feat: change resource id with external_id in authz

Closing ENG-1920
indykite · Oct 17, 2023 · 05bae8f · 05bae8f
1 parent 6e1079a
commit 05bae8f
Show file tree

Hide file tree

Showing 13 changed files with 868 additions and 745 deletions.
diff --git a/.coveragerc b/.coveragerc
@@ -4,6 +4,7 @@ omit =
   version.py
   indykite_sdk/api.py
   indykite_sdk/api_helper.py
+  indykite_sdk/ingest.py
   indykite_sdk/example.py
   indykite_sdk/indykite/*
   indykite_sdk/validate/*

diff --git a/codecov.yaml b/codecov.yaml
@@ -15,6 +15,7 @@ ignore:
   - "version.py"
   - "indykite_sdk/api.py"
   - "indykite_sdk/api_helper.py"
+  - "indykite_sdk/ingest.py"
   - "indykite_sdk/example.py"
   - "indykite_sdk/indykite"
   - "indykite_sdk/validate"

diff --git a/examples/spaces/Pipfile b/examples/spaces/Pipfile
@@ -5,28 +5,29 @@ name = "pypi"
 
 [packages]
 connexion = {version = ">=2.6.0", extras = ["swagger-ui"]}
-swagger-ui-bundle = ">=0.0.4"
-python-dateutil = ">=2.6.0"
+swagger-ui-bundle = ">=0.0.9"
+python-dateutil = ">=2.8.2"
 indykite-sdk-python = {ref = "v1.27.0", git = "https://github.com/indykite/indykite-sdk-python"}
 python-jose = "3.3.0"
-gql = "3.4.0"
+gql = "3.4.1"
+urllib3 = "1.26.17"
 requests = ">=2.31.0"
-requests-toolbelt = "2.1.0"
-flask = "2.3.1"
-markupsafe = "2.1.2"
-Werkzeug = "2.3.0"
-Flask-JWT-Extended = "4.4.4"
-Flask-Migrate = "4.0.4"
+requests-toolbelt = "*"
+flask = "2.3.3"
+markupsafe = "2.1.3"
+Werkzeug = "2.3.7"
+Flask-JWT-Extended = "4.5.3"
+Flask-Migrate = "4.0.5"
 Flask-SQLAlchemy = "3.0.3"
 SQLAlchemy = "2.0.10"
 pydantic = "1.10.7"
 email-validator = "2.0.0.post2"
-python-dotenv = "1.0.0"
-psycopg2-binary = "3.1.18"
-flask-openapi3 = "2.3.2"
+python-dotenv = "*"
+psycopg2-binary = "*"
+flask-openapi3 = "2.5.3"
 Flask-RQ2 = "18.3"
-rq = "1.13.0"
-redis = "4.5.4"
+rq = "1.15.1"
+redis = "5.0.1"
 
 [requires]
 python_version = "3.11"
diff --git a/examples/spaces/Pipfile.lock b/examples/spaces/Pipfile.lock
diff --git a/indykite_sdk/authorization/is_authorized.py b/indykite_sdk/authorization/is_authorized.py
@@ -79,7 +79,7 @@ def is_authorized_property_filter(self, type_filter, value, resources=[], input_
 
 def request_resource(resources):
     return [
-        pb2.IsAuthorizedRequest.Resource(id=r.id, type=r.type, actions=list(r.actions))
+        pb2.IsAuthorizedRequest.Resource(external_id=r.external_id, type=r.type, actions=list(r.actions))
         for r in resources
     ]
 

diff --git a/indykite_sdk/authorization/who_authorized.py b/indykite_sdk/authorization/who_authorized.py
@@ -26,7 +26,7 @@ def who_authorized(self,  resources=[], input_params={}, policy_tags=[]):
 
 def request_resource(resources):
     return [
-        pb2.WhoAuthorizedRequest.Resource(id=r.id, type=r.type, actions=list(r.actions))
+        pb2.WhoAuthorizedRequest.Resource(external_id=r.external_id, type=r.type, actions=list(r.actions))
         for r in resources
     ]
 

diff --git a/indykite_sdk/indykite/auditsink/v1beta1/authorization_pb2.py b/indykite_sdk/indykite/auditsink/v1beta1/authorization_pb2.py
diff --git a/indykite_sdk/indykite/authorization/v1beta1/authorization_service_pb2.py b/indykite_sdk/indykite/authorization/v1beta1/authorization_service_pb2.py
diff --git a/indykite_sdk/model/is_authorized.py b/indykite_sdk/model/is_authorized.py
@@ -27,8 +27,8 @@ def __init__(self, decision_time, decisions):
 
 class IsAuthorizedResource:
 
-    def __init__(self, id: any, type, actions=[]):
-        self.id = id
+    def __init__(self, external_id: any, type, actions=[]):
+        self.external_id = external_id
         self.type = type
         self.actions = actions
 

diff --git a/indykite_sdk/model/who_authorized.py b/indykite_sdk/model/who_authorized.py
@@ -27,8 +27,8 @@ def __init__(self, decision_time, decisions):
 
 class WhoAuthorizedResource:
 
-    def __init__(self, id: any, type, actions=[]):
-        self.id = id
+    def __init__(self, external_id: any, type, actions=[]):
+        self.external_id = external_id
         self.type = type
         self.actions = actions
 

diff --git a/tests/test_delete.py b/tests/test_delete.py
@@ -46,6 +46,21 @@ def test_del_digital_twin_nonexisting_twin_id(capsys):
     assert "StatusCode.INVALID_ARGUMENT" in captured.err
 
 
+def test_del_digital_twin_empty(capsys):
+    digital_twin_id = data.get_digital_twin()
+    tenant_id = data.get_tenant()
+
+    client = IdentityClient()
+    assert client is not None
+
+    def mocked_del_digital_twin(request: pb2.DeleteDigitalTwinRequest):
+        return None
+
+    client.stub.DeleteDigitalTwin = mocked_del_digital_twin
+    response = client.del_digital_twin(digital_twin_id, tenant_id)
+    assert response is None
+
+
 def test_del_digital_twin_success(capsys):
     digital_twin_id = data.get_digital_twin()
     tenant_id = data.get_tenant()

diff --git a/tests/test_is_authorized.py b/tests/test_is_authorized.py
@@ -32,7 +32,7 @@ def test_is_authorized_token_empty():
     input_params = {}
     res = []
     for r in resources:
-        res.append(pb2.IsAuthorizedRequest.Resource(id=r.id, type=r.type, actions=r.actions))
+        res.append(pb2.IsAuthorizedRequest.Resource(external_id=r.external_id, type=r.type, actions=r.actions))
     subject = pb2_model.Subject(
         indykite_access_token=str(access_token)
     )
@@ -57,7 +57,7 @@ def test_is_authorized_token_success():
     policy_tags = []
     res = []
     for r in resources:
-        res.append(pb2.IsAuthorizedRequest.Resource(id=r.id, type=r.type, actions=r.actions))
+        res.append(pb2.IsAuthorizedRequest.Resource(external_id=r.external_id, type=r.type, actions=r.actions))
     subject = pb2_model.Subject(
         indykite_access_token=str(token)
     )

diff --git a/tests/test_verification.py b/tests/test_verification.py
@@ -13,6 +13,30 @@ def test_verify_digital_twin_email_short_token(capsys):
     assert "Token must be 32 chars or more" in captured.err
 
 
+def test_verify_digital_twin_email_invalid_token(capsys):
+    token = data.get_expired_token()
+
+    client = IdentityClient()
+    assert client is not None
+
+    response = client.verify_digital_twin_email(token)
+    captured = capsys.readouterr()
+
+    assert "invalid token format" in captured.err
+
+
+def test_verify_digital_twin_email_success(registration_until_email_arrives, capsys):
+    token = registration_until_email_arrives
+
+    client = IdentityClient()
+    assert client is not None
+
+    response = client.verify_digital_twin_email(token)
+    captured = capsys.readouterr()
+
+    assert response is not None or "property does not belong under current application" in captured.err
+
+
 def test_start_digital_twin_email_verification_wrong_twin_id(capsys):
     digital_twin_id = "gid:AAAAAla6PZwUpk6Lizs5Iki3NDE"
     tenant_id = data.get_tenant()
@@ -55,6 +79,20 @@ def test_start_digital_twin_email_verification_nonexisting_twin_id(capsys):
     assert "StatusCode.INVALID_ARGUMENT" in captured.err
 
 
+def test_start_digital_twin_email_verification_invalid_email_address(capsys):
+    digital_twin_id = "gid:AAAAFf_ZpzyM2UpRuG22DJLLNq0"
+    tenant_id = data.get_tenant()
+    email = "invalid_email"
+
+    client = IdentityClient()
+    assert client is not None
+
+    response = client.start_digital_twin_email_verification(digital_twin_id, tenant_id, email)
+    captured = capsys.readouterr()
+
+    assert "value must be a valid email address" in captured.err
+
+
 def test_start_digital_twin_email_verification_email_not_found(capsys):
     digital_twin_id = data.get_digital_twin()
     tenant_id = data.get_tenant()