def test_get_identites_ids(self): """ gets identities with a list of ids, validates results """ unused_id = "12345678-1234-1234-1234-1234567890ab" ids = [ get_user_data()["sdktester1a"]["id"], get_user_data()["go"]["id"], unused_id ] id_res = self.ac.get_identities(ids=ids) # validate sdk sdk_identity = self.get_identity( id_res["identities"], uid=get_user_data()["sdktester1a"]["id"]) for item in get_user_data()["sdktester1a"]: self.assertEqual(sdk_identity[item], get_user_data()["sdktester1a"][item]) # validate go go_identity = self.get_identity(id_res["identities"], uid=get_user_data()["go"]["id"]) for item in get_user_data()["go"]: self.assertEqual(go_identity[item], get_user_data()["go"][item]) unused_identity = self.get_identity(id_res["identities"], uid=unused_id) # confirm unused id isn't returned self.assertIsNone(unused_identity)
def test_get_identities_usernames(self): """ gets identities with a list of usernames, validates results. """ unused_username = "******" usernames = [ get_user_data()["sdktester1a"]["username"], get_user_data()["go"]["username"], unused_username ] id_res = self.ac.get_identities(usernames=usernames) # validate sdk sdk_identity = self.get_identity( id_res["identities"], username=get_user_data()["sdktester1a"]["username"]) for item in get_user_data()["sdktester1a"]: self.assertEqual(sdk_identity[item], get_user_data()["sdktester1a"][item]) # validate go go_identity = self.get_identity( id_res["identities"], username=get_user_data()["go"]["username"]) for item in get_user_data()["go"]: self.assertEqual(go_identity[item], get_user_data()["go"][item]) unused_identity = self.get_identity(id_res["identities"], username=unused_username) # validate unused self.assertEqual(unused_identity["username"], unused_username) self.assertEqual(unused_identity["name"], None) self.assertEqual(unused_identity["status"], "unused")
def test_endpoint_manager_get_task(self): """ Has sdktester2b submit a no-op task on the managed endpoint Confirms sdktester1a can view the task as an admin. Confirms 403 when non manager attempts to use this resource. """ # sdktester2b subits no-op delete task ddata = globus_sdk.DeleteData(self.tc2, self.managed_ep_id, notify_on_fail=False) ddata.add_item("no-op.txt") task_id = self.tc2.submit_delete(ddata)["task_id"] # sdktester1a gets the task as admin task_doc = self.tc.endpoint_manager_get_task(task_id) self.assertEqual(task_doc["task_id"], task_id) self.assertEqual(task_doc["owner_id"], get_user_data()["sdktester2b"]["id"]) self.assertEqual(task_doc["type"], "DELETE") self.assertIn("status", task_doc) # 403 for non managers, even if they submitted the task with self.assertRaises(TransferAPIError) as apiErr: self.tc2.endpoint_manager_get_task(task_id) self.assertEqual(apiErr.exception.http_status, 403) self.assertEqual(apiErr.exception.code, "PermissionDenied")
def test_task_list(self): """ Gets task list, validates results, tests num_results and filter params """ # get task list list_doc = self.tc.task_list() # validate results are in the right format self.assertIsInstance(list_doc, PaginatedResource) # validate tasks have some expected fields for task in list_doc: self.assertEqual(task["DATA_TYPE"], "task") self.assertEqual(task["owner_id"], get_user_data()["sdktester1a"]["id"]) self.assertIn("task_id", task) self.assertIn("type", task) self.assertIn("status", task) # test num_results param, assumes SDK tester has run at least 20 tasks cap = 20 num_doc = self.tc.task_list(num_results=cap) # confirm results were capped count = 0 for task in num_doc: count += 1 self.assertEqual(count, cap) # test filter param params = {"filter": "type:DELETE/status:SUCCEEDED"} filter_doc = self.tc.task_list(**params) # validate only Successful Delete tasks were returned for task in filter_doc: self.assertEqual(task["type"], "DELETE") self.assertEqual(task["status"], "SUCCEEDED")
def test_add_endpoint_role(self): """ Adds a role to the test share endpoint, validates results returns role_id for use in get and delete """ # add the new role add_data = { "principal_type": "identity", "principal": get_user_data()["go"]["id"], "role": "access_manager" } add_doc = self.tc.add_endpoint_role(self.test_share_ep_id, add_data) role_id = add_doc["id"] # track asset for cleanup, make sure role is delete before share self.asset_cleanup.insert( 0, { "function": self.tc.delete_endpoint_role, "args": [self.test_share_ep_id, role_id], "name": "test_role" }) # validate results for key in add_data: self.assertEqual(add_doc[key], add_data[key]) # return role id return role_id
def test_endpoint_manager_get_pause_rule(self): """ Gets a pause rule created by test_endpoint_manager_create_pause_rule. Validates results and checks expected fields. Confirms 403 when non manager attempts to use this resource. """ rule_id = self.test_endpoint_manager_create_pause_rule() get_doc = self.tc.endpoint_manager_get_pause_rule(rule_id) # validate results have expected fields and values expected = { "DATA_TYPE": "pause_rule", "id": rule_id, "message": "SDK Test Pause Rule", "start_time": None, "endpoint_id": self.test_share_ep_id, "identity_id": None, "modified_by_id": get_user_data()["sdktester1a"]["id"], "created_by_host_manager": False, "editable": True, "pause_ls": True, "pause_mkdir": True, "pause_rename": True, "pause_task_delete": True, "pause_task_transfer_write": True, "pause_task_transfer_read": True } for key in expected: self.assertEqual(get_doc[key], expected[key]) # 403 for non managers with self.assertRaises(TransferAPIError) as apiErr: self.tc2.endpoint_manager_get_pause_rule(rule_id) self.assertEqual(apiErr.exception.http_status, 403) self.assertEqual(apiErr.exception.code, "PermissionDenied")
def test_get_identities(self): """ Confirms native apps aren't authorized to get_identities on their own """ with self.assertRaises(AuthAPIError) as apiErr: self.nac.get_identities(ids=get_user_data()["sdktester1a"]["id"]) self.assertEqual(apiErr.exception.http_status, 401) self.assertEqual(apiErr.exception.code, "UNAUTHORIZED")
def test_endpoint_manager_task_list(self): """ Has sdktester2b submit transfer and delete task to the managed_ep Then has sdktester1a get its endpoint manager task list Confirms tasks submitted by sdktester2b on the managed endpoint are visible, and some expected fields are present. """ # sdktester2b submits tasks # new dir with randomized name to prevent collision dest_dir = "transfer_dest_dir-" + str(getrandbits(128)) dest_path = "/" + dest_dir + "/" self.tc2.operation_mkdir(self.managed_ep_id, dest_path) # transfer a file to the new dir tdata = globus_sdk.TransferData(self.tc2, GO_EP1_ID, self.managed_ep_id, notify_on_succeeded=False) source_path = "/share/godata/" file_name = "file1.txt" tdata.add_item(source_path + file_name, dest_path + file_name) transfer_id = self.tc2.submit_transfer(tdata)["task_id"] # delete the new dir ddata = globus_sdk.DeleteData(self.tc2, self.managed_ep_id, recursive=True, notify_on_succeeded=False) ddata.add_item(dest_path) delete_id = self.tc2.submit_delete(ddata)["task_id"] # sdktester1a gets endpoint manager task list tasks_doc = self.tc.endpoint_manager_task_list( filter_endpoint=GO_EP2_ID, filter_user_id=get_user_data()["sdktester2b"]["id"]) # confirm submitted tasks can be found # and tasks have some expected fields expected_fields = [ "username", "deadline", "type", "source_endpoint_id" ] delete_found = False transfer_found = False self.assertIsInstance(tasks_doc, PaginatedResource) for task in tasks_doc: for field in expected_fields: self.assertIn(field, task) if task["task_id"] == transfer_id: transfer_found = True if task["task_id"] == delete_id: delete_found = True if transfer_found and delete_found: break # fail if both not found self.assertTrue(delete_found and transfer_found)
def test_oauth2_userinfo(self): """ Gets userinfo, validates results Confirms unauthorized client cannot access userinfo """ userinfo_res = self.ac.oauth2_userinfo() self.assertEqual(userinfo_res["preferred_username"], get_user_data()["sdktester1a"]["username"]) self.assertEqual(userinfo_res["name"], get_user_data()["sdktester1a"]["name"]) self.assertEqual(userinfo_res["sub"], get_user_data()["sdktester1a"]["id"]) # unauthorized client with self.assertRaises(AuthAPIError) as apiErr: globus_sdk.AuthClient().oauth2_userinfo() self.assertEqual(apiErr.exception.http_status, 403) self.assertEqual(apiErr.exception.code, "FORBIDDEN")
def test_endpoint_search(self): """ Searches by fulltext, owner_id, and scopes, validates results """ # full-text and cap of num_results search_string = "tutorial" cap = 5 text_doc = self.tc.endpoint_search(search_string, num_results=cap) # confirm the results are in the right format, are capped correctly, # and that the results have the search string in their display names self.assertIsInstance(text_doc, PaginatedResource) results_count = 0 for ep in text_doc: self.assertIn(search_string, str.lower(str(ep["display_name"]))) results_count += 1 self.assertEqual(results_count, cap) # owner-id param params = {"filter_owner_id": get_user_data()["go"]["id"]} owner_doc = self.tc.endpoint_search(**params) # confirm format, and that all results are from GO self.assertIsInstance(owner_doc, PaginatedResource) for ep in owner_doc: self.assertEqual(ep["owner_id"], get_user_data()["go"]["id"]) # scope: my endpoints my_doc = self.tc.endpoint_search(filter_scope="my-endpoints") # confirm format, and that all results are owned by SDK tester self.assertIsInstance(my_doc, PaginatedResource) for ep in my_doc: self.assertEqual(ep["owner_id"], get_user_data()["sdktester1a"]["id"]) # scope: shared endpoints my_doc = self.tc.endpoint_search(filter_scope="shared-by-me") # confirm format, and that all results are shared by SDK tester self.assertIsInstance(my_doc, PaginatedResource) for ep in my_doc: self.assertEqual(ep["owner_id"], get_user_data()["sdktester1a"]["id"]) self.assertIsNotNone(ep["sharing_target_root_path"]) self.assertIsNotNone(ep["host_endpoint_id"])
def test_get_endpoint_role(self): """ Gets role created in test_add_endpoint_role, validates results. """ role_id = self.test_add_endpoint_role() get_doc = self.tc.get_endpoint_role(self.test_share_ep_id, role_id) # validate results self.assertEqual(get_doc["DATA_TYPE"], "role") self.assertEqual(get_doc["id"], role_id) self.assertEqual(get_doc["principal_type"], "identity") self.assertEqual(get_doc["principal"], get_user_data()["go"]["id"]) self.assertEqual(get_doc["role"], "access_manager")
def test_get_task(self): """ Submits a transfer, waits for transfer to complete, gets transfer task validates results returns the task_id for use in other test functions """ # dir the test transfer, name randomized to prevent collision dest_dir = "get_task_dest_dir-" + str(getrandbits(128)) dest_path = "/~/" + dest_dir + "/" self.tc.operation_mkdir(GO_EP1_ID, dest_path) # track asset for cleanup self.asset_cleanup.append({ "function": self.deleteHelper, "args": [GO_EP1_ID, dest_path] }) # submit transfer task source_path = "/share/godata/" kwargs = {"notify_on_succeeded": False} # prevent email spam tdata = globus_sdk.TransferData(self.tc, GO_EP2_ID, GO_EP1_ID, **kwargs) file_name = "file1.txt" tdata.add_item(source_path + file_name, dest_path + file_name) transfer_doc = self.tc.submit_transfer(tdata) # wait for task to complete task_id = transfer_doc["task_id"] self.assertTrue( self.tc.task_wait( task_id, timeout=DEFAULT_TASK_WAIT_TIMEOUT, polling_interval=DEFAULT_TASK_WAIT_POLLING_INTERVAL)) # get the task by id get_doc = self.tc.get_task(task_id) self.assertEqual(get_doc["DATA_TYPE"], "task") self.assertEqual(get_doc["task_id"], task_id) self.assertEqual(get_doc["owner_id"], get_user_data()["sdktester1a"]["id"]) self.assertEqual(get_doc["type"], "TRANSFER") self.assertIn("status", get_doc) # return task_id return task_id
def test_endpoint_manager_task_pause_info(self): """ Creates a pause rule on the shared endpoint, then has sdktester2b submit a no-op task on the shared endpoint. Confirms sdktester1a can see the task is paused (or about to be). Confirms 403 when non manager attempts to use this resource. """ # sdktester1a creates pause rule and gives sdktester2b an ACL rule_id = self.test_endpoint_manager_create_pause_rule() acl_data = { "path": "/", "permissions": "rw", "principal_type": "identity", "principal": get_user_data()["sdktester2b"]["id"] } self.tc.add_endpoint_acl_rule(self.test_share_ep_id, acl_data) # sdktester2b subits no-op delete task ddata = globus_sdk.DeleteData(self.tc2, self.test_share_ep_id, notify_on_fail=False) ddata.add_item("no-op.txt") task_id = self.tc2.submit_delete(ddata)["task_id"] # sdktester1a gets the task pause info as admin pause_doc = self.tc.endpoint_manager_task_pause_info(task_id) # validate top level results self.assertEqual(pause_doc["DATA_TYPE"], "pause_info_limited") self.assertIsNone(pause_doc["source_pause_message"]) self.assertIsNone(pause_doc["destination_pause_message"]) # validate the rule results rule = pause_doc["pause_rules"][0] # should be the only rule self.assertEqual(rule["DATA_TYPE"], "pause_rule_limited") self.assertEqual(rule["id"], rule_id) self.assertEqual(rule["message"], "SDK Test Pause Rule") # self.assertEqual(rule["modified_by_id"], # get_user_data()["sdktester1a"]["id"]) # 403 for non managers, even if they submitted the task with self.assertRaises(TransferAPIError) as apiErr: self.tc2.endpoint_manager_task_pause_info(task_id) self.assertEqual(apiErr.exception.http_status, 403) self.assertEqual(apiErr.exception.code, "PermissionDenied")
def setUpClass(self): """ Sets up a shared endpoint on test gp#ep2 managed by sdktester1a, and shares it with sdktester2b, or sees that this endpoint already exits and gets its id. """ super(ManagerTransferClientTests, self).setUpClass() try: # shared endpoint hosted on go#ep2 managed by sdktester1a host_path = "/~/managed_ep" self.tc.operation_mkdir(GO_EP2_ID, path=host_path) shared_data = { "DATA_TYPE": "shared_endpoint", "host_endpoint": GO_EP2_ID, "host_path": host_path, "display_name": "SDK Test Managed Endpoint", "description": "Endpoint for managed SDK testing" } r = self.tc.create_shared_endpoint(shared_data) self.managed_ep_id = r["id"] # share read and write to sdktester2b add_data = { "DATA_TYPE": "access", "principal_type": "identity", "principal": get_user_data()["sdktester2b"]["id"], "path": "/", "permissions": "rw" } self.tc.add_endpoint_acl_rule(self.managed_ep_id, add_data) except TransferAPIError as e: if "already exists" in str(e): shares = self.tc.my_shared_endpoint_list(GO_EP2_ID) self.managed_ep_id = shares["DATA"][0]["id"] else: raise e
def test_oauth2_refresh_token(self): """ Sends a refresh_token grant, validates results Confirms received access_token can be used to authorize userinfo Returns the access token for use in test_oauth2_revoke_token """ ref_res = self.nac.oauth2_refresh_token(SDKTESTER1A_NATIVE1_AUTH_RT) self.assertIn("access_token", ref_res) self.assertIn("expires_in", ref_res) self.assertIn("scope", ref_res) self.assertEqual(ref_res["resource_server"], "auth.globus.org") self.assertEqual(ref_res["token_type"], "Bearer") # confirm token can be used access_token = ref_res["access_token"] ac = globus_sdk.AuthClient( authorizer=globus_sdk.AccessTokenAuthorizer(access_token), client_id=get_client_data()["native_app_client1"]["id"]) userinfo_res = ac.oauth2_userinfo() self.assertEqual(userinfo_res["sub"], get_user_data()["sdktester1a"]["id"]) # return access_token return access_token
def test_get_identities_singleton(self): """ gets identities with single username and id values, validates results. """ # get single ID id_res = self.ac.get_identities( ids=get_user_data()["sdktester1a"]["id"]) sdk_identity = id_res["identities"][0] for item in get_user_data()["sdktester1a"]: self.assertEqual(sdk_identity[item], get_user_data()["sdktester1a"][item]) # get single username id_res = self.ac.get_identities( usernames=get_user_data()["sdktester1a"]["username"]) sdk_identity = id_res["identities"][0] for item in get_user_data()["sdktester1a"]: self.assertEqual(sdk_identity[item], get_user_data()["sdktester1a"][item])