use of bio.terra.cli.serialization.userfacing.UFAuthStatus in project terra-cli by DataBiosphere.
the class WorkspaceSetDeferLogin method workspaceLoadFailsWithNoAccess.
@Test
@DisplayName("workspace metadata fails to load after logging in as a user without read access, then succeeds with a different workspace that they do have access to")
void workspaceLoadFailsWithNoAccess() throws IOException {
// `terra auth revoke`
TestCommand.runCommandExpectSuccess("auth", "revoke");
// `terra workspace set --id=$id --defer-login`
TestCommand.runCommandExpectSuccess("workspace", "set", "--id=" + getWorkspaceId(), "--defer-login");
// the login should succeed and also print an error message to stderr that the workspace failed
// to load
ByteArrayOutputStream stdOutStream = new ByteArrayOutputStream();
ByteArrayOutputStream stdErrStream = new ByteArrayOutputStream();
UserIO.initialize(new PrintStream(stdOutStream, true, StandardCharsets.UTF_8), new PrintStream(stdErrStream, true, StandardCharsets.UTF_8), null);
workspaceSharee.login();
assertThat("login prints an error message that workspace failed to load", stdErrStream.toString(StandardCharsets.UTF_8), CoreMatchers.containsStringIgnoringCase("Error loading workspace information for the logged in user (workspace id: " + getWorkspaceId() + ")."));
// `terra status`
UFStatus status = TestCommand.runAndParseCommandExpectSuccess(UFStatus.class, "status");
assertEquals(getWorkspaceId(), status.workspace.id, "status after login user without access includes workspace id");
assertNull(status.workspace.googleProjectId, "status after login user without access does not include google project id");
// `terra auth status`
UFAuthStatus authStatus = TestCommand.runAndParseCommandExpectSuccess(UFAuthStatus.class, "auth", "status");
assertNotNull(authStatus.userEmail, "auth status after login user without access includes user email");
assertNull(authStatus.serviceAccountEmail, "auth status after login user without access does not include pet SA email");
// `terra resource list`
String stdErr = TestCommand.runCommandExpectExitCode(2, "resource", "list");
assertThat("error message includes unauthorized to read workspace resource", stdErr, CoreMatchers.containsStringIgnoringCase("User " + authStatus.userEmail + " is not authorized to read resource " + getWorkspaceId() + " of type workspace"));
// `terra workspace set --id=$sharedId`
TestCommand.runCommandExpectSuccess("workspace", "set", "--id=" + sharedWorkspaceId);
// `terra status`
status = TestCommand.runAndParseCommandExpectSuccess(UFStatus.class, "status");
assertEquals(sharedWorkspaceId, status.workspace.id, "status after login user with access includes shared workspace id");
assertNotNull(status.workspace.googleProjectId, "status after login user with access includes google project id");
// `terra auth status`
authStatus = TestCommand.runAndParseCommandExpectSuccess(UFAuthStatus.class, "auth", "status");
assertNotNull(authStatus.userEmail, "auth status after login user with access includes user email");
assertNotNull(authStatus.serviceAccountEmail, "auth status after login user with access includes pet SA email");
TestCommand.runCommandExpectSuccess("resource", "list");
}
use of bio.terra.cli.serialization.userfacing.UFAuthStatus in project terra-cli by DataBiosphere.
the class WorkspaceSetDeferLogin method workspaceLoadsImmediatelyWhenAlreadyLoggedIn.
@Test
@DisplayName("suppress login flag does not have any effect if user is already logged in")
void workspaceLoadsImmediatelyWhenAlreadyLoggedIn() throws IOException {
workspaceCreator.login();
// `terra workspace set --id=$id --defer-login`
UFWorkspace workspaceSet = TestCommand.runAndParseCommandExpectSuccess(UFWorkspace.class, "workspace", "set", "--id=" + getWorkspaceId(), "--defer-login");
assertEquals(getWorkspaceId(), workspaceSet.id, "workspace set after login includes workspace id");
assertNotNull(workspaceSet.googleProjectId, "workspace set after login includes google project id");
// `terra status`
UFStatus status = TestCommand.runAndParseCommandExpectSuccess(UFStatus.class, "status");
assertEquals(getWorkspaceId(), status.workspace.id, "status after login includes workspace id");
assertNotNull(status.workspace.googleProjectId, "status after login includes google project id");
// `terra auth status`
UFAuthStatus authStatus = TestCommand.runAndParseCommandExpectSuccess(UFAuthStatus.class, "auth", "status");
assertNotNull(authStatus.userEmail, "auth status after login includes user email");
assertNotNull(authStatus.serviceAccountEmail, "auth status after login includes pet SA email");
// `terra resource list`
TestCommand.runCommandExpectSuccess("resource", "list");
}
use of bio.terra.cli.serialization.userfacing.UFAuthStatus in project terra-cli by DataBiosphere.
the class Server method serverSetClearsAuthAndWorkspace.
@Test
@DisplayName("server set clears the auth and workspace context, doesn't prompt if already cleared")
void serverSetClearsAuthAndWorkspace() throws IOException {
workspaceCreator.login();
// `terra workspace set --id=$id`
TestCommand.runCommandExpectSuccess("workspace", "set", "--id=" + getWorkspaceId());
// `terra server set --name=broad-dev-cli-testing --quiet`
TestCommand.runCommandExpectSuccess("server", "set", "--name=broad-dev-cli-testing", "--quiet");
// `terra auth status --format=json`
UFAuthStatus authStatus = TestCommand.runAndParseCommandExpectSuccess(UFAuthStatus.class, "auth", "status");
assertFalse(authStatus.loggedIn, "auth status indicates user is logged out");
// `terra status --format=json`
UFStatus status = TestCommand.runAndParseCommandExpectSuccess(UFStatus.class, "status");
assertNull(status.workspace, "status indicates workspace is unset");
assertEquals("broad-dev-cli-testing", status.server.name, "status indicates server is changed");
// `terra server set --name=broad-dev`
TestCommand.runCommandExpectSuccess("server", "set", "--name=broad-dev");
// now that the auth and workspace context are cleared, we shouldn't need the --quiet flag
// anymore
}
use of bio.terra.cli.serialization.userfacing.UFAuthStatus in project terra-cli by DataBiosphere.
the class AuthStatus method authStatusWhenLoggedIn.
@Test
@DisplayName("auth status includes user email and says logged in")
void authStatusWhenLoggedIn() throws IOException {
// select a test user and login
TestUser testUser = TestUser.chooseTestUser();
testUser.login();
// `terra auth status --format=json`
UFAuthStatus authStatus = TestCommand.runAndParseCommandExpectSuccess(UFAuthStatus.class, "auth", "status");
// check that it says logged in and includes the user & proxy emails
assertThat("auth status email matches test user", authStatus.userEmail, equalToIgnoringCase(testUser.email));
assertThat("auth status includes proxy group email", authStatus.proxyGroupEmail, CoreMatchers.not(emptyOrNullString()));
assertTrue(VALID_EMAIL_ADDRESS.matcher(authStatus.proxyGroupEmail).find(), "proxy group email is a valid email");
assertThat("auth status without workspace defined does not include pet SA email", authStatus.serviceAccountEmail, CoreMatchers.is(emptyOrNullString()));
assertTrue(authStatus.loggedIn, "auth status indicates user is logged in");
}
use of bio.terra.cli.serialization.userfacing.UFAuthStatus in project terra-cli by DataBiosphere.
the class Status method execute.
/**
* Populate the current user in the global context and print out a subset of the TerraUser
* properties.
*/
@Override
protected void execute() {
// check if current user is defined
Optional<User> currentUserOpt = Context.getUser();
UFAuthStatus authStatusReturnValue;
if (currentUserOpt.isEmpty()) {
authStatusReturnValue = UFAuthStatus.createWhenCurrentUserIsUndefined();
} else {
User currentUser = currentUserOpt.get();
authStatusReturnValue = UFAuthStatus.createWhenCurrentUserIsDefined(currentUser.getEmail(), currentUser.getProxyGroupEmail(), currentUser.getPetSaEmail(), !currentUser.requiresReauthentication());
}
formatOption.printReturnValue(authStatusReturnValue, this::printText);
}
Aggregations