def test_authorization_allows_updates_with_wildcard_claim(
app_context, api_client, valid_organization, valid_dataset):
organization_id, organization_node_id = valid_organization
dataset_id, dataset_node_id = valid_dataset
api_client.get_dataset_response = api.Dataset(id=dataset_node_id,
int_id=dataset_id.id,
name="foo")
claim = Claim.from_claim_type(
UserClaim(
id=DEFAULT_USER_ID,
node_id=DEFAULT_USER_NODE_ID,
roles=[
OrganizationRole(
id=organization_id,
node_id=organization_node_id,
role=RoleType.OWNER,
),
# token validation should strip any locked field from wildcard claims
DatasetRole(id=DatasetId("*"),
role=RoleType.EDITOR,
locked=True),
],
),
TOKEN_EXPIRATION_S,
)
sample_update_route(
dataset_id=str(dataset_id.id),
token_info=claim,
organization_id=str(organization_id.id),
body={"k": 1},
)
def test_authorization_resolves_dataset_id_from_api_with_wildcard_claim(
app_context, api_client, valid_organization, valid_dataset):
organization_id, organization_node_id = valid_organization
dataset_id, dataset_node_id = valid_dataset
api_client.get_dataset_response = api.Dataset(id=dataset_node_id,
int_id=dataset_id.id,
name="foo")
claim = Claim.from_claim_type(
UserClaim(
id=DEFAULT_USER_ID,
node_id=DEFAULT_USER_NODE_ID,
roles=[
OrganizationRole(
id=organization_id,
node_id=organization_node_id,
role=RoleType.OWNER,
),
DatasetRole(id=DatasetId("*"), role=RoleType.EDITOR),
],
),
TOKEN_EXPIRATION_S,
)
sample_view_route(
dataset_id=dataset_node_id,
token_info=claim,
organization_id=str(organization_id.id),
body={"k": 1},
)(organization_id.id, dataset_id.id)
def service_claim(organization_id, dataset_id, jwt_config: JwtConfig) -> str:
data = ServiceClaim(roles=[
OrganizationRole(id=OrganizationId(organization_id),
role=RoleType.OWNER),
DatasetRole(id=DatasetId(dataset_id), role=RoleType.OWNER),
])
claim = Claim.from_claim_type(data, seconds=30)
return to_utf8(claim.encode(jwt_config))
"--jwt_key",
type=str,
default=os.environ.get("JWT_SECRET_KEY", "test-key"),
required=False,
)
args = parser.parse_args()
claim = Claim.from_claim_type(
UserClaim(
id=args.user_id,
node_id=args.user_node_id,
roles=[
OrganizationRole(
id=OrganizationId(args.organization_id),
node_id=args.organization_node_id,
role=RoleType.OWNER,
),
DatasetRole(
id=DatasetId(args.dataset_id),
node_id=args.dataset_node_id,
role=RoleType.OWNER,
),
],
),
60 * 60,
)
token = claim.encode(JwtConfig(args.jwt_key))
print(token)
def valid_dataset() -> Tuple[DatasetId, str]:
return (DatasetId(1), "N:dataset:A-B")
def another_valid_dataset() -> Tuple[DatasetId, str]:
return (DatasetId(3), "N:dataset:D-E")
def other_valid_dataset() -> Tuple[DatasetId, str]:
return (DatasetId(2), "N:dataset:C-D")