From f2619155acc2017f12b374b8995e9fedf21e66ea Mon Sep 17 00:00:00 2001 From: Varunkumar Manohar Date: Tue, 22 Jun 2021 12:31:24 -0500 Subject: [PATCH 1/3] Introduce timeout between dataset acls tasks + allow only tenant admin to delet ehte subproject --- src/services/subproject/handler.ts | 5 +++-- tests/e2e/postman_collection.json | 13 ++++++++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/services/subproject/handler.ts b/src/services/subproject/handler.ts index c450d0e7..22bad4c4 100644 --- a/src/services/subproject/handler.ts +++ b/src/services/subproject/handler.ts @@ -218,9 +218,10 @@ export class SubProjectHandler { // get the subproject metadata const subproject = await SubProjectDAO.get(journalClient, tenant.name, req.params.subprojectid); + //Allow tenant admins are allowed to delete the subproject if (FeatureFlags.isEnabled(Feature.AUTHORIZATION)) { - // check if user is member of any of the subproject acl admin groups - await Auth.isUserAuthorized(req.headers.authorization, subproject.acls.admins, + await Auth.isUserAuthorized( + req.headers.authorization, [AuthGroups.datalakeUserAdminGroupEmail(tenant.esd)], tenant.esd, req[Config.DE_FORWARD_APPKEY]); } diff --git a/tests/e2e/postman_collection.json b/tests/e2e/postman_collection.json index 5634061a..1a5ad0d5 100644 --- a/tests/e2e/postman_collection.json +++ b/tests/e2e/postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "76a223d0-21bc-4351-b40e-a3120075c662", + "_postman_id": "1645ca67-ae8f-426d-8e7a-3280f020f359", "name": "SDMS-E2E", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -12875,6 +12875,8 @@ " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", "})", "", + "setTimeout(()=> {}, 20000)", + "", "if (pm.environment.get(\"VCS_Provider\") === 'gitlab') {", " postman.setNextRequest(\"SUBPROJECT REGISTER WITH UNIFORM ACCESS POLICY\")", "}" @@ -13016,7 +13018,7 @@ " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", "})", "", - "", + "setTimeout(()=> {}, 50000)", "" ], "type": "text/javascript" @@ -13225,7 +13227,12 @@ " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", "})", "", - "postman.setNextRequest('PATCH SUBPROJECT WITH UNIFORM ACCESS POLICY')" + "setTimeout(()=> {}, 50000)", + "", + "postman.setNextRequest('PATCH SUBPROJECT WITH UNIFORM ACCESS POLICY')", + "", + "", + "" ], "type": "text/javascript" } -- GitLab From 331624afe82d5730ad6949850e0002788929f24e Mon Sep 17 00:00:00 2001 From: Varunkumar Manohar Date: Tue, 22 Jun 2021 13:37:56 -0500 Subject: [PATCH 2/3] remove dataset access level tests --- tests/e2e/postman_collection.json | 1353 +---------------------------- 1 file changed, 1 insertion(+), 1352 deletions(-) diff --git a/tests/e2e/postman_collection.json b/tests/e2e/postman_collection.json index 1a5ad0d5..45581e23 100644 --- a/tests/e2e/postman_collection.json +++ b/tests/e2e/postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "1645ca67-ae8f-426d-8e7a-3280f020f359", + "_postman_id": "0c013f46-0f4e-4084-ba19-ab55362a9e58", "name": "SDMS-E2E", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -12844,1357 +12844,6 @@ } ] }, - { - "name": "Dataset level access (dla)", - "item": [ - { - "name": "Access Policies on subproject", - "item": [ - { - "name": "SUBPROJECT REGISTER WITH NO ACCESS POLICY", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "// Request body has no access_policy, check if the default access_policy on the subproject metadata is set to uniform", - "const response = pm.response.json()", - "pm.expect(response.access_policy).to.eql('uniform')", - "", - "// Verify if the same uuid is used in the subproject acl admin group and viewer group", - "const adminGroup = String(response.acls.admins[0])", - "const viewerGroup = String(response.acls.viewers[0])", - "", - "pm.test(\"UUID substring in admin group and viewer group should be the same\", ()=>{", - " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", - "})", - "", - "setTimeout(()=> {}, 20000)", - "", - "if (pm.environment.get(\"VCS_Provider\") === 'gitlab') {", - " postman.setNextRequest(\"SUBPROJECT REGISTER WITH UNIFORM ACCESS POLICY\")", - "}" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const subproject = 'v' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-subproject-one\", subproject)" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag01}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\n\t\"storage_class\": \"REGIONAL\",\n\t\"storage_location\": \"US-CENTRAL1\"\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-one}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-one}}" - ] - } - }, - "response": [] - }, - { - "name": "DELETE SUBPROJECT", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 200 or 404\", function () {", - " pm.expect(pm.response.code).to.be.oneOf([200,404])", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-one}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-one}}" - ] - } - }, - "response": [] - }, - { - "name": "SUBPROJECT REGISTER WITH UNIFORM ACCESS POLICY", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "// Request body has no access_policy, check if the default access_policy on the subproject metadata is set to uniform", - "const response = pm.response.json()", - "pm.expect(response.access_policy).to.eql('uniform')", - "", - "// Verify if the same uuid is used in the subproject acl admin group and viewer group", - "const adminGroup = String(response.acls.admins[0])", - "const viewerGroup = String(response.acls.viewers[0])", - "", - "pm.test(\"UUID substring in admin group and viewer group should be the same\", ()=>{", - " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", - "})", - "", - "setTimeout(()=> {}, 50000)", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const subproject = 'y' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-subproject-two\", subproject)" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag01}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\n\t\"storage_class\": \"REGIONAL\",\n\t\"storage_location\": \"US-CENTRAL1\",\n \"access_policy\": \"uniform\"\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-two}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-two}}" - ] - } - }, - "response": [] - }, - { - "name": "PATCH SUBPROJECT WITH DATASET ACCESS POLICY", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Subproject patched\", function () {", - " var child = Object.keys(jsonData);", - " pm.expect(jsonData.access_policy).to.eql('dataset');", - "});", - "", - "if (pm.environment.get(\"VCS_Provider\") === 'gitlab') {", - " postman.setNextRequest(\"SUBPROJECT REGISTER WITH ACCESS POLICY SET TO DATASET\")", - "}" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PATCH", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag02}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"access_policy\": \"dataset\"\r\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-two}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-two}}" - ] - } - }, - "response": [] - }, - { - "name": "DELETE SUBPROJECT", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 200 or 404\", function () {", - " pm.expect(pm.response.code).to.be.oneOf([200,404])", - "});", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-two}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-two}}" - ] - } - }, - "response": [] - }, - { - "name": "SUBPROJECT REGISTER WITH ACCESS POLICY SET TO DATASET", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "// Request body has no access_policy, check if the default access_policy on the subproject metadata is set to uniform", - "const response = pm.response.json()", - "pm.expect(response.access_policy).to.eql('dataset')", - "", - "// Verify if the same uuid is used in the subproject acl admin group and viewer group", - "const adminGroup = String(response.acls.admins[0])", - "const viewerGroup = String(response.acls.viewers[0])", - "", - "pm.test(\"UUID substring in admin group and viewer group should be the same\", ()=>{", - " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", - "})", - "", - "setTimeout(()=> {}, 50000)", - "", - "postman.setNextRequest('PATCH SUBPROJECT WITH UNIFORM ACCESS POLICY')", - "", - "", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const subproject = 'z' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-subproject-three\", subproject)" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag01}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\n\t\"storage_class\": \"REGIONAL\",\n\t\"storage_location\": \"US-CENTRAL1\",\n \"access_policy\": \"dataset\"\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-three}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-three}}" - ] - } - }, - "response": [] - }, - { - "name": "PATCH SUBPROJECT WITH UNIFORM ACCESS POLICY", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code should be 400. This is because it should not be possible to patch the subproject to uniform, if the exisitng policy is dataset\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "if (pm.environment.get(\"VCS_Provider\") === 'gitlab') {", - " postman.setNextRequest(\"CLEANUP STATUS UNSET\")", - "}" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PATCH", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag02}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"access_policy\": \"uniform\"\r\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-three}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-three}}" - ] - } - }, - "response": [] - }, - { - "name": "DELETE SUBPROJECT", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 200 or 404\", function () {", - " pm.expect(pm.response.code).to.be.oneOf([200,404])", - "});", - "", - "// Unset all variables created for access policy tests on subproject", - "pm.environment.unset('dla-subproject-one')", - "pm.environment.unset('dla-subproject-two')", - "pm.environment.unset('dla-subproject-three')" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-three}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-three}}" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Dataset ACLs", - "item": [ - { - "name": "SUBPROJECT REGISTER WITH UNIFORM ACCESS POLICY", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.environment.set(\"adminGroupEmail\", jsonData[\"acls\"][\"admins\"][0])", - "pm.environment.set(\"viewerGroupEmail\", jsonData[\"acls\"][\"viewers\"][0])", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "// Request body has no access_policy, check if the default access_policy on the subproject metadata is set to uniform", - "const response = pm.response.json()", - "pm.expect(response.access_policy).to.eql('uniform')", - "", - "// Verify if the same uuid is used in the subproject acl admin group and viewer group", - "const adminGroup = String(response.acls.admins[0])", - "const viewerGroup = String(response.acls.viewers[0])", - "", - "pm.test(\"UUID substring in admin group and viewer group should be the same\", ()=>{", - " pm.expect(adminGroup.split(\".\")[4]).to.eql(viewerGroup.split('.')[4])", - "})" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const subproject = 'v' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-subproject-four\", subproject)\r", - "\r", - "\r", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag01}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\n\t\"admin\": \"{{adminEmail}}\",\n\t\"storage_class\": \"REGIONAL\",\n\t\"storage_location\": \"US-CENTRAL1\",\n \"access_policy\": \"uniform\"\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-four}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-four}}" - ] - } - }, - "response": [] - }, - { - "name": "DATASET REGISTER with ACLS", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 400. Since the subproject has uniform access policy, datasets cannot be registered with ACLS. So we patch the subproject access policy to dataset\", function () {", - " pm.response.to.have.status(400);", - "});", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const dataset = 'd' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-dataset-one\", dataset)\r", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"acls\": {\r\n \"admins\": [\"{{adminGroupEmail}}\"],\r\n \"viewers\": [\"{{viewerGroupEmail}}\"]\r\n }\r\n} \r\n \r\n" - }, - "url": { - "raw": "{{SVC_URL}}/dataset/tenant/{{tenant}}/subproject/{{dla-subproject-four}}/dataset/{{dla-dataset-one}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "dataset", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-four}}", - "dataset", - "{{dla-dataset-one}}" - ] - } - }, - "response": [] - }, - { - "name": "SUBPROJECT PATCH WITH ACCESS POLICY SET TO DATASET", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Verfiy the subproject access policy is updated to dataset\", function(){", - " pm.expect(jsonData[\"access_policy\"]).to.eql(\"dataset\")", - "})" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PATCH", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag02}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"access_policy\": \"dataset\"\r\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-four}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-four}}" - ] - } - }, - "response": [] - }, - { - "name": "REATTEMPT DATASET REGISTER WITH ACLS", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200. Now that the subproject access policy is dataset, dataset registration will succeed\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check content type\", function () {", - " pm.response.to.be.header(\"Content-Type\", \"application/json; charset=utf-8\");", - "});", - "", - "", - "pm.test(\"Dataset name\", function () {", - " pm.expect(jsonData.name).to.eql(pm.environment.get('dla-dataset-one'));", - "});", - "", - "pm.test(\"tenant\", function () {", - " pm.expect(jsonData.tenant).to.eql(pm.environment.get(\"tenant\"));", - "});", - "", - "pm.test(\"subproject\", function () {", - " pm.expect(jsonData.subproject).to.eql(pm.environment.get(\"dla-subproject-four\"));", - "});", - "", - "pm.test(\"ltag\", function () {", - " pm.expect(jsonData.ltag).to.eql(pm.environment.get(\"legaltag02\"));", - "});", - "", - "pm.test(\"Dates are present\", function () {", - " pm.expect(jsonData.created_date).to.exist;", - " pm.expect(jsonData.last_modified_date).to.exist;", - "});", - "", - "pm.test(\"sbit_count\", function () {", - " pm.expect(jsonData.sbit_count).to.eql(1);", - "});", - "", - "pm.test(\"Verify dataset has acls\", function(){", - " const admins = jsonData[\"acls\"][\"admins\"]", - " const viewers = jsonData[\"acls\"][\"viewers\"]", - "", - " pm.expect(admins.length).to.eql(1)", - " pm.expect(viewers.length).to.eql(1)", - "", - " pm.expect(admins[0]).to.eql(pm.environment.get(\"adminGroupEmail\"))", - " pm.expect(viewers[0]).to.eql(pm.environment.get(\"viewerGroupEmail\"))", - "})", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"acls\": {\r\n \"admins\": [\"{{adminGroupEmail}}\"],\r\n \"viewers\": [\"{{viewerGroupEmail}}\"]\r\n }\r\n} \r\n \r\n" - }, - "url": { - "raw": "{{SVC_URL}}/dataset/tenant/{{tenant}}/subproject/{{dla-subproject-four}}/dataset/{{dla-dataset-one}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "dataset", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-four}}", - "dataset", - "{{dla-dataset-one}}" - ] - } - }, - "response": [] - }, - { - "name": "SUBPROJECT REGISTER WITH UNIFORM ACCESS POLICY", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.environment.set(\"adminGroupEmailTwo\", jsonData[\"acls\"][\"admins\"][0])", - "pm.environment.set(\"viewerGroupEmailTwo\", jsonData[\"acls\"][\"viewers\"][0])", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "// Request body has no access_policy, check if the default access_policy on the subproject metadata is set to uniform", - "const response = pm.response.json()", - "pm.expect(response.access_policy).to.eql('uniform')" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const subproject = 'sp' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-subproject-five\", subproject)\r", - "\r", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag01}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\n\t\"admin\": \"{{adminEmail}}\",\n\t\"storage_class\": \"REGIONAL\",\n\t\"storage_location\": \"US-CENTRAL1\",\n \"access_policy\": \"uniform\"\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-five}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-five}}" - ] - } - }, - "response": [] - }, - { - "name": "DATASET REGISTER", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 200.\", function () {", - " pm.response.to.have.status(200);", - "});", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "const dataset = 'dt' + Array.from(Array(20), () => Math.floor(Math.random() * 36).toString(36)).join('');\r", - "pm.environment.set(\"dla-dataset-two\", dataset)\r", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "" - }, - "url": { - "raw": "{{SVC_URL}}/dataset/tenant/{{tenant}}/subproject/{{dla-subproject-five}}/dataset/{{dla-dataset-two}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "dataset", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-five}}", - "dataset", - "{{dla-dataset-two}}" - ] - } - }, - "response": [] - }, - { - "name": "DATASET PATCH WITH ACLS", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code to be 400. Since hte subproject access policy is uniform, patching acls on a dataset is not allowed. So we need to update the subproject access policy to dataset fist and reattempt patching the dataset with acls\", function(){", - " pm.response.to.have.status(400);", - "})" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PATCH", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"acls\": {\n \"admins\": [\"{{adminGroupEmailTwo}}\"],\n \"viewers\": [\"{{viewerGroupEmailTwo}}\"]\n }\n}" - }, - "url": { - "raw": "{{SVC_URL}}/dataset/tenant/{{tenant}}/subproject/{{dla-subproject-five}}/dataset/{{dla-dataset-two}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "dataset", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-five}}", - "dataset", - "{{dla-dataset-two}}" - ] - } - }, - "response": [] - }, - { - "name": "SUBPROJECT PATCH WITH ACCESS POLICY SET TO DATASET Copy", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = pm.response.json();", - "", - "pm.test(\"Status code is 200\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Verfiy the subproject access policy is updated to dataset\", function(){", - " pm.expect(jsonData[\"access_policy\"]).to.eql(\"dataset\")", - "})" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PATCH", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "ltag", - "value": "{{legaltag02}}" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"access_policy\": \"dataset\"\r\n}" - }, - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-five}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-five}}" - ] - } - }, - "response": [] - }, - { - "name": "REATTEMPT DATASET PATCH WITH ACLS", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code to be 200\", function(){", - " pm.response.to.have.status(200);", - "})" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PATCH", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"acls\": {\n \"admins\": [\"{{adminGroupEmailTwo}}\"],\n \"viewers\": [\"{{viewerGroupEmailTwo}}\"]\n }\n}" - }, - "url": { - "raw": "{{SVC_URL}}/dataset/tenant/{{tenant}}/subproject/{{dla-subproject-five}}/dataset/{{dla-dataset-two}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "dataset", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-five}}", - "dataset", - "{{dla-dataset-two}}" - ] - } - }, - "response": [] - }, - { - "name": "DELETE SUBPROJECT", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 200 or 404\", function () {", - " pm.expect(pm.response.code).to.be.oneOf([200,404])", - "});", - "", - "// Unset all variables created for access policy tests on subproject", - "pm.environment.unset('dla-subproject-four')", - "pm.environment.unset('adminGroupEmail')", - "pm.environment.unset('viewerGroupEmail')", - "pm.environment.unset('dla-dataset-one')", - "pm.environment.unset('dla-subproject')" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-four}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-four}}" - ] - } - }, - "response": [] - }, - { - "name": "DELETE SUBPROJECT TWO", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Status code is 200 or 404\", function () {", - " pm.expect(pm.response.code).to.be.oneOf([200,404])", - "});", - "", - "pm.environment.unset('dla-subproject-five')", - "pm.environment.unset('adminGroupEmailTwo')", - "pm.environment.unset('viewerGroupEmailTwo')", - "pm.environment.unset('dla-dataset-two')" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{STOKEN}}" - }, - { - "key": "x-api-key", - "value": "{{SVC_API_KEY}}" - }, - { - "key": "Content-Type", - "value": "application/json" - }, - { - "key": "appkey", - "value": "{{DE_APP_KEY}}", - "type": "text" - } - ], - "url": { - "raw": "{{SVC_URL}}/subproject/tenant/{{tenant}}/subproject/{{dla-subproject-five}}", - "host": [ - "{{SVC_URL}}" - ], - "path": [ - "subproject", - "tenant", - "{{tenant}}", - "subproject", - "{{dla-subproject-five}}" - ] - } - }, - "response": [] - } - ] - } - ] - }, { "name": "cleanup", "item": [ -- GitLab From dd600f055347462b3d3a623492d2b6b82e984496 Mon Sep 17 00:00:00 2001 From: Varunkumar Manohar Date: Wed, 23 Jun 2021 15:42:18 +0000 Subject: [PATCH 3/3] Update src/services/subproject/handler.ts --- src/services/subproject/handler.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/subproject/handler.ts b/src/services/subproject/handler.ts index 22bad4c4..5f42fd24 100644 --- a/src/services/subproject/handler.ts +++ b/src/services/subproject/handler.ts @@ -218,7 +218,7 @@ export class SubProjectHandler { // get the subproject metadata const subproject = await SubProjectDAO.get(journalClient, tenant.name, req.params.subprojectid); - //Allow tenant admins are allowed to delete the subproject + //Only tenant admins are allowed to delete the subproject if (FeatureFlags.isEnabled(Feature.AUTHORIZATION)) { await Auth.isUserAuthorized( req.headers.authorization, [AuthGroups.datalakeUserAdminGroupEmail(tenant.esd)], -- GitLab