def test_identity_map_batch_limit(client):
meta1 = load_response(client.get_identities).metadata
meta2 = load_response(client.get_identities, case="sirosen").metadata
# setup the ID map with a size limit of 1
idmap = globus_sdk.IdentityMap(client, id_batch_size=1)
idmap.add(meta2["id"])
idmap.add(meta1["id"])
# no requests yet...
assert len(responses.calls) == 0
# do the first lookup, using the second ID to be added
# only one call should be made
assert idmap[meta1["id"]]["username"] == meta1["username"]
assert len(responses.calls) == 1
# 1 ID left unresolved
assert len(idmap.unresolved_ids) == 1
# the last (only) API call was by ID with one ID
last_req = get_last_request()
assert "usernames" not in last_req.params
assert last_req.params == {"ids": meta1["id"]}
# second lookup works as well
assert idmap[meta2["id"]]["username"] == meta2["username"]
assert len(responses.calls) == 2
# no IDs left unresolved
assert len(idmap.unresolved_ids) == 0
# the last API call was by ID with one ID
last_req = get_last_request()
assert "usernames" not in last_req.params
assert last_req.params == {"ids": meta2["id"]}
def test_identity_map_get_with_default(client):
load_response(client.get_identities, case="sirosen")
magic = object() # sentinel value
idmap = globus_sdk.IdentityMap(client)
# a name which doesn't come back, if looked up with `get()` should return the
# default
assert idmap.get("*****@*****.**", magic) is magic
def test_identity_map_add_after_lookup(client):
meta = load_response(client.get_identities, case="sirosen").metadata
idmap = globus_sdk.IdentityMap(client)
x = idmap[meta["username"]]["id"]
# this is the key: adding it will indicate that we've already seen this ID, perhaps
# "unintuitively", and that's part of the value of `add()` returning a boolean value
assert idmap.add(x) is False
assert idmap[x] == idmap[meta["username"]]
def test_identity_map_get_with_default(client):
register_api_route("auth",
"/v2/api/identities",
body=IDENTITIES_SINGLE_RESPONSE)
magic = object() # sentinel value
idmap = globus_sdk.IdentityMap(client)
# a name which doesn't come back, if looked up with `get()` should return the
# default
assert idmap.get("*****@*****.**", magic) is magic
def test_identity_map_shared_cache_mismatch(client, lookup_style):
meta = load_response(client.get_identities, case="multiple").metadata
lookup1, lookup2 = meta[lookup_style]
cache = {}
idmap1 = globus_sdk.IdentityMap(client, [lookup1, lookup2], cache=cache)
idmap2 = globus_sdk.IdentityMap(client, cache=cache)
# no requests yet...
assert len(responses.calls) == 0
# do the first lookup, it should make one request
assert lookup1 in (idmap1[lookup1]["id"], idmap1[lookup1]["username"])
assert len(responses.calls) == 1
# lookup more values and make sure that "everything matches"
assert lookup2 in (idmap2[lookup2]["id"], idmap2[lookup2]["username"])
assert idmap1[lookup1]["id"] == idmap2[lookup1]["id"]
assert idmap1[lookup2]["id"] == idmap2[lookup2]["id"]
# we've only made one request, because the shared cache captured this info on the
# very first call
assert len(responses.calls) == 1
def test_identity_map_add_after_lookup(client):
register_api_route("auth",
"/v2/api/identities",
body=IDENTITIES_SINGLE_RESPONSE)
idmap = globus_sdk.IdentityMap(client)
x = idmap["*****@*****.**"]["id"]
# this is the key: adding it will indicate that we've already seen this ID, perhaps
# "unintuitively", and that's part of the value of `add()` returning a boolean value
assert idmap.add(x) is False
assert idmap[x] == idmap["*****@*****.**"]
def test_identity_map_del(client):
meta = load_response(client.get_identities).metadata
idmap = globus_sdk.IdentityMap(client)
identity_id = idmap[meta["username"]]["id"]
del idmap[identity_id]
assert idmap.get(meta["username"])["id"] == identity_id
# we've only made one request so far
assert len(responses.calls) == 1
# but a lookup by ID after a del is going to trigger another request because we've
# invalidated the cached ID data and are asking the IDMap to look it up again
assert idmap.get(identity_id)["username"] == meta["username"]
assert len(responses.calls) == 2
def test_identity_map_keyerror(client):
register_api_route("auth",
"/v2/api/identities",
body=IDENTITIES_SINGLE_RESPONSE)
idmap = globus_sdk.IdentityMap(client)
# a name which doesn't come back, indicating that it was not found, will KeyError
with pytest.raises(KeyError):
idmap["*****@*****.**"]
last_req = httpretty.last_request()
assert last_req.querystring["usernames"] == ["*****@*****.**"]
assert last_req.querystring["provision"] == ["false"]
def test_identity_map_keyerror(client):
load_response(client.get_identities, case="sirosen")
idmap = globus_sdk.IdentityMap(client)
# a name which doesn't come back, indicating that it was not found, will KeyError
with pytest.raises(KeyError):
idmap["*****@*****.**"]
last_req = get_last_request()
assert last_req.params == {
"usernames": "*****@*****.**",
"provision": "false"
}
def session_show():
"""List all identities in your current CLI auth session.
Lists identities that are in the session tied to the CLI's access tokens along with
the time the user authenticated with that identity.
"""
# get a token to introspect, refreshing if neccecary
auth_client = internal_auth_client()
try:
auth_client.authorizer._check_expiration_time()
except AttributeError: # if we have no RefreshTokenAuthorizor
pass
access_token = lookup_option(AUTH_AT_OPTNAME)
# only instance clients can introspect tokens
if isinstance(auth_client, globus_sdk.ConfidentialAppAuthClient):
res = auth_client.oauth2_token_introspect(access_token,
include="session_info")
session_info = res.get("session_info", {})
authentications = session_info.get("authentications") or {}
# empty session if still using Native App Client
else:
session_info = {}
authentications = {}
# resolve ids to human readable usernames
resolved_ids = globus_sdk.IdentityMap(get_auth_client(),
list(authentications))
# put the nested dicts in a format table output can work with
# while also converting vals into human readable formats
list_data = [{
"id":
key,
"username":
resolved_ids.get(key, {}).get("username"),
"auth_time":
time.strftime("%Y-%m-%d %H:%M %Z", time.localtime(vals["auth_time"])),
} for key, vals in authentications.items()]
print_command_hint(
"For information on your primary identity or full identity set see\n"
" globus whoami\n")
formatted_print(
list_data,
json_converter=lambda x: session_info,
fields=[("Username", "username"), ("ID", "id"),
("Auth Time", "auth_time")],
)
def test_identity_map_prepopulated_cache(client):
meta = load_response(client.get_identities).metadata
# populate the cache, even with nulls it should stop any lookups from happening
cache = {meta["id"]: None, meta["username"]: None}
idmap = globus_sdk.IdentityMap(client, cache=cache)
# no requests yet...
assert len(responses.calls) == 0
# do the lookups
assert idmap[meta["id"]] is None
assert idmap[meta["username"]] is None
# still no calls made
assert len(responses.calls) == 0
def test_identity_map_shared_cache_match(client, initial_add, lookup1,
lookup2):
meta = load_response(client.get_identities, case="sirosen").metadata
lookup1, lookup2 = meta[lookup1], meta[lookup2]
cache = {}
idmap1 = globus_sdk.IdentityMap(client, cache=cache)
idmap2 = globus_sdk.IdentityMap(client, cache=cache)
if initial_add:
idmap1.add(lookup1)
idmap2.add(lookup2)
# no requests yet...
assert len(responses.calls) == 0
# do the first lookup, it should make one request
assert idmap1[lookup1]["organization"] == meta["org"]
assert len(responses.calls) == 1
# lookup more values and make sure that "everything matches"
assert idmap2[lookup2]["organization"] == meta["org"]
assert idmap1[lookup1]["id"] == idmap2[lookup2]["id"]
assert idmap1[lookup2]["id"] == idmap2[lookup1]["id"]
# we've only made one request, because the shared cache captured this info on the
# very first call
assert len(responses.calls) == 1
def test_identity_map_del(client):
register_api_route("auth",
"/v2/api/identities",
body=IDENTITIES_SINGLE_RESPONSE)
idmap = globus_sdk.IdentityMap(client)
identity_id = idmap["*****@*****.**"]["id"]
del idmap[identity_id]
assert idmap.get("*****@*****.**")["id"] == identity_id
# we've only made one request so far
assert len(responses.calls) == 1
# but a lookup by ID after a del is going to trigger another request because we've
# invalidated the cached ID data and are asking the IDMap to look it up again
assert idmap.get(identity_id)["username"] == "*****@*****.**"
assert len(responses.calls) == 2
def test_identity_map(client):
meta = load_response(client.get_identities, case="sirosen").metadata
idmap = globus_sdk.IdentityMap(client, [meta["username"]])
assert idmap[meta["username"]]["organization"] == meta["org"]
# lookup by ID also works
assert idmap[meta["id"]]["organization"] == meta["org"]
# the last (only) API call was the one by username
last_req = get_last_request()
assert "ids" not in last_req.params
assert last_req.params == {
"usernames": meta["username"],
"provision": "false"
}
def test_identity_map(client):
register_api_route("auth",
"/v2/api/identities",
body=IDENTITIES_SINGLE_RESPONSE)
idmap = globus_sdk.IdentityMap(client, ["*****@*****.**"])
assert idmap["*****@*****.**"]["organization"] == "Globus Team"
# lookup by ID also works
assert (idmap["ae341a98-d274-11e5-b888-dbae3a8ba545"]["organization"] ==
"Globus Team")
# the last (only) API call was the one by username
last_req = httpretty.last_request()
assert "ids" not in last_req.querystring
assert last_req.querystring["usernames"] == ["*****@*****.**"]
assert last_req.querystring["provision"] == ["false"]
def test_identity_map_multiple(client):
meta = load_response(client.get_identities, case="multiple").metadata
idmap = globus_sdk.IdentityMap(client,
["*****@*****.**", "*****@*****.**"])
assert idmap["*****@*****.**"]["organization"] == "Globus Team"
assert idmap["*****@*****.**"]["organization"] is None
last_req = get_last_request()
# order doesn't matter, but it should be just these two
# if IdentityMap doesn't deduplicate correctly, it could send
# `[email protected],[email protected],[email protected]` on the first lookup
assert last_req.params["usernames"].split(",") in [
meta["usernames"],
meta["usernames"][::-1],
]
assert last_req.params["provision"] == "false"
def test_identity_map_multiple(client):
register_api_route("auth", ("/v2/api/identities"),
body=IDENTITIES_MULTIPLE_RESPONSE)
idmap = globus_sdk.IdentityMap(client,
["*****@*****.**", "*****@*****.**"])
assert idmap["*****@*****.**"]["organization"] == "Globus Team"
assert idmap["*****@*****.**"]["organization"] is None
last_req = get_last_request()
# order doesn't matter, but it should be just these two
# if IdentityMap doesn't deduplicate correctly, it could send
# `[email protected],[email protected],[email protected]` on the first lookup
assert last_req.params["usernames"] in [
"[email protected],[email protected]",
"[email protected],[email protected]",
]
assert last_req.params["provision"] == "false"
def test_identity_map_initialization_mixed_and_duplicate_values(client):
# splits things up and deduplicates values into sets
idmap = globus_sdk.IdentityMap(
client,
[
"*****@*****.**",
"ae341a98-d274-11e5-b888-dbae3a8ba545",
"*****@*****.**",
"*****@*****.**",
"*****@*****.**",
"ae341a98-d274-11e5-b888-dbae3a8ba545",
"*****@*****.**",
"ae341a98-d274-11e5-b888-dbae3a8ba545",
],
)
assert idmap.unresolved_ids == {"ae341a98-d274-11e5-b888-dbae3a8ba545"}
assert idmap.unresolved_usernames == {
"*****@*****.**", "*****@*****.**"
}
def test_identity_map_add(client):
idmap = globus_sdk.IdentityMap(client)
assert idmap.add("*****@*****.**") is True
assert idmap.add("*****@*****.**") is False
assert idmap.add("46bd0f56-e24f-11e5-a510-131bef46955c") is True
assert idmap.add("46bd0f56-e24f-11e5-a510-131bef46955c") is False
def test_identity_map_initialization_batch_size(client):
idmap = globus_sdk.IdentityMap(client, id_batch_size=10)
assert idmap.unresolved_ids == set()
assert idmap.unresolved_usernames == set()
assert idmap.id_batch_size == 10
def test_identity_map_initialization_no_values(client):
idmap = globus_sdk.IdentityMap(client)
assert idmap.unresolved_ids == set()
assert idmap.unresolved_usernames == set()
