def test_get_identites_ids(self):
"""
gets identities with a list of ids, validates results
"""
unused_id = "12345678-1234-1234-1234-1234567890ab"
ids = [
get_user_data()["sdktester1a"]["id"],
get_user_data()["go"]["id"], unused_id
]
id_res = self.ac.get_identities(ids=ids)
# validate sdk
sdk_identity = self.get_identity(
id_res["identities"], uid=get_user_data()["sdktester1a"]["id"])
for item in get_user_data()["sdktester1a"]:
self.assertEqual(sdk_identity[item],
get_user_data()["sdktester1a"][item])
# validate go
go_identity = self.get_identity(id_res["identities"],
uid=get_user_data()["go"]["id"])
for item in get_user_data()["go"]:
self.assertEqual(go_identity[item], get_user_data()["go"][item])
unused_identity = self.get_identity(id_res["identities"],
uid=unused_id)
# confirm unused id isn't returned
self.assertIsNone(unused_identity)
def test_get_identities_usernames(self):
"""
gets identities with a list of usernames, validates results.
"""
unused_username = "******"
usernames = [
get_user_data()["sdktester1a"]["username"],
get_user_data()["go"]["username"], unused_username
]
id_res = self.ac.get_identities(usernames=usernames)
# validate sdk
sdk_identity = self.get_identity(
id_res["identities"],
username=get_user_data()["sdktester1a"]["username"])
for item in get_user_data()["sdktester1a"]:
self.assertEqual(sdk_identity[item],
get_user_data()["sdktester1a"][item])
# validate go
go_identity = self.get_identity(
id_res["identities"], username=get_user_data()["go"]["username"])
for item in get_user_data()["go"]:
self.assertEqual(go_identity[item], get_user_data()["go"][item])
unused_identity = self.get_identity(id_res["identities"],
username=unused_username)
# validate unused
self.assertEqual(unused_identity["username"], unused_username)
self.assertEqual(unused_identity["name"], None)
self.assertEqual(unused_identity["status"], "unused")
def test_endpoint_manager_get_task(self):
"""
Has sdktester2b submit a no-op task on the managed endpoint
Confirms sdktester1a can view the task as an admin.
Confirms 403 when non manager attempts to use this resource.
"""
# sdktester2b subits no-op delete task
ddata = globus_sdk.DeleteData(self.tc2,
self.managed_ep_id,
notify_on_fail=False)
ddata.add_item("no-op.txt")
task_id = self.tc2.submit_delete(ddata)["task_id"]
# sdktester1a gets the task as admin
task_doc = self.tc.endpoint_manager_get_task(task_id)
self.assertEqual(task_doc["task_id"], task_id)
self.assertEqual(task_doc["owner_id"],
get_user_data()["sdktester2b"]["id"])
self.assertEqual(task_doc["type"], "DELETE")
self.assertIn("status", task_doc)
# 403 for non managers, even if they submitted the task
with self.assertRaises(TransferAPIError) as apiErr:
self.tc2.endpoint_manager_get_task(task_id)
self.assertEqual(apiErr.exception.http_status, 403)
self.assertEqual(apiErr.exception.code, "PermissionDenied")
def test_task_list(self):
"""
Gets task list, validates results, tests num_results and filter params
"""
# get task list
list_doc = self.tc.task_list()
# validate results are in the right format
self.assertIsInstance(list_doc, PaginatedResource)
# validate tasks have some expected fields
for task in list_doc:
self.assertEqual(task["DATA_TYPE"], "task")
self.assertEqual(task["owner_id"],
get_user_data()["sdktester1a"]["id"])
self.assertIn("task_id", task)
self.assertIn("type", task)
self.assertIn("status", task)
# test num_results param, assumes SDK tester has run at least 20 tasks
cap = 20
num_doc = self.tc.task_list(num_results=cap)
# confirm results were capped
count = 0
for task in num_doc:
count += 1
self.assertEqual(count, cap)
# test filter param
params = {"filter": "type:DELETE/status:SUCCEEDED"}
filter_doc = self.tc.task_list(**params)
# validate only Successful Delete tasks were returned
for task in filter_doc:
self.assertEqual(task["type"], "DELETE")
self.assertEqual(task["status"], "SUCCEEDED")
def test_add_endpoint_role(self):
"""
Adds a role to the test share endpoint, validates results
returns role_id for use in get and delete
"""
# add the new role
add_data = {
"principal_type": "identity",
"principal": get_user_data()["go"]["id"],
"role": "access_manager"
}
add_doc = self.tc.add_endpoint_role(self.test_share_ep_id, add_data)
role_id = add_doc["id"]
# track asset for cleanup, make sure role is delete before share
self.asset_cleanup.insert(
0, {
"function": self.tc.delete_endpoint_role,
"args": [self.test_share_ep_id, role_id],
"name": "test_role"
})
# validate results
for key in add_data:
self.assertEqual(add_doc[key], add_data[key])
# return role id
return role_id
def test_endpoint_manager_get_pause_rule(self):
"""
Gets a pause rule created by test_endpoint_manager_create_pause_rule.
Validates results and checks expected fields.
Confirms 403 when non manager attempts to use this resource.
"""
rule_id = self.test_endpoint_manager_create_pause_rule()
get_doc = self.tc.endpoint_manager_get_pause_rule(rule_id)
# validate results have expected fields and values
expected = {
"DATA_TYPE": "pause_rule",
"id": rule_id,
"message": "SDK Test Pause Rule",
"start_time": None,
"endpoint_id": self.test_share_ep_id,
"identity_id": None,
"modified_by_id": get_user_data()["sdktester1a"]["id"],
"created_by_host_manager": False,
"editable": True,
"pause_ls": True,
"pause_mkdir": True,
"pause_rename": True,
"pause_task_delete": True,
"pause_task_transfer_write": True,
"pause_task_transfer_read": True
}
for key in expected:
self.assertEqual(get_doc[key], expected[key])
# 403 for non managers
with self.assertRaises(TransferAPIError) as apiErr:
self.tc2.endpoint_manager_get_pause_rule(rule_id)
self.assertEqual(apiErr.exception.http_status, 403)
self.assertEqual(apiErr.exception.code, "PermissionDenied")
def test_get_identities(self):
"""
Confirms native apps aren't authorized to get_identities on their own
"""
with self.assertRaises(AuthAPIError) as apiErr:
self.nac.get_identities(ids=get_user_data()["sdktester1a"]["id"])
self.assertEqual(apiErr.exception.http_status, 401)
self.assertEqual(apiErr.exception.code, "UNAUTHORIZED")
def test_endpoint_manager_task_list(self):
"""
Has sdktester2b submit transfer and delete task to the managed_ep
Then has sdktester1a get its endpoint manager task list
Confirms tasks submitted by sdktester2b on the managed endpoint
are visible, and some expected fields are present.
"""
# sdktester2b submits tasks
# new dir with randomized name to prevent collision
dest_dir = "transfer_dest_dir-" + str(getrandbits(128))
dest_path = "/" + dest_dir + "/"
self.tc2.operation_mkdir(self.managed_ep_id, dest_path)
# transfer a file to the new dir
tdata = globus_sdk.TransferData(self.tc2,
GO_EP1_ID,
self.managed_ep_id,
notify_on_succeeded=False)
source_path = "/share/godata/"
file_name = "file1.txt"
tdata.add_item(source_path + file_name, dest_path + file_name)
transfer_id = self.tc2.submit_transfer(tdata)["task_id"]
# delete the new dir
ddata = globus_sdk.DeleteData(self.tc2,
self.managed_ep_id,
recursive=True,
notify_on_succeeded=False)
ddata.add_item(dest_path)
delete_id = self.tc2.submit_delete(ddata)["task_id"]
# sdktester1a gets endpoint manager task list
tasks_doc = self.tc.endpoint_manager_task_list(
filter_endpoint=GO_EP2_ID,
filter_user_id=get_user_data()["sdktester2b"]["id"])
# confirm submitted tasks can be found
# and tasks have some expected fields
expected_fields = [
"username", "deadline", "type", "source_endpoint_id"
]
delete_found = False
transfer_found = False
self.assertIsInstance(tasks_doc, PaginatedResource)
for task in tasks_doc:
for field in expected_fields:
self.assertIn(field, task)
if task["task_id"] == transfer_id:
transfer_found = True
if task["task_id"] == delete_id:
delete_found = True
if transfer_found and delete_found:
break
# fail if both not found
self.assertTrue(delete_found and transfer_found)
def test_oauth2_userinfo(self):
"""
Gets userinfo, validates results
Confirms unauthorized client cannot access userinfo
"""
userinfo_res = self.ac.oauth2_userinfo()
self.assertEqual(userinfo_res["preferred_username"],
get_user_data()["sdktester1a"]["username"])
self.assertEqual(userinfo_res["name"],
get_user_data()["sdktester1a"]["name"])
self.assertEqual(userinfo_res["sub"],
get_user_data()["sdktester1a"]["id"])
# unauthorized client
with self.assertRaises(AuthAPIError) as apiErr:
globus_sdk.AuthClient().oauth2_userinfo()
self.assertEqual(apiErr.exception.http_status, 403)
self.assertEqual(apiErr.exception.code, "FORBIDDEN")
def test_endpoint_search(self):
"""
Searches by fulltext, owner_id, and scopes, validates results
"""
# full-text and cap of num_results
search_string = "tutorial"
cap = 5
text_doc = self.tc.endpoint_search(search_string, num_results=cap)
# confirm the results are in the right format, are capped correctly,
# and that the results have the search string in their display names
self.assertIsInstance(text_doc, PaginatedResource)
results_count = 0
for ep in text_doc:
self.assertIn(search_string, str.lower(str(ep["display_name"])))
results_count += 1
self.assertEqual(results_count, cap)
# owner-id param
params = {"filter_owner_id": get_user_data()["go"]["id"]}
owner_doc = self.tc.endpoint_search(**params)
# confirm format, and that all results are from GO
self.assertIsInstance(owner_doc, PaginatedResource)
for ep in owner_doc:
self.assertEqual(ep["owner_id"], get_user_data()["go"]["id"])
# scope: my endpoints
my_doc = self.tc.endpoint_search(filter_scope="my-endpoints")
# confirm format, and that all results are owned by SDK tester
self.assertIsInstance(my_doc, PaginatedResource)
for ep in my_doc:
self.assertEqual(ep["owner_id"],
get_user_data()["sdktester1a"]["id"])
# scope: shared endpoints
my_doc = self.tc.endpoint_search(filter_scope="shared-by-me")
# confirm format, and that all results are shared by SDK tester
self.assertIsInstance(my_doc, PaginatedResource)
for ep in my_doc:
self.assertEqual(ep["owner_id"],
get_user_data()["sdktester1a"]["id"])
self.assertIsNotNone(ep["sharing_target_root_path"])
self.assertIsNotNone(ep["host_endpoint_id"])
def test_get_endpoint_role(self):
"""
Gets role created in test_add_endpoint_role, validates results.
"""
role_id = self.test_add_endpoint_role()
get_doc = self.tc.get_endpoint_role(self.test_share_ep_id, role_id)
# validate results
self.assertEqual(get_doc["DATA_TYPE"], "role")
self.assertEqual(get_doc["id"], role_id)
self.assertEqual(get_doc["principal_type"], "identity")
self.assertEqual(get_doc["principal"], get_user_data()["go"]["id"])
self.assertEqual(get_doc["role"], "access_manager")
def test_get_task(self):
"""
Submits a transfer, waits for transfer to complete, gets transfer task
validates results
returns the task_id for use in other test functions
"""
# dir the test transfer, name randomized to prevent collision
dest_dir = "get_task_dest_dir-" + str(getrandbits(128))
dest_path = "/~/" + dest_dir + "/"
self.tc.operation_mkdir(GO_EP1_ID, dest_path)
# track asset for cleanup
self.asset_cleanup.append({
"function": self.deleteHelper,
"args": [GO_EP1_ID, dest_path]
})
# submit transfer task
source_path = "/share/godata/"
kwargs = {"notify_on_succeeded": False} # prevent email spam
tdata = globus_sdk.TransferData(self.tc, GO_EP2_ID, GO_EP1_ID,
**kwargs)
file_name = "file1.txt"
tdata.add_item(source_path + file_name, dest_path + file_name)
transfer_doc = self.tc.submit_transfer(tdata)
# wait for task to complete
task_id = transfer_doc["task_id"]
self.assertTrue(
self.tc.task_wait(
task_id,
timeout=DEFAULT_TASK_WAIT_TIMEOUT,
polling_interval=DEFAULT_TASK_WAIT_POLLING_INTERVAL))
# get the task by id
get_doc = self.tc.get_task(task_id)
self.assertEqual(get_doc["DATA_TYPE"], "task")
self.assertEqual(get_doc["task_id"], task_id)
self.assertEqual(get_doc["owner_id"],
get_user_data()["sdktester1a"]["id"])
self.assertEqual(get_doc["type"], "TRANSFER")
self.assertIn("status", get_doc)
# return task_id
return task_id
def test_endpoint_manager_task_pause_info(self):
"""
Creates a pause rule on the shared endpoint, then
has sdktester2b submit a no-op task on the shared endpoint.
Confirms sdktester1a can see the task is paused (or about to be).
Confirms 403 when non manager attempts to use this resource.
"""
# sdktester1a creates pause rule and gives sdktester2b an ACL
rule_id = self.test_endpoint_manager_create_pause_rule()
acl_data = {
"path": "/",
"permissions": "rw",
"principal_type": "identity",
"principal": get_user_data()["sdktester2b"]["id"]
}
self.tc.add_endpoint_acl_rule(self.test_share_ep_id, acl_data)
# sdktester2b subits no-op delete task
ddata = globus_sdk.DeleteData(self.tc2,
self.test_share_ep_id,
notify_on_fail=False)
ddata.add_item("no-op.txt")
task_id = self.tc2.submit_delete(ddata)["task_id"]
# sdktester1a gets the task pause info as admin
pause_doc = self.tc.endpoint_manager_task_pause_info(task_id)
# validate top level results
self.assertEqual(pause_doc["DATA_TYPE"], "pause_info_limited")
self.assertIsNone(pause_doc["source_pause_message"])
self.assertIsNone(pause_doc["destination_pause_message"])
# validate the rule results
rule = pause_doc["pause_rules"][0] # should be the only rule
self.assertEqual(rule["DATA_TYPE"], "pause_rule_limited")
self.assertEqual(rule["id"], rule_id)
self.assertEqual(rule["message"], "SDK Test Pause Rule")
# self.assertEqual(rule["modified_by_id"],
# get_user_data()["sdktester1a"]["id"])
# 403 for non managers, even if they submitted the task
with self.assertRaises(TransferAPIError) as apiErr:
self.tc2.endpoint_manager_task_pause_info(task_id)
self.assertEqual(apiErr.exception.http_status, 403)
self.assertEqual(apiErr.exception.code, "PermissionDenied")
def setUpClass(self):
"""
Sets up a shared endpoint on test gp#ep2 managed by sdktester1a,
and shares it with sdktester2b,
or sees that this endpoint already exits and gets its id.
"""
super(ManagerTransferClientTests, self).setUpClass()
try:
# shared endpoint hosted on go#ep2 managed by sdktester1a
host_path = "/~/managed_ep"
self.tc.operation_mkdir(GO_EP2_ID, path=host_path)
shared_data = {
"DATA_TYPE": "shared_endpoint",
"host_endpoint": GO_EP2_ID,
"host_path": host_path,
"display_name": "SDK Test Managed Endpoint",
"description": "Endpoint for managed SDK testing"
}
r = self.tc.create_shared_endpoint(shared_data)
self.managed_ep_id = r["id"]
# share read and write to sdktester2b
add_data = {
"DATA_TYPE": "access",
"principal_type": "identity",
"principal": get_user_data()["sdktester2b"]["id"],
"path": "/",
"permissions": "rw"
}
self.tc.add_endpoint_acl_rule(self.managed_ep_id, add_data)
except TransferAPIError as e:
if "already exists" in str(e):
shares = self.tc.my_shared_endpoint_list(GO_EP2_ID)
self.managed_ep_id = shares["DATA"][0]["id"]
else:
raise e
def test_oauth2_refresh_token(self):
"""
Sends a refresh_token grant, validates results
Confirms received access_token can be used to authorize userinfo
Returns the access token for use in test_oauth2_revoke_token
"""
ref_res = self.nac.oauth2_refresh_token(SDKTESTER1A_NATIVE1_AUTH_RT)
self.assertIn("access_token", ref_res)
self.assertIn("expires_in", ref_res)
self.assertIn("scope", ref_res)
self.assertEqual(ref_res["resource_server"], "auth.globus.org")
self.assertEqual(ref_res["token_type"], "Bearer")
# confirm token can be used
access_token = ref_res["access_token"]
ac = globus_sdk.AuthClient(
authorizer=globus_sdk.AccessTokenAuthorizer(access_token),
client_id=get_client_data()["native_app_client1"]["id"])
userinfo_res = ac.oauth2_userinfo()
self.assertEqual(userinfo_res["sub"],
get_user_data()["sdktester1a"]["id"])
# return access_token
return access_token
def test_get_identities_singleton(self):
"""
gets identities with single username and id values, validates results.
"""
# get single ID
id_res = self.ac.get_identities(
ids=get_user_data()["sdktester1a"]["id"])
sdk_identity = id_res["identities"][0]
for item in get_user_data()["sdktester1a"]:
self.assertEqual(sdk_identity[item],
get_user_data()["sdktester1a"][item])
# get single username
id_res = self.ac.get_identities(
usernames=get_user_data()["sdktester1a"]["username"])
sdk_identity = id_res["identities"][0]
for item in get_user_data()["sdktester1a"]:
self.assertEqual(sdk_identity[item],
get_user_data()["sdktester1a"][item])
