def refresh_data_access_credentials(freq, ssm_client=None, webserver=False):
"""
Refresh the data access credentials for a particular BATCH USER user and upload them
(encrypted) to the AWS Parameter Store. This enables AWS batch jobs to get the
credentials and thereby access the data access API (DAA).
:param freq: string, one of 'hourly' | 'daily' | 'weekly' | 'monthly' | 'manually'
This is used to know what call the data access credentials on AWS.
"""
# Get or create Researcher with no password. This means that nobody can log in as this
# Researcher in the web interface.
researcher_name = 'BATCH USER {}'.format(freq)
mock_researchers = Researcher.objects.filter(username=researcher_name)
if not mock_researchers.exists():
mock_researcher = Researcher.create_without_password(researcher_name)
else:
mock_researcher = mock_researchers.get()
mock_researcher.save()
# Ensure that the Researcher is attached to all Studies. This allows them to access all
# data via the DAA.
for study in Study.objects.all():
StudyRelation.objects.get_or_create(
study=study,
researcher=mock_researcher,
relationship=ResearcherRole.researcher,
is_batch_user=True,
)
# Reset the credentials. This ensures that they aren't stale.
access_key, secret_key = mock_researcher.reset_access_credentials()
if not webserver:
generic_config = get_generic_config()
else:
generic_config = get_eb_config()
# Append the frequency to the SSM (AWS Systems Manager) names. This ensures that the
# different frequency jobs' keys do not overwrite each other.
access_key_ssm_name = '{}-{}'.format(generic_config['access_key_ssm_name'],
freq)
secret_key_ssm_name = '{}-{}'.format(generic_config['secret_key_ssm_name'],
freq)
# Put the credentials (encrypted) into AWS Parameter Store
if not ssm_client:
ssm_client = get_boto_client('ssm')
ssm_client.put_parameter(
Name=access_key_ssm_name,
Value=access_key,
Type='SecureString',
Overwrite=True,
)
ssm_client.put_parameter(
Name=secret_key_ssm_name,
Value=secret_key,
Type='SecureString',
Overwrite=True,
)
from sys import path
path.insert(0, abspath(__file__).rsplit('/', 2)[0])
import itertools
import requests
from config.constants import ResearcherRole
from pprint import pprint
from data_access_api_reference import download_data
from database.study_models import Study
from database.user_models import Researcher, StudyRelation
try:
test_user = Researcher.objects.get(username="******")
except Researcher.DoesNotExist:
test_user = Researcher.create_without_password("test_user")
download_data.API_URL_BASE = "http://127.0.0.1:8080/"
debugging_study = Study.objects.get(name='debugging study')
download_data.RUNNING_IN_TEST_MODE = True
download_data.SKIP_DOWNLOAD = True
def helper(allowed_on_study, corrupt_access_id, corrupt_secret_key,
researcher_admin, site_admin, batch_user, study_as_object_id,
wrong_access_key, wrong_secret_key, is_test_study,
corrupt_study_object_id):
if not study_as_object_id and corrupt_study_object_id:
# invalid test scenario, skip
return