Fix data root user test

provider/storage-gc/docs/gc/README.md

@@ -171,9 +171,9 @@ You will need to have the following environment variables defined.
 
 **Entitlements configuration for integration accounts**
 
-| INTEGRATION_TESTER                                                                                                                                                                                                                            | NO_DATA_ACCESS_TESTER                                         | DATA_ROOT_TESTER                                                                        |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|-----------------------------------------------------------------------------------------|
-| users<br/>service.entitlements.user<br/>service.entitlements.admin<br/>service.storage.admin<br/>service.storage.creator<br/>service.storage.viewer<br/>service.legal.admin<br/>service.legal.editor<br/>data.test1<br/>data.integration.test | users<br/>service.entitlements.user<br/>service.storage.admin | users<br/>users.data.root<br/>service.entitlements.user<br/>service.storage.viewer<br/> |
+| INTEGRATION_TESTER                                                                                                                                                                                                                            | NO_DATA_ACCESS_TESTER                                         | DATA_ROOT_TESTER                                                                                           |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|
+| users<br/>service.entitlements.user<br/>service.entitlements.admin<br/>service.storage.admin<br/>service.storage.creator<br/>service.storage.viewer<br/>service.legal.admin<br/>service.legal.editor<br/>data.test1<br/>data.integration.test | users<br/>service.entitlements.user<br/>service.storage.admin | users<br/>users.data.root<br/>service.entitlements.user<br/>service.storage.admin<br/>service.legal.viewer |
 
 Execute following command to build code and run all the integration tests:
 

storage-acceptance-test/docs/README.md

@@ -49,8 +49,8 @@ Feature testing is controlled with the following environment variables:
 | service.entitlements.user  | service.entitlements.user | users.data.root           |
 | service.entitlements.admin | service.storage.admin     | service.entitlements.user |
 | service.storage.admin      |                           | service.storage.viewer    |
-| service.storage.creator    |                           |                           |
-| service.storage.viewer     |                           |                           |
+| service.storage.creator    |                           | service.storage.admin     |
+| service.storage.viewer     |                           | service.legal.viewer      |
 | service.legal.admin        |                           |                           |
 | service.legal.editor       |                           |                           |
 | data.test1                 |                           |                           |

storage-acceptance-test/src/test/java/org/opengroup/osdu/storage/records/DataRootAccessTest.java

@@ -83,26 +83,10 @@ public final class DataRootAccessTest extends TestBase {
     LegalTagUtils.create(LEGAL_TAG, token);
     Map<String, String> headers = HeaderUtils.getHeaders(TenantUtils.getTenantName(), token);
     GROUP_EMAIL = createDataGroup(headers);
-    String createRecordBody = RecordUtil.createJsonRecordWithCustomAcl(RECORD_ID, KIND, LEGAL_TAG,
-        GROUP_EMAIL);
-    CloseableHttpResponse response = TestUtils.send(
-        "records",
-        "PUT",
-        headers,
-        createRecordBody,
-        ""
-    );
-    assertEquals(HttpStatus.SC_CREATED, response.getCode());
   }
 
   public static void classTearDown(String token) throws Exception {
     Map<String, String> headers = HeaderUtils.getHeaders(TenantUtils.getTenantName(), token);
-    TestUtils.send(
-        "records/" + RECORD_ID, "DELETE",
-        HeaderUtils.getHeaders(TenantUtils.getTenantName(), token),
-        "",
-        ""
-    );
     deleteDataGroup(headers, GROUP_EMAIL);
     LegalTagUtils.delete(LEGAL_TAG, token);
   }
@@ -115,10 +99,26 @@ public final class DataRootAccessTest extends TestBase {
     JsonObject body = new JsonObject();
     body.add("records", records);
 
+    String dataRootUserToken = testUtils.getDataRootUserToken();
+
     Map<String, String> headersWithUsersDataRootAccess = HeaderUtils.getHeaders(
         TenantUtils.getTenantName(),
-        testUtils.getDataRootUserToken());
+        dataRootUserToken);
+
+    // Data root user doesn't belong to a newly created group,
+    // but should be able to create the record with that group
+    String createRecordBody = RecordUtil.createJsonRecordWithCustomAcl(RECORD_ID, KIND, LEGAL_TAG,
+        GROUP_EMAIL);
+    CloseableHttpResponse response = TestUtils.send(
+        "records",
+        "PUT",
+        headersWithUsersDataRootAccess,
+        createRecordBody,
+        ""
+    );
+    assertEquals(HttpStatus.SC_CREATED, response.getCode());
 
+    // Read it
     CloseableHttpResponse queryResponse = TestUtils.send(
         "query/records",
         "POST",
@@ -133,6 +133,15 @@ public final class DataRootAccessTest extends TestBase {
     assertEquals(HttpStatus.SC_OK, queryResponse.getCode());
     assertEquals(1, responseObject.records.length);
     assertEquals(RECORD_ID, Stream.of(responseObject.records).findFirst().get().id);
+
+    // And then delete it
+    CloseableHttpResponse deleteResponse = TestUtils.send(
+        "records/" + RECORD_ID, "DELETE",
+        HeaderUtils.getHeaders(TenantUtils.getTenantName(), dataRootUserToken),
+        "",
+        ""
+    );
+    assertEquals(HttpStatus.SC_NO_CONTENT, deleteResponse.getCode());
   }
 
   protected static String createDataGroup(Map<String, String> headersWithValidAccessToken)

testing/storage-test-core/src/main/java/org/opengroup/osdu/storage/records/DataRootAccessTest.java

@@ -46,26 +46,10 @@ public abstract class DataRootAccessTest extends TestBase {
     LegalTagUtils.create(LEGAL_TAG, token);
     Map<String, String> headers = HeaderUtils.getHeaders(TenantUtils.getTenantName(), token);
     GROUP_EMAIL = createDataGroup(headers);
-    String createRecordBody = RecordUtil.createJsonRecordWithCustomAcl(RECORD_ID, KIND, LEGAL_TAG,
-        GROUP_EMAIL);
-    CloseableHttpResponse response = TestUtils.send(
-        "records",
-        "PUT",
-        headers,
-        createRecordBody,
-        ""
-    );
-    assertEquals(HttpStatus.SC_CREATED, response.getCode());
   }
 
   public static void classTearDown(String token) throws Exception {
     Map<String, String> headers = HeaderUtils.getHeaders(TenantUtils.getTenantName(), token);
-    TestUtils.send(
-        "records/" + RECORD_ID, "DELETE",
-        HeaderUtils.getHeaders(TenantUtils.getTenantName(), token),
-        "",
-        ""
-    );
     deleteDataGroup(headers, GROUP_EMAIL);
     LegalTagUtils.delete(LEGAL_TAG, token);
   }
@@ -78,10 +62,26 @@ public abstract class DataRootAccessTest extends TestBase {
     JsonObject body = new JsonObject();
     body.add("records", records);
 
+    String dataRootUserToken = testUtils.getDataRootUserToken();
+
     Map<String, String> headersWithUsersDataRootAccess = HeaderUtils.getHeaders(
         TenantUtils.getTenantName(),
-        testUtils.getDataRootUserToken());
+        dataRootUserToken);
+
+    // Data root user doesn't belong to a newly created group,
+    // but should be able to create the record with that group
+    String createRecordBody = RecordUtil.createJsonRecordWithCustomAcl(RECORD_ID, KIND, LEGAL_TAG,
+        GROUP_EMAIL);
+    CloseableHttpResponse response = TestUtils.send(
+        "records",
+        "PUT",
+        headersWithUsersDataRootAccess,
+        createRecordBody,
+        ""
+    );
+    assertEquals(HttpStatus.SC_CREATED, response.getCode());
 
+    // And read it
     CloseableHttpResponse queryResponse = TestUtils.send(
         "query/records",
         "POST",
@@ -96,6 +96,15 @@ public abstract class DataRootAccessTest extends TestBase {
     assertEquals(HttpStatus.SC_OK, queryResponse.getCode());
     assertEquals(1, responseObject.records.length);
     assertEquals(RECORD_ID, Stream.of(responseObject.records).findFirst().get().id);
+
+    // And then delete it
+    CloseableHttpResponse deleteResponse = TestUtils.send(
+        "records/" + RECORD_ID, "DELETE",
+        HeaderUtils.getHeaders(TenantUtils.getTenantName(), dataRootUserToken),
+        "",
+        ""
+    );
+    assertEquals(HttpStatus.SC_NO_CONTENT, deleteResponse.getCode());
   }
 
   protected static String createDataGroup(Map<String, String> headersWithValidAccessToken)