setup())
else:
# PERSONAL WORKSTATION option
self.config = ConfigManager(os.getcwd() +
'/test_config.json').get_config()
# next line used for testing Travis output with decrypted json info.
#self.config = ConfigManager(os.getcwd() + '/test_adam_config.json').read_config(os.getcwd() + '/test_adam_config.json')
self.config.set_token("")
self.service = Service(self.config)
self.assertTrue(self.service.setup())
def tearDown(self):
self.service.teardown()
def test_access(self):
projects_module = self.service.get_projects_module()
permissions_module = self.service.get_permissions_module()
groups_module = self.service.get_groups_module()
projects = projects_module.get_projects()
self.assertEqual(1, len(projects))
self.assertEqual("public", projects[0].get_name())
# Can't add a project to public project.
public_project = "00000000-0000-0000-0000-000000000001"
with (self.assertRaises(RuntimeError)):
projects_module.new_project(public_project, "", "")
# Can't run a batch in the public project.
batches_module = self.service.get_batches_module()
dummy_propagation_params = PropagationParams({
'start_time': 'AAA',
'end_time': 'BBB',
'project_uuid': 'CCC'
})
dummy_opm_params = OpmParams({
'epoch': 'DDD',
'state_vector': [1, 2, 3, 4, 5, 6]
})
with (self.assertRaises(RuntimeError)):
batches_module.new_batch(dummy_propagation_params,
dummy_opm_params)
# Anon should have no permissions.
permissions = permissions_module.get_my_permissions()
self.assertEqual(1, len(permissions))
self.assertEqual(0, len(permissions[""]))
# And anon is in no groups.
groups = groups_module.get_my_memberships()
self.assertEqual(0, len(groups))
# Therefore anon can grant no permissions.
with (self.assertRaises(RuntimeError)):
permissions_module.grant_user_permission(
"*****@*****.**", Permission("READ", "PROJECT",
public_project))
# And can add/modify no groups.
with (self.assertRaises(RuntimeError)):
groups_module.new_group("", "")
all_group = "00000000-0000-0000-0000-000000000001"
with (self.assertRaises(RuntimeError)):
groups_module.add_user_to_group("*****@*****.**", all_group)
# Not even allowed to see the members of the magic all group.
with (self.assertRaises(RuntimeError)):
groups_module.get_group_members(all_group)