[uss_qualifier] expand the authentication validation scenario to include constraint reference endpoints #690
+869
−14
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,6 +24,9 @@ | |
| from monitoring.uss_qualifier.scenarios.astm.utm.dss.authentication.availability_api_validator import ( | ||
| AvailabilityAuthValidator, | ||
| ) | ||
| from monitoring.uss_qualifier.scenarios.astm.utm.dss.authentication.cr_api_validator import ( | ||
| ConstraintRefAuthValidator, | ||
| ) | ||
| from monitoring.uss_qualifier.scenarios.astm.utm.dss.authentication.generic import ( | ||
| GenericAuthValidator, | ||
| ) | ||
|
|
@@ -59,6 +62,7 @@ class AuthenticationValidation(TestScenario): | |
|
|
||
| _scd_dss: Optional[DSSInstance] = None | ||
| _availability_dss: Optional[DSSInstance] = None | ||
| _constraints_dss: Optional[DSSInstance] = None | ||
|
|
||
| def __init__( | ||
| self, | ||
|
|
@@ -119,6 +123,27 @@ def __init__( | |
| availability_scopes = None | ||
| self._wrong_scope_for_availability = None | ||
|
|
||
| if dss.can_use_scope(Scope.ConstraintManagement): | ||
| constraints_scopes = { | ||
| Scope.ConstraintManagement: "Create, update, and delete constraints", | ||
| } | ||
|
|
||
| self._wrong_scope_for_constraints = dss.get_authorized_scope_not_in( | ||
| [ | ||
| Scope.ConstraintManagement, # Allowed to get and update | ||
| Scope.ConstraintProcessing, # Allowed to get | ||
| "", # Already Used for empty scope testing | ||
| ] | ||
| ) | ||
|
|
||
| if self._wrong_scope_for_constraints is not None: | ||
| constraints_scopes[ | ||
| self._wrong_scope_for_constraints | ||
| ] = "Attempt to query constraints with wrong scope" | ||
| else: | ||
| constraints_scopes = None | ||
| self._wrong_scope_for_constraints = None | ||
|
|
||
| self._test_missing_scope = False | ||
| if dss.can_use_scope(""): | ||
| # Add empty scope to every map when they are non-empty: | ||
|
|
@@ -131,6 +156,10 @@ def __init__( | |
| availability_scopes[ | ||
| "" | ||
| ] = "Attempt to query availability with missing scope" | ||
| if constraints_scopes: | ||
| constraints_scopes[ | ||
| "" | ||
| ] = "Attempt to query constraints with missing scope" | ||
| self._test_missing_scope = True | ||
|
|
||
| # Note: .get_instance should be called once we know every scope we will need, | ||
|
|
@@ -139,6 +168,8 @@ def __init__( | |
| # and skip .get_instance altogether (otherwise the scenario would not be run) | ||
| if scd_scopes: | ||
| self._scd_dss = dss.get_instance(scd_scopes) | ||
| if constraints_scopes: | ||
| self._constraints_dss = dss.get_instance(constraints_scopes) | ||
| if availability_scopes: | ||
| self._availability_dss = dss.get_instance(availability_scopes) | ||
|
|
||
|
|
@@ -162,7 +193,11 @@ def __init__( | |
| self._scd_dss.base_url, auth_adapter=InvalidTokenSignatureAuth() | ||
| ) | ||
|
|
||
| if ( | ||
| not self._scd_dss | ||
| and not self._constraints_dss | ||
| and not self._availability_dss | ||
| ): | ||
| raise MissingResourceError( | ||
| f"AuthAdapterResource provided to {fullname(type(self))} has none of the required scopes for this scenario.", | ||
| "<unknown>", | ||
|
|
@@ -269,6 +304,37 @@ def run(self, context: ExecutionContext): | |
| else: | ||
| self.record_note("availability", "Skipping Availability endpoints") | ||
|
|
||
| if self._constraints_dss: | ||
| self.record_note("constraints", "Testing Constraint Reference endpoints") | ||
| self.begin_test_step("Constraint reference endpoints authentication") | ||
| if self._wrong_scope_for_constraints: | ||
| self.record_note( | ||
| "constraints_wrong_scope", | ||
| f"Incorrect scope testing enabled with scope {self._wrong_scope_for_constraints}.", | ||
| ) | ||
| else: | ||
| self.record_note( | ||
| "constraints_wrong_scope", "Incorrect scope testing disabled." | ||
| ) | ||
| cr_validator = ConstraintRefAuthValidator( | ||
| scenario=self, | ||
| generic_validator=GenericAuthValidator( | ||
| self, self._constraints_dss, Scope.ConstraintManagement | ||
| ), | ||
| dss=self._constraints_dss, | ||
| test_id=self._test_id, | ||
| planning_area=self._planning_area, | ||
| planning_area_volume4d=self._planning_area_volume4d, | ||
| no_auth_session=self._no_auth_session, | ||
| invalid_token_session=self._invalid_token_session, | ||
| test_wrong_scope=self._wrong_scope_for_constraints, | ||
| test_missing_scope=self._test_missing_scope, | ||
| ) | ||
| cr_validator.verify_cr_endpoints_authentication() | ||
| self.end_test_step() | ||
| else: | ||
| self.record_note("constraints", "Skipping Constraint Reference endpoints") | ||
|
|
||
| self.end_test_case() | ||
| self.end_test_scenario() | ||
|
|
||
|
|
||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably not the highest priority for adjustment, but It seems like the "steps" in this scenario should actually be "cases". A step is supposed to be a single logical action (do one thing), reflecting what a manual checkout test card would look like ("(step 1) Ok, now we're going to X -- did things Q and P happen? (step 2) Now we're going Y -- did things R and S happen?"). I would imagine a good test case would be "test authentication of all the constraint management endpoints", and then each testing of each constraint management endpoint would be a test step (or, testing of each constraint management endpoint in a particular way would be a test step).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense. it might be possible to easily do this as part of this PR, as I need to handle the optional
utm.constraint_processingscopes, but I'm not entirely sure yet.(Replacing the current steps with a test case having a single step would be easy in any case: I might keep splitting each test case into proper steps for later)
I created #742 to keep track of it in any case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given the current priorities I'll leave the splitting into separate test cases for later.