diff --git a/primed/cdsa/tests/test_adapters.py b/primed/cdsa/tests/test_adapters.py deleted file mode 100644 index 6350864b..00000000 --- a/primed/cdsa/tests/test_adapters.py +++ /dev/null @@ -1,146 +0,0 @@ -import responses -from anvil_consortium_manager.models import ( - GroupGroupMembership, - WorkspaceGroupSharing, -) -from anvil_consortium_manager.tests.factories import ( - ManagedGroupFactory, - WorkspaceFactory, -) -from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin -from django.conf import settings -from django.test import TestCase, override_settings - -from .. import adapters -from . import factories - - -class CDSAWorkspaceAdapterTest(AnVILAPIMockTestMixin, TestCase): - """Tests for methods in the CDSAWorkspaceAdapter.""" - - def setUp(self): - super().setUp() - self.adapter = adapters.CDSAWorkspaceAdapter() - # Create the admins group. - self.admins_group = ManagedGroupFactory.create(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) - - def test_before_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, self.admins_group) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_before_anvil_create_different_cc_admins_name(self): - admins_group = ManagedGroupFactory.create(name="foobar") - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, admins_group) - - def test_after_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - cdsa_workspace = factories.CDSAWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(cdsa_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, cdsa_workspace.workspace) - self.assertEqual(sharing.group, self.admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_after_anvil_create_different_admins_group(self): - admins_group = ManagedGroupFactory.create(name="foobar") - cdsa_workspace = factories.CDSAWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "foobar@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(cdsa_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, cdsa_workspace.workspace) - self.assertEqual(sharing.group, admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) diff --git a/primed/collaborative_analysis/tests/test_adapters.py b/primed/collaborative_analysis/tests/test_adapters.py deleted file mode 100644 index 540d7502..00000000 --- a/primed/collaborative_analysis/tests/test_adapters.py +++ /dev/null @@ -1,146 +0,0 @@ -import responses -from anvil_consortium_manager.models import ( - GroupGroupMembership, - WorkspaceGroupSharing, -) -from anvil_consortium_manager.tests.factories import ( - ManagedGroupFactory, - WorkspaceFactory, -) -from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin -from django.conf import settings -from django.test import TestCase, override_settings - -from .. import adapters -from . import factories - - -class CollaborativeAnalysisWorkspaceAdapterTest(AnVILAPIMockTestMixin, TestCase): - """Tests for methods in the CollaborativeAnalysisWorkspaceAdapter.""" - - def setUp(self): - super().setUp() - self.adapter = adapters.CollaborativeAnalysisWorkspaceAdapter() - # Create the admins group. - self.admins_group = ManagedGroupFactory.create(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) - - def test_before_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, self.admins_group) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_before_anvil_create_different_cc_admins_name(self): - admins_group = ManagedGroupFactory.create(name="foobar") - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, admins_group) - - def test_after_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - collab_workspace = factories.CollaborativeAnalysisWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(collab_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, collab_workspace.workspace) - self.assertEqual(sharing.group, self.admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_after_anvil_create_different_admins_group(self): - admins_group = ManagedGroupFactory.create(name="foobar") - collab_workspace = factories.CollaborativeAnalysisWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "foobar@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(collab_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, collab_workspace.workspace) - self.assertEqual(sharing.group, admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) diff --git a/primed/dbgap/tests/test_adapters.py b/primed/dbgap/tests/test_adapters.py deleted file mode 100644 index fd091bf5..00000000 --- a/primed/dbgap/tests/test_adapters.py +++ /dev/null @@ -1,145 +0,0 @@ -import responses -from anvil_consortium_manager.models import ( - GroupGroupMembership, - WorkspaceGroupSharing, -) -from anvil_consortium_manager.tests.factories import ( - ManagedGroupFactory, - WorkspaceFactory, -) -from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin -from django.conf import settings -from django.test import TestCase, override_settings - -from .. import adapters -from . import factories - - -class dbGaPWorkspaceAdapterTest(AnVILAPIMockTestMixin, TestCase): - """Tests for methods in the dbGaPWorkspaceAdapter.""" - - def setUp(self): - super().setUp() - self.adapter = adapters.dbGaPWorkspaceAdapter() - # Create the admins group. - self.admins_group = ManagedGroupFactory.create(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) - - def test_before_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, self.admins_group) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_before_anvil_create_different_cc_admins_name(self): - admins_group = ManagedGroupFactory.create(name="foobar") - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, admins_group) - - def test_after_anvil_create(self): - dbgap_workspace = factories.dbGaPWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(dbgap_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, dbgap_workspace.workspace) - self.assertEqual(sharing.group, self.admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_after_anvil_create_different_admins_group(self): - admins_group = ManagedGroupFactory.create(name="foobar") - dbgap_workspace = factories.dbGaPWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "foobar@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(dbgap_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, dbgap_workspace.workspace) - self.assertEqual(sharing.group, admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) diff --git a/primed/primed_anvil/adapters.py b/primed/primed_anvil/adapters.py index eee418a4..547c0ea4 100644 --- a/primed/primed_anvil/adapters.py +++ b/primed/primed_anvil/adapters.py @@ -48,7 +48,10 @@ def before_anvil_create(self, workspace): workspace.authorization_domains.add(auth_domain) auth_domain.anvil_create() # Add the ADMINs group as an admin of the auth domain. - admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + try: + admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + except ManagedGroup.DoesNotExist: + return membership = GroupGroupMembership.objects.create( parent_group=auth_domain, child_group=admins_group, @@ -63,7 +66,10 @@ class WorkspaceAdminSharingAdapterMixin: def after_anvil_create(self, workspace): super().after_anvil_create(workspace) # Share the workspace with the ADMINs group as an owner. - admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + try: + admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + except ManagedGroup.DoesNotExist: + return sharing = WorkspaceGroupSharing.objects.create( workspace=workspace, group=admins_group, diff --git a/primed/primed_anvil/tests/test_adapters.py b/primed/primed_anvil/tests/test_adapters.py index 515b4b10..55dffb8b 100644 --- a/primed/primed_anvil/tests/test_adapters.py +++ b/primed/primed_anvil/tests/test_adapters.py @@ -1,6 +1,9 @@ -from anvil_consortium_manager.models import Account -from anvil_consortium_manager.tests.factories import AccountFactory -from django.test import TestCase +import responses +from anvil_consortium_manager.adapters.default import DefaultWorkspaceAdapter +from anvil_consortium_manager.models import Account, GroupGroupMembership, WorkspaceGroupSharing +from anvil_consortium_manager.tests.factories import AccountFactory, ManagedGroupFactory, WorkspaceFactory +from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin +from django.test import TestCase, override_settings from primed.users.tests.factories import UserFactory @@ -57,3 +60,172 @@ def test_autocomplete_queryset_no_linked_user(self): self.assertEqual(len(queryset), 1) self.assertIn(account_1, queryset) self.assertNotIn(account_2, queryset) + + +class WorkspaceAuthDomainAdapterMixinTest(AnVILAPIMockTestMixin, TestCase): + def setUp(self): + super().setUp() + + class TestAdapter(adapters.WorkspaceAuthDomainAdapterMixin, DefaultWorkspaceAdapter): + pass + + self.adapter = TestAdapter() + + def test_before_anvil_create(self): + admins_group = ManagedGroupFactory.create(name="TEST_PRIMED_CC_ADMINS") + workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) + # API response for auth domain ManagedGroup creation. + self.anvil_response_mock.add( + responses.POST, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", + status=201, + ) + # API response for auth domain PRIMED_ADMINS membership. + self.anvil_response_mock.add( + responses.PUT, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", + status=204, + ) + # Run the adapter method. + self.adapter.before_anvil_create(workspace) + self.assertEqual(workspace.authorization_domains.count(), 1) + auth_domain = workspace.authorization_domains.first() + self.assertEqual(auth_domain.name, "AUTH_foo") + self.assertTrue(auth_domain.is_managed_by_app) + self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") + # Check for GroupGroupMembership. + self.assertEqual(GroupGroupMembership.objects.count(), 1) + membership = GroupGroupMembership.objects.first() + self.assertEqual(membership.parent_group, auth_domain) + self.assertEqual(membership.child_group, admins_group) + + @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") + def test_before_anvil_create_different_cc_admins_name(self): + admins_group = ManagedGroupFactory.create(name="foobar") + # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. + workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) + # API response for auth domain ManagedGroup creation. + self.anvil_response_mock.add( + responses.POST, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", + status=201, + ) + # API response for auth domain PRIMED_ADMINS membership. + self.anvil_response_mock.add( + responses.PUT, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", + status=204, + ) + # Run the adapter method. + self.adapter.before_anvil_create(workspace) + self.assertEqual(workspace.authorization_domains.count(), 1) + auth_domain = workspace.authorization_domains.first() + self.assertEqual(auth_domain.name, "AUTH_foo") + self.assertTrue(auth_domain.is_managed_by_app) + self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") + # Check for GroupGroupMembership. + self.assertEqual(GroupGroupMembership.objects.count(), 1) + membership = GroupGroupMembership.objects.first() + self.assertEqual(membership.parent_group, auth_domain) + self.assertEqual(membership.child_group, admins_group) + + def test_before_anvil_create_admins_group_does_not_exist(self): + """If the admins group does not exist, the workspace is not shared.""" + workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) + # API response for auth domain ManagedGroup creation. + self.anvil_response_mock.add( + responses.POST, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", + status=201, + ) + # Run the adapter method. + self.adapter.before_anvil_create(workspace) + self.assertEqual(workspace.authorization_domains.count(), 1) + auth_domain = workspace.authorization_domains.first() + self.assertEqual(auth_domain.name, "AUTH_foo") + self.assertTrue(auth_domain.is_managed_by_app) + self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") + # No GroupGroupMembership objects were created. + self.assertEqual(GroupGroupMembership.objects.count(), 0) + + +class WorkspaceAdminSharingAdapterMixin(AnVILAPIMockTestMixin, TestCase): + def setUp(self): + super().setUp() + + class TestAdapter(adapters.WorkspaceAdminSharingAdapterMixin, DefaultWorkspaceAdapter): + pass + + self.adapter = TestAdapter() + + def test_after_anvil_create(self): + admins_group = ManagedGroupFactory.create(name="TEST_PRIMED_CC_ADMINS") + workspace = WorkspaceFactory.create( + billing_project__name="bar", name="foo", workspace_type=self.adapter.get_type() + ) + # API response for PRIMED_ADMINS workspace owner. + acls = [ + { + "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", + "accessLevel": "OWNER", + "canShare": False, + "canCompute": True, + } + ] + self.anvil_response_mock.add( + responses.PATCH, + self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", + status=200, + match=[responses.matchers.json_params_matcher(acls)], + json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, + ) + # Run the adapter method. + self.adapter.after_anvil_create(workspace) + # Check for WorkspaceGroupSharing. + self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) + sharing = WorkspaceGroupSharing.objects.first() + self.assertEqual(sharing.workspace, workspace) + self.assertEqual(sharing.group, admins_group) + self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) + self.assertTrue(sharing.can_compute) + + @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") + def test_after_anvil_create_different_admins_group(self): + admins_group = ManagedGroupFactory.create(name="foobar") + workspace = WorkspaceFactory.create( + billing_project__name="bar", name="foo", workspace_type=self.adapter.get_type() + ) + # API response for PRIMED_ADMINS workspace owner. + acls = [ + { + "email": "foobar@firecloud.org", + "accessLevel": "OWNER", + "canShare": False, + "canCompute": True, + } + ] + self.anvil_response_mock.add( + responses.PATCH, + self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", + status=200, + match=[responses.matchers.json_params_matcher(acls)], + json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, + ) + # Run the adapter method. + self.adapter.after_anvil_create(workspace) + # Check for WorkspaceGroupSharing. + self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) + sharing = WorkspaceGroupSharing.objects.first() + self.assertEqual(sharing.workspace, workspace) + self.assertEqual(sharing.group, admins_group) + self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) + self.assertTrue(sharing.can_compute) + + def test_after_anvil_create_no_admins_group(self): + workspace = WorkspaceFactory.create( + billing_project__name="bar", name="foo", workspace_type=self.adapter.get_type() + ) + # Run the adapter method. + self.adapter.after_anvil_create(workspace) + # No WorkspaceGroupSharing objects were created. + self.assertEqual(WorkspaceGroupSharing.objects.count(), 0)