From 0dfecfece9814f31cb9adf71559aeee4909d34bd Mon Sep 17 00:00:00 2001 From: Hara Prasad Juvvala Date: Wed, 30 Oct 2024 17:20:49 -0500 Subject: [PATCH 1/5] More documentation --- .pre-commit-config.yaml | 5 +++++ gen3-integration-tests/README.md | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b5f497fe..7a830c62 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,6 +9,11 @@ repos: rev: 24.10.0 hooks: - id: black +- repo: https://github.com/codespell-project/codespell + rev: v2.3.0 # Replace with the latest version + hooks: + - id: codespell + args: ['--quiet-level=2'] - repo: git@github.com:Yelp/detect-secrets rev: v1.5.0 hooks: diff --git a/gen3-integration-tests/README.md b/gen3-integration-tests/README.md index 6617875c..bd368622 100644 --- a/gen3-integration-tests/README.md +++ b/gen3-integration-tests/README.md @@ -47,6 +47,10 @@ The test users required to run the tests are listed [here](test_data/test_setup/ The API keys for these users must be saved to `~/.gen3` directory before running tests. Please find the instructions for each GEN3_INSTANCE_TYPE [here](docs/howto/generate_api_keys_for_test_users/) +### Set up test data +#### Guppy +We run guppy tests with fixed ES data to enable data validation consistently. Before running guppy tests we must ensure the indices are created with the required data. We can use one of the setup scripts located [here](test_data/test_setup/guppy_es) depending on the type of Gen3 instance being tested. + ## Run tests and reviewing results Read these [docs](docs/howto/run_tests/) for specific information on how to run tests for each GEN3_INSTANCE_TYPE. From 2d43fa74230874da88ff15eb9165a7681d3752bb Mon Sep 17 00:00:00 2001 From: Hara Prasad Juvvala Date: Wed, 30 Oct 2024 17:21:21 -0500 Subject: [PATCH 2/5] fix typo --- gen3-integration-tests/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gen3-integration-tests/README.md b/gen3-integration-tests/README.md index bd368622..422e3637 100644 --- a/gen3-integration-tests/README.md +++ b/gen3-integration-tests/README.md @@ -58,7 +58,7 @@ The report can be viewed by running `allure serve allure-results` `-n auto` comes from [python-xdist](https://pypi.org/project/pytest-xdist/). `auto` distributes tests across all available CPUs. We can set to to a smaller value to use only some of the cores. -Test classes / suties run in parallel using the `--dist loadscope`. We implemented custom scheduling for grouping tests across test suites which is explained [here](docs/reference/custom_scheduling.md) +Test classes / suites run in parallel using the `--dist loadscope`. We implemented custom scheduling for grouping tests across test suites which is explained [here](docs/reference/custom_scheduling.md) Markers and `-m` flag can be used to specify what tests should or should not run. For example, `-m wip` selects only tests with marker `wip` and `-m not wip` skips tests with marker `wip`. From c0d6c7a1850d9dc16cea52cb2dc6cdca6c7fb42f Mon Sep 17 00:00:00 2001 From: Hara Prasad Juvvala Date: Wed, 30 Oct 2024 17:56:00 -0500 Subject: [PATCH 3/5] add user.yaml --- .pre-commit-config.yaml | 5 - gen3-integration-tests/README.md | 3 + .../test_data/test_setup/user.yaml | 874 ++++++++++++++++++ 3 files changed, 877 insertions(+), 5 deletions(-) create mode 100644 gen3-integration-tests/test_data/test_setup/user.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7a830c62..b5f497fe 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,11 +9,6 @@ repos: rev: 24.10.0 hooks: - id: black -- repo: https://github.com/codespell-project/codespell - rev: v2.3.0 # Replace with the latest version - hooks: - - id: codespell - args: ['--quiet-level=2'] - repo: git@github.com:Yelp/detect-secrets rev: v1.5.0 hooks: diff --git a/gen3-integration-tests/README.md b/gen3-integration-tests/README.md index 422e3637..0649027d 100644 --- a/gen3-integration-tests/README.md +++ b/gen3-integration-tests/README.md @@ -47,6 +47,9 @@ The test users required to run the tests are listed [here](test_data/test_setup/ The API keys for these users must be saved to `~/.gen3` directory before running tests. Please find the instructions for each GEN3_INSTANCE_TYPE [here](docs/howto/generate_api_keys_for_test_users/) +### Set up test user permissions +User permissions required for the tests to pass are documented [here](test_data/test_setup/user.yaml). The tests attempt to run usersync before starting, so if usersync is correctly set up with this configuration there is nothing more to do. If that is not the case please make sure to run usersync or useryaml with this configuration before running the tests. + ### Set up test data #### Guppy We run guppy tests with fixed ES data to enable data validation consistently. Before running guppy tests we must ensure the indices are created with the required data. We can use one of the setup scripts located [here](test_data/test_setup/guppy_es) depending on the type of Gen3 instance being tested. diff --git a/gen3-integration-tests/test_data/test_setup/user.yaml b/gen3-integration-tests/test_data/test_setup/user.yaml new file mode 100644 index 00000000..23f5bebd --- /dev/null +++ b/gen3-integration-tests/test_data/test_setup/user.yaml @@ -0,0 +1,874 @@ +cloud_providers: {} +groups: {} +authz: + anonymous_policies: + - 'open_data_reader' + - 'all_dicom_studies_viewer' + + all_users_policies: + - 'requestor_creator' + + groups: + - name: 'data_uploaders' + policies: ['data_upload'] + users: + - 'user0@example.org' + - 'user1@example.org' + + - name: 'access_request_updaters' + policies: + - 'requestor_reader' + - 'requestor_updater' + - 'requestor_deleter' + users: + - 'main@example.org' + + user_project_to_resource: + QA: '/programs/QA' + DEV: '/programs/DEV' + test: '/programs/QA/projects/test' + jenkins: '/programs/jnkns/projects/jenkins' + jenkins2: '/programs/jnkns/projects/jenkins2' + jnkns: '/programs/jnkns' + + policies: + - id: 'workspace' + description: 'be able to use workspace' + resource_paths: ['/workspace'] + role_ids: ['workspace_user'] + - id: 'cedar_admin' + description: 'be able to use cedar wrapper service' + resource_paths: ['/cedar'] + role_ids: ['cedar_user'] + - id: 'requestor_creator' + description: 'be able to create requestor request' + role_ids: ['requestor_creator'] + resource_paths: ['/programs', '/requestor_client_credentials_test', '/study', '/mds_gateway', '/cedar'] + - id: 'requestor_reader' + role_ids: ['requestor_reader'] + resource_paths: ['/programs', '/requestor_client_credentials_test', '/study', '/mds_gateway', '/cedar'] + - id: 'requestor_updater' + role_ids: ['requestor_updater'] + resource_paths: ['/programs', '/requestor_client_credentials_test', '/study', '/mds_gateway', '/cedar'] + - id: 'requestor_deleter' + role_ids: ['requestor_deleter'] + resource_paths: ['/programs', '/requestor_client_credentials_test', '/study', '/mds_gateway', '/cedar'] + - id: 'data_upload' + description: 'upload raw data files to S3' + role_ids: ['file_uploader'] + resource_paths: ['/data_file'] + - id: 'sower' + description: 'be able to use sower job' + role_ids: ['sower_user'] + resource_paths: ['/sower'] + - id: 'mds_admin' + description: 'be able to use metadata service' + resource_paths: ['/mds_gateway'] + role_ids: ['mds_user'] + - id: 'audit_reader' + role_ids: + - 'audit_reader' + resource_paths: + - '/services/audit' + - id: 'study_registrant_admin' + resource_paths: + - '/programs' + - '/study' + role_ids: + - 'study_registrant' + - id: 'audit_login_reader' + role_ids: + - 'audit_reader' + resource_paths: + - '/services/audit/login' + - id: 'audit_presigned_url_reader' + role_ids: + - 'audit_reader' + resource_paths: + - '/services/audit/presigned_url' + - id: 'all_dicom_studies_viewer' + role_ids: + - 'dicom-viewer_reader' + - 'orthanc_reader' + - 'ohif-viewer_reader' + resource_paths: + - '/services/dicom-viewer' + - id: 'all_dicom_studies_admin' + role_ids: + - 'creator' + resource_paths: + - '/services/dicom-viewer' + - id: 'all_programs_reader' + role_ids: + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + resource_paths: + - '/programs' + + - id: 'programs.jnkns-admin' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + resource_paths: + - '/programs/jnkns' + - '/programs/jnkns/projects/jenkins' # FIXME: temporary, b/c of bug in arranger + - '/programs/jnkns/projects/jenkins2' # FIXME: temporary, b/c of bug in arranger + - '/gen3/programs/jnkns' + + - id: 'programs.QA-admin' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + resource_paths: + - '/programs/QA' + - '/programs/QA/projects/test' # FIXME: temporary, b/c of bug in arranger + - '/gen3/programs/QA' + + - id: 'programs.DEV-admin' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + resource_paths: + - '/programs/DEV' + - '/programs/DEV/projects/test' # FIXME: temporary, b/c of bug in arranger + - '/gen3/programs/DEV' + + - id: 'programs.test-admin' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + resource_paths: + - '/programs/test' + - '/programs/test/projects/test' # FIXME: temporary, b/c of bug in arranger + - '/gen3/programs/test' + + - id: 'abc-admin' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + resource_paths: + - '/abc' + + - id: 'gen3-admin' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + resource_paths: + - '/gen3' + + - id: 'gen3-hmb-researcher' + description: '' + role_ids: + - 'creator' + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + - 'updater' + - 'deleter' + - 'admin' + resource_paths: + - '/consents/HMB' + - '/consents/GRU' + - '/gen3' + + - id: 'abc.programs.test_program.projects.test_project1-viewer' + description: '' + role_ids: + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + resource_paths: + - '/abc/programs/test_program/projects/test_project1' + + - id: 'abc.programs.test_program.projects.test_project2-viewer' + description: '' + role_ids: + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + resource_paths: + - '/abc/programs/test_program/projects/test_project2' + + - id: 'abc.programs.test_program2.projects.test_project3-viewer' + description: '' + role_ids: + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + resource_paths: + - '/abc/programs/test_program2/projects/test_project3' + + - id: 'open_data_reader' + description: '' + role_ids: + - 'guppy_reader' + - 'fence_reader' + - 'peregrine_reader' + - 'sheepdog_reader' + resource_paths: + - '/open' + - '/programs/DEV/projects/DICOM_test' + + - id: 'services.sheepdog-admin' + description: 'CRUD access to programs and projects' + role_ids: + - 'sheepdog_admin' + resource_paths: + - '/services/sheepdog/submission/program' + - '/services/sheepdog/submission/project' + + # indexd + - id: 'indexd_admin' + # this only works if indexd.arborist is enabled in manifest! + description: 'full access to indexd API' + role_ids: + - 'indexd_admin' + resource_paths: + - '/programs' + - '/services/indexd/admin' + - id: 'indexd_creator' + role_ids: + - 'indexd_record_creator' + resource_paths: + - '/programs' + + - id: 'indexd-tester' + description: '' + role_ids: + - 'indexd_record_creator' + - 'indexd_record_reader' + - 'indexd_record_updater' + - 'indexd_delete_record' + - 'indexd_storage_reader' + - 'indexd_storage_writer' + resource_paths: ['/gen3/programs/QA', '/programs/QA'] + + - id: 'workflow_admin' + description: 'admin access to argo workflow API' + resource_paths: ['/services/workflow/argo/admin'] + role_ids: ['workflow_admin'] + + - id: 'argo' + description: 'be able to use argo' + resource_paths: ['/argo'] + role_ids: ['argo_user'] + + - id : 'requestor_client_credentials_test' + description: 'test policy for client credentials requestor requests' + role_ids: + - 'requestor_creator' + - 'requestor_updater' + - 'requestor_deleter' + resource_paths: + - '/requestor_client_credentials_test' + + # Requestor Integration test policies + - id: 'requestor_integration_test' + description: 'test policy for integration tests' + role_ids: + - 'workspace_user' + - 'requestor_creator' + - 'requestor_updater' + - 'requestor_deleter' + resource_paths: + - '/requestor_integration_test' + + + resources: + # General Access + - name: 'data_file' + description: 'data files, stored in S3' + - name: 'requestor_client_credentials_test' + description: 'test resource for client credentials requestor requests' + - name: 'cedar' + description: 'commons /cedar' + - name: 'kayako' + description: 'commons /kayako' + - name: 'ttyadmin' + - name: 'workspace' + - name: "sower" + - name: 'query_page' + - name: 'mds_gateway' + description: 'commons /mds-admin' + - name: 'requestor_integration_test' + description: 'policy used for requestor integration tests' + + # OLD Data + - name: 'programs' + subresources: + - name: 'open' + - name: 'QA' + subresources: + - name: 'projects' + subresources: + - name: 'test' + - name: 'DEV' + subresources: + - name: 'projects' + subresources: + - name: 'test' + - name: 'DICOM_test' # qa-midrc DICOM viewer testing + - name: 'jnkns' + subresources: + - name: 'projects' + subresources: + - name: 'jenkins' + - name: 'jenkins2' + - name: 'test' + subresources: + - name: 'projects' + subresources: + - name: 'test' + + # NEW Data WITH PREFIX + - name: 'gen3' + subresources: + - name: 'programs' + subresources: + - name: 'QA' + subresources: + - name: 'projects' + subresources: + - name: 'test' + - name: 'DEV' + subresources: + - name: 'projects' + subresources: + - name: 'test' + - name: 'jnkns' + subresources: + - name: 'projects' + subresources: + - name: 'jenkins' + - name: 'jenkins2' + - name: 'test' + subresources: + - name: 'projects' + subresources: + - name: 'test' + + - name: 'consents' + subresources: + - name: 'HMB' + description: 'health/medical/biomedical research' + - name: 'GRU' + description: 'general research use' + + - name: 'abc' + subresources: + - name: 'programs' + subresources: + - name: 'foo' + subresources: + - name: 'projects' + subresources: + - name: 'bar' + - name: 'test_program' + subresources: + - name: 'projects' + subresources: + - name: 'test_project1' + - name: 'test_project2' + - name: 'test_program2' + subresources: + - name: 'projects' + subresources: + - name: 'test_project3' + + - name: 'services' + subresources: + - name: 'sheepdog' + subresources: + - name: 'submission' + subresources: + - name: 'program' + - name: 'project' + - name: 'indexd' + subresources: + - name: 'admin' + - name: 'bundles' + - name: 'audit' + subresources: + - name: 'presigned_url' + - name: 'login' + - name: 'workflow' + subresources: + - name: 'argo' + subresources: + - name: 'admin' + - name: 'dicom-viewer' + subresources: + - name: 'studies' + + - name: 'argo' + - name: 'open' + # study registration + - name: 'study' + + - name: 'gwas_projects' + subresources: + - name: 'project1' + - name: 'project2' + + roles: + # General Access + - id: 'file_uploader' + description: 'can upload data files' + permissions: + - id: 'file_upload' + action: + service: '*' + method: 'file_upload' + - id: 'workspace_user' + permissions: + - id: 'workspace_access' + action: + service: 'jupyterhub' + method: 'access' + - id: 'requestor_reader' + permissions: + - id: 'requestor_reader_action' + action: + service: 'requestor' + method: 'read' + - id: 'requestor_updater' + permissions: + - id: 'requestor_updater_action' + action: + service: 'requestor' + method: 'update' + - id: 'requestor_deleter' + permissions: + - id: 'requestor_deleter_action' + action: + service: 'requestor' + method: 'delete' + - id: 'requestor_creator' + permissions: + - id: 'requestor_creator_action' + action: + service: 'requestor' + method: 'create' + - id: 'sower_user' + permissions: + - id: 'sower_access' + action: + service: 'job' + method: 'access' + - id: 'query_page_user' + permissions: + - id: 'query_page_access' + action: + service: 'query_page' + method: 'access' + - id: 'mds_user' + permissions: + - id: 'mds_access' + action: + service: 'mds_gateway' + method: 'access' + - id: 'cedar_user' + permissions: + - id: 'cedar_access' + action: + service: 'cedar' + method: 'access' + - id: 'study_registrant' + permissions: + - id: 'study_registration' + action: + service: 'study_registration' + method: 'access' + - id: 'storage_writer' + action: + service: '*' + method: 'write-storage' + - id: 'creator' + action: + service: '*' + method: 'create' + - id: 'workflow_admin' + permissions: + - id: 'argo_access' + action: + service: 'argo_workflow' + method: 'access' + - id: 'argo_user' + permissions: + - id: 'argo_access' + action: + service: 'argo' + method: 'access' + - id: 'audit_reader' + permissions: + - id: 'audit_reader_action' + action: + service: 'audit' + method: 'read' + # All services + - id: 'admin' + description: '' + permissions: + - id: 'admin' + action: + service: '*' + method: '*' + - id: 'creator' + description: '' + permissions: + - id: 'creator' + action: + service: '*' + method: 'create' + - id: 'updater' + description: '' + permissions: + - id: 'updater' + action: + service: '*' + method: 'update' + - id: 'deleter' + description: '' + permissions: + - id: 'deleter' + action: + service: '*' + method: 'delete' + # guppy + - id: 'guppy_reader' + description: '' + permissions: + - id: 'guppy_reader' + action: + method: 'read' + service: 'guppy' + - id: 'fence_reader' + description: '' + permissions: + - id: 'fence-reader' + action: + method: 'read' + service: 'fence' + - id: 'fence_storage_reader' + action: + method: 'read-storage' + service: 'fence' + - id: 'peregrine_reader' + description: '' + permissions: + - id: 'peregrine_reader' + action: + method: 'read' + service: 'peregrine' + - id: 'dicom-viewer_reader' + description: '' + permissions: + - id: 'dicom-viewer_reader' + action: + method: 'read' + service: 'dicom-viewer' + - id: 'orthanc_reader' + description: '' + permissions: + - id: 'orthanc_reader' + action: + method: 'read' + service: 'orthanc' + - id: 'ohif-viewer_reader' + description: '' + permissions: + - id: 'ohif-viewer_reader' + action: + method: 'read' + service: 'ohif-viewer' + + # Sheepdog + - id: 'sheepdog_admin' + description: 'sheepdog admin role for program project crud' + permissions: + - id: 'sheepdog_admin_action' + action: + service: 'sheepdog' + method: '*' + - id: 'sheepdog_reader' + description: '' + permissions: + - id: 'sheepdog_reader' + action: + method: 'read' + service: 'sheepdog' + + # indexd + - id: 'indexd_admin' + description: 'full access to indexd API' + permissions: + - id: 'indexd_admin' + action: + service: 'indexd' + method: '*' + - id: 'indexd_record_creator' + description: '' + permissions: + - id: 'indexd_record_creator' + action: + service: 'indexd' + method: 'create' + - id: 'indexd_record_reader' + description: '' + permissions: + - id: 'indexd_record_reader' + action: + service: 'indexd' + method: 'read' + - id: 'indexd_record_updater' + description: '' + permissions: + - id: 'indexd_record_updater' + action: + service: 'indexd' + method: 'update' + - id: 'indexd_delete_record' + description: '' + permissions: + - id: 'indexd_delete_record' + action: + service: 'indexd' + method: 'delete' + - id: 'indexd_storage_reader' + description: '' + permissions: + - id: 'indexd_storage_reader' + action: + service: 'indexd' + method: 'read-storage' + - id: 'indexd_storage_writer' + description: '' + permissions: + - id: 'indexd_storage_writer' + action: + service: 'indexd' + method: 'write-storage' + + # arborist + - id: 'arborist_creator' + description: '' + permissions: + - id: 'arborist_creator' + action: + service: 'arborist' + method: 'create' + - id: 'arborist_reader' + description: '' + permissions: + - id: 'arborist_reader' + action: + service: 'arborist' + method: 'read' + - id: 'arborist_updater' + description: '' + permissions: + - id: 'arborist_updater' + action: + service: 'arborist' + method: 'update' + - id: 'arborist_deleter' + description: '' + permissions: + - id: 'arborist_deleter' + action: + service: 'arborist' + method: 'delete' + +clients: + wts: + policies: + - 'all_programs_reader' + - 'open_data_reader' + - 'workspace' + basic-test-client: + policies: + - 'abc-admin' + - 'gen3-admin' + basic-test-abc-client: + policies: + - 'abc-admin' + jenkins-client-tester: + policies: + - 'requestor_creator' + - 'requestor_updater' + - 'requestor_reader' + - 'indexd_creator' + +users: + main@example.org: + admin: true + policies: + - 'data_upload' + - 'workspace' + - 'mds_admin' + - 'sower' + - 'services.sheepdog-admin' + - 'programs.QA-admin' + - 'programs.test-admin' + - 'programs.DEV-admin' + - 'programs.jnkns-admin' + - 'abc-admin' + - 'requestor_integration_test' + - 'workflow_admin' + - 'argo' + - 'all_dicom_studies_admin' + projects: + - auth_id: 'QA' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'test' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'DEV' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins2' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jnkns' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + indexing@example.org: + admin: true + policies: + - 'data_upload' + - 'workspace' + - 'sower' + - 'services.sheepdog-admin' + - 'programs.QA-admin' + - 'programs.test-admin' + - 'programs.DEV-admin' + - 'programs.jnkns-admin' + - 'abc-admin' + - 'indexd_admin' + projects: + - auth_id: 'QA' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage', 'write-storage'] + - auth_id: 'test' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'DEV' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage', 'write-storage'] + - auth_id: 'jenkins2' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jnkns' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + user0@example.org: + admin: false + policies: + - 'workspace' + - 'sower' + - 'requestor_creator' + - 'programs.QA-admin' + - 'gen3-admin' + - 'gen3-hmb-researcher' + projects: + - auth_id: 'QA' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + user1@example.org: + admin: false + policies: + - 'workspace' + - 'sower' + - 'programs.QA-admin' + - 'programs.test-admin' + - 'gen3-hmb-researcher' + projects: + - auth_id: 'QA' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'test' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + user2@example.org: + admin: false + policies: + - 'requestor_creator' + - 'cedar_admin' + - 'sower' + projects: [] + dummy-one@example.org: + admin: false + policies: + - 'workspace' + - 'audit_presigned_url_reader' + - 'programs.QA-admin' + - 'programs.test-admin' + - 'programs.jnkns-admin' + - 'abc.programs.test_program.projects.test_project1-viewer' + projects: + - auth_id: 'QA' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'test' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins2' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jnkns' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + smarty-two@example.org: + admin: false + policies: + - 'data_upload' + - 'workspace' + - 'audit_login_reader' + - 'programs.QA-admin' + - 'programs.test-admin' + - 'programs.DEV-admin' + - 'programs.jnkns-admin' + - 'abc.programs.test_program2.projects.test_project3-viewer' + projects: + - auth_id: 'QA' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'test' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jenkins2' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] + - auth_id: 'jnkns' + privilege: ['create', 'read', 'update', 'delete', 'upload', 'read-storage'] From f0d817c97e1543bbe3a42523ed083f86a3c3288b Mon Sep 17 00:00:00 2001 From: Hara Prasad Juvvala Date: Thu, 31 Oct 2024 07:15:19 -0500 Subject: [PATCH 4/5] fix typo --- gen3-integration-tests/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gen3-integration-tests/README.md b/gen3-integration-tests/README.md index 0649027d..8dfb259d 100644 --- a/gen3-integration-tests/README.md +++ b/gen3-integration-tests/README.md @@ -54,7 +54,7 @@ User permissions required for the tests to pass are documented [here](test_data/ #### Guppy We run guppy tests with fixed ES data to enable data validation consistently. Before running guppy tests we must ensure the indices are created with the required data. We can use one of the setup scripts located [here](test_data/test_setup/guppy_es) depending on the type of Gen3 instance being tested. -## Run tests and reviewing results +## Run tests and review results Read these [docs](docs/howto/run_tests/) for specific information on how to run tests for each GEN3_INSTANCE_TYPE. The report can be viewed by running `allure serve allure-results` From 5c3cebe8785cb1b3cb4dda416b34665c2b48f902 Mon Sep 17 00:00:00 2001 From: Hara Prasad Juvvala Date: Thu, 31 Oct 2024 13:51:50 -0500 Subject: [PATCH 5/5] remove kayako --- gen3-integration-tests/test_data/test_setup/user.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/gen3-integration-tests/test_data/test_setup/user.yaml b/gen3-integration-tests/test_data/test_setup/user.yaml index 23f5bebd..e9db7a62 100644 --- a/gen3-integration-tests/test_data/test_setup/user.yaml +++ b/gen3-integration-tests/test_data/test_setup/user.yaml @@ -324,8 +324,6 @@ authz: description: 'test resource for client credentials requestor requests' - name: 'cedar' description: 'commons /cedar' - - name: 'kayako' - description: 'commons /kayako' - name: 'ttyadmin' - name: 'workspace' - name: "sower"