class TestOrgManagementServiceInt(IonIntegrationTestCase): def setUp(self): # Start container self._start_container() self.container.start_rel_from_url("res/deploy/r2coi.yml") self.resource_registry = ResourceRegistryServiceClient(node=self.container.node) self.org_management_service = OrgManagementServiceClient(node=self.container.node) def test_org_crud(self): with self.assertRaises(BadRequest) as br: self.org_management_service.create_org( IonObject("Org", {"name": "Test Facility", "org_governance_name": "Test Facility"}) ) self.assertTrue("can only contain alphanumeric and underscore characters" in br.exception.message) with self.assertRaises(BadRequest): self.org_management_service.create_org() org_obj = IonObject("Org", {"name": "Test Facility"}) org_id = self.org_management_service.create_org(org_obj) self.assertNotEqual(org_id, None) org = None org = self.org_management_service.read_org(org_id) self.assertNotEqual(org, None) self.assertEqual(org.org_governance_name, "Test_Facility") # Check that the roles got associated to them role_list = self.org_management_service.find_org_roles(org_id) self.assertEqual(len(role_list), 2) with self.assertRaises(BadRequest): self.org_management_service.update_org() org.name = "Updated Test Facility" self.org_management_service.update_org(org) org = None org = self.org_management_service.read_org(org_id) self.assertNotEqual(org, None) self.assertEqual(org.name, "Updated Test Facility") self.assertEqual(org.org_governance_name, "Test_Facility") user_role = self.org_management_service.find_org_role_by_name(org_id, ORG_MANAGER_ROLE) self.assertNotEqual(user_role, None) self.org_management_service.remove_user_role(org_id, ORG_MANAGER_ROLE) with self.assertRaises(BadRequest) as cm: user_role = self.org_management_service.find_org_role_by_name(org_id, ORG_MANAGER_ROLE) self.assertIn("The User Role 'ORG_MANAGER' does not exist for this Org", cm.exception.message) with self.assertRaises(BadRequest): self.org_management_service.delete_org() self.org_management_service.delete_org(org_id) with self.assertRaises(NotFound) as cm: self.org_management_service.read_org(org_id) self.assertIn("does not exist", cm.exception.message) with self.assertRaises(NotFound) as cm: self.org_management_service.delete_org(org_id) self.assertIn("does not exist", cm.exception.message) def test_org_affiliation(self): root_org = None root_org = self.org_management_service.find_org() self.assertNotEqual(root_org, None) org_obj = IonObject("Org", {"name": "TestFacility"}) org_id = self.org_management_service.create_org(org_obj) self.assertNotEqual(org_id, None) ret = self.org_management_service.affiliate_org(root_org._id, org_id) self.assertTrue(ret) ret = self.org_management_service.unaffiliate_org(root_org._id, org_id) self.assertTrue(ret) def test_find_org_containers(self): root_org = None root_org = self.org_management_service.find_org() self.assertNotEqual(root_org, None) containers = self.org_management_service.find_org_containers(root_org._id) all_containers, _ = self.resource_registry.find_resources(restype=RT.CapabilityContainer, id_only=True) self.assertEqual(len(containers), len(all_containers))
class TestOrgManagementServiceInt(IonIntegrationTestCase): def setUp(self): # Start container self._start_container() self.container.start_rel_from_url('res/deploy/r2coi.yml') self.resource_registry = ResourceRegistryServiceClient( node=self.container.node) self.org_management_service = OrgManagementServiceClient( node=self.container.node) def test_org_crud(self): with self.assertRaises(BadRequest) as br: self.org_management_service.create_org( IonObject("Org", {"name": "Test Facility"})) self.assertTrue( "can only contain alphanumeric and underscore characters" in br.exception.message) with self.assertRaises(BadRequest): self.org_management_service.create_org() org_obj = IonObject("Org", {"name": "TestFacility"}) org_id = self.org_management_service.create_org(org_obj) self.assertNotEqual(org_id, None) org = None org = self.org_management_service.read_org(org_id) self.assertNotEqual(org, None) #Check that the roles got associated to them role_list = self.org_management_service.find_org_roles(org_id) self.assertEqual(len(role_list), 2) with self.assertRaises(BadRequest): self.org_management_service.update_org() org.name = 'Updated_TestFacility' self.org_management_service.update_org(org) org = None org = self.org_management_service.read_org(org_id) self.assertNotEqual(org, None) self.assertEqual(org.name, 'Updated_TestFacility') user_role = self.org_management_service.find_org_role_by_name( org_id, ORG_MANAGER_ROLE) self.assertNotEqual(user_role, None) #find_org = self.org_management_service.remove_user_role(org_id, ORG_MANAGER_ROLE) #self.assertEqual(find_org, True) with self.assertRaises(BadRequest): self.org_management_service.delete_org() self.org_management_service.delete_org(org_id) with self.assertRaises(NotFound) as cm: self.org_management_service.read_org(org_id) self.assertIn("does not exist", cm.exception.message) with self.assertRaises(NotFound) as cm: self.org_management_service.delete_org(org_id) self.assertIn("does not exist", cm.exception.message) def test_org_affiliation(self): root_org = None root_org = self.org_management_service.find_org() self.assertNotEqual(root_org, None) org_obj = IonObject("Org", {"name": "TestFacility"}) org_id = self.org_management_service.create_org(org_obj) self.assertNotEqual(org_id, None) ret = self.org_management_service.affiliate_org(root_org._id, org_id) self.assertTrue(ret) ret = self.org_management_service.unaffiliate_org(root_org._id, org_id) self.assertTrue(ret) def test_find_org_containers(self): root_org = None root_org = self.org_management_service.find_org() self.assertNotEqual(root_org, None) containers = self.org_management_service.find_org_containers( root_org._id) all_containers, _ = self.resource_registry.find_resources( restype=RT.CapabilityContainer, id_only=True) self.assertEqual(len(containers), len(all_containers))
def test_user_role_cache(self): # Create a user id_client = IdentityManagementServiceClient() actor_id, valid_until, registered = id_client.signon(USER1_CERTIFICATE, True) # Make a request with this new user to get it into the cache response = self.test_app.get( "/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=" + actor_id ) self.check_response_headers(response) self.assertIn(GATEWAY_RESPONSE, response.json["data"]) # Check the contents of the user role cache for this user service_gateway_user_role_cache = self.container.proc_manager.procs_by_name["service_gateway"].user_role_cache self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), True) role_header = service_gateway_user_role_cache.get(actor_id) self.assertIn("ION", role_header) self.assertEqual(len(role_header["ION"]), 1) self.assertIn("ORG_MEMBER", role_header["ION"]) org_client = OrgManagementServiceClient() ion_org = org_client.find_org() manager_role = org_client.find_org_role_by_name(org_id=ion_org._id, role_name="ORG_MANAGER") org_client.grant_role(org_id=ion_org._id, actor_id=actor_id, role_name="ORG_MANAGER") # Just allow some time for event processing on slower platforms gevent.sleep(2) # The user should be evicted from the cache due to a change in roles self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), False) # Do it again to check for new roles response = self.test_app.get( "/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=" + actor_id ) self.check_response_headers(response) self.assertIn(GATEWAY_RESPONSE, response.json["data"]) # Check the contents of the user role cache for this user self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), True) role_header = service_gateway_user_role_cache.get(actor_id) self.assertIn("ION", role_header) self.assertEqual(len(role_header["ION"]), 2) self.assertIn("ORG_MEMBER", role_header["ION"]) self.assertIn("ORG_MANAGER", role_header["ION"]) # Now flush the user_role_cache and make sure it was flushed event_publisher = EventPublisher() event_publisher.publish_event(event_type=OT.UserRoleCacheResetEvent) # Just allow some time for event processing on slower platforms gevent.sleep(2) self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), False) self.assertEqual(service_gateway_user_role_cache.size(), 0) # Change the role once again and see if it is there again org_client.revoke_role(org_id=ion_org._id, actor_id=actor_id, role_name="ORG_MANAGER") # Just allow some time for event processing on slower platforms gevent.sleep(2) # The user should still not be there self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), False) # Do it again to check for new roles response = self.test_app.get( "/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=" + actor_id ) self.check_response_headers(response) self.assertIn(GATEWAY_RESPONSE, response.json["data"]) # Check the contents of the user role cache for this user self.assertEqual(service_gateway_user_role_cache.has_key(actor_id), True) role_header = service_gateway_user_role_cache.get(actor_id) self.assertIn("ION", role_header) self.assertEqual(len(role_header["ION"]), 1) self.assertIn("ORG_MEMBER", role_header["ION"]) id_client.delete_actor_identity(actor_id)
def test_user_role_cache(self): #Create a user id_client = IdentityManagementServiceClient(node=self.container.node) actor_id, valid_until, registered = id_client.signon( USER1_CERTIFICATE, True) #Make a request with this new user to get it into the cache response = self.test_app.get( '/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=' + actor_id) self.check_response_headers(response) self.assertIn(GATEWAY_RESPONSE, response.json['data']) #Check the contents of the user role cache for this user service_gateway_user_cache = self.container.proc_manager.procs_by_name[ 'service_gateway'].user_data_cache self.assertEqual(service_gateway_user_cache.has_key(actor_id), True) role_header = service_gateway_user_cache.get(actor_id) self.assertIn('ION', role_header) self.assertEqual(len(role_header['ION']), 1) self.assertIn('ORG_MEMBER', role_header['ION']) org_client = OrgManagementServiceClient(node=self.container.node) ion_org = org_client.find_org() manager_role = org_client.find_org_role_by_name( org_id=ion_org._id, role_name='ORG_MANAGER') org_client.grant_role(org_id=ion_org._id, user_id=actor_id, role_name='ORG_MANAGER') #Just allow some time for event processing on slower platforms gevent.sleep(2) #The user should be evicted from the cache due to a change in roles self.assertEqual(service_gateway_user_cache.has_key(actor_id), False) #Do it again to check for new roles response = self.test_app.get( '/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=' + actor_id) self.check_response_headers(response) self.assertIn(GATEWAY_RESPONSE, response.json['data']) #Check the contents of the user role cache for this user self.assertEqual(service_gateway_user_cache.has_key(actor_id), True) role_header = service_gateway_user_cache.get(actor_id) self.assertIn('ION', role_header) self.assertEqual(len(role_header['ION']), 2) self.assertIn('ORG_MEMBER', role_header['ION']) self.assertIn('ORG_MANAGER', role_header['ION']) #Now flush the user_role_cache and make sure it was flushed event_publisher = EventPublisher() event_publisher.publish_event(event_type=OT.UserRoleCacheResetEvent) #Just allow some time for event processing on slower platforms gevent.sleep(2) self.assertEqual(service_gateway_user_cache.has_key(actor_id), False) self.assertEqual(service_gateway_user_cache.size(), 0) #Change the role once again and see if it is there again org_client.revoke_role(org_id=ion_org._id, user_id=actor_id, role_name='ORG_MANAGER') #Just allow some time for event processing on slower platforms gevent.sleep(2) #The user should still not be there self.assertEqual(service_gateway_user_cache.has_key(actor_id), False) #Do it again to check for new roles response = self.test_app.get( '/ion-service/resource_registry/find_resources?name=TestDataProduct&id_only=True&requester=' + actor_id) self.check_response_headers(response) self.assertIn(GATEWAY_RESPONSE, response.json['data']) #Check the contents of the user role cache for this user self.assertEqual(service_gateway_user_cache.has_key(actor_id), True) role_header = service_gateway_user_cache.get(actor_id) self.assertIn('ION', role_header) self.assertEqual(len(role_header['ION']), 1) self.assertIn('ORG_MEMBER', role_header['ION']) id_client.delete_actor_identity(actor_id)