fix tests

DIRACGrid · May 17, 2024 · 8bbbb16 · 8bbbb16
1 parent 219d8ff
commit 8bbbb16
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 18 deletions.
diff --git a/diracx-routers/src/diracx/routers/utils/users.py b/diracx-routers/src/diracx/routers/utils/users.py
@@ -26,7 +26,7 @@ class AuthInfo(BaseModel):
     # list of DIRAC properties
     properties: list[SecurityProperty]
 
-    policies: dict[str, Any]
+    policies: dict[str, Any] = {}
 
 
 class AuthorizedUserInfo(AuthInfo, UserInfo):

diff --git a/diracx-routers/tests/auth/test_legacy_exchange.py b/diracx-routers/tests/auth/test_legacy_exchange.py
@@ -9,7 +9,7 @@
 
 DIRAC_CLIENT_ID = "myDIRACClientID"
 pytestmark = pytest.mark.enabled_dependencies(
-    ["AuthDB", "AuthSettings", "ConfigSource"]
+    ["AuthDB", "AuthSettings", "ConfigSource", "BaseAccessPolicy"]
 )
 
 

diff --git a/diracx-routers/tests/jobs/test_wms_access_policy.py b/diracx-routers/tests/jobs/test_wms_access_policy.py
@@ -26,20 +26,29 @@ def job_db():
     yield FakeDB()
 
 
+POLICY_NAME = "WMSAccessPolicy_AlthoughItDoesNotMatter"
+
+
 async def test_wms_access_policy_weird_user(job_db):
     """USer without NORMAL_USER or JOB_ADMINISTRATION can't do anything"""
     weird_user = AuthorizedUserInfo(properties=[], **base_payload)
     with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
         await WMSAccessPolicy.policy(
-            weird_user, action=ActionType.CREATE, job_db=job_db
+            POLICY_NAME, weird_user, action=ActionType.CREATE, job_db=job_db
         )
 
     with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
-        await WMSAccessPolicy.policy(weird_user, action=ActionType.QUERY, job_db=job_db)
+        await WMSAccessPolicy.policy(
+            POLICY_NAME, weird_user, action=ActionType.QUERY, job_db=job_db
+        )
 
     with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
         await WMSAccessPolicy.policy(
-            weird_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            weird_user,
+            action=ActionType.READ,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
 
 
@@ -51,21 +60,31 @@ async def test_wms_access_policy_create(job_db):
     # You can't create and give job_ids at the same time
     with pytest.raises(NotImplementedError):
         await WMSAccessPolicy.policy(
-            normal_user, action=ActionType.CREATE, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            normal_user,
+            action=ActionType.CREATE,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
     with pytest.raises(NotImplementedError):
         await WMSAccessPolicy.policy(
-            admin_user, action=ActionType.CREATE, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            admin_user,
+            action=ActionType.CREATE,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
 
     # An admin cannot create any resource
     with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
         await WMSAccessPolicy.policy(
-            admin_user, action=ActionType.CREATE, job_db=job_db
+            POLICY_NAME, admin_user, action=ActionType.CREATE, job_db=job_db
         )
 
     # A normal user should be able to create jobs
-    await WMSAccessPolicy.policy(normal_user, action=ActionType.CREATE, job_db=job_db)
+    await WMSAccessPolicy.policy(
+        POLICY_NAME, normal_user, action=ActionType.CREATE, job_db=job_db
+    )
 
     ##############
 
@@ -77,15 +96,25 @@ async def test_wms_access_policy_query(job_db):
     # You can't create and give job_ids at the same time
     with pytest.raises(NotImplementedError):
         await WMSAccessPolicy.policy(
-            normal_user, action=ActionType.QUERY, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            normal_user,
+            action=ActionType.QUERY,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
 
     # this does not trigger because the admin can do anything
     await WMSAccessPolicy.policy(
-        admin_user, action=ActionType.QUERY, job_db=job_db, job_ids=[1, 2, 3]
+        POLICY_NAME,
+        admin_user,
+        action=ActionType.QUERY,
+        job_db=job_db,
+        job_ids=[1, 2, 3],
     )
 
-    await WMSAccessPolicy.policy(normal_user, action=ActionType.QUERY, job_db=job_db)
+    await WMSAccessPolicy.policy(
+        POLICY_NAME, normal_user, action=ActionType.QUERY, job_db=job_db
+    )
 
 
 async def test_wms_access_policy_read_modify(job_db, monkeypatch):
@@ -95,12 +124,17 @@ async def test_wms_access_policy_read_modify(job_db, monkeypatch):
     for tested_policy in (ActionType.READ, ActionType.MANAGE):
         # The admin can do anything
         await WMSAccessPolicy.policy(
-            admin_user, action=tested_policy, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            admin_user,
+            action=tested_policy,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
 
         # We must give job ids
         with pytest.raises(NotImplementedError):
             await WMSAccessPolicy.policy(
+                POLICY_NAME,
                 normal_user,
                 action=tested_policy,
                 job_db=job_db,
@@ -113,12 +147,20 @@ async def summary_matching(*args):
         monkeypatch.setattr(job_db, "summary", summary_matching)
 
         await WMSAccessPolicy.policy(
-            normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            normal_user,
+            action=ActionType.READ,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
 
         # The admin can do anything
         await WMSAccessPolicy.policy(
-            admin_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3]
+            POLICY_NAME,
+            admin_user,
+            action=ActionType.READ,
+            job_db=job_db,
+            job_ids=[1, 2, 3],
         )
 
         # Jobs belong to somebody else
@@ -128,7 +170,11 @@ async def summary_other_owner(*args):
         monkeypatch.setattr(job_db, "summary", summary_other_owner)
         with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
             await WMSAccessPolicy.policy(
-                normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3]
+                POLICY_NAME,
+                normal_user,
+                action=ActionType.READ,
+                job_db=job_db,
+                job_ids=[1, 2, 3],
             )
 
         # Jobs belong to somebody else
@@ -138,7 +184,11 @@ async def summary_other_vo(*args):
         monkeypatch.setattr(job_db, "summary", summary_other_vo)
         with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
             await WMSAccessPolicy.policy(
-                normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3]
+                POLICY_NAME,
+                normal_user,
+                action=ActionType.READ,
+                job_db=job_db,
+                job_ids=[1, 2, 3],
             )
 
         # Wrong job count
@@ -148,5 +198,9 @@ async def summary_other_vo(*args):
         monkeypatch.setattr(job_db, "summary", summary_other_vo)
         with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"):
             await WMSAccessPolicy.policy(
-                normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3]
+                POLICY_NAME,
+                normal_user,
+                action=ActionType.READ,
+                job_db=job_db,
+                job_ids=[1, 2, 3],
             )