use of bio.terra.workspace.app.configuration.external.WsmApplicationConfiguration.App in project terra-workspace-manager by DataBiosphere.
the class ApplicationUnitTest method configValidationTest.
@Test
public void configValidationTest() {
// The App class is what we get from the configuration file. This test verifies that the
// config validation is working properly.
// Test with empty object
App testApp = new App();
configValidationFail(testApp, ERROR_MISSING_REQUIRED);
// Test with missing UUID
testApp = makeApp(null, GOOD_EMAIL, GOOD_STATE);
configValidationFail(testApp, ERROR_MISSING_REQUIRED);
// Test with missing service account
testApp = makeApp(GOOD_UUID_STRING, null, GOOD_STATE);
configValidationFail(testApp, ERROR_MISSING_REQUIRED);
// Test with missing state
testApp = makeApp(GOOD_UUID_STRING, GOOD_EMAIL, null);
configValidationFail(testApp, ERROR_MISSING_REQUIRED);
// Test with bad UUID
testApp = makeApp(BAD_DATA, GOOD_EMAIL, GOOD_STATE);
configValidationFail(testApp, ERROR_BAD_UUID);
// Test with bad email
testApp = makeApp(GOOD_UUID_STRING, BAD_DATA, GOOD_STATE);
configValidationFail(testApp, ERROR_BAD_EMAIL);
// Test with bad state
testApp = makeApp(GOOD_UUID_STRING, GOOD_EMAIL, BAD_DATA);
configValidationFail(testApp, ERROR_BAD_STATE);
// Test with everything good
testApp = makeApp(GOOD_UUID_STRING, GOOD_EMAIL, GOOD_STATE);
configValidationSuccess(testApp);
// Test with name and desc filled in
testApp = makeApp(GOOD_UUID_STRING, GOOD_EMAIL, GOOD_STATE);
testApp.setName(GOOD_NAME);
testApp.setDescription(GOOD_DESC);
WsmApplication wsmApp = configValidationSuccess(testApp);
assertEquals(GOOD_NAME, wsmApp.getDisplayName());
assertEquals(GOOD_DESC, wsmApp.getDescription());
}
use of bio.terra.workspace.app.configuration.external.WsmApplicationConfiguration.App in project terra-workspace-manager by DataBiosphere.
the class ApplicationUnitTest method makeApp.
private App makeApp(String identifier, String serviceAccount, String state) {
App configApp = new App();
configApp.setIdentifier(identifier);
configApp.setServiceAccount(serviceAccount);
configApp.setState(state);
return configApp;
}
use of bio.terra.workspace.app.configuration.external.WsmApplicationConfiguration.App in project terra-workspace-manager by DataBiosphere.
the class PrivateResourceCleanupServiceTest method cleanupResourcesSuppressExceptions_cleansApplicationPrivateResource_succeeds.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void cleanupResourcesSuppressExceptions_cleansApplicationPrivateResource_succeeds() {
// Default user owns the workspace and group. Secondary user has workspace membership via group.
// Add second user to group
addUserToGroup(groupName, userAccessUtils.getSecondUserEmail(), ownerGroupApi);
// Add group to workspace as writer
SamRethrow.onInterrupted(() -> samService.grantWorkspaceRole(workspace.getWorkspaceId(), userAccessUtils.defaultUserAuthRequest(), WsmIamRole.WRITER, groupEmail), "grantWorkspaceRole");
// Enable the WSM test app in this workspace. This has a test user as the "service account" so
// we can delegate credentials normally.
App appConfig = getAppBySa(applicationAccessUtils.getApplicationSaEmail());
UUID appId = UUID.fromString(appConfig.getIdentifier());
AuthenticatedUserRequest appRequest = applicationAccessUtils.applicationSaAuthenticatedUserRequest();
wsmApplicationService.enableWorkspaceApplication(userAccessUtils.defaultUserAuthRequest(), workspace.getWorkspaceId(), appId);
// Create application private bucket assigned to second user.
ControlledResourceFields commonFields = ControlledResourceFixtures.makeDefaultControlledResourceFieldsBuilder().workspaceId(workspace.getWorkspaceId()).accessScope(AccessScopeType.ACCESS_SCOPE_PRIVATE).managedBy(ManagedByType.MANAGED_BY_APPLICATION).applicationId(appId).assignedUser(userAccessUtils.getSecondUserEmail()).build();
ControlledGcsBucketResource resource = ControlledGcsBucketResource.builder().common(commonFields).bucketName(ControlledResourceFixtures.uniqueBucketName()).build();
ApiGcpGcsBucketCreationParameters creationParameters = new ApiGcpGcsBucketCreationParameters().location("us-central1");
// Create resource as application.
controlledResourceService.createControlledResourceSync(resource, ControlledResourceIamRole.WRITER, appRequest, creationParameters);
// Verify second user can read the private resource in Sam.
SamRethrow.onInterrupted(() -> samService.checkAuthz(userAccessUtils.secondUserAuthRequest(), resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth");
// Remove second user from workspace via group.
removeUserFromGroup(groupName, userAccessUtils.getSecondUserEmail(), ownerGroupApi);
// Verify second user is no longer in workspace, but still has resource access because cleanup
// hasn't run yet.
assertFalse(SamRethrow.onInterrupted(() -> samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), SamResource.WORKSPACE, resource.getWorkspaceId().toString(), SamWorkspaceAction.READ), "checkResourceAuth"));
assertTrue(SamRethrow.onInterrupted(() -> samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth"));
// Manually enable and run cleanup.
privateResourceCleanupConfiguration.setEnabled(true);
// Calling "cleanupResources" manually lets us skip waiting for the cronjob to trigger.
privateResourceCleanupService.cleanupResourcesSuppressExceptions();
// Verify second user can no longer read the resource.
assertFalse(SamRethrow.onInterrupted(() -> samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth"));
// Verify resource is marked "abandoned"
ControlledResource dbResource = resourceDao.getResource(resource.getWorkspaceId(), resource.getResourceId()).castToControlledResource();
assertEquals(PrivateResourceState.ABANDONED, dbResource.getPrivateResourceState().get());
// Application can still read the resource, because applications have EDITOR role on their
// application-private resources.
assertTrue(SamRethrow.onInterrupted(() -> samService.isAuthorized(appRequest, resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth"));
}
Aggregations