Merge branch 'integration_test_fix' into 'master'

integration test fix See merge request !439

Merge branch 'integration_test_fix' into 'master'
15b82101 · Shane Hutchins · 1a4263f8 · 38834dcb · 15b82101 · 15b82101
Commit 15b82101 authored 1 year ago by Shane Hutchins
--- a/app/Makefile
+++ b/app/Makefile
-+IMAGE_NAME=policy-service
+IMAGE_NAME=policy-service
 BASE_IMAGE_NAME=python:3.9-slim-buster
 CONTAINER_NAME=policy-service-source
 PYTHON=/opt/homebrew/bin/python3.9

--- a/app/tests/integration/test_integration_035_eval.py
+++ b/app/tests/integration/test_integration_035_eval.py
@@ -124,6 +124,7 @@ def eval_policy(token, data_partition, service_url, policy_name, expect=200, opa
    # randomly select a legal tag
    legal_tag = random.choice(get_legal_tags(token=token, data_partition=data_partition))
    print(f"Using Legal tag: {legal_tag}")
+    print(f"Using policy_id: {policy_id}")

    p = os.path.dirname(os.path.abspath(__file__))
    template_datadir = os.path.join(p, '..', 'templates')

--- a/app/tests/integration/test_integration_040_delete.py
+++ b/app/tests/integration/test_integration_040_delete.py
@@ -42,7 +42,7 @@ def test_delete_osdu_partition_policies_service_url(token, data_partition, bundl
    """
    Test delete /policies/osdu/partition/<data_partition>/<policy>
    """
-    delete_skip_list = ['dataauthz.rego', 'search.rego', 'search2.rego']
+    delete_skip_list = ['dataauthz.rego', 'search.rego', 'search1.rego', 'search2.rego']
    if regofile in delete_skip_list:
        pytest.skip(f"skipping delete of {regofile}")
    id = f"osdu/partition/{data_partition}/{regofile}"

--- a/app/tests/integration/test_integration_045_delete.py
+++ b/app/tests/integration/test_integration_045_delete.py
@@ -44,7 +44,7 @@ def test_confirm_deletion_of_osdu_partition_policies_expect_not_found_service_ur
    #pytest.skip("Skipping delete")
    num_tests = 0
    p = os.path.dirname(os.path.abspath(__file__))
-    delete_skip_list = ['dataauthz.rego', 'search.rego', 'search2.rego']
+    delete_skip_list = ['dataauthz.rego', 'search.rego', 'search1.rego', 'search2.rego']
    template_datadir = os.path.join(p, '..', 'templates')
    for filename in sorted(os.listdir(template_datadir)):
        filetype='.rego'

--- a/app/tests/templates/search.rego
+++ b/app/tests/templates/search.rego
 # METADATA
-# title: Search
+# title: search
 # description: |
-#  New M18 Functionality
-#  Have search service use the preprocessor functionality when calling translate
-#  This requires policy search_preprocessor to be loaded.
+#  Default search policy
 # related_resources:
 # - ref: https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/blob/master/app/tests/templates/search.rego
-
 package osdu.partition["${data_partition}"].search

-import data.osdu.partition["${data_partition}"].search_preprocessor
-
-default allow := false
-default deny := false
-
-preprocess_config := {
-  "input_from_preprocessor": {
-    "allow_groups": search_preprocessor.allow_groups,
-    "deny_groups": search_preprocessor.deny_groups
-  },
-  "has_allow_rule": true,
-  "has_deny_rule": true
-}
+default allow = false

-allow {
-  input.operation == "view"
-  input.record.acl.owners[_] == input.allow_groups[_]
+allow = true {
+    input.operation == "view"
+    # At least one user group needs to be in acl viewers
+    input.record.acl.viewers[_]==input.groups[_]
 }

-deny {
-  input.operation == "view"
-  input.record.acl.owners[_] == input.deny_groups[_]
+allow = true {
+    input.operation == ["view", "create", "update", "delete", "purge"][_]
+    # At least one user group needs to be in acl owners
+    input.record.acl.owners[_]==input.groups[_]
 }
--- a/app/tests/templates/search1.rego
+++ b/app/tests/templates/search1.rego
+# METADATA
+# title: Search
+# description: |
+#  New M18 Functionality
+#  Have search service use the preprocessor functionality when calling translate
+#  This requires policy search_preprocessor to be loaded.
+# related_resources:
+# - ref: https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/blob/master/app/tests/templates/search1.rego
+
+package osdu.partition["${data_partition}"].search1
+
+import data.osdu.partition["${data_partition}"].search_preprocessor
+
+default allow := false
+default deny := false
+
+preprocess_config := {
+  "input_from_preprocessor": {
+    "allow_groups": search_preprocessor.allow_groups,
+    "deny_groups": search_preprocessor.deny_groups
+  },
+  "has_allow_rule": true,
+  "has_deny_rule": true
+}
+
+allow {
+  input.operation == "view"
+  input.record.acl.owners[_] == input.allow_groups[_]
+}
+
+deny {
+  input.operation == "view"
+  input.record.acl.owners[_] == input.deny_groups[_]
+}