-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Permissions integration tests #1550
Merged
Merged
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
# TODO: This file will be replaced by using the SDK directly | ||
def update_group_tenant_permissions(client, group_uri, permissions=[]): | ||
query = { | ||
'operationName': 'updateGroupTenantPermissions', | ||
'variables': { | ||
'input': { | ||
'groupUri': group_uri, | ||
'permissions': permissions, | ||
} | ||
}, | ||
'query': """ | ||
mutation updateGroupTenantPermissions( | ||
$input: UpdateGroupTenantPermissionsInput! | ||
) { | ||
updateGroupTenantPermissions(input: $input) | ||
} | ||
""", | ||
} | ||
response = client.query(query=query) | ||
return response.data.updateGroupTenantPermissions | ||
|
||
|
||
def list_tenant_permissions(client): | ||
query = { | ||
'operationName': 'listTenantPermissions', | ||
'variables': {}, | ||
'query': """ | ||
query listTenantPermissions { | ||
listTenantPermissions { | ||
name | ||
description | ||
} | ||
} | ||
""", | ||
} | ||
response = client.query(query=query) | ||
return response.data.listTenantPermissions | ||
|
||
|
||
def list_tenant_groups(client, term=''): | ||
query = { | ||
'operationName': 'listTenantGroups', | ||
'variables': {'filter': {'term': term}}, | ||
'query': """ | ||
query listTenantGroups($filter: GroupFilter) { | ||
listTenantGroups(filter: $filter) { | ||
count | ||
page | ||
pages | ||
hasNext | ||
hasPrevious | ||
nodes { | ||
groupUri | ||
tenantPermissions { | ||
name | ||
description | ||
} | ||
} | ||
} | ||
} | ||
""", | ||
} | ||
response = client.query(query=query) | ||
return response.data.listTenantGroups |
57 changes: 57 additions & 0 deletions
57
tests_new/integration_tests/core/permissions/test_permissions.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
from assertpy import assert_that | ||
|
||
from integration_tests.core.permissions.queries import ( | ||
update_group_tenant_permissions, | ||
list_tenant_permissions, | ||
list_tenant_groups, | ||
) | ||
from integration_tests.errors import GqlError | ||
|
||
|
||
def test_list_tenant_permissions(clientTenant): | ||
response = list_tenant_permissions(clientTenant) | ||
assert_that(response).is_not_empty() | ||
assert_that(len(response)).is_greater_than_or_equal_to(3) | ||
assert_that(response).does_not_contain([None, '', False]) | ||
assert_that([p.name for p in response]).does_not_contain([None, '', False]) | ||
|
||
|
||
def test_list_tenant_permissions_unauthorized(client1): | ||
assert_that(list_tenant_permissions).raises(GqlError).when_called_with(client1).contains( | ||
'UnauthorizedOperation', 'LIST_TENANT_TEAM_PERMISSIONS' | ||
) | ||
|
||
|
||
def test_list_tenant_groups(clientTenant): | ||
response = list_tenant_groups(clientTenant) | ||
assert_that(response.count).is_greater_than_or_equal_to(4) | ||
assert_that(response.nodes).is_not_empty() | ||
assert_that(response.nodes[0]).contains_key('tenantPermissions') | ||
## Testing admin group DAAdministrators exists | ||
admin_group = next(group for group in response.nodes if group.groupUri == 'DHAdmins') | ||
assert_that(admin_group).contains_key('tenantPermissions') | ||
|
||
|
||
def test_list_tenant_groups_unauthorized(client1): | ||
assert_that(list_tenant_groups).raises(GqlError).when_called_with(client1).contains( | ||
'UnauthorizedOperation', 'LIST_TENANT_TEAMS' | ||
) | ||
|
||
|
||
def test_update_group_tenant_permissions(clientTenant, group1): | ||
# get group with permissions | ||
response = list_tenant_groups(clientTenant, term=group1) | ||
assert_that(response.count).is_equal_to(1) | ||
assert_that(len(response.nodes[0].tenantPermissions)).is_greater_than_or_equal_to(1) | ||
group1_perms = [p.name for p in response.nodes[0].tenantPermissions] | ||
# update permissions | ||
response = update_group_tenant_permissions(clientTenant, group1, group1_perms[:-1]) | ||
assert_that(response).is_true() | ||
# check permissions were updated | ||
response = list_tenant_groups(clientTenant, term=group1) | ||
assert_that(response.count).is_equal_to(1) | ||
group1_p_updated = response.nodes[0] | ||
assert_that(len(group1_p_updated.tenantPermissions)).is_equal_to(len(group1_perms) - 1) | ||
assert_that(group1_p_updated.tenantPermissions).does_not_contain(group1_perms[-1]) | ||
# update permissions back to initial state | ||
update_group_tenant_permissions(clientTenant, group1, group1_perms) |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: any reason we filter for
DHAdmins
and not just take the first entry likeresponse.nodes[0]
to ensure it containstenantPermissions
key?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The DHAdmins is a group created during deployment; it is the only one with the tenant permissions. It is true this is testing something else. We could break it down into 2 tests - test_tenant_group_exists and test_list_tenant_groups
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ended up adding a comment to explain the purpose of that last check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay I think makes sense - may be no need to include
response.nodes[0]
since it is duplicate chck ofadmin_group
which is testing the same and more, but PR looks good