diff --git a/lib/galaxy/managers/cloudauthzs.py b/lib/galaxy/managers/cloudauthzs.py index c1d44bcb09b2..12113f1871f9 100644 --- a/lib/galaxy/managers/cloudauthzs.py +++ b/lib/galaxy/managers/cloudauthzs.py @@ -61,7 +61,7 @@ def add_serializers(self): 'user_id' : lambda i, k, **c: self.app.security.encode_id(i.user_id), 'provider' : lambda i, k, **c: str(i.provider), 'config' : lambda i, k, **c: i.config, - 'authn_id' : lambda i, k, **c: self.app.security.encode_id(i.authn_id), + 'authn_id' : lambda i, k, **c: self.app.security.encode_id(i.authn_id) if i.authn_id else None, 'last_update' : lambda i, k, **c: str(i.last_update), 'last_activity': lambda i, k, **c: str(i.last_activity), 'create_time' : lambda i, k, **c: str(i.create_time), diff --git a/lib/galaxy/model/__init__.py b/lib/galaxy/model/__init__.py index 99a99964e282..e211956bb0b6 100644 --- a/lib/galaxy/model/__init__.py +++ b/lib/galaxy/model/__init__.py @@ -5963,7 +5963,7 @@ def __init__(self, user, external_user_id, provider, access_token, id_token, ref self.refresh_expiration_time = refresh_expiration_time -class CloudAuthz(RepresentById): +class CloudAuthz(object): def __init__(self, user_id, provider, config, authn_id, description=""): self.id = None self.user_id = user_id @@ -5975,17 +5975,10 @@ def __init__(self, user_id, provider, config, authn_id, description=""): self.last_activity = datetime.now() self.description = description - def __eq__(self, other): - if not isinstance(other, CloudAuthz): - return False - return self.equals(other.user_id, other.provider, other.authn_id, other.config) - - def __ne__(self, other): - return not self.__eq__(other) - def equals(self, user_id, provider, authn_id, config): return (self.user_id == user_id and self.provider == provider + and self.authn_id and self.authn_id == authn_id and len({k: self.config[k] for k in self.config if k in config and self.config[k] == config[k]}) == len(self.config)) diff --git a/lib/galaxy/webapps/galaxy/api/cloudauthz.py b/lib/galaxy/webapps/galaxy/api/cloudauthz.py index 7b084ea128cd..f28c83115ddb 100644 --- a/lib/galaxy/webapps/galaxy/api/cloudauthz.py +++ b/lib/galaxy/webapps/galaxy/api/cloudauthz.py @@ -104,7 +104,7 @@ def create(self, trans, payload, **kwargs): missing_arguments.append('config') authn_id = payload.get('authn_id', None) - if authn_id is None: + if authn_id is None and provider.lower() not in ["azure", "gcp"]: missing_arguments.append('authn_id') if len(missing_arguments) > 0: @@ -118,16 +118,17 @@ def create(self, trans, payload, **kwargs): log.debug(msg_template.format("invalid config type `{}`, expect `dict`".format(type(config)))) raise RequestParameterInvalidException('Invalid type for the required `config` variable; expect `dict` ' 'but received `{}`.'.format(type(config))) - try: - authn_id = self.decode_id(authn_id) - except Exception: - log.debug(msg_template.format("cannot decode authn_id `" + str(authn_id) + "`")) - raise MalformedId('Invalid `authn_id`!') - - try: - trans.app.authnz_manager.can_user_assume_authn(trans, authn_id) - except Exception as e: - raise e + if authn_id: + try: + authn_id = self.decode_id(authn_id) + except Exception: + log.debug(msg_template.format("cannot decode authn_id `" + str(authn_id) + "`")) + raise MalformedId('Invalid `authn_id`!') + + try: + trans.app.authnz_manager.can_user_assume_authn(trans, authn_id) + except Exception as e: + raise e # No two authorization configuration with # exact same key/value should exist. @@ -147,7 +148,6 @@ def create(self, trans, payload, **kwargs): ) view = self.cloudauthz_serializer.serialize_to_view(new_cloudauthz, trans=trans, **self._parse_serialization_params(kwargs, 'summary')) log.debug('Created a new cloudauthz record for the user id `{}` '.format(str(trans.user.id))) - trans.response.status = '200' return view except Exception as e: log.exception(msg_template.format("exception while creating the new cloudauthz record")) diff --git a/test/integration/cloudauthz/__init__.py b/test/integration/cloudauthz/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/test/integration/cloudauthz/test_cloudauthz.py b/test/integration/cloudauthz/test_cloudauthz.py new file mode 100644 index 000000000000..49a23c383b3c --- /dev/null +++ b/test/integration/cloudauthz/test_cloudauthz.py @@ -0,0 +1,40 @@ +""" +You may run this test using the following command: +./run_tests.sh test/integration/cloudauthz/test_cloudauthz.py:DefineCloudAuthzTestCase.test_post_cloudauthz_without_authn -s +""" + +import json + +from galaxy_test.driver import integration_util + + +class DefineCloudAuthzTestCase(integration_util.IntegrationTestCase): + framework_tool_and_types = True + + def test_post_cloudauthz_without_authn(self): + """ + This test asserts if a cloudauthz object + can be successfully posted to the cloudauthz API + (i.e., api/cloud/authz). + """ + provider = "azure" + tenant_id = "abc" + client_id = "def" + client_secret = "ghi" + with self._different_user("vahid@test.com"): + + # The payload for the POST API. + payload = { + "provider": provider, + "config": json.dumps({ + "tenant_id": tenant_id, + "client_id": client_id, + "client_secret": client_secret + }) + } + + response = self._post(path="cloud/authz", data=payload) + response.raise_for_status() + cloudauthz = response.json() + + assert cloudauthz["provider"] == provider