class TestIdentityManagementServiceInt(IonIntegrationTestCase): def setUp(self): self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254" # Start container self._start_container() self.container.start_rel_from_url('res/deploy/r2deploy.yml') self.resource_registry = ResourceRegistryServiceClient(node=self.container.node) self.identity_management_service = IdentityManagementServiceClient(node=self.container.node) self.org_client = OrgManagementServiceClient(node=self.container.node) def test_actor_identity(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity(actor_identity_obj) actor_identity = self.identity_management_service.read_actor_identity(user_id) actor_identity.name = 'Updated subject' self.identity_management_service.update_actor_identity(actor_identity) ai = self.identity_management_service.find_actor_identity_by_name(actor_identity.name) self._baseAssertEqual(ai.name, actor_identity.name) with self.assertRaises(NotFound): ai = self.identity_management_service.find_actor_identity_by_name("Yeah, well, you know, that's just, like, your opinion, man.") self._baseAssertEqual(ai.name, actor_identity.name) self.identity_management_service.delete_actor_identity(user_id) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) def test_user_credentials(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity(actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials(user_id, user_credentials_obj) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials("bad", self.subject) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials(user_id, "bad") self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials('bad', 'bad') self.assertTrue("does not exist" in cm.exception.message) self.identity_management_service.unregister_user_credentials(user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_user_info(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity(actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials(user_id, user_credentials_obj) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) user_info = self.identity_management_service.create_user_info(user_id, user_info_obj) with self.assertRaises(Conflict) as cm: self.identity_management_service.create_user_info(user_id, user_info_obj) self.assertTrue("UserInfo already exists for user id" in cm.exception.message) user_info_obj = self.identity_management_service.find_user_info_by_id(user_id) user_info_obj = self.identity_management_service.find_user_info_by_name("Foo") user_info_obj = self.identity_management_service.find_user_info_by_subject(self.subject) user_info_obj = self.identity_management_service.read_user_info(user_info) user_info_obj.name = 'Jane Doe' self.identity_management_service.update_user_info(user_info_obj) self.identity_management_service.delete_user_info(user_info) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_name("John Doe") self.assertEqual(cm.exception.message, 'UserInfo with name John Doe does not exist') with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_subject("Bogus subject") self.assertEqual(cm.exception.message, "UserCredentials with subject Bogus subject does not exist") self.identity_management_service.unregister_user_credentials(user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_signon(self): certificate = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2 WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq 7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b 2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4 dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+ 6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0 cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5 CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ= -----END CERTIFICATE-----""" id, valid_until, registered = self.identity_management_service.signon(certificate, True) self.assertFalse(registered) id2, valid_until2, registered2 = self.identity_management_service.signon(certificate, True) self.assertFalse(registered2) self.assertTrue(id == id2) self.assertTrue(valid_until == valid_until2) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) self.identity_management_service.create_user_info(id, user_info_obj) id3, valid_until3, registered3 = self.identity_management_service.signon(certificate, True) self.assertTrue(registered3) self.assertTrue(id == id3) self.assertTrue(valid_until == valid_until3) @attr('EXT') def test_get_extended_user_identity(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) actor_id = self.identity_management_service.create_actor_identity(actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials(actor_id, user_credentials_obj) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) user_info_id = self.identity_management_service.create_user_info(actor_id, user_info_obj) ion_org = self.org_client.find_org() #Build the Service Agreement Proposal to to request a role but never close it sap = IonObject(OT.RequestRoleProposal,consumer=actor_id, provider=ion_org._id, role_name=ORG_MANAGER_ROLE ) sap_response = self.org_client.negotiate(sap) #Just grant the role anyway #self.org_client.grant_role(ion_org._id, actor_id, ORG_MANAGER_ROLE) with self.assertRaises(NotFound): self.identity_management_service.get_user_info_extension('That rug really tied the room together.') with self.assertRaises(BadRequest): self.identity_management_service.get_user_info_extension() #Check the user without the negotiation role request extended_user = self.identity_management_service.get_user_info_extension(user_info_id, org_id=ion_org._id) self.assertEqual(user_info_obj.type_,extended_user.resource.type_) self.assertEqual(len(extended_user.roles),1) self.assertEqual(len(extended_user.open_requests),1) self.assertEqual(extended_user.open_requests[0].org_id, ion_org._id) self.assertEqual(extended_user.open_requests[0].user_id, user_info_id) self.assertEqual(extended_user.open_requests[0].request_type, OT.RequestRoleProposal) self.assertEqual(len(extended_user.closed_requests),0) self.assertEqual(extended_user.open_requests[0]._id, extended_user.open_requests[0].negotiation_id) neg = self.resource_registry.read(object_id=extended_user.open_requests[0].negotiation_id) sap_response = Negotiation.create_counter_proposal(neg, ProposalStatusEnum.ACCEPTED, ProposalOriginatorEnum.PROVIDER) sap_response2 = self.org_client.negotiate(sap_response) #Now check the user after the negotiation has been accepted and the role granted extended_user = self.identity_management_service.get_user_info_extension(user_info_id, org_id=ion_org._id) self.assertEqual(user_info_obj.type_,extended_user.resource.type_) self.assertEqual(len(extended_user.roles),2) self.assertEqual(len(extended_user.open_requests),0) self.assertEqual(len(extended_user.closed_requests),1) self.assertEqual(extended_user.closed_requests[0].org_id, ion_org._id) self.assertEqual(extended_user.closed_requests[0].user_id, user_info_id) self.assertEqual(extended_user.closed_requests[0].request_type, OT.RequestRoleProposal) self.identity_management_service.delete_user_info(user_info_id) self.org_client.revoke_role(org_id=ion_org._id, actor_id=actor_id, role_name=ORG_MANAGER_ROLE) self.identity_management_service.unregister_user_credentials(actor_id, self.subject) self.identity_management_service.delete_actor_identity(actor_id) def test_account_merge(self): certificate = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2 WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq 7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b 2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4 dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+ 6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0 cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5 CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ= -----END CERTIFICATE-----""" subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254" certificate_2 = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDAJ/lMA0GCSqGSIb3DQEBCwUAMGsxEzARBgoJkiaJk/IsZAEZFgNvcmcx FzAVBgoJkiaJk/IsZAEZFgdjaWxvZ29uMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ0lMb2dvbjEc MBoGA1UEAxMTQ0lMb2dvbiBPcGVuSUQgQ0EgMTAeFw0xMjEwMTcwMDE2NDlaFw0xMjEwMTcxMjIx NDlaMGkxEzARBgoJkiaJk/IsZAEZEwNvcmcxFzAVBgoJkiaJk/IsZAEZEwdjaWxvZ29uMQswCQYD VQQGEwJVUzEPMA0GA1UEChMGR29vZ2xlMRswGQYDVQQDExJPd2VuIE93bmVycmVwIEE4OTMwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYLdpgg88sntivH+af4oamlp7blsUQcCQ5Yc/b VDP/dwEKfxTcW36tMV3asLO7GcL7z4FESG761LAe86siT9rcwg2ttLkRjI9KeA3sFjC28N8XjKZ1 estCqG3odqw2pjo3VEFaU57219vIYMJhjmHKEgSnlMQeChMYun/sYIO5uNFba9BfiB6/PRS+bgee cXRsIAm1vkB89AHdEjqdvH0uSN+jGjF6aAPXsESh70DUAHzs14lbFAomig7AZafT+weh0G5pnayC lutVnhb9SyS3s1+A6kx8z9mkDUwY/NKXisuDeXa+WbRVq51D+Lc7ffOI+Ph+ynyfFGMcCBzbMADX AgMBAAGjgeEwgd4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwGAYDVR0gBBEwDzANBgsrBgEEAYKRNgEDAzBsBgNVHR8EZTBjMC+gLaArhilodHRwOi8v Y3JsLmNpbG9nb24ub3JnL2NpbG9nb24tb3BlbmlkLmNybDAwoC6gLIYqaHR0cDovL2NybC5kb2Vn cmlkcy5vcmcvY2lsb2dvbi1vcGVuaWQuY3JsMCEGA1UdEQQaMBiBFm93ZW5vd25lcnJlcEBnbWFp bC5jb20wDQYJKoZIhvcNAQELBQADggEBAHWd6ZOjSmJyOUyyLgZAPJpkSuk7DT5mFRhszJhfTGnu gANHRIJZMs5e/LCMypE+ftxb8mnhAE+kURA2DmeucazHUDP5oYofU+8KMYqcNKnPpLnuiw+bCJPa 3BDxrYoi+vVislHb0U+QDjVYtUtQ2b1/Xhv8ShH89O9i65bbOq+sqez6z2AD9RWOEwRwpQLc9D65 9lkrsKGmJtuG8q3NTpZ1DSuaLOtn0QqttdmCg3pu5edRtgdpGadaSGR4s222JasV439bSTL8Z0Ug HtjSclGqi8IBmvRkTZI61zTVbGdOKMP90LV1p8noJVLRkZpWRjLxI5xy9El8daAWMdjfrSc= -----END CERTIFICATE-----""" subject_2 = "/DC=org/DC=cilogon/C=US/O=Google/CN=Owen Ownerrep A893" # Try to merge with nonexistent email account with self.assertRaises(NotFound): self.identity_management_service.initiate_account_merge("*****@*****.**") with self.assertRaises(BadRequest): self.identity_management_service.initiate_account_merge() # Create two users id, valid_until, registered = self.identity_management_service.signon(certificate, True) self.assertFalse(registered) id_2, valid_until_2, registered_2 = self.identity_management_service.signon(certificate_2, True) self.assertFalse(registered_2) # Validate the two accounts are different self.assertNotEqual(id, id_2, "The two accounts should have two different user id") # Create UserInfo contact_info_obj = IonObject("ContactInformation",{"email": "*****@*****.**"}) user_info_obj = IonObject("UserInfo", {"name": "Dude", "contact": contact_info_obj}) user_info_id = self.identity_management_service.create_user_info(id, user_info_obj) contact_info_obj_2 = IonObject("ContactInformation",{"email": "*****@*****.**"}) user_info_obj_2 = IonObject("UserInfo", {"name": "theDude", "contact": contact_info_obj_2}) user_info_id_2 = self.identity_management_service.create_user_info(id_2, user_info_obj_2) # Make sure the two users are registered id, valid_until, registered = self.identity_management_service.signon(certificate, True) self.assertTrue(registered) id_2, valid_until_2, registered_2 = self.identity_management_service.signon(certificate_2, True) self.assertTrue(registered_2) token = self.identity_management_service.initiate_account_merge("*****@*****.**", headers={'ion-actor-id':id}) # Try merging accounts with invalid token string with self.assertRaises(NotFound): self.identity_management_service.complete_account_merge(token_string="0xBeeF", headers={'ion-actor-id':id}) with self.assertRaises(BadRequest): self.identity_management_service.complete_account_merge() # Try merging accounts with a different user # Since this user hasn't initiated account merge, the token doesn't exist in his/her UserInfo with self.assertRaises(NotFound): self.identity_management_service.complete_account_merge(token, headers={'ion-actor-id':id_2}) self.identity_management_service.complete_account_merge(token, headers={'ion-actor-id':id}) # Try merging the account again with self.assertRaises(BadRequest): self.identity_management_service.complete_account_merge(token, headers={'ion-actor-id':id}) # Signon again and verify the two accounts have been merged id, valid_until, registered = self.identity_management_service.signon(certificate, True) self.assertTrue(registered) id_2, valid_until_2, registered_2 = self.identity_management_service.signon(certificate_2, True) self.assertTrue(registered_2) # Validate the two accounts are the same self.assertEqual(id, id_2, "The two accounts should have the same id") # Try to merge to your own account with self.assertRaises(BadRequest): token = self.identity_management_service.initiate_account_merge("*****@*****.**", headers={'ion-actor-id':id}) # Done testing. Delete user self.identity_management_service.delete_user_info(user_info_id) self.identity_management_service.unregister_user_credentials(id, subject) self.identity_management_service.delete_actor_identity(id)
class TestIdentityManagementServiceInt(IonIntegrationTestCase): def setUp(self): self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254" # Start container self._start_container() self.container.start_rel_from_url('res/deploy/r2coi.yml') self.identity_management_service = IdentityManagementServiceClient(node=self.container.node) def test_actor_identity(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity(actor_identity_obj) actor_identity = self.identity_management_service.read_actor_identity(user_id) actor_identity.name = 'Updated subject' self.identity_management_service.update_actor_identity(actor_identity) self.identity_management_service.delete_actor_identity(user_id) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) def test_user_credentials(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity(actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials(user_id, user_credentials_obj) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials("bad", self.subject) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials(user_id, "bad") self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials('bad', 'bad') self.assertTrue("does not exist" in cm.exception.message) self.identity_management_service.unregister_user_credentials(user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_user_info(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity(actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials(user_id, user_credentials_obj) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) user_info = self.identity_management_service.create_user_info(user_id, user_info_obj) with self.assertRaises(Conflict) as cm: self.identity_management_service.create_user_info(user_id, user_info_obj) self.assertTrue("UserInfo already exists for user id" in cm.exception.message) user_info_obj = self.identity_management_service.find_user_info_by_id(user_id) user_info_obj = self.identity_management_service.find_user_info_by_name("Foo") user_info_obj = self.identity_management_service.find_user_info_by_subject(self.subject) user_info_obj = self.identity_management_service.read_user_info(user_info) user_info_obj.name = 'Jane Doe' self.identity_management_service.update_user_info(user_info_obj) self.identity_management_service.delete_user_info(user_info) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_name("John Doe") self.assertEqual(cm.exception.message, 'UserInfo with name John Doe does not exist') with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_subject("Bogus subject") self.assertEqual(cm.exception.message, "UserCredentials with subject Bogus subject does not exist") self.identity_management_service.unregister_user_credentials(user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_signon(self): certificate = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2 WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq 7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b 2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4 dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+ 6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0 cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5 CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ= -----END CERTIFICATE-----""" id, valid_until, registered = self.identity_management_service.signon(certificate, True) self.assertFalse(registered) id2, valid_until2, registered2 = self.identity_management_service.signon(certificate, True) self.assertFalse(registered2) self.assertTrue(id == id2) self.assertTrue(valid_until == valid_until2) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) self.identity_management_service.create_user_info(id, user_info_obj) id3, valid_until3, registered3 = self.identity_management_service.signon(certificate, True) self.assertTrue(registered3) self.assertTrue(id == id3) self.assertTrue(valid_until == valid_until3)
class TestIdentityManagementServiceInt(IonIntegrationTestCase): def setUp(self): self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254" # Start container self._start_container() self.container.start_rel_from_url('res/deploy/r2deploy.yml') self.resource_registry = ResourceRegistryServiceClient( node=self.container.node) self.identity_management_service = IdentityManagementServiceClient( node=self.container.node) self.org_client = OrgManagementServiceClient(node=self.container.node) def test_actor_identity(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity( actor_identity_obj) actor_identity = self.identity_management_service.read_actor_identity( user_id) actor_identity.name = 'Updated subject' self.identity_management_service.update_actor_identity(actor_identity) ai = self.identity_management_service.find_actor_identity_by_name( actor_identity.name) self._baseAssertEqual(ai.name, actor_identity.name) with self.assertRaises(NotFound): ai = self.identity_management_service.find_actor_identity_by_name( "Yeah, well, you know, that's just, like, your opinion, man.") self._baseAssertEqual(ai.name, actor_identity.name) self.identity_management_service.delete_actor_identity(user_id) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) def test_user_credentials(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity( actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials( user_id, user_credentials_obj) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials( "bad", self.subject) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials( user_id, "bad") self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials( 'bad', 'bad') self.assertTrue("does not exist" in cm.exception.message) self.identity_management_service.unregister_user_credentials( user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_user_info(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity( actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials( user_id, user_credentials_obj) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) user_info = self.identity_management_service.create_user_info( user_id, user_info_obj) with self.assertRaises(Conflict) as cm: self.identity_management_service.create_user_info( user_id, user_info_obj) self.assertTrue( "UserInfo already exists for user id" in cm.exception.message) user_info_obj = self.identity_management_service.find_user_info_by_id( user_id) user_info_obj = self.identity_management_service.find_user_info_by_name( "Foo") user_info_obj = self.identity_management_service.find_user_info_by_subject( self.subject) user_info_obj = self.identity_management_service.read_user_info( user_info) user_info_obj.name = 'Jane Doe' self.identity_management_service.update_user_info(user_info_obj) self.identity_management_service.delete_user_info(user_info) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_name("John Doe") self.assertEqual(cm.exception.message, 'UserInfo with name John Doe does not exist') with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_subject( "Bogus subject") self.assertEqual( cm.exception.message, "UserCredentials with subject Bogus subject does not exist") self.identity_management_service.unregister_user_credentials( user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_signon(self): certificate = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2 WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq 7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b 2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4 dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+ 6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0 cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5 CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ= -----END CERTIFICATE-----""" id, valid_until, registered = self.identity_management_service.signon( certificate, True) self.assertFalse(registered) id2, valid_until2, registered2 = self.identity_management_service.signon( certificate, True) self.assertFalse(registered2) self.assertTrue(id == id2) self.assertTrue(valid_until == valid_until2) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) self.identity_management_service.create_user_info(id, user_info_obj) id3, valid_until3, registered3 = self.identity_management_service.signon( certificate, True) self.assertTrue(registered3) self.assertTrue(id == id3) self.assertTrue(valid_until == valid_until3) @attr('EXT') def test_get_extended_user_identity(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) actor_id = self.identity_management_service.create_actor_identity( actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials( actor_id, user_credentials_obj) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) user_info_id = self.identity_management_service.create_user_info( actor_id, user_info_obj) ion_org = self.org_client.find_org() #Build the Service Agreement Proposal to to request a role but never close it sap = IonObject(OT.RequestRoleProposal, consumer=actor_id, provider=ion_org._id, role_name=ORG_MANAGER_ROLE) sap_response = self.org_client.negotiate(sap) #Just grant the role anyway #self.org_client.grant_role(ion_org._id, actor_id, ORG_MANAGER_ROLE) with self.assertRaises(NotFound): self.identity_management_service.get_user_info_extension( 'That rug really tied the room together.') with self.assertRaises(BadRequest): self.identity_management_service.get_user_info_extension() #Check the user without the negotiation role request extended_user = self.identity_management_service.get_user_info_extension( user_info_id, org_id=ion_org._id) self.assertEqual(user_info_obj.type_, extended_user.resource.type_) self.assertEqual(len(extended_user.roles), 1) self.assertEqual(len(extended_user.open_requests), 1) self.assertEqual(extended_user.open_requests[0].org_id, ion_org._id) self.assertEqual(extended_user.open_requests[0].user_id, user_info_id) self.assertEqual(extended_user.open_requests[0].request_type, OT.RequestRoleProposal) self.assertEqual(len(extended_user.closed_requests), 0) self.assertEqual(extended_user.open_requests[0]._id, extended_user.open_requests[0].negotiation_id) neg = self.resource_registry.read( object_id=extended_user.open_requests[0].negotiation_id) sap_response = Negotiation.create_counter_proposal( neg, ProposalStatusEnum.ACCEPTED, ProposalOriginatorEnum.PROVIDER) sap_response2 = self.org_client.negotiate(sap_response) #Now check the user after the negotiation has been accepted and the role granted extended_user = self.identity_management_service.get_user_info_extension( user_info_id, org_id=ion_org._id) self.assertEqual(user_info_obj.type_, extended_user.resource.type_) self.assertEqual(len(extended_user.roles), 2) self.assertEqual(len(extended_user.open_requests), 0) self.assertEqual(len(extended_user.closed_requests), 1) self.assertEqual(extended_user.closed_requests[0].org_id, ion_org._id) self.assertEqual(extended_user.closed_requests[0].user_id, user_info_id) self.assertEqual(extended_user.closed_requests[0].request_type, OT.RequestRoleProposal) self.identity_management_service.delete_user_info(user_info_id) self.org_client.revoke_role(org_id=ion_org._id, actor_id=actor_id, role_name=ORG_MANAGER_ROLE) self.identity_management_service.unregister_user_credentials( actor_id, self.subject) self.identity_management_service.delete_actor_identity(actor_id) def test_account_merge(self): certificate = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2 WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq 7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b 2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4 dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+ 6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0 cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5 CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ= -----END CERTIFICATE-----""" subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254" certificate_2 = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDAJ/lMA0GCSqGSIb3DQEBCwUAMGsxEzARBgoJkiaJk/IsZAEZFgNvcmcx FzAVBgoJkiaJk/IsZAEZFgdjaWxvZ29uMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ0lMb2dvbjEc MBoGA1UEAxMTQ0lMb2dvbiBPcGVuSUQgQ0EgMTAeFw0xMjEwMTcwMDE2NDlaFw0xMjEwMTcxMjIx NDlaMGkxEzARBgoJkiaJk/IsZAEZEwNvcmcxFzAVBgoJkiaJk/IsZAEZEwdjaWxvZ29uMQswCQYD VQQGEwJVUzEPMA0GA1UEChMGR29vZ2xlMRswGQYDVQQDExJPd2VuIE93bmVycmVwIEE4OTMwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYLdpgg88sntivH+af4oamlp7blsUQcCQ5Yc/b VDP/dwEKfxTcW36tMV3asLO7GcL7z4FESG761LAe86siT9rcwg2ttLkRjI9KeA3sFjC28N8XjKZ1 estCqG3odqw2pjo3VEFaU57219vIYMJhjmHKEgSnlMQeChMYun/sYIO5uNFba9BfiB6/PRS+bgee cXRsIAm1vkB89AHdEjqdvH0uSN+jGjF6aAPXsESh70DUAHzs14lbFAomig7AZafT+weh0G5pnayC lutVnhb9SyS3s1+A6kx8z9mkDUwY/NKXisuDeXa+WbRVq51D+Lc7ffOI+Ph+ynyfFGMcCBzbMADX AgMBAAGjgeEwgd4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwGAYDVR0gBBEwDzANBgsrBgEEAYKRNgEDAzBsBgNVHR8EZTBjMC+gLaArhilodHRwOi8v Y3JsLmNpbG9nb24ub3JnL2NpbG9nb24tb3BlbmlkLmNybDAwoC6gLIYqaHR0cDovL2NybC5kb2Vn cmlkcy5vcmcvY2lsb2dvbi1vcGVuaWQuY3JsMCEGA1UdEQQaMBiBFm93ZW5vd25lcnJlcEBnbWFp bC5jb20wDQYJKoZIhvcNAQELBQADggEBAHWd6ZOjSmJyOUyyLgZAPJpkSuk7DT5mFRhszJhfTGnu gANHRIJZMs5e/LCMypE+ftxb8mnhAE+kURA2DmeucazHUDP5oYofU+8KMYqcNKnPpLnuiw+bCJPa 3BDxrYoi+vVislHb0U+QDjVYtUtQ2b1/Xhv8ShH89O9i65bbOq+sqez6z2AD9RWOEwRwpQLc9D65 9lkrsKGmJtuG8q3NTpZ1DSuaLOtn0QqttdmCg3pu5edRtgdpGadaSGR4s222JasV439bSTL8Z0Ug HtjSclGqi8IBmvRkTZI61zTVbGdOKMP90LV1p8noJVLRkZpWRjLxI5xy9El8daAWMdjfrSc= -----END CERTIFICATE-----""" subject_2 = "/DC=org/DC=cilogon/C=US/O=Google/CN=Owen Ownerrep A893" # Try to merge with nonexistent email account with self.assertRaises(NotFound): self.identity_management_service.initiate_account_merge( "*****@*****.**") with self.assertRaises(BadRequest): self.identity_management_service.initiate_account_merge() # Create two users id, valid_until, registered = self.identity_management_service.signon( certificate, True) self.assertFalse(registered) id_2, valid_until_2, registered_2 = self.identity_management_service.signon( certificate_2, True) self.assertFalse(registered_2) # Validate the two accounts are different self.assertNotEqual( id, id_2, "The two accounts should have two different user id") # Create UserInfo contact_info_obj = IonObject("ContactInformation", {"email": "*****@*****.**"}) user_info_obj = IonObject("UserInfo", { "name": "Dude", "contact": contact_info_obj }) user_info_id = self.identity_management_service.create_user_info( id, user_info_obj) contact_info_obj_2 = IonObject("ContactInformation", {"email": "*****@*****.**"}) user_info_obj_2 = IonObject("UserInfo", { "name": "theDude", "contact": contact_info_obj_2 }) user_info_id_2 = self.identity_management_service.create_user_info( id_2, user_info_obj_2) # Make sure the two users are registered id, valid_until, registered = self.identity_management_service.signon( certificate, True) self.assertTrue(registered) id_2, valid_until_2, registered_2 = self.identity_management_service.signon( certificate_2, True) self.assertTrue(registered_2) token = self.identity_management_service.initiate_account_merge( "*****@*****.**", headers={'ion-actor-id': id}) # Try merging accounts with invalid token string with self.assertRaises(NotFound): self.identity_management_service.complete_account_merge( token_string="0xBeeF", headers={'ion-actor-id': id}) with self.assertRaises(BadRequest): self.identity_management_service.complete_account_merge() # Try merging accounts with a different user # Since this user hasn't initiated account merge, the token doesn't exist in his/her UserInfo with self.assertRaises(NotFound): self.identity_management_service.complete_account_merge( token, headers={'ion-actor-id': id_2}) self.identity_management_service.complete_account_merge( token, headers={'ion-actor-id': id}) # Try merging the account again with self.assertRaises(BadRequest): self.identity_management_service.complete_account_merge( token, headers={'ion-actor-id': id}) # Signon again and verify the two accounts have been merged id, valid_until, registered = self.identity_management_service.signon( certificate, True) self.assertTrue(registered) id_2, valid_until_2, registered_2 = self.identity_management_service.signon( certificate_2, True) self.assertTrue(registered_2) # Validate the two accounts are the same self.assertEqual(id, id_2, "The two accounts should have the same id") # Try to merge to your own account with self.assertRaises(BadRequest): token = self.identity_management_service.initiate_account_merge( "*****@*****.**", headers={'ion-actor-id': id}) # Done testing. Delete user self.identity_management_service.delete_user_info(user_info_id) self.identity_management_service.unregister_user_credentials( id, subject) self.identity_management_service.delete_actor_identity(id)
class TestRegisterAndActivate(IonIntegrationTestCase): """ Integration test cases to confirm registration and activation services for marine device resources. """ def setUp(self): """ Test setup. """ # Resources used in the tests. # General resources. self.actor_id = None self.user_info_id = None self.org_id = None self.obs_id = None # Cabled infrastructure. self.cabled_platform_model_id = None self.cabled_platform_site_id = None self.cabled_platform_device_id = None self.cabled_platform_agent_id = None self.cabled_platform_agent_instance_id = None self.cabled_platform_deployment_id = None self.cabled_instrument_deployment_id = None self.cabled_instrument_model_id = None self.cabled_instrument_site_id = None self.cabled_instrument_device_id = None self.cabled_instrument_agent_id = None self.cabled_instrument_agent_instance_id = None self.cabled_instrument_deployment_id = None # Uncabled infrastructure. self.uncabled_platform_model_id = None self.uncabled_platform_site_id = None self.uncabled_platform_device_id = None self.uncabled_platform_agent_id = None self.uncabled_platform_agent_instance_id = None self.uncabled_instrument_model_id = None self.uncabled_instrument_site_id = None self.uncabled_instrument_device_id = None self.uncabled_instrument_agent_id = None self.uncabled_instrument_agent_instance_id = None self.uncabled_site_deployment_id = None # Start container. log.info('Staring capability container.') self._start_container() # Bring up services in a deploy file (no need to message) log.info('Staring deploy services.') self.container.start_rel_from_url('res/deploy/r2deploy.yml') # Setup service clients. self.idms = IdentityManagementServiceClient(node=self.container.node) self.oms = ObservatoryManagementServiceClient(node=self.container.node) # Add generic resources. self._load_system_actors() self._create_user() self._create_org() self._create_observatory() # Add cleanup routine. self.addCleanup(self._cleanup_resources) def _cleanup_resources(self): """ Delete resources created by the tests. """ # Check and clean up cabled resources. if self.cabled_instrument_model_id: self.oms.unassign_instrument_model_from_instrument_site( self.cabled_instrument_model_id, self.cabled_instrument_site_id) self.ims.delete_instrument_model(self.cabled_instrument_model_id) self.cabled_instrument_model_id = None if self.cabled_platform_model_id: self.oms.unassign_platform_model_from_platform_site( self.cabled_platform_model_id, self.cabled_platform_site_id) self.ims.delete_platform_model(self.cabled_platform_model_id) self.cabled_platform_model_id = None if self.cabled_instrument_site_id: self.oms.unassign_site_from_site(self.cabled_instrument_site_id, self.cabled_platform_site_id) self.oms.delete_instrument_site(self.cabled_instrument_site_id) self.cabled_instrument_site_id = None if self.cabled_platform_site_id: self.oms.unassign_site_from_site(self.cabled_platform_site_id, self.obs_id) self.oms.delete_platform_site(self.cabled_platform_site_id) self.cabled_platform_site_id = None # Check and clean up unclabled resources. # TODO # Clean up generic resources. if self.user_info_id: self.idms.delete_user_info(self.user_info_id) self.user_info_id = None if self.actor_id: self.idms.delete_actor_identity(self.actor_id) self.actor_id = None if self.obs_id: self.oms.delete_observatory(self.obs_id) self.obs_id = None if self.org_id: self.container.resource_registry.delete(self.org_id) self.org_id = None def _load_system_actors(self): """ Retrieve system and webauth actors and headers for later use. """ # Retrieve and store system actor and headers. system_actor, _ = self.container.resource_registry.find_resources( RT.ActorIdentity, name=CFG.system.system_actor, id_only=False) self.system_actor = system_actor[0] if system_actor else None self.system_actor_id = system_actor[0]._id if system_actor \ else 'anonymous' self.system_actor_headers = { 'ion-actor-id': self.system_actor_id, 'ion-actor-roles': {'ION': ['ION_MANAGER', 'ORG_MANAGER']}, 'expiry':'0' } # Retrieve and store webauth actor and headers. webauth_actor, _ = self.container.resource_registry.find_resources( RT.ActorIdentity, name=CFG.get_safe("system.web_authentication_actor", "web_authentication"), id_only=False) self.webauth_actor = webauth_actor[0] if webauth_actor else None self.webauth_actor_id = webauth_actor[0]._id if webauth_actor \ else 'anonymous' self.webauth_actor_headers = { 'ion-actor-id': self.webauth_actor_id, 'ion-actor-roles': {'ION': ['ION_MANAGER', 'ORG_MANAGER']}, 'expiry':'0' } def _create_user(self): """ Create user resources that serve as device owners. This test user does not have contact information, user credentials or notification preferences. Results in these objects: ActorIdentity({'_rev': '1', '_id': '07f92986b34e426bba0fca00b73cf4a5', 'lcstate': 'DEPLOYED', 'alt_ids': [], 'description': '', 'ts_updated': '1391542388312', 'actor_type': 1, 'addl': {}, 'ts_created': '1391542388312', 'availability': 'AVAILABLE', 'name': 'Identity for Adam Activationtest'}) UserInfo({'_rev': '1', '_id': 'ac8d368e6ea247d996fd60dd0f9c7f89', 'lcstate': 'DEPLOYED', 'alt_ids': [], 'description': 'Activation Test User', 'tokens': [], 'ts_updated': '1391542388345', 'contact': ContactInformation({'individual_names_given': '', 'city': '', 'roles': [], 'administrative_area': '', 'url': '', 'country': '', 'variables': [{'name': '', 'value': ''}], 'organization_name': '', 'postal_code': '', 'individual_name_family': '', 'phones': [], 'position_name': '', 'email': '', 'street_address': ''}), 'variables': [{'name': '', 'value': ''}], 'addl': {}, 'ts_created': '1391542388345', 'availability': 'AVAILABLE', 'name': 'Adam Activationtest'}) """ # Basic user attributes for test user. user_attrs = { 'name' : 'Adam Activationtest', 'description' : 'Activation Test User' } # Create ActorIdentity. actor_name = "Identity for %s" % user_attrs['name'] actor_identity_obj = IonObject("ActorIdentity", name=actor_name) log.trace("creating user %s with headers: %r", user_attrs['name'], self.webauth_actor_headers) self.actor_id = self.idms.create_actor_identity(actor_identity_obj, headers=self.webauth_actor_headers) # Create UserInfo. user_info_obj = IonObject("UserInfo", **user_attrs) self.user_info_id = self.idms.create_user_info(self.actor_id, user_info_obj,headers=self.webauth_actor_headers) def _create_org(self): """ Create an org that contains all test infrastructure. Results in this object: Org({'message_controllable': True, '_rev': '1', '_id': '9ff82d9f6c7b41f886c6137f54a3086c', 'lcstate': 'DEPLOYED', 'alt_ids': [], 'url': '', 'description': 'An Org for Activation Tests', 'contacts': [], 'org_governance_name': 'ActiveOrg', 'institution': Institution({'website': '', 'phone': '', 'name': '', 'email': ''}), 'ts_updated': '1391542388395', 'monitorable': True, 'org_type': 2, 'addl': {}, 'ts_created': '1391542388395', 'availability': 'AVAILABLE', 'name': 'ActiveOrg'}) """ org_attrs = { 'name' : 'ActiveOrg', 'description' : 'An Org for Activation Tests', 'org_type' : OrgTypeEnum.MARINE_FACILITY } org_obj = IonObject('Org', **org_attrs) self.org_id = self.oms.create_marine_facility(org_obj, headers=self.system_actor_headers) def _create_observatory(self): """ Create a top level obsevaotry site for the tests. Results in this object: Observatory({'reference_designator': '', 'spatial_area_name': '', '_id': 'fdcda51901464575913858f98aaf0f41', '_rev': '1', 'lcstate': 'DEPLOYED', 'alt_ids': [], 'url': '', 'description': 'An Observatory for Activation Tests', 'coordinate_reference_system': GeospatialCoordinateReferenceSystem( {'geospatial_latitude_units': '', 'geospatial_vertical_crs': '', 'geospatial_geodetic_crs': '', 'geospatial_vertical_positive': '', 'geospatial_vertical_units': '', 'geospatial_longitude_units': ''}), 'constraint_list': [], 'environment': 1, 'ts_updated': '1391544601340', 'local_name': '', 'geospatial_point_center': GeospatialIndex({'lat': 0.0, 'lon': 0.0}), 'addl': {}, 'ts_created': '1391544601340', 'availability': 'AVAILABLE', 'name': 'ActiveObservatory'}) """ obs_attrs = { 'name': 'ActiveObservatory', 'description' : 'An Observatory for Activation Tests' } obs_obj = IonObject('Observatory', **obs_attrs) self.obs_id = self.oms.create_observatory(obs_obj, self.org_id) def _create_cabled_resources(self): """ Create preexisting infrastructure for the cabled test environment: sites, deployments, models. These are resources that already exist in the system due to preload or incremental preload updates. PlatformModel InstrumentModel PlatformSite InstrumentSite """ platform_model_attrs = { 'name' : 'LP Jbox', 'description' : 'Node Type: LJ', 'manufacturer' : 'University of Washington', 'platform_type' : 'Cable Node', 'platform_family' : 'Low Power JBox', 'ci_onboard' : False, 'shore_networked' : True } instrument_model_attrs = { 'name': 'Diffuse Vent Fluid 3-D Temperature Array (TMPSF-A)', 'description': 'Measures temperatures of diffuse flow across the seafloor', 'reference_designator': 'TMPSFA', 'class_name': 'Temperature seafloor', 'mixed_sampling_mode': True, 'integrated_inductive_modem_available': True, 'internal_battery': True, 'addl': {'comments': '', 'connector': '', 'makemodel_description': 'XR-420', 'input_voltage_range': '', 'interface': '', 'output_description': '', 'class_long_name': 'Temperature_seafloor'}, 'ooi_make_model': 'XR-420', 'series_name': 'TMPSF Series A', 'inline_management': True, 'series_id': 'TMPSFA', 'subseries_name': 'TMPSF Series A Sub 01', 'primary_interface': 1, 'manufacturer': 'RBR Global', 'family_name': 'Seafloor Properties', 'class_description': 'Measures temperatures of diffuse flow across the seafloor', 'class_alternate_name': 'Diffuse Vent Fluid 3-D Temperature Array', 'subseries_id': 'TMPSFA01', 'class_id': 'TMPSF', 'family_id': 'SFL', 'has_clock': True } platform_site_attrs = { 'name' : 'Cabled LP JBOX Platform Site', 'description' : 'Test Site for a Cabled LP JBOX Platform' } instrument_site_attrs = { 'name' : 'Cabled TMPSF Instrument Site', 'description' : 'Test Site for a Cabled TMPSF Instrument' } # Create the cabled model preloaded resources. platform_model = IonObject('PlatformModel', **platform_model_attrs) self.cabled_platform_model_id = self.ims.create_platform_model(platform_model) instrument_model = IonObject('InstrumentModel', **instrument_model_attrs) self.cabled_instrument_model_id = self.ims.create_instrument_model( instrument_model) # Create the cabled sites and link them appropriately. platform_site = IonObject('', **platform_site_attrs) self.cabled_platform_site_id = self.oms.create_platform_site(platform_site) self.oms.assign_site_to_site(self.cabled_platform_site_id, self.obs_id) instrument_site = IonObject('', **instrument_site_attrs) self.cabled_instrument_site_id = self.oms.create_instrument_site(instrument_site) self.oms.assign_site_to_site(self.cabled_instrument_site_id, self.cabled_platform_site_id) # Assign models to available sites. self.oms.assign_platform_model_to_platform_site( self.cabled_platform_model_id, self.cabled_platform_site_id) self.oms.assign_instrument_model_to_instrument_site( self.cabled_instrument_model_id, self.cabled_instrument_site_id) def _create_uncabled_resources(self): """ Create preexisting infrastructure for the uncabled test environment: sites, deployments, models. """ pass def test_cabled_device_activation(self): """ Test registration and activation of cabled device infrastructure. """ pass def test_uncabled_device_activation(self): """ Test registration and activation of uncabled device infrastructure. """ pass
class TestIdentityManagementServiceInt(IonIntegrationTestCase): def setUp(self): self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254" # Start container self._start_container() self.container.start_rel_from_url('res/deploy/r2coi.yml') self.identity_management_service = IdentityManagementServiceClient( node=self.container.node) def test_actor_identity(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity( actor_identity_obj) actor_identity = self.identity_management_service.read_actor_identity( user_id) actor_identity.name = 'Updated subject' self.identity_management_service.update_actor_identity(actor_identity) self.identity_management_service.delete_actor_identity(user_id) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_actor_identity(user_id) self.assertTrue("does not exist" in cm.exception.message) def test_user_credentials(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity( actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials( user_id, user_credentials_obj) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials( "bad", self.subject) self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials( user_id, "bad") self.assertTrue("does not exist" in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.unregister_user_credentials( 'bad', 'bad') self.assertTrue("does not exist" in cm.exception.message) self.identity_management_service.unregister_user_credentials( user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_user_info(self): actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject}) user_id = self.identity_management_service.create_actor_identity( actor_identity_obj) user_credentials_obj = IonObject("UserCredentials", {"name": self.subject}) self.identity_management_service.register_user_credentials( user_id, user_credentials_obj) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) user_info = self.identity_management_service.create_user_info( user_id, user_info_obj) with self.assertRaises(Conflict) as cm: self.identity_management_service.create_user_info( user_id, user_info_obj) self.assertTrue( "UserInfo already exists for user id" in cm.exception.message) user_info_obj = self.identity_management_service.find_user_info_by_id( user_id) user_info_obj = self.identity_management_service.find_user_info_by_name( "Foo") user_info_obj = self.identity_management_service.find_user_info_by_subject( self.subject) user_info_obj = self.identity_management_service.read_user_info( user_info) user_info_obj.name = 'Jane Doe' self.identity_management_service.update_user_info(user_info_obj) self.identity_management_service.delete_user_info(user_info) with self.assertRaises(NotFound) as cm: self.identity_management_service.read_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.delete_user_info(user_info) self.assertTrue('does not exist' in cm.exception.message) with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_name("John Doe") self.assertEqual(cm.exception.message, 'UserInfo with name John Doe does not exist') with self.assertRaises(NotFound) as cm: self.identity_management_service.find_user_info_by_subject( "Bogus subject") self.assertEqual( cm.exception.message, "UserCredentials with subject Bogus subject does not exist") self.identity_management_service.unregister_user_credentials( user_id, self.subject) self.identity_management_service.delete_actor_identity(user_id) def test_signon(self): certificate = """-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2 WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq 7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b 2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4 dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+ 6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0 cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5 CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ= -----END CERTIFICATE-----""" id, valid_until, registered = self.identity_management_service.signon( certificate, True) self.assertFalse(registered) id2, valid_until2, registered2 = self.identity_management_service.signon( certificate, True) self.assertFalse(registered2) self.assertTrue(id == id2) self.assertTrue(valid_until == valid_until2) user_info_obj = IonObject("UserInfo", {"name": "Foo"}) self.identity_management_service.create_user_info(id, user_info_obj) id3, valid_until3, registered3 = self.identity_management_service.signon( certificate, True) self.assertTrue(registered3) self.assertTrue(id == id3) self.assertTrue(valid_until == valid_until3)