Skip to content

Commit

Permalink
More methods called via user or sa token in e2e tests (#941)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Raalsky
Raalsky authored Aug 9, 2022
1 parent 96bcd92 commit 160964d
Show file tree
Hide file tree
Showing 3 changed files with 226 additions and 50 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/full.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ jobs:
env:
NEPTUNE_API_TOKEN: ${{ secrets.E2E_SERVICE_ACCOUNT_API_TOKEN }}
run: |
pytest ./e2e_tests -m "not integrations and not management"
pytest ./e2e_tests -m "not integrations"
- name: E2E - Integrations
if: matrix.os != 'windows-latest' && matrix.python-version == '3.10'
Expand Down
268 changes: 222 additions & 46 deletions e2e_tests/management/test_management.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
from typing import Dict

import pytest

from e2e_tests.base import BaseE2ETest, fake
Expand All @@ -36,21 +38,42 @@

@pytest.mark.management
class TestManagement(BaseE2ETest):
@staticmethod
def _assure_presence_and_role(
*, username: str, expected_role: str, member_list: Dict[str, str]
):
assert username in member_list
assert member_list.get(username) == expected_role

def test_standard_scenario(self, environment: Environment):
project_name = a_project_name(project_slug=f"{fake.slug()}-mgmt")
project_identifier = normalize_project_name(
name=project_name, workspace=environment.workspace
)

assert project_identifier not in get_project_list(api_token=environment.admin_token)
assert environment.user in get_workspace_member_list(
name=environment.workspace, api_token=environment.admin_token
)
assert (
get_workspace_member_list(
assert project_identifier not in get_project_list(api_token=environment.user_token)

self._assure_presence_and_role(
username=environment.user,
expected_role="member",
member_list=get_workspace_member_list(
name=environment.workspace, api_token=environment.admin_token
).get(environment.user)
== "member"
),
)
self._assure_presence_and_role(
username=environment.user,
expected_role="member",
member_list=get_workspace_member_list(
name=environment.workspace, api_token=environment.user_token
),
)
self._assure_presence_and_role(
username=environment.service_account,
expected_role="member",
member_list=get_workspace_service_account_list(
name=environment.workspace, api_token=environment.user_token
),
)

created_project_identifier = create_project(
Expand All @@ -62,41 +85,65 @@ def test_standard_scenario(self, environment: Environment):

assert created_project_identifier == project_identifier
assert created_project_identifier in get_project_list(api_token=environment.admin_token)
assert created_project_identifier not in get_project_list(api_token=environment.user_token)

assert environment.user not in get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
)
assert environment.service_account not in get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
)

add_project_service_account(
name=created_project_identifier,
service_account_name=environment.service_account,
role="contributor",
api_token=environment.admin_token,
)
add_project_member(
name=created_project_identifier,
username=environment.user,
role="contributor",
api_token=environment.admin_token,
)

assert environment.user in get_project_member_list(
project_members = get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
)
assert (
get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
).get(environment.user)
== "contributor"
assert environment.user in project_members
assert project_members.get(environment.user) == "contributor"

project_members = get_project_member_list(
name=created_project_identifier, api_token=environment.user_token
)
assert environment.user in project_members
assert project_members.get(environment.user) == "contributor"
assert environment.service_account not in project_members

assert created_project_identifier in get_project_list(api_token=environment.user_token)

remove_project_member(
name=created_project_identifier,
username=environment.user,
api_token=environment.admin_token,
)
remove_project_service_account(
name=created_project_identifier,
service_account_name=environment.service_account,
api_token=environment.admin_token,
)

assert created_project_identifier not in get_project_list(api_token=environment.user_token)
assert environment.user not in get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
)
assert environment.service_account not in get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
)

delete_project(name=created_project_identifier, api_token=environment.admin_token)

assert project_identifier not in get_project_list(api_token=environment.admin_token)
assert created_project_identifier not in get_project_list(api_token=environment.admin_token)

def test_visibility_workspace(self, environment: "Environment"):
project_name = a_project_name(project_slug=f"{fake.slug()}-workspace")
Expand All @@ -105,14 +152,14 @@ def test_visibility_workspace(self, environment: "Environment"):
)

assert project_identifier not in get_project_list(api_token=environment.admin_token)
assert environment.user in get_workspace_member_list(
name=environment.workspace, api_token=environment.admin_token
)
assert (
get_workspace_member_list(
assert project_identifier not in get_project_list(api_token=environment.user_token)

self._assure_presence_and_role(
username=environment.user,
expected_role="member",
member_list=get_workspace_member_list(
name=environment.workspace, api_token=environment.admin_token
).get(environment.user)
== "member"
),
)

created_project_identifier = create_project(
Expand All @@ -124,17 +171,32 @@ def test_visibility_workspace(self, environment: "Environment"):

assert created_project_identifier == project_identifier
assert created_project_identifier in get_project_list(api_token=environment.admin_token)
assert environment.user in get_project_member_list(

self._assure_presence_and_role(
username=environment.user,
expected_role="owner",
member_list=get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
),
)
assert environment.service_account not in get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
)
assert (
get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
).get(environment.user)
== "owner"

add_project_service_account(
name=created_project_identifier,
service_account_name=environment.service_account,
role="contributor",
api_token=environment.admin_token,
)

assert created_project_identifier in get_project_list(api_token=environment.user_token)
self._assure_presence_and_role(
username=environment.service_account,
expected_role="contributor",
member_list=get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
),
)

with pytest.raises(UserNotExistsOrWithoutAccess):
remove_project_member(
Expand All @@ -143,50 +205,164 @@ def test_visibility_workspace(self, environment: "Environment"):
api_token=environment.admin_token,
)

remove_project_service_account(
name=created_project_identifier,
service_account_name=environment.service_account,
api_token=environment.admin_token,
)

self._assure_presence_and_role(
username=environment.user,
expected_role="owner",
member_list=get_project_member_list(
name=created_project_identifier, api_token=environment.admin_token
),
)
assert environment.service_account not in get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
)

delete_project(name=created_project_identifier, api_token=environment.admin_token)

assert project_identifier not in get_project_list(api_token=environment.admin_token)

def test_service_accounts(self, environment: "Environment"):
project_name = a_project_name(project_slug=f"{fake.slug()}-sa")
def test_create_project(self, environment: "Environment"):
project_name = a_project_name(project_slug=f"{fake.slug()}-create")
project_identifier = normalize_project_name(
name=project_name, workspace=environment.workspace
)

assert project_identifier not in get_project_list(api_token=environment.user_token)
self._assure_presence_and_role(
username=environment.user,
expected_role="member",
member_list=get_workspace_member_list(
name=environment.workspace, api_token=environment.user_token
),
)

created_project_identifier = create_project(
name=project_name,
visibility="workspace",
workspace=environment.workspace,
api_token=environment.admin_token,
api_token=environment.user_token,
)

assert (
get_workspace_service_account_list(
name=environment.workspace, api_token=environment.admin_token
)[environment.service_account]
== "member"
assert created_project_identifier == project_identifier
assert created_project_identifier in get_project_list(api_token=environment.user_token)

delete_project(name=created_project_identifier, api_token=environment.admin_token)

assert project_identifier not in get_project_list(api_token=environment.user_token)

def _test_add_sa_to_project_as_owner(
self, created_project_identifier: str, environment: "Environment"
):
self._assure_presence_and_role(
username=environment.user,
expected_role="owner",
member_list=get_project_member_list(
name=created_project_identifier, api_token=environment.user_token
),
)

assert environment.service_account not in get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
name=created_project_identifier, api_token=environment.user_token
)

add_project_service_account(
name=created_project_identifier,
service_account_name=environment.service_account,
role="owner",
api_token=environment.admin_token,
role="contributor",
api_token=environment.user_token,
)
assert (
get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
)[environment.service_account]
== "owner"
self._assure_presence_and_role(
username=environment.service_account,
expected_role="contributor",
member_list=get_project_service_account_list(
name=created_project_identifier, api_token=environment.user_token
),
)

remove_project_service_account(
name=created_project_identifier,
service_account_name=environment.service_account,
api_token=environment.admin_token,
api_token=environment.user_token,
)
assert environment.service_account not in get_project_service_account_list(
name=created_project_identifier, api_token=environment.admin_token
)

def _test_add_user_to_project_as_sa(
self, created_project_identifier: str, environment: "Environment"
):
self._assure_presence_and_role(
username=environment.service_account,
expected_role="owner",
member_list=get_project_service_account_list(
name=created_project_identifier, api_token=environment.user_token
),
)

assert environment.user not in get_project_member_list(
name=created_project_identifier, api_token=environment.user_token
)

add_project_member(
name=created_project_identifier,
username=environment.user,
role="contributor",
api_token=environment.admin_token,
)
self._assure_presence_and_role(
username=environment.user,
expected_role="contributor",
member_list=get_project_member_list(
name=created_project_identifier, api_token=environment.user_token
),
)

remove_project_member(
name=created_project_identifier,
username=environment.user,
api_token=environment.admin_token,
)
assert environment.user not in get_project_member_list(
name=created_project_identifier, api_token=environment.user_token
)

def test_invite_as_non_admin(self, environment: "Environment"):
project_name = a_project_name(project_slug=f"{fake.slug()}-invitation")
project_identifier = normalize_project_name(
name=project_name, workspace=environment.workspace
)

created_project_identifier = create_project(
name=project_name,
workspace=environment.workspace,
api_token=environment.user_token,
)

assert created_project_identifier == project_identifier
assert created_project_identifier in get_project_list(api_token=environment.user_token)

# user who created a project (`user_token` owner) will be automatically project owner
sa_is_project_owner = environment.service_account in get_project_service_account_list(
name=created_project_identifier, api_token=environment.user_token
)
user_is_project_owner = environment.user in get_project_service_account_list(
name=created_project_identifier, api_token=environment.user_token
)
if sa_is_project_owner and not user_is_project_owner:
# SA has access to project, so tests are run as SA
self._test_add_user_to_project_as_sa(created_project_identifier, environment)
elif user_is_project_owner and not sa_is_project_owner:
# SA doesn't have access to project, so tests are run as user
self._test_add_sa_to_project_as_owner(created_project_identifier, environment)
else:
raise AssertionError(
"Expected to only SA or user to be owner of newly created project."
)

delete_project(name=created_project_identifier, api_token=environment.admin_token)

assert project_identifier not in get_project_list(api_token=environment.user_token)
Loading

0 comments on commit 160964d

Please sign in to comment.