From 0b743a3d0cb2fc0e0589053448486ba33cd28cbc Mon Sep 17 00:00:00 2001 From: Adrienne Stilp Date: Wed, 3 Jul 2024 09:35:02 -0700 Subject: [PATCH] Move adapter mixin tests into a general test file Instead of essentially repeating the same tests fora ll the adapters, just test the adapter mixins themselves directly once. The actual workspace adapters themselves are still tested via the create views. --- primed/cdsa/tests/test_adapters.py | 146 -------------- .../tests/test_adapters.py | 146 -------------- primed/dbgap/tests/test_adapters.py | 145 -------------- primed/primed_anvil/adapters.py | 10 +- primed/primed_anvil/tests/test_adapters.py | 178 +++++++++++++++++- 5 files changed, 183 insertions(+), 442 deletions(-) delete mode 100644 primed/cdsa/tests/test_adapters.py delete mode 100644 primed/collaborative_analysis/tests/test_adapters.py delete mode 100644 primed/dbgap/tests/test_adapters.py diff --git a/primed/cdsa/tests/test_adapters.py b/primed/cdsa/tests/test_adapters.py deleted file mode 100644 index 6350864b..00000000 --- a/primed/cdsa/tests/test_adapters.py +++ /dev/null @@ -1,146 +0,0 @@ -import responses -from anvil_consortium_manager.models import ( - GroupGroupMembership, - WorkspaceGroupSharing, -) -from anvil_consortium_manager.tests.factories import ( - ManagedGroupFactory, - WorkspaceFactory, -) -from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin -from django.conf import settings -from django.test import TestCase, override_settings - -from .. import adapters -from . import factories - - -class CDSAWorkspaceAdapterTest(AnVILAPIMockTestMixin, TestCase): - """Tests for methods in the CDSAWorkspaceAdapter.""" - - def setUp(self): - super().setUp() - self.adapter = adapters.CDSAWorkspaceAdapter() - # Create the admins group. - self.admins_group = ManagedGroupFactory.create(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) - - def test_before_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, self.admins_group) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_before_anvil_create_different_cc_admins_name(self): - admins_group = ManagedGroupFactory.create(name="foobar") - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, admins_group) - - def test_after_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - cdsa_workspace = factories.CDSAWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(cdsa_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, cdsa_workspace.workspace) - self.assertEqual(sharing.group, self.admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_after_anvil_create_different_admins_group(self): - admins_group = ManagedGroupFactory.create(name="foobar") - cdsa_workspace = factories.CDSAWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "foobar@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(cdsa_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, cdsa_workspace.workspace) - self.assertEqual(sharing.group, admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) diff --git a/primed/collaborative_analysis/tests/test_adapters.py b/primed/collaborative_analysis/tests/test_adapters.py deleted file mode 100644 index 540d7502..00000000 --- a/primed/collaborative_analysis/tests/test_adapters.py +++ /dev/null @@ -1,146 +0,0 @@ -import responses -from anvil_consortium_manager.models import ( - GroupGroupMembership, - WorkspaceGroupSharing, -) -from anvil_consortium_manager.tests.factories import ( - ManagedGroupFactory, - WorkspaceFactory, -) -from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin -from django.conf import settings -from django.test import TestCase, override_settings - -from .. import adapters -from . import factories - - -class CollaborativeAnalysisWorkspaceAdapterTest(AnVILAPIMockTestMixin, TestCase): - """Tests for methods in the CollaborativeAnalysisWorkspaceAdapter.""" - - def setUp(self): - super().setUp() - self.adapter = adapters.CollaborativeAnalysisWorkspaceAdapter() - # Create the admins group. - self.admins_group = ManagedGroupFactory.create(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) - - def test_before_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, self.admins_group) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_before_anvil_create_different_cc_admins_name(self): - admins_group = ManagedGroupFactory.create(name="foobar") - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, admins_group) - - def test_after_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - collab_workspace = factories.CollaborativeAnalysisWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(collab_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, collab_workspace.workspace) - self.assertEqual(sharing.group, self.admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_after_anvil_create_different_admins_group(self): - admins_group = ManagedGroupFactory.create(name="foobar") - collab_workspace = factories.CollaborativeAnalysisWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "foobar@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(collab_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, collab_workspace.workspace) - self.assertEqual(sharing.group, admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) diff --git a/primed/dbgap/tests/test_adapters.py b/primed/dbgap/tests/test_adapters.py deleted file mode 100644 index fd091bf5..00000000 --- a/primed/dbgap/tests/test_adapters.py +++ /dev/null @@ -1,145 +0,0 @@ -import responses -from anvil_consortium_manager.models import ( - GroupGroupMembership, - WorkspaceGroupSharing, -) -from anvil_consortium_manager.tests.factories import ( - ManagedGroupFactory, - WorkspaceFactory, -) -from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin -from django.conf import settings -from django.test import TestCase, override_settings - -from .. import adapters -from . import factories - - -class dbGaPWorkspaceAdapterTest(AnVILAPIMockTestMixin, TestCase): - """Tests for methods in the dbGaPWorkspaceAdapter.""" - - def setUp(self): - super().setUp() - self.adapter = adapters.dbGaPWorkspaceAdapter() - # Create the admins group. - self.admins_group = ManagedGroupFactory.create(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) - - def test_before_anvil_create(self): - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, self.admins_group) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_before_anvil_create_different_cc_admins_name(self): - admins_group = ManagedGroupFactory.create(name="foobar") - # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. - workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) - # API response for auth domain ManagedGroup creation. - self.anvil_response_mock.add( - responses.POST, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", - status=201, - ) - # API response for auth domain PRIMED_ADMINS membership. - self.anvil_response_mock.add( - responses.PUT, - self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", - status=204, - ) - # Run the adapter method. - self.adapter.before_anvil_create(workspace) - self.assertEqual(workspace.authorization_domains.count(), 1) - auth_domain = workspace.authorization_domains.first() - self.assertEqual(auth_domain.name, "AUTH_foo") - self.assertTrue(auth_domain.is_managed_by_app) - self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") - # Check for GroupGroupMembership. - self.assertEqual(GroupGroupMembership.objects.count(), 1) - membership = GroupGroupMembership.objects.first() - self.assertEqual(membership.parent_group, auth_domain) - self.assertEqual(membership.child_group, admins_group) - - def test_after_anvil_create(self): - dbgap_workspace = factories.dbGaPWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(dbgap_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, dbgap_workspace.workspace) - self.assertEqual(sharing.group, self.admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) - - @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") - def test_after_anvil_create_different_admins_group(self): - admins_group = ManagedGroupFactory.create(name="foobar") - dbgap_workspace = factories.dbGaPWorkspaceFactory.create( - workspace__billing_project__name="bar", workspace__name="foo" - ) - # API response for PRIMED_ADMINS workspace owner. - acls = [ - { - "email": "foobar@firecloud.org", - "accessLevel": "OWNER", - "canShare": False, - "canCompute": True, - } - ] - self.anvil_response_mock.add( - responses.PATCH, - self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", - status=200, - match=[responses.matchers.json_params_matcher(acls)], - json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, - ) - # Run the adapter method. - self.adapter.after_anvil_create(dbgap_workspace.workspace) - # Check for WorkspaceGroupSharing. - self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) - sharing = WorkspaceGroupSharing.objects.first() - self.assertEqual(sharing.workspace, dbgap_workspace.workspace) - self.assertEqual(sharing.group, admins_group) - self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) - self.assertTrue(sharing.can_compute) diff --git a/primed/primed_anvil/adapters.py b/primed/primed_anvil/adapters.py index eee418a4..547c0ea4 100644 --- a/primed/primed_anvil/adapters.py +++ b/primed/primed_anvil/adapters.py @@ -48,7 +48,10 @@ def before_anvil_create(self, workspace): workspace.authorization_domains.add(auth_domain) auth_domain.anvil_create() # Add the ADMINs group as an admin of the auth domain. - admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + try: + admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + except ManagedGroup.DoesNotExist: + return membership = GroupGroupMembership.objects.create( parent_group=auth_domain, child_group=admins_group, @@ -63,7 +66,10 @@ class WorkspaceAdminSharingAdapterMixin: def after_anvil_create(self, workspace): super().after_anvil_create(workspace) # Share the workspace with the ADMINs group as an owner. - admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + try: + admins_group = ManagedGroup.objects.get(name=settings.ANVIL_CC_ADMINS_GROUP_NAME) + except ManagedGroup.DoesNotExist: + return sharing = WorkspaceGroupSharing.objects.create( workspace=workspace, group=admins_group, diff --git a/primed/primed_anvil/tests/test_adapters.py b/primed/primed_anvil/tests/test_adapters.py index 515b4b10..55dffb8b 100644 --- a/primed/primed_anvil/tests/test_adapters.py +++ b/primed/primed_anvil/tests/test_adapters.py @@ -1,6 +1,9 @@ -from anvil_consortium_manager.models import Account -from anvil_consortium_manager.tests.factories import AccountFactory -from django.test import TestCase +import responses +from anvil_consortium_manager.adapters.default import DefaultWorkspaceAdapter +from anvil_consortium_manager.models import Account, GroupGroupMembership, WorkspaceGroupSharing +from anvil_consortium_manager.tests.factories import AccountFactory, ManagedGroupFactory, WorkspaceFactory +from anvil_consortium_manager.tests.utils import AnVILAPIMockTestMixin +from django.test import TestCase, override_settings from primed.users.tests.factories import UserFactory @@ -57,3 +60,172 @@ def test_autocomplete_queryset_no_linked_user(self): self.assertEqual(len(queryset), 1) self.assertIn(account_1, queryset) self.assertNotIn(account_2, queryset) + + +class WorkspaceAuthDomainAdapterMixinTest(AnVILAPIMockTestMixin, TestCase): + def setUp(self): + super().setUp() + + class TestAdapter(adapters.WorkspaceAuthDomainAdapterMixin, DefaultWorkspaceAdapter): + pass + + self.adapter = TestAdapter() + + def test_before_anvil_create(self): + admins_group = ManagedGroupFactory.create(name="TEST_PRIMED_CC_ADMINS") + workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) + # API response for auth domain ManagedGroup creation. + self.anvil_response_mock.add( + responses.POST, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", + status=201, + ) + # API response for auth domain PRIMED_ADMINS membership. + self.anvil_response_mock.add( + responses.PUT, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/TEST_PRIMED_CC_ADMINS@firecloud.org", + status=204, + ) + # Run the adapter method. + self.adapter.before_anvil_create(workspace) + self.assertEqual(workspace.authorization_domains.count(), 1) + auth_domain = workspace.authorization_domains.first() + self.assertEqual(auth_domain.name, "AUTH_foo") + self.assertTrue(auth_domain.is_managed_by_app) + self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") + # Check for GroupGroupMembership. + self.assertEqual(GroupGroupMembership.objects.count(), 1) + membership = GroupGroupMembership.objects.first() + self.assertEqual(membership.parent_group, auth_domain) + self.assertEqual(membership.child_group, admins_group) + + @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") + def test_before_anvil_create_different_cc_admins_name(self): + admins_group = ManagedGroupFactory.create(name="foobar") + # Create a Workspace instead of CDSAWorkspace to skip factory auth domain behavior. + workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) + # API response for auth domain ManagedGroup creation. + self.anvil_response_mock.add( + responses.POST, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", + status=201, + ) + # API response for auth domain PRIMED_ADMINS membership. + self.anvil_response_mock.add( + responses.PUT, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo/admin/foobar@firecloud.org", + status=204, + ) + # Run the adapter method. + self.adapter.before_anvil_create(workspace) + self.assertEqual(workspace.authorization_domains.count(), 1) + auth_domain = workspace.authorization_domains.first() + self.assertEqual(auth_domain.name, "AUTH_foo") + self.assertTrue(auth_domain.is_managed_by_app) + self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") + # Check for GroupGroupMembership. + self.assertEqual(GroupGroupMembership.objects.count(), 1) + membership = GroupGroupMembership.objects.first() + self.assertEqual(membership.parent_group, auth_domain) + self.assertEqual(membership.child_group, admins_group) + + def test_before_anvil_create_admins_group_does_not_exist(self): + """If the admins group does not exist, the workspace is not shared.""" + workspace = WorkspaceFactory.create(name="foo", workspace_type=self.adapter.get_type()) + # API response for auth domain ManagedGroup creation. + self.anvil_response_mock.add( + responses.POST, + self.api_client.sam_entry_point + "/api/groups/v1/AUTH_foo", + status=201, + ) + # Run the adapter method. + self.adapter.before_anvil_create(workspace) + self.assertEqual(workspace.authorization_domains.count(), 1) + auth_domain = workspace.authorization_domains.first() + self.assertEqual(auth_domain.name, "AUTH_foo") + self.assertTrue(auth_domain.is_managed_by_app) + self.assertEqual(auth_domain.email, "AUTH_foo@firecloud.org") + # No GroupGroupMembership objects were created. + self.assertEqual(GroupGroupMembership.objects.count(), 0) + + +class WorkspaceAdminSharingAdapterMixin(AnVILAPIMockTestMixin, TestCase): + def setUp(self): + super().setUp() + + class TestAdapter(adapters.WorkspaceAdminSharingAdapterMixin, DefaultWorkspaceAdapter): + pass + + self.adapter = TestAdapter() + + def test_after_anvil_create(self): + admins_group = ManagedGroupFactory.create(name="TEST_PRIMED_CC_ADMINS") + workspace = WorkspaceFactory.create( + billing_project__name="bar", name="foo", workspace_type=self.adapter.get_type() + ) + # API response for PRIMED_ADMINS workspace owner. + acls = [ + { + "email": "TEST_PRIMED_CC_ADMINS@firecloud.org", + "accessLevel": "OWNER", + "canShare": False, + "canCompute": True, + } + ] + self.anvil_response_mock.add( + responses.PATCH, + self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", + status=200, + match=[responses.matchers.json_params_matcher(acls)], + json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, + ) + # Run the adapter method. + self.adapter.after_anvil_create(workspace) + # Check for WorkspaceGroupSharing. + self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) + sharing = WorkspaceGroupSharing.objects.first() + self.assertEqual(sharing.workspace, workspace) + self.assertEqual(sharing.group, admins_group) + self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) + self.assertTrue(sharing.can_compute) + + @override_settings(ANVIL_CC_ADMINS_GROUP_NAME="foobar") + def test_after_anvil_create_different_admins_group(self): + admins_group = ManagedGroupFactory.create(name="foobar") + workspace = WorkspaceFactory.create( + billing_project__name="bar", name="foo", workspace_type=self.adapter.get_type() + ) + # API response for PRIMED_ADMINS workspace owner. + acls = [ + { + "email": "foobar@firecloud.org", + "accessLevel": "OWNER", + "canShare": False, + "canCompute": True, + } + ] + self.anvil_response_mock.add( + responses.PATCH, + self.api_client.rawls_entry_point + "/api/workspaces/bar/foo/acl?inviteUsersNotFound=false", + status=200, + match=[responses.matchers.json_params_matcher(acls)], + json={"invitesSent": {}, "usersNotFound": {}, "usersUpdated": acls}, + ) + # Run the adapter method. + self.adapter.after_anvil_create(workspace) + # Check for WorkspaceGroupSharing. + self.assertEqual(WorkspaceGroupSharing.objects.count(), 1) + sharing = WorkspaceGroupSharing.objects.first() + self.assertEqual(sharing.workspace, workspace) + self.assertEqual(sharing.group, admins_group) + self.assertEqual(sharing.access, WorkspaceGroupSharing.OWNER) + self.assertTrue(sharing.can_compute) + + def test_after_anvil_create_no_admins_group(self): + workspace = WorkspaceFactory.create( + billing_project__name="bar", name="foo", workspace_type=self.adapter.get_type() + ) + # Run the adapter method. + self.adapter.after_anvil_create(workspace) + # No WorkspaceGroupSharing objects were created. + self.assertEqual(WorkspaceGroupSharing.objects.count(), 0)