use of bio.terra.model.EnumerateDatasetModel in project jade-data-repo by DataBiosphere.
the class DatasetConnectedTest method testExcludeLockedFromDatasetLookups.
@Test
public void testExcludeLockedFromDatasetLookups() throws Exception {
// check that the dataset metadata row is unlocked
UUID datasetId = UUID.fromString(summaryModel.getId());
String exclusiveLock = datasetDao.getExclusiveLock(datasetId);
assertNull("dataset row is not exclusively locked", exclusiveLock);
String[] sharedLocks = datasetDao.getSharedLocks(datasetId);
assertEquals("dataset row has no shared lock", 0, sharedLocks.length);
// retrieve the dataset and check that it finds it
DatasetModel datasetModel = connectedOperations.getDataset(summaryModel.getId());
assertEquals("Lookup unlocked dataset succeeds", summaryModel.getName(), datasetModel.getName());
// enumerate datasets and check that this dataset is included in the set
EnumerateDatasetModel enumerateDatasetModel = connectedOperations.enumerateDatasets(summaryModel.getName());
List<DatasetSummaryModel> enumeratedDatasets = enumerateDatasetModel.getItems();
boolean foundDatasetWithMatchingId = false;
for (DatasetSummaryModel enumeratedDataset : enumeratedDatasets) {
if (enumeratedDataset.getId().equals(summaryModel.getId())) {
foundDatasetWithMatchingId = true;
break;
}
}
assertTrue("Unlocked included in enumeration", foundDatasetWithMatchingId);
// NO ASSERTS inside the block below where hang is enabled to reduce chance of failing before disabling the hang
// ====================================================
// enable hang in DeleteDatasetPrimaryDataStep
configService.setFault(ConfigEnum.DATASET_DELETE_LOCK_CONFLICT_STOP_FAULT.name(), true);
// kick off a request to delete the dataset. this should hang before unlocking the dataset object.
MvcResult deleteResult = mvc.perform(delete("/api/repository/v1/datasets/" + summaryModel.getId())).andReturn();
// give the flight time to launch
TimeUnit.SECONDS.sleep(5);
// check that the dataset metadata row has an exclusive lock
// note: asserts are below outside the hang block
exclusiveLock = datasetDao.getExclusiveLock(datasetId);
sharedLocks = datasetDao.getSharedLocks(datasetId);
// retrieve the dataset, should return not found
// note: asserts are below outside the hang block
MvcResult retrieveResult = mvc.perform(get("/api/repository/v1/datasets/" + datasetId)).andReturn();
// enumerate datasets, this dataset should not be included in the set
// note: asserts are below outside the hang block
MvcResult enumerateResult = connectedOperations.enumerateDatasetsRaw(summaryModel.getName());
// disable hang in DeleteDatasetPrimaryDataStep
configService.setFault(ConfigEnum.DATASET_DELETE_LOCK_CONFLICT_CONTINUE_FAULT.name(), true);
// ====================================================
// check that the dataset metadata row has an exclusive lock after kicking off the delete
assertNotNull("dataset row is exclusively locked", exclusiveLock);
assertEquals("dataset row has no shared lock", 0, sharedLocks.length);
// check that the retrieve request returned not found
connectedOperations.handleFailureCase(retrieveResult.getResponse(), HttpStatus.NOT_FOUND);
// check that the enumerate request returned successfully and that this dataset is not included in the set
enumerateDatasetModel = connectedOperations.handleSuccessCase(enumerateResult.getResponse(), EnumerateDatasetModel.class);
enumeratedDatasets = enumerateDatasetModel.getItems();
foundDatasetWithMatchingId = false;
for (DatasetSummaryModel enumeratedDataset : enumeratedDatasets) {
if (enumeratedDataset.getId().equals(summaryModel.getId())) {
foundDatasetWithMatchingId = true;
break;
}
}
assertFalse("Exclusively locked not included in enumeration", foundDatasetWithMatchingId);
// check the response from the delete request
MockHttpServletResponse deleteResponse = connectedOperations.validateJobModelAndWait(deleteResult);
DeleteResponseModel deleteResponseModel = connectedOperations.handleSuccessCase(deleteResponse, DeleteResponseModel.class);
assertEquals("Dataset delete returned successfully", DeleteResponseModel.ObjectStateEnum.DELETED, deleteResponseModel.getObjectState());
// try to fetch the dataset again and confirm nothing is returned
connectedOperations.getDatasetExpectError(summaryModel.getId(), HttpStatus.NOT_FOUND);
}
use of bio.terra.model.EnumerateDatasetModel in project jade-data-repo by DataBiosphere.
the class DatasetIntegrationTest method datasetUnauthorizedPermissionsTest.
@Test
public void datasetUnauthorizedPermissionsTest() throws Exception {
dataRepoFixtures.createDatasetError(custodian(), "dataset-minimal.json", HttpStatus.UNAUTHORIZED);
dataRepoFixtures.createDatasetError(reader(), "dataset-minimal.json", HttpStatus.UNAUTHORIZED);
EnumerateDatasetModel enumDatasetsResp = dataRepoFixtures.enumerateDatasets(reader());
List<DatasetSummaryModel> items = enumDatasetsResp.getItems();
if (items != null) {
for (DatasetSummaryModel datasetModel : items) {
logger.info(String.format("found dataset for reader: %s, created: %s", datasetModel.getId(), datasetModel.getCreatedDate()));
}
}
assertThat("Reader does not have access to datasets", enumDatasetsResp.getTotal(), equalTo(0));
DatasetSummaryModel summaryModel = null;
summaryModel = dataRepoFixtures.createDataset(steward(), "dataset-minimal.json");
datasetId = summaryModel.getId();
DataRepoResponse<DatasetModel> getDatasetResp = dataRepoFixtures.getDatasetRaw(reader(), summaryModel.getId());
assertThat("Reader is not authorized to get dataset", getDatasetResp.getStatusCode(), equalTo(HttpStatus.UNAUTHORIZED));
// make sure reader cannot delete dataset
DataRepoResponse<JobModel> deleteResp1 = dataRepoFixtures.deleteDatasetLaunch(reader(), summaryModel.getId());
assertThat("Reader is not authorized to delete datasets", deleteResp1.getStatusCode(), equalTo(HttpStatus.UNAUTHORIZED));
// right now the authorization for dataset delete is done directly in the controller.
// so we need to check the response to the delete request for the unauthorized failure
// once we move the authorization for dataset delete into a separate step,
// then the check will need two parts, as below:
// check job launched successfully, check job result is failure with unauthorized
// DataRepoResponse<JobModel> jobResp1 = dataRepoFixtures.deleteDatasetLaunch(
// reader(), summaryModel.getId());
// assertTrue("dataset delete launch succeeded", jobResp1.getStatusCode().is2xxSuccessful());
// assertTrue("dataset delete launch response is present", jobResp1.getResponseObject().isPresent());
// DataRepoResponse<ErrorModel> deleteResp1 = dataRepoClient.waitForResponse(
// reader(), jobResp1, ErrorModel.class);
// assertThat("Reader is not authorized to delete datasets",
// deleteResp1.getStatusCode(),
// equalTo(HttpStatus.UNAUTHORIZED));
// make sure custodian cannot delete dataset
DataRepoResponse<JobModel> deleteResp2 = dataRepoFixtures.deleteDatasetLaunch(custodian(), summaryModel.getId());
assertThat("Custodian is not authorized to delete datasets", deleteResp2.getStatusCode(), equalTo(HttpStatus.UNAUTHORIZED));
// same comment as above for the reader() delete
// DataRepoResponse<JobModel> jobResp2 = dataRepoFixtures.deleteDatasetLaunch(
// custodian(), summaryModel.getId());
// assertTrue("dataset delete launch succeeded", jobResp2.getStatusCode().is2xxSuccessful());
// assertTrue("dataset delete launch response is present", jobResp2.getResponseObject().isPresent());
// DataRepoResponse<ErrorModel> deleteResp2 = dataRepoClient.waitForResponse(
// custodian(), jobResp2, ErrorModel.class);
// assertThat("Custodian is not authorized to delete datasets",
// deleteResp2.getStatusCode(),
// equalTo(HttpStatus.UNAUTHORIZED));
}
use of bio.terra.model.EnumerateDatasetModel in project jade-data-repo by DataBiosphere.
the class DatasetIntegrationTest method datasetHappyPath.
@Test
public void datasetHappyPath() throws Exception {
DatasetSummaryModel summaryModel = dataRepoFixtures.createDataset(steward(), "it-dataset-omop.json");
datasetId = summaryModel.getId();
logger.info("dataset id is " + summaryModel.getId());
assertThat(summaryModel.getName(), startsWith(omopDatasetName));
assertThat(summaryModel.getDescription(), equalTo(omopDatasetDesc));
DatasetModel datasetModel = dataRepoFixtures.getDataset(steward(), summaryModel.getId());
assertThat(datasetModel.getName(), startsWith(omopDatasetName));
assertThat(datasetModel.getDescription(), equalTo(omopDatasetDesc));
// There is a delay from when a resource is created in SAM to when it is available in an enumerate call.
boolean metExpectation = TestUtils.eventualExpect(5, 60, true, () -> {
EnumerateDatasetModel enumerateDatasetModel = dataRepoFixtures.enumerateDatasets(steward());
boolean found = false;
for (DatasetSummaryModel oneDataset : enumerateDatasetModel.getItems()) {
if (oneDataset.getId().equals(datasetModel.getId())) {
assertThat(oneDataset.getName(), startsWith(omopDatasetName));
assertThat(oneDataset.getDescription(), equalTo(omopDatasetDesc));
found = true;
break;
}
}
return found;
});
assertTrue("dataset was found in enumeration", metExpectation);
// test allowable permissions
dataRepoFixtures.addDatasetPolicyMember(steward(), summaryModel.getId(), IamRole.CUSTODIAN, custodian().getEmail());
DataRepoResponse<EnumerateDatasetModel> enumDatasets = dataRepoFixtures.enumerateDatasetsRaw(custodian());
assertThat("Custodian is authorized to enumerate datasets", enumDatasets.getStatusCode(), equalTo(HttpStatus.OK));
}
use of bio.terra.model.EnumerateDatasetModel in project jade-data-repo by DataBiosphere.
the class RepositoryApiController method enumerateDatasets.
@Override
public ResponseEntity<EnumerateDatasetModel> enumerateDatasets(@Valid @RequestParam(value = "offset", required = false, defaultValue = "0") Integer offset, @Valid @RequestParam(value = "limit", required = false, defaultValue = "10") Integer limit, @Valid @RequestParam(value = "sort", required = false, defaultValue = "created_date") String sort, @Valid @RequestParam(value = "direction", required = false, defaultValue = "asc") String direction, @Valid @RequestParam(value = "filter", required = false) String filter) {
ControllerUtils.validateEnumerateParams(offset, limit, sort, direction);
List<UUID> resources = iamService.listAuthorizedResources(getAuthenticatedInfo(), IamResourceType.DATASET);
EnumerateDatasetModel esm = datasetService.enumerate(offset, limit, sort, direction, filter, resources);
return new ResponseEntity<>(esm, HttpStatus.OK);
}
use of bio.terra.model.EnumerateDatasetModel in project jade-data-repo by DataBiosphere.
the class AccessTest method checkShared.
@Test
public void checkShared() throws Exception {
makeIngestTestDataset();
IngestRequestModel request = dataRepoFixtures.buildSimpleIngest("participant", "ingest-test/ingest-test-participant.json");
dataRepoFixtures.ingestJsonData(steward(), datasetId, request);
request = dataRepoFixtures.buildSimpleIngest("sample", "ingest-test/ingest-test-sample.json");
dataRepoFixtures.ingestJsonData(steward(), datasetId, request);
DatasetModel dataset = dataRepoFixtures.getDataset(steward(), datasetId);
String datasetBqSnapshotName = "datarepo_" + dataset.getName();
BigQuery custodianBigQuery = BigQueryFixtures.getBigQuery(dataset.getDataProject(), custodianToken);
try {
BigQueryFixtures.datasetExists(custodianBigQuery, dataset.getDataProject(), datasetBqSnapshotName);
fail("custodian shouldn't be able to access bq dataset before it is shared with them");
} catch (IllegalStateException e) {
assertThat("checking message for pdao exception error", e.getMessage(), equalTo("existence check failed for " + datasetBqSnapshotName));
}
dataRepoFixtures.addDatasetPolicyMember(steward(), datasetId, IamRole.CUSTODIAN, custodian().getEmail());
DataRepoResponse<EnumerateDatasetModel> enumDatasets = dataRepoFixtures.enumerateDatasetsRaw(custodian());
assertThat("Custodian is authorized to enumerate datasets", enumDatasets.getStatusCode(), equalTo(HttpStatus.OK));
boolean custodianHasAccess = BigQueryFixtures.hasAccess(custodianBigQuery, dataset.getDataProject(), datasetBqSnapshotName);
assertThat("custodian can access the bq snapshot after it has been shared", custodianHasAccess, equalTo(true));
SnapshotSummaryModel snapshotSummaryModel = dataRepoFixtures.createSnapshot(custodian(), datasetSummaryModel, "ingest-test-snapshot.json");
SnapshotModel snapshotModel = dataRepoFixtures.getSnapshot(custodian(), snapshotSummaryModel.getId());
BigQuery bigQuery = BigQueryFixtures.getBigQuery(snapshotModel.getDataProject(), readerToken);
try {
BigQueryFixtures.datasetExists(bigQuery, snapshotModel.getDataProject(), snapshotModel.getName());
fail("reader shouldn't be able to access bq dataset before it is shared with them");
} catch (IllegalStateException e) {
assertThat("checking message for exception error", e.getMessage(), equalTo("existence check failed for ".concat(snapshotSummaryModel.getName())));
}
dataRepoFixtures.addSnapshotPolicyMember(custodian(), snapshotSummaryModel.getId(), IamRole.READER, reader().getEmail());
AuthenticatedUserRequest authenticatedReaderRequest = new AuthenticatedUserRequest().email(reader().getEmail()).token(Optional.of(readerToken));
assertThat("correctly added reader", iamService.isAuthorized(authenticatedReaderRequest, IamResourceType.DATASNAPSHOT, snapshotSummaryModel.getId(), IamAction.READ_DATA), equalTo(true));
boolean readerHasAccess = BigQueryFixtures.hasAccess(bigQuery, snapshotModel.getDataProject(), snapshotModel.getName());
assertThat("reader can access the snapshot after it has been shared", readerHasAccess, equalTo(true));
}
Aggregations