def test_invalid_caps():
# Invalid capabilities
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ["hello", "world"]
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = "temporal"
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_file_server_caps():
body = {"request": [fileresource_id + "/someitem"]}
r = consumer.get_token(body)
assert r['success'] is False
assert r['status_code'] == 403
# Invalid capabilities for file server
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": fileresource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ["temporal", "complex"]
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
# Valid capabilities
req["capabilities"] = ["download"]
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
# token successful
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
def test_multiple_duplicate_subs():
r = untrusted.provider_access([_req2, _req2])
assert r['success'] == False
assert r['status_code'] == 400
r = untrusted.provider_access([_req2, _req])
assert r['success'] == False
assert r['status_code'] == 403
def test_token_invalid_rid():
# invalid resource ID
global req
req["item_id"] = '/aaaaa/sssss/sada/'
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
req["item_id"] = '/aaaaa/sssss'
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_sessionId_multiple_sucess():
#get session id for multiple end points and check if success
body = {
"apis": [{
"method": "get",
"endpoint": "/auth/v1/provider/access"
}, {
"method": "post",
"endpoint": "/auth/v1/provider/access"
}]
}
r = untrusted.get_session_id(body)
assert r['success'] is True
untrusted.set_user_session_id(fetch_sessionId('*****@*****.**'))
r = untrusted.get_provider_access()
assert r['success'] is True
assert r['status_code'] == 200
resource_group = ''.join(
random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + '/rs.iudx.io/' + resource_group
req = {
"user_email": email,
"user_role": 'consumer',
'capabilities': ['temporal'],
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = untrusted.provider_access([req])
assert r['success'] is True
assert r['status_code'] == 200
def test_invalid_caps():
# Invalid capabilities
global req
req["capabilities"] = ["hello", "world"]
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_multiple_complex_sub_success():
global _req
# success
_req["capabilities"] = ["complex"]
r = untrusted.provider_access([_req2, _req])
assert r['success'] == True
assert r['status_code'] == 200
def test_get_same_cap_in_set():
# temporal rule already exists
global req
req["capabilities"] = ['subscription', 'temporal']
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 403
def test_set_rule_for_invalid_user():
# user does not exist
global req
req["user_role"] = "onboarder"
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 403
def test_set_delegate_rule():
global req
req["user_role"] = "delegate"
r = untrusted.provider_access([req])
print(r)
assert r['success'] == True
assert r['status_code'] == 200
def test_delegate_updating_other_policy():
resource_group = ''.join(random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + '/rs.iudx.io/' + resource_group
#create policy
req = { "user_email": email,
"user_role":'consumer',
"item_id":resource_id,
"item_type":"resourcegroup",
"capabilities": ['temporal'],
"expiry_time": "2027-01-01T12:00:00Z"
}
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
#get access_id
r = untrusted.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
#get access_id for set policy
for r in rules:
if r['email'] == email and r['role'] == 'consumer' and resource_id == r['item']['cat_id']:
consumer_id = r['id']
break
#set expiry to now
assert expire_rule(consumer_id) is True
#delegate update expired policy
req = { "expiry_time":"2025-01-01T12:00:00Z",
"id": consumer_id
}
r = alt_provider.update_rule([req],"*****@*****.**")
assert r['success'] == True
assert r['status_code'] == 200
def test_get_complex_cap():
# complex
global req
req["capabilities"] = ['complex']
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
def test_multiple_onb_temporal():
r = untrusted.provider_access(
[_req1, _req, {
"user_email": remail,
"user_role": 'delegate'
}])
assert r['success'] == True
assert r['status_code'] == 200
def test_get_all_caps():
# try all 3 caps
global req
req["item_id"] = provider_id + '/rs.example.co.in/' + resource_group
req["capabilities"] = ['complex', 'subscription', 'temporal']
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
def test_set_ingester_rule():
global req
req["user_role"] = "data ingester"
req["item_id"] = diresource_id
req["item_type"] = "resourcegroup"
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
def test_invalid_resource_type():
# invalid resource type
global req
req["user_role"] = "data ingester"
req["item_id"] = diresource_id
req["item_type"] = "catalogue"
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_set_access_invalid_rid():
# invalid resource ID
req = {
"user_email": email,
"user_role": 'data ingester',
"item_id": diresource_id,
"item_type": "resourcegroup"
}
req["item_id"] = '/aaaaa/sssss/sada/'
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
req["item_id"] = '/aaaaa/sssss'
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_multiple_delegates():
# tests with 2 delegates
# make consumer a delegate
req = {"user_email": email, "user_role": 'delegate'}
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
resource_group = ''.join(
random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + '/rs.example.com/' + resource_group
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ['complex']
r = consumer.provider_access([req], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
# cannot update rule set by other provider
req["capabilities"] = ['subscription']
r = alt_provider.provider_access([req], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
r = consumer.get_provider_access('*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['email'] == email and r[
'role'] == 'consumer' and resource_id == r['item']['cat_id']:
consumer_id = r['id']
# delegate can delete other delegate's rule
body = {"id": consumer_id}
r = alt_provider.delete_rule([body], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
# already deleted
body = {"id": consumer_id}
r = consumer.delete_rule([body], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
# delegate cannot delete delegate rule
r = consumer.delete_rule([{"id": delegate_id}], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
def test_invalid_email():
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["temporal"]
}
bad_email = 'a@b.'
req['user_email'] = bad_email
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
bad_email = '[email protected]'
req['user_email'] = bad_email
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
bad_email = '[email protected]'
req['user_email'] = bad_email
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
bad_email = '*****@*****.**'
req['user_email'] = bad_email
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
bad_email = '*****@*****.**'
req['user_email'] = bad_email
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_multiple_ingester_consumer():
global _req2, _req
_req2["user_role"] = "data ingester"
r = untrusted.provider_access([_req2, _req])
assert r['success'] == False
assert r['status_code'] == 403
r = untrusted.provider_access([_req2, _req2])
assert r['success'] == False
assert r['status_code'] == 400
resource_group = ''.join(
random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + "/rs.example.com/" + resource_group
_req["item_id"] = resource_id
r = untrusted.provider_access([_req2, _req])
assert r['success'] == True
assert r['status_code'] == 200
def test_set_ingester_rule():
req = {
"user_email": email,
"user_role": 'data ingester',
"item_id": diresource_id,
"item_type": "resourcegroup"
}
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
def test_multiple_ingester_duplicate():
req = {
"user_email": memail,
"user_role": 'data ingester',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = untrusted.provider_access([req, req])
assert r['success'] == False
assert r['status_code'] == 400
def test_get_complex_cap():
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ['complex']
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
def test_invalid_resource_type():
# invalid resource type
req = {
"user_email": email,
"user_role": 'data ingester',
"item_id": diresource_id,
"item_type": "catalogue"
}
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_unauthorized_session():
#session id not valid for endpoint
req = {
"user_email": email,
"user_role": 'consumer',
'capabilities': ['temporal'],
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = untrusted.provider_access([req])
assert r['success'] is False
assert r['status_code'] == 403
def test_provider_update_rule_set_by_delegate():
# provider can update consumer rule set by delegate
req = {"user_email": email, "user_role":'consumer', "item_id":resource_id, "item_type":"resourcegroup"}
req["capabilities"] = ['complex', 'subscription'];
r = untrusted.provider_access([req], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
body = {"request" : [resource_id + "/someitem"]}
r = consumer.get_token(body)
assert r['success'] is True
def test_consumer_rule_no_caps():
# No capabilities
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
def test_set_rule_for_invalid_user():
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["user_role"] = "onboarder"
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 403
def test_set_existing_rule():
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["item_id"] = provider_id + '/rs.iudx.org.in/' + resource_group
req["capabilities"] = ['complex', 'subscription', 'temporal']
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 403
def test_get_same_cap_in_set():
# temporal rule already exists
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ['subscription', 'temporal']
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 403
