Skip to content

Verify that a user can query newly created templates #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 31, 2023
Merged

Verify that a user can query newly created templates #118

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1377a5e
Verify user can query new template
FedericoNegri Jan 19, 2023
41cb19b
Test for template delete
FedericoNegri Jan 26, 2023
a09bf77
Merge remote-tracking branch 'origin' into fnegri/template_perm_bug
FedericoNegri Jan 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 78 additions & 32 deletions tests/jms/test_task_definition_templates.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

import json
import logging
from typing import Tuple
import unittest
import uuid

Expand All @@ -23,6 +24,25 @@
log = logging.getLogger(__name__)


def create_new_user_client(
admin_cl: Client,
username=None,
password="test",
) -> Tuple[User, Client]:

if username is None:
username = f"testuser-{uuid.uuid4().hex[:8]}"

auth_api = AuthApi(admin_cl)
user = auth_api.create_user(User(username=username, password=password))
client = Client(
rep_url=admin_cl.rep_url,
username=user.username,
password=password,
)
return user, client


class TaskDefinitionTemplateTest(REPTestCase):
def test_template_deserialization(self):

Expand Down Expand Up @@ -171,22 +191,7 @@ def test_template_permissions(self):

# create test user
auth_api = AuthApi(client)
user_credentials = {
"user1": {"username": f"testuser-{uuid.uuid4().hex[:8]}", "password": "test"}
}
user1 = auth_api.create_user(
User(
username=user_credentials["user1"]["username"],
password=user_credentials["user1"]["password"],
is_admin=False,
)
)
log.info(f"User 1: {user1}")
client1 = Client(
rep_url=self.rep_url,
username=user1.username,
password=user_credentials["user1"]["password"],
)
user1, client1 = create_new_user_client(client)
jms_api1 = JmsApi(client1)

# verify test user can't access the template
Expand Down Expand Up @@ -229,6 +234,8 @@ def test_template_permissions(self):
# Let user1 create a template
template = TaskDefinitionTemplate(name="my_template", version=uuid.uuid4())
template = jms_api1.create_task_definition_templates([template])[0]
template = jms_api1.get_task_definition_templates(id=template.id)[0]
self.assertEqual(template.name, "my_template")
permissions = jms_api1.get_task_definition_template_permissions(template_id=template.id)
self.assertEqual(len(permissions), 1)
self.assertEqual(permissions[0].permission_type, "user")
Expand Down Expand Up @@ -285,22 +292,7 @@ def test_template_anyone_permission(self):

# create test user
auth_api = AuthApi(client)
user_credentials = {
"user1": {"username": f"testuser-{uuid.uuid4().hex[:8]}", "password": "test"}
}
user1 = auth_api.create_user(
User(
username=user_credentials["user1"]["username"],
password=user_credentials["user1"]["password"],
is_admin=False,
)
)
log.info(f"User 1: {user1}")
client1 = Client(
rep_url=self.rep_url,
username=user1.username,
password=user_credentials["user1"]["password"],
)
user1, client1 = create_new_user_client(client)
jms_api1 = JmsApi(client1)

# verify test user can't access the template
Expand Down Expand Up @@ -346,6 +338,60 @@ def test_template_anyone_permission(self):
# Delete user
auth_api.delete_user(user1)

def test_template_delete(self):

client = self.client()
auth_api = AuthApi(client)

# create 2 non-admin users
jms_api = JmsApi(client)
user1, client1 = create_new_user_client(client)
self.assertFalse(user1.is_admin)
jms_api1 = JmsApi(client1)
user2, client2 = create_new_user_client(client)
self.assertFalse(user2.is_admin)
jms_api2 = JmsApi(client2)

# user1 creates new template
template = TaskDefinitionTemplate(name="my_template", version=uuid.uuid4())
template = jms_api1.create_task_definition_templates([template])[0]
permissions = jms_api1.get_task_definition_template_permissions(template_id=template.id)
self.assertEqual(len(permissions), 1)
self.assertEqual(permissions[0].permission_type, "user")
self.assertEqual(permissions[0].role, "admin")
self.assertEqual(permissions[0].value_id, user1.id)

# verify user2 can't access the template
client2_templates = jms_api2.get_task_definition_templates(id=template.id)
self.assertEqual(len(client2_templates), 0)

# user1 grants anyone read permissions
permissions.append(Permission(permission_type="anyone", role="reader", value_id=None))
permissions = jms_api1.update_task_definition_template_permissions(template.id, permissions)
self.assertEqual(len(permissions), 2)

# verify user2 can now access the template
client2_templates = jms_api2.get_task_definition_templates(id=template.id)
self.assertEqual(len(client2_templates), 1)
self.assertEqual(client2_templates[0].name, template.name)

# verify user2 can't delete the template
except_obj = None
try:
client2_templates = jms_api2.delete_task_definition_templates(client2_templates)
except REPError as e:
except_obj = e
self.assertIsNotNone(except_obj)
self.assertEqual(except_obj.response.status_code, 403)
self.assertEqual(except_obj.description, "Access to this resource has been restricted")

# Delete the template
jms_api.delete_task_definition_templates([template])

# Delete users
auth_api.delete_user(user1)
auth_api.delete_user(user2)


if __name__ == "__main__":
unittest.main()