X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a0d5cb5096652c99f746bb9207bbf0f4220cb79d..27ab60e21b3cf9c908716ae74e63aba8e4cb6349:/tools/sync-groups/sync-groups_test.go diff --git a/tools/sync-groups/sync-groups_test.go b/tools/sync-groups/sync-groups_test.go index 77d9756ffc..ec2f18a307 100644 --- a/tools/sync-groups/sync-groups_test.go +++ b/tools/sync-groups/sync-groups_test.go @@ -26,14 +26,6 @@ type TestSuite struct { users map[string]arvados.User } -func (s *TestSuite) SetUpSuite(c *C) { - arvadostest.StartAPI() -} - -func (s *TestSuite) TearDownSuite(c *C) { - arvadostest.StopAPI() -} - func (s *TestSuite) SetUpTest(c *C) { ac := arvados.NewClientFromEnv() u, err := ac.CurrentUser() @@ -106,7 +98,7 @@ func MakeTempCSVFile(data [][]string) (f *os.File, err error) { } // GroupMembershipExists checks that both needed links exist between user and group -func GroupMembershipExists(ac *arvados.Client, userUUID string, groupUUID string) bool { +func GroupMembershipExists(ac *arvados.Client, userUUID string, groupUUID string, perm string) bool { ll := LinkList{} // Check Group -> User can_read permission params := arvados.ResourceListParams{ @@ -145,7 +137,7 @@ func GroupMembershipExists(ac *arvados.Client, userUUID string, groupUUID string }, { Attr: "name", Operator: "=", - Operand: "can_write", + Operand: perm, }, { Attr: "tail_uuid", Operator: "=", @@ -170,7 +162,7 @@ func RemoteGroupExists(cfg *ConfigParams, groupName string) (uuid string, err er }, { Attr: "owner_uuid", Operator: "=", - Operand: cfg.ParentGroupUUID, + Operand: cfg.SysUserUUID, }, { Attr: "group_class", Operator: "=", @@ -259,7 +251,7 @@ func (s *TestSuite) TestIgnoreSpaces(c *C) { groupUUID, err := RemoteGroupExists(s.cfg, groupName) c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID, "can_write"), Equals, true) } } @@ -279,6 +271,83 @@ func (s *TestSuite) TestWrongNumberOfFields(c *C) { } } +// Check different membership permissions +func (s *TestSuite) TestMembershipLevels(c *C) { + userEmail := s.users[arvadostest.ActiveUserUUID].Email + userUUID := s.users[arvadostest.ActiveUserUUID].UUID + data := [][]string{ + {"TestGroup1", userEmail, "can_read"}, + {"TestGroup2", userEmail, "can_write"}, + {"TestGroup3", userEmail, "can_manage"}, + {"TestGroup4", userEmail, "invalid_permission"}, + } + tmpfile, err := MakeTempCSVFile(data) + c.Assert(err, IsNil) + defer os.Remove(tmpfile.Name()) // clean up + s.cfg.Path = tmpfile.Name() + err = doMain(s.cfg) + c.Assert(err, IsNil) + for _, record := range data { + groupName := record[0] + permLevel := record[2] + if permLevel != "invalid_permission" { + groupUUID, err := RemoteGroupExists(s.cfg, groupName) + c.Assert(err, IsNil) + c.Assert(groupUUID, Not(Equals), "") + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, permLevel), Equals, true) + } else { + groupUUID, err := RemoteGroupExists(s.cfg, groupName) + c.Assert(err, IsNil) + c.Assert(groupUUID, Equals, "") + } + } +} + +// Check membership level change +func (s *TestSuite) TestMembershipLevelUpdate(c *C) { + userEmail := s.users[arvadostest.ActiveUserUUID].Email + userUUID := s.users[arvadostest.ActiveUserUUID].UUID + groupName := "TestGroup1" + // Give read permissions + tmpfile, err := MakeTempCSVFile([][]string{{groupName, userEmail, "can_read"}}) + c.Assert(err, IsNil) + defer os.Remove(tmpfile.Name()) // clean up + s.cfg.Path = tmpfile.Name() + err = doMain(s.cfg) + c.Assert(err, IsNil) + // Check permissions + groupUUID, err := RemoteGroupExists(s.cfg, groupName) + c.Assert(err, IsNil) + c.Assert(groupUUID, Not(Equals), "") + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_read"), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_write"), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_manage"), Equals, false) + + // Give write permissions + tmpfile, err = MakeTempCSVFile([][]string{{groupName, userEmail, "can_write"}}) + c.Assert(err, IsNil) + defer os.Remove(tmpfile.Name()) // clean up + s.cfg.Path = tmpfile.Name() + err = doMain(s.cfg) + c.Assert(err, IsNil) + // Check permissions + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_read"), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_write"), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_manage"), Equals, false) + + // Give manage permissions + tmpfile, err = MakeTempCSVFile([][]string{{groupName, userEmail, "can_manage"}}) + c.Assert(err, IsNil) + defer os.Remove(tmpfile.Name()) // clean up + s.cfg.Path = tmpfile.Name() + err = doMain(s.cfg) + c.Assert(err, IsNil) + // Check permissions + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_read"), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_write"), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, userUUID, groupUUID, "can_manage"), Equals, true) +} + // The absence of a user membership on the CSV file implies its removal func (s *TestSuite) TestMembershipRemoval(c *C) { localUserEmail := s.users[arvadostest.ActiveUserUUID].Email @@ -302,8 +371,8 @@ func (s *TestSuite) TestMembershipRemoval(c *C) { groupUUID, err := RemoteGroupExists(s.cfg, groupName) c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID), Equals, true) - c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID, "can_write"), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID, "can_write"), Equals, true) } // New CSV with some previous membership missing data = [][]string{ @@ -320,14 +389,14 @@ func (s *TestSuite) TestMembershipRemoval(c *C) { groupUUID, err := RemoteGroupExists(s.cfg, "TestGroup1") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID), Equals, true) - c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID, "can_write"), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID, "can_write"), Equals, false) // Confirm TestGroup1 memberships groupUUID, err = RemoteGroupExists(s.cfg, "TestGroup2") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID), Equals, false) - c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID, "can_write"), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID, "can_write"), Equals, true) } // If a group doesn't exist on the system, create it before adding users @@ -352,7 +421,7 @@ func (s *TestSuite) TestAutoCreateGroupWhenNotExisting(c *C) { c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") // active user should be a member - c.Assert(GroupMembershipExists(s.cfg.Client, arvadostest.ActiveUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, arvadostest.ActiveUserUUID, groupUUID, "can_write"), Equals, true) } // Users listed on the file that don't exist on the system are ignored @@ -378,7 +447,7 @@ func (s *TestSuite) TestIgnoreNonexistantUsers(c *C) { groupUUID, err = RemoteGroupExists(s.cfg, "TestGroup4") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID, "can_write"), Equals, true) } // Users listed on the file that don't exist on the system are ignored @@ -386,13 +455,16 @@ func (s *TestSuite) TestIgnoreEmptyFields(c *C) { activeUserEmail := s.users[arvadostest.ActiveUserUUID].Email activeUserUUID := s.users[arvadostest.ActiveUserUUID].UUID // Confirm that group doesn't exist - groupUUID, err := RemoteGroupExists(s.cfg, "TestGroup4") - c.Assert(err, IsNil) - c.Assert(groupUUID, Equals, "") + for _, groupName := range []string{"TestGroup4", "TestGroup5"} { + groupUUID, err := RemoteGroupExists(s.cfg, groupName) + c.Assert(err, IsNil) + c.Assert(groupUUID, Equals, "") + } // Create file & run command data := [][]string{ - {"", activeUserEmail}, // Empty field - {"TestGroup5", ""}, // Empty field + {"", activeUserEmail}, // Empty field + {"TestGroup5", ""}, // Empty field + {"TestGroup5", activeUserEmail, ""}, // Empty 3rd field: is optional but cannot be empty {"TestGroup4", activeUserEmail}, } tmpfile, err := MakeTempCSVFile(data) @@ -401,11 +473,15 @@ func (s *TestSuite) TestIgnoreEmptyFields(c *C) { s.cfg.Path = tmpfile.Name() err = doMain(s.cfg) c.Assert(err, IsNil) - // Confirm that memberships exist + // Confirm that records about TestGroup5 were skipped + groupUUID, err := RemoteGroupExists(s.cfg, "TestGroup5") + c.Assert(err, IsNil) + c.Assert(groupUUID, Equals, "") + // Confirm that membership exists groupUUID, err = RemoteGroupExists(s.cfg, "TestGroup4") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID, "can_write"), Equals, true) } // Instead of emails, use username as identifier @@ -432,5 +508,5 @@ func (s *TestSuite) TestUseUsernames(c *C) { groupUUID, err = RemoteGroupExists(s.cfg, "TestGroup1") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID, "can_write"), Equals, true) }