def setUp(self):
# NOTE: shared_secret needs to be filled out to run the tests. Deleted because
# it shouldn't be in the commit history of a repo that will later be made public.
self.shared_secret = 'test'
self.config = config
self.go_rest_client = GlobusOnlineRestClient(config=self.config)
# Random numbers added to avoid overwriting some real user since these
# tests may be run against a real server.
self.default_username = '******'
def __init__(self, token = None):
try:
if not token is None:
self.GlobusClient = GlobusOnlineRestClient( go_host = self.GlobusBaseURL, token = token )
else:
self.GlobusClient = GlobusOnlineRestClient( go_host = self.GlobusBaseURL,
username = self.GlobusUser, password = self.GlobusPassword)
resHeader,self.RootGroup = self.GlobusClient._issue_rest_request('/groups/%s/tree' % self.RootGID)
if resHeader.status != 200:
raise Exception( "Failed to fetch KBase root group %s from Globus Online response code %s" %
( rootGID, resHeader.status))
else:
self.URL = '/groups/%s' % self.RootGID # shortcut for baseURL
# cached dictionary of groupnames to group IDs, and the timestamp for the cache
self.GroupDict = dict()
self.GroupTree = {}
self.GroupCacheTime = 0
self.getGroupList()
except Exception, e:
logging.exception("Error initializing globus client: %s" % e)
raise
class ClientGroupTests(unittest.TestCase):
def setUp(self):
# NOTE: shared_secret needs to be filled out to run the tests. Deleted because
# it shouldn't be in the commit history of a repo that will later be made public.
self.shared_secret = 'test'
self.config = config
self.go_rest_client = GlobusOnlineRestClient(config=self.config)
# Random numbers added to avoid overwriting some real user since these
# tests may be run against a real server.
self.default_username = '******'
self.created_users = []
self.created_groups = []
def tearDown(self):
for user in self.created_users:
self.go_rest_client.delete_user(user)
self.go_rest_client.logout()
if len(self.created_groups) > 0:
self.go_rest_client.username_password_login('testuser', 'sikrit')
for group in self.created_groups:
self.go_rest_client.delete_group(group)
self.go_rest_client.logout()
@attr('go_rest_test')
def test_group_management(self):
# We need to be logged in as a user that has admin rights to the root-group.
username = '******'
password = '******'
self.go_rest_client.username_password_login(username,
password=password)
# Get root group:
response, content = self.go_rest_client.get_group_list(
) # times out often
self.assertEquals(response['status'], '200')
parent_group = 'testgroup'
response, content = self.go_rest_client.post_group(parent_group)
root_id = content['id']
self.created_groups.append(root_id)
# Create a subroup:
subgroup_name = "Mattias' sub-group"
response, content = self.go_rest_client.post_group(subgroup_name,
parent=root_id)
self.assertEquals(response['status'], '201')
self.created_groups.append(content['id'])
# Get subgroups:
response, content = self.go_rest_client.get_group_tree(root_id, 2)
self.assertEquals(response['status'], '200')
children = content['children']
subgroup_id = None
for child in children:
if child['name'] == subgroup_name:
subgroup_id = child['id']
self.assertNotEqual(
subgroup_id,
None,
msg='Created subgroup not found among children of the root.')
# Edit group and get group summary to check that that the edit sticks:
new_name = 'New group name'
new_description = 'New group description'
response, content = self.go_rest_client.put_group_summary(
subgroup_id, name=new_name, description=new_description)
self.assertEquals(response['status'], '201')
response, content = self.go_rest_client.get_group_summary(subgroup_id)
self.assertEquals(content['name'], new_name)
self.assertEquals(content['description'], new_description)
# Test putting and getting group policies:
policy_summary = {
'approval': {
'admin': True,
'auto_if_admin': False,
'auto': False,
},
'group_member_visibility': {
'admin': True,
'members': False,
'parent': False,
'public': False,
},
'group_visibility': {
'parent': True,
'private': False,
'public': False,
'site': False,
},
'join': {
'anybody': True,
'community': False,
'none': False,
'parent': False,
},
'invites': {
'admin_only': True,
'any_community_member': False,
'group_members': False,
'group_members_and_parent': False,
},
'sign_up_fields': {
'first_name': True,
'last_name': True,
'institution': False,
'current_project_name': False,
'organization': False,
'address': False,
'address2': False,
'city': False,
'country': False,
'state': False,
'zip': False,
'phone': False,
}
}
policies = self.go_rest_client.build_policy_dictionary(
**policy_summary)
response, content = self.go_rest_client.put_group_policies(
root_id, policies)
# there are policies that exist before calling put_group_policies.
# this causes a 200 status to be returend instead of a 201
# (the policies field is being edited instead of added)
# this also causes the returned content and the policies input to be different
# self.assertEquals(response['status'], '201')
self.assertEquals(response['status'], '200')
# self.assertEquals(content, policies)
response, content = self.go_rest_client.put_group_policies(
subgroup_id, policies)
# self.assertEquals(response['status'], '201')
self.assertEquals(response['status'], '200')
# self.assertEquals(content, policies)
response, content = self.go_rest_client.get_group_policies(subgroup_id)
self.assertEquals(response['status'], '200')
self.assertTrue(content['approval']['value']['admin']['value'])
self.assertFalse(content['approval']['value']['auto']['value'])
self.assertTrue(
content['sign_up_fields']['value']['first_name']['value'])
self.assertFalse(content['sign_up_fields']['value']
['current_project_name']['value'])
# Test set_single_policy:
response, content = self.go_rest_client.set_single_policy(
subgroup_id, 'approval', 'auto')
self.assertFalse(content['approval']['value']['admin']['value'])
self.assertTrue(content['approval']['value']['auto']['value'])
# Should alse work for multi-option policies like signup fields:
response, content = self.go_rest_client.set_single_policy(
root_id, 'sign_up_fields',
['zip', 'state']) # to satisfy parent-policy requirements
response, content = self.go_rest_client.set_single_policy(
subgroup_id, 'sign_up_fields', ['zip', 'state'])
self.assertTrue(content['sign_up_fields']['value']['zip']['value'])
self.assertTrue(content['sign_up_fields']['value']['state']['value'])
self.assertFalse(
content['sign_up_fields']['value']['first_name']['value'])
# Newly created group should have the same email templates as the parent.
response, content = self.go_rest_client.get_group_email_templates(
root_id)
root_default_templates = sorted(content['templates'],
key=lambda k: k['type'])
response, content = self.go_rest_client.get_group_email_templates(
subgroup_id)
self.assertEquals(response['status'], '200')
new_default_templates = sorted(content['templates'],
key=lambda k: k['type'])
for new, root in zip(new_default_templates, root_default_templates):
self.assertEquals(new['type'], root['type'])
self.assertEquals(new['subject'], root['subject'])
# Test POSTing email templates:
template_params = {
"type": "Welcome",
"subject": "GO REST client test template",
"last_updated": "2011-05-06T00:00:00",
"create_date": "2011-05-06T00:00:00",
"message": [{
"type": "static",
"text": "Welcome to the group!"
}]
}
response, content = self.go_rest_client.post_group_email_templates(
subgroup_id, template_params)
self.assertEquals(response['status'], '201')
template_id = content['id']
# Re-posting the same template type should be a 409 Conflict:
response, content = self.go_rest_client.post_group_email_templates(
subgroup_id, template_params)
self.assertEquals(response['status'], '409')
# Test GETting templates:
response, content = self.go_rest_client.get_group_email_templates(
subgroup_id)
self.assertTrue(
template_params['subject'] in
[template['subject'] for template in content['templates']])
# Test GETing a single template:
response, content = self.go_rest_client.get_group_email_template(
subgroup_id, template_id)
self.assertEquals(response['status'], '200')
self.assertEquals(content['message'][0]['text'],
template_params['message'][0]['text'])
# Test PUTting (updating) a template:
new_subject = 'This is the new subject'
content['subject'] = new_subject
response, content = self.go_rest_client.put_group_email_template(
subgroup_id, template_id, content)
self.assertEquals(response['status'], '200')
self.assertEquals(content['subject'], new_subject)
# Test GETting a rendered template:
response, content = self.go_rest_client.get_group_email_template(
subgroup_id, template_id)
self.assertEquals(response['status'], '200')
@attr('go_rest_test')
def test_membership_management(self):
# Log in as an admin, create a group and a user to play with.
admin_username = '******'
admin_password = '******'
group_name = 'testgroup2'
self.go_rest_client.username_password_login(admin_username,
password=admin_password)
response, content = self.go_rest_client.post_group(group_name)
group_id = content['id']
self.created_groups.append(group_id)
self.go_rest_client.set_single_policy(group_id, 'approval', 'admin')
user = '******'
self.go_rest_client.post_user(user, 'Test User',
'*****@*****.**', 'sikrit')
self.created_users.append(user)
# Test that the group membership of a particular username doesn't persist
# between test runs:
response, content = self.go_rest_client.get_group_member(
group_id, user)
self.assertEquals(
response['status'],
'404',
msg="A newly created user should never be part of a group.")
self.go_rest_client.username_password_login(
user, 'sikrit') # logging in so the user can be editted
# Test PUTing user custom fields:
custom_fields = {
'current_project_name': 'BIRN Community',
'organization': 'Computation Institute',
}
self.go_rest_client.put_user_custom_fields(user, **custom_fields)
response, content = self.go_rest_client.get_user(
user, custom_fields=custom_fields.keys())
self.assertEquals(custom_fields, content['custom_fields'])
# Test GETting and PUTting user visibility:
response, content = self.go_rest_client.get_user_policies(user)
self.assertFalse(content['user_membership_visibility']['value']
['community']['value'])
self.go_rest_client.put_user_membership_visibility(user, 'community')
response, content = self.go_rest_client.get_user_policies(user)
self.assertTrue(content['user_membership_visibility']['value']
['community']['value'])
# About 90% of the rest of this test is broken because the smtp_mail_sink that was used is broken.
# The smtp_mail_sink that was used only worked reliably with localhost, but the tests no longer
# use localhost.
# It might be a good idea to leave the code here because the only thing wrong is the
# smtp_mail_sink and a working one would make the rest of the test work
"""
class GlobusGroupsSync:
"""
Class to support automatic synchronization of members in KBase authorization
groups against Globus Online group members
Steve Chan
[email protected]
"""
try:
GlobusBaseURL = settings.GLOBUSBASEURL
except:
GlobusBaseURL = "nexus.api.globusonline.org"
try:
GlobusUser = settings.GLOBUSUSER
except:
GlobusUser = '******'
try:
GlobusPassword = settings.GLOBUSPASSWORD
except:
GlobusPassword = "******"
# This group ID should be the root group for kbase, "kbase_users". All KBase groups
# should be children of this group
try:
RootGID = settings.ROOTGID
except:
RootGID = '99d2a548-7218-11e2-adc0-12313d2d6e7f'
# This is the number of seconds that the group dict instance var can linger before
# it needs to be updated
try:
GroupCacheTTL = settings.GROUPCACHETTL
except:
GroupCacheTTL = 60
# We need to define the appropriate settings and set them here
try:
conn = Connection(settings.MONGODB_CONN)
except AttributeError as e:
print "No connection settings specified: %s\nConnection to mongodb.kbase.us by default." % e
conn = Connection(['mongodb.kbase.us'])
except Exception as e:
print "Generic exception %s: %s\nConnection to mongodb.kbase.us by default" % (type(e),e)
conn = Connection(['mongodb.kbase.us'])
db = conn.authorization
roles = db.roles
def __init__(self, token = None):
try:
if not token is None:
self.GlobusClient = GlobusOnlineRestClient( go_host = self.GlobusBaseURL, token = token )
else:
self.GlobusClient = GlobusOnlineRestClient( go_host = self.GlobusBaseURL,
username = self.GlobusUser, password = self.GlobusPassword)
resHeader,self.RootGroup = self.GlobusClient._issue_rest_request('/groups/%s/tree' % self.RootGID)
if resHeader.status != 200:
raise Exception( "Failed to fetch KBase root group %s from Globus Online response code %s" %
( rootGID, resHeader.status))
else:
self.URL = '/groups/%s' % self.RootGID # shortcut for baseURL
# cached dictionary of groupnames to group IDs, and the timestamp for the cache
self.GroupDict = dict()
self.GroupTree = {}
self.GroupCacheTime = 0
self.getGroupList()
except Exception, e:
logging.exception("Error initializing globus client: %s" % e)
raise
class ClientUserTests(unittest.TestCase):
def setUp(self):
# NOTE: shared_secret needs to be filled out to run the tests. Deleted because
# it shouldn't be in the commit history of a repo that will later be made public.
self.shared_secret = 'test'
self.config = config
self.go_rest_client = GlobusOnlineRestClient(config=self.config)
# Random numbers added to avoid overwriting some real user since these
# tests may be run against a real server.
self.default_username = '******'
@attr('functional')
def test_issue_request(self):
self.config['server'] = 'www.google.com'
rest_client = GlobusOnlineRestClient(config=self.config)
response, content = rest_client._issue_rest_request('')
self.config['server'] = "graph.api.go.sandbox.globuscs.info"
@attr('go_rest_test')
def test_get_user_profile(self):
response, content = self.go_rest_client.get_user_profile('testuser2')
self.assertEqual(response['status'], '200')
expected_keys = ('username', 'fullname', 'email', 'resource_type')
self.assertTrue(all(k in content for k in expected_keys))
@attr('go_rest_test')
def test_user_management(self):
username = self.default_username
password = self.go_rest_client.default_password
# In case the user already exists on the server we're testing against:
try:
self.go_rest_client.username_password_login(username)
self.go_rest_client.delete_user(username)
except UnexpectedRestResponseError:
pass
# Create user using POST.
response, content = self.go_rest_client.post_user(
username, 'Mattias Lidman', '*****@*****.**', password)
self.assertEquals(response['status'],
'201',
msg='Content: ' + str(content))
self.assertEquals(content['username'], username)
# Test signout
self.go_rest_client.logout()
response, content = self.go_rest_client.get_user(username)
self.assertEquals(response['status'], '403')
# Test signin, wrong password
response, content = self.go_rest_client.username_password_login(
username, password='******')
self.assertEquals(response['status'], '403')
# Test signin, right password
response, content = self.go_rest_client.username_password_login(
username)
self.assertEquals(response['status'], '200')
self.assertEquals(content['username'], username)
# Test editing user and adding some custom fields using PUT.
params = {
'fullname': 'newFullName',
'email': '*****@*****.**',
'custom_fields': {
'custom_field1': 'custom value 1',
'custom_field2': 'custom value 2'
}
}
response, content = self.go_rest_client.put_user(username, **params)
response, content = self.go_rest_client.get_user(
username,
fields=['fullname', 'email'],
custom_fields=['custom_field1', 'custom_field2'])
self.assertEquals(content['fullname'], 'newFullName')
self.assertEquals(content['email'], '*****@*****.**')
self.assertEquals(content['custom_fields']['custom_field1'],
'custom value 1')
self.assertEquals(content['custom_fields']['custom_field2'],
'custom value 2')
# Test delete
self.go_rest_client.username_password_login(username)
self.go_rest_client.delete_user(username)
response, content = self.go_rest_client.username_password_login(
username)
self.assertEquals(response['status'], '403')
# Test creating a user with the helper function.
response, content = self.go_rest_client.post_user(
username, 'Test User', '*****@*****.**', 'sikrit')
self.assertEquals(response['status'], '201')
response, content = self.go_rest_client.username_password_login(
username, 'sikrit')
self.assertEquals(response['status'], '200')
@attr('go_rest_test')
def test_user_login_methods(self):
username = '******'
password = '******'
response, content = self.go_rest_client.get_user(username)
if response['status'] == '404':
self.go_rest_client.post_user(username, 'Test User',
'*****@*****.**',
'sikrit')
# Test username/password login:
response, content = self.go_rest_client.get_user(username)
self.assertEquals(response['status'], '403')
response, content = self.go_rest_client.username_password_login(
username, password=password)
self.assertEquals(response['status'], '200')
response, content = self.go_rest_client.get_user(username)
self.assertEquals(response['status'], '200')
# Get user's OAuth secret, then logout:
response, content = self.go_rest_client.get_user_secret(username)
self.assertEquals(response['status'], '200')
secret = content['secret']
self.go_rest_client.logout()
response, content = self.go_rest_client.get_user(username)
self.assertEquals(response['status'], '403')
# Test login using OAuth headers:
response, content = self.go_rest_client.username_oauth_secret_login(
username, secret)
self.assertEquals(response['status'], '200')
response, content = self.go_rest_client.get_user(username)
self.assertEquals(response['status'], '200')
self.go_rest_client.logout()
response, content = self.go_rest_client.get_user(username)
self.assertEquals(response['status'], '403')
@attr('go_rest_test')
def test_rsa_key_methods(self):
username = '******'
password = '******'
key_alias = 'test_key'
self.go_rest_client.username_password_login(username, password)
with open('sample/dummy_key.pub') as key_file:
rsa_key = key_file.readline()
# Test posting an rsa_key
response, content = self.go_rest_client.post_rsa_key(key_alias,
rsa_key=rsa_key)
self.assertEquals(response['status'], '201')
# Test getting the rsa_key_list()
response, content = self.go_rest_client.get_rsa_key_list()
self.assertEquals(response['status'], '200')
key_id = None
for key in content:
if key['alias'] == key_alias and key['ssh_key'] == rsa_key:
key_id = key['credential_key']
self.assertIsNotNone(
key_id, msg="Couldn't find the posted rsa_key in the key list")
# Test deleting an rsa_key
response, content = self.go_rest_client.delete_rsa_key(key_id)
self.assertEquals(response['status'], '200')
def test_issue_request(self):
self.config['server'] = 'www.google.com'
rest_client = GlobusOnlineRestClient(config=self.config)
response, content = rest_client._issue_rest_request('')
self.config['server'] = "graph.api.go.sandbox.globuscs.info"