def test_authorization_allows_updates_with_wildcard_claim( app_context, api_client, valid_organization, valid_dataset): organization_id, organization_node_id = valid_organization dataset_id, dataset_node_id = valid_dataset api_client.get_dataset_response = api.Dataset(id=dataset_node_id, int_id=dataset_id.id, name="foo") claim = Claim.from_claim_type( UserClaim( id=DEFAULT_USER_ID, node_id=DEFAULT_USER_NODE_ID, roles=[ OrganizationRole( id=organization_id, node_id=organization_node_id, role=RoleType.OWNER, ), # token validation should strip any locked field from wildcard claims DatasetRole(id=DatasetId("*"), role=RoleType.EDITOR, locked=True), ], ), TOKEN_EXPIRATION_S, ) sample_update_route( dataset_id=str(dataset_id.id), token_info=claim, organization_id=str(organization_id.id), body={"k": 1}, )
def test_authorization_resolves_dataset_id_from_api_with_wildcard_claim( app_context, api_client, valid_organization, valid_dataset): organization_id, organization_node_id = valid_organization dataset_id, dataset_node_id = valid_dataset api_client.get_dataset_response = api.Dataset(id=dataset_node_id, int_id=dataset_id.id, name="foo") claim = Claim.from_claim_type( UserClaim( id=DEFAULT_USER_ID, node_id=DEFAULT_USER_NODE_ID, roles=[ OrganizationRole( id=organization_id, node_id=organization_node_id, role=RoleType.OWNER, ), DatasetRole(id=DatasetId("*"), role=RoleType.EDITOR), ], ), TOKEN_EXPIRATION_S, ) sample_view_route( dataset_id=dataset_node_id, token_info=claim, organization_id=str(organization_id.id), body={"k": 1}, )(organization_id.id, dataset_id.id)
def service_claim(organization_id, dataset_id, jwt_config: JwtConfig) -> str: data = ServiceClaim(roles=[ OrganizationRole(id=OrganizationId(organization_id), role=RoleType.OWNER), DatasetRole(id=DatasetId(dataset_id), role=RoleType.OWNER), ]) claim = Claim.from_claim_type(data, seconds=30) return to_utf8(claim.encode(jwt_config))
"--jwt_key", type=str, default=os.environ.get("JWT_SECRET_KEY", "test-key"), required=False, ) args = parser.parse_args() claim = Claim.from_claim_type( UserClaim( id=args.user_id, node_id=args.user_node_id, roles=[ OrganizationRole( id=OrganizationId(args.organization_id), node_id=args.organization_node_id, role=RoleType.OWNER, ), DatasetRole( id=DatasetId(args.dataset_id), node_id=args.dataset_node_id, role=RoleType.OWNER, ), ], ), 60 * 60, ) token = claim.encode(JwtConfig(args.jwt_key)) print(token)
def valid_dataset() -> Tuple[DatasetId, str]: return (DatasetId(1), "N:dataset:A-B")
def another_valid_dataset() -> Tuple[DatasetId, str]: return (DatasetId(3), "N:dataset:D-E")
def other_valid_dataset() -> Tuple[DatasetId, str]: return (DatasetId(2), "N:dataset:C-D")