def test_expire_delegate_policy():
#get all rules
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
#try to update expiry of policy that has not expired
req = {
"id": delegate_id,
"expiry_time":"2023-01-01T12:00:00Z"
}
r = untrusted.update_rule([req])
assert r['success'] == False
assert r['status_code'] == 400
#expire rule
assert expire_rule(delegate_id) is True
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
#updating policy using other delegate
r = consumer.update_rule([req],'*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
#update expiry for rule
r = untrusted.update_rule([req])
assert r['success'] == True
assert r['status_code'] == 200
def test_deleted_delegate():
# provider deletes delegate
global consumer_id
r = untrusted.delete_rule([{"id": delegate_id}])
assert r['success'] == True
assert r['status_code'] == 200
# deleted delegate cannot do anything
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ['complex']
r = alt_provider.provider_access([req], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
body = {"id": consumer_id}
r = alt_provider.delete_rule([body], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
def test_delegate_flow():
#check success flow for delegate and fails sessionId used with provider
body = {
"apis": [{
"method": "get",
"endpoint": "/auth/v1/provider/access"
}]
}
r = alt_provider.get_session_id(body)
assert r['success'] is True
assert r['status_code'] == 200
alt_provider.set_user_session_id(fetch_sessionId(delegate_email))
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] is True
assert r['status_code'] == 200
# using delegates session ID for provider
untrusted.set_user_session_id(fetch_sessionId(delegate_email))
r = untrusted.get_provider_access(None)
assert r['success'] is False
assert r['status_code'] == 403
def test_delegate_get_all_rules():
# test getting all access rules
global consumer_id, onboarder_id, ingester_id, delegate_id, provider_set_consumer_id
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
check_con = False
check_onb = False
check_dti = False
check_del = False
for r in rules:
if r['email'] == email and r[
'role'] == 'consumer' and resource_id == r['item']['cat_id']:
consumer_id = r['id']
assert set(r['capabilities']).issubset(
set(['temporal', 'subscription', 'complex']))
assert len(r['capabilities']) <= 3 and len(r['capabilities']) >= 1
check_con = True
if r['email'] == email and r[
'role'] == 'consumer' and pr_resource_id == r['item']['cat_id']:
provider_set_consumer_id = r['id']
if r['email'] == email and r['role'] == 'onboarder':
onboarder_id = r['id']
assert r['item_type'] == 'catalogue'
check_onb = True
if r['email'] == email and r[
'role'] == 'data ingester' and diresource_id == r['item'][
'cat_id']:
ingester_id = r['id']
assert r['policy'].endswith('"/iudx/v1/adapter"')
check_dti = True
if r['email'] == delegate_email and r['role'] == 'delegate':
delegate_id = r['id']
assert r['item_type'] == 'delegate'
check_del = True
assert check_con == True
assert check_onb == True
assert check_dti == True
assert check_del == True
def test_incorrect_user():
#using sessionId by one user to check if it fails when used by any other user
body = {
"apis": [{
"method": "post",
"endpoint": "/auth/v1/provider/access"
}]
}
r = untrusted.get_session_id(body)
assert r['success'] is True
untrusted.set_user_session_id(fetch_sessionId('*****@*****.**'))
req = {"user_email": delegate_email, "user_role": 'delegate'}
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
alt_provider.set_user_session_id(fetch_sessionId('*****@*****.**'))
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] is False
assert r['status_code'] == 403
# without adapter API
body = {"id": diresource_id + "/someitem", "api": "/iudx/v1/adapter"}
r = consumer.get_token(body)
assert r['success'] is True
# delegate cannot set delegate rule
req = {"user_email": email, "user_role": 'delegate'}
r = alt_provider.provider_access([req], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
# test getting all access rules
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
check_con = False
check_onb = False
check_dti = False
check_del = False
for r in rules:
if r['email'] == email and r['role'] == 'consumer' and resource_id == r[
'item']['cat_id']:
consumer_id = r['id']
assert set(r['capabilities']).issubset(
set(['temporal', 'subscription', 'complex']))