Skip to content

Commit

Permalink
Fix errors in geoserver e2e test (#129)
Browse files Browse the repository at this point in the history 
# Overview

This PR fixes the geoserver e2e test, which was having errors since the
latest changes on the proxy for the geoserver service and on the
`all-public-access` component on birdhouse.

Requests sent to the Geoserver rest API now also require the Magpie
admin credentials (along with the geoserver admin credentials) since
they now pass through Twitcher. Also, Geoserver test permissions have
been adjusted since geoserver access is now allowed instead of denied by
default with the optional-component `all-public-access`.
  • Loading branch information
@cwcummings
cwcummings authored Nov 3, 2023
2 parents d466af7 + 1818031 commit 45ecd65
Showing 1 changed file with 48 additions and 36 deletions.
84 changes: 48 additions & 36 deletions notebooks-auth/geoserver.ipynb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,14 @@
"text": [
"Setup configuration parameters...\n",
" Will use Magpie URL: [https://pavics.ouranos.ca/magpie]\n",
" Will use Geoserver URL: [https://pavics.ouranos.ca/geoserver-secured]\n",
" Will use Geoserver URL: [https://pavics.ouranos.ca/geoserver]\n",
" Will use Geoserver rest URL: [https://pavics.ouranos.ca/geoserver/rest]\n"
]
}
],
"source": [
"# define some useful variables for following steps\n",
"import copy\n",
"import json\n",
"import os\n",
"import requests\n",
Expand Down Expand Up @@ -121,16 +122,14 @@
"metadata": {},
"outputs": [],
"source": [
"geoserver_admin_session = requests.Session()\n",
"geoserver_admin_session.verify = VERIFY_SSL\n",
"geoserver_admin_session.headers = HEADERS\n",
"geoserver_admin_session.auth = (TEST_GEOSERVER_ADMIN_USERNAME, TEST_GEOSERVER_ADMIN_PASSWORD)\n",
"\n",
"magpie_admin_session = requests.Session()\n",
"magpie_admin_session.verify = VERIFY_SSL\n",
"magpie_admin_session.headers = HEADERS\n",
"magpie_admin_session.cookies = magpie_signin(TEST_MAGPIE_ADMIN_USERNAME, TEST_MAGPIE_ADMIN_PASSWORD).cookies\n",
"\n",
"geoserver_admin_session = copy.deepcopy(magpie_admin_session)\n",
"geoserver_admin_session.auth = (TEST_GEOSERVER_ADMIN_USERNAME, TEST_GEOSERVER_ADMIN_PASSWORD)\n",
"\n",
"test_user_session = requests.Session()\n",
"test_user_session.verify = VERIFY_SSL\n",
"test_user_session.headers = HEADERS\n",
Expand Down Expand Up @@ -466,15 +465,14 @@
"metadata": {},
"outputs": [],
"source": [
"def set_permission(permission, resource, target_type, target_name):\n",
" _res_id = resource[\"resource_id\"]\n",
" _path = \"{}/{}/{}/resources/{}/permissions\".format(MAGPIE_URL, target_type, target_name, _res_id)\n",
"def set_permission(permission, resource_id, resource_name, target_type, target_name):\n",
" _path = \"{}/{}/{}/resources/{}/permissions\".format(MAGPIE_URL, target_type, target_name, resource_id)\n",
" _data = {\"permission\": permission}\n",
" _resp = magpie_admin_session.put(_path, json=_data)\n",
" if _resp.status_code not in [200, 201]:\n",
" _msg = \"\\nCleanup called before? {} (if called, following error could be expected)\".format(CLEANUP_CALLED) + \\\n",
" \"\\nCould not set permission [{}] for [{}, {}] over resource [{}, {}]\" \\\n",
" .format(permission, target_type, target_name, resource[\"resource_name\"], _res_id)\n",
" .format(permission, target_type, target_name, resource_name, resource_id)\n",
" cleanup_test_data()\n",
" raise ValueError(response_msg(_msg, _resp))"
]
Expand Down Expand Up @@ -522,6 +520,20 @@
{
"cell_type": "code",
"execution_count": 14,
"id": "ac0ac626-dab2-4956-acf0-420da7d0ba47",
"metadata": {},
"outputs": [],
"source": [
"# Prepare permissions, make sure permissions are denied for the test users before testing\n",
"set_permission(\"getfeature-deny-recursive\", geoserver_res_id, GEOSERVER_SERVICE, \"users\", MAGPIE_TEST_USER)\n",
"set_permission(\"getfeature-deny-recursive\", geoserver_res_id, GEOSERVER_SERVICE, \"users\", MAGPIE_NO_PERM_USER)\n",
"set_permission(\"describestoredqueries-deny-recursive\", geoserver_res_id, GEOSERVER_SERVICE, \"users\", MAGPIE_TEST_USER)\n",
"set_permission(\"describestoredqueries-deny-recursive\", geoserver_res_id, GEOSERVER_SERVICE, \"users\", MAGPIE_NO_PERM_USER)"
]
},
{
"cell_type": "code",
"execution_count": 15,
"id": "34f49eff-d303-4ab8-9e1c-838a00ce7912",
"metadata": {},
"outputs": [
Expand All @@ -530,24 +542,24 @@
"output_type": "stream",
"text": [
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-e0ad80ca-61aa-44f3-807a-e6d95a6d9b8d]\n",
" Code: [401]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-58d91ff0-48d8-42fe-a121-29302959b295]\n",
" Code: [403]\n",
" Access: [Denied]\n",
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-no-perm-2c7310e6-1781-4eaf-beca-ba059bd19daa]\n",
" Code: [401]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-no-perm-aadee8c3-d416-4d67-965b-5d3d2bc45591]\n",
" Code: [403]\n",
" Access: [Denied]\n",
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-e0ad80ca-61aa-44f3-807a-e6d95a6d9b8d]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-58d91ff0-48d8-42fe-a121-29302959b295]\n",
" Code: [200]\n",
" Access: [Allowed]\n",
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-no-perm-2c7310e6-1781-4eaf-beca-ba059bd19daa]\n",
" Code: [401]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=GetFeature]\n",
" User: [test-user-no-perm-aadee8c3-d416-4d67-965b-5d3d2bc45591]\n",
" Code: [403]\n",
" Access: [Denied]\n"
]
}
Expand All @@ -559,15 +571,15 @@
"has_access(res_path, test_user_session, MAGPIE_TEST_USER, False)\n",
"has_access(res_path, no_perm_user_session, MAGPIE_NO_PERM_USER, False)\n",
"\n",
"set_permission(\"getfeature-allow-recursive\", workspace_res, \"users\", MAGPIE_TEST_USER)\n",
"set_permission(\"getfeature-allow-recursive\", workspace_res[\"resource_id\"], workspace_res[\"resource_name\"], \"users\", MAGPIE_TEST_USER)\n",
"\n",
"has_access(res_path, test_user_session, MAGPIE_TEST_USER, True)\n",
"has_access(res_path, no_perm_user_session, MAGPIE_NO_PERM_USER, False)"
]
},
{
"cell_type": "code",
"execution_count": 15,
"execution_count": 16,
"id": "9b84715b-34a2-4a68-be2b-128b4cda7d40",
"metadata": {},
"outputs": [
Expand All @@ -576,24 +588,24 @@
"output_type": "stream",
"text": [
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-e0ad80ca-61aa-44f3-807a-e6d95a6d9b8d]\n",
" Code: [401]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-58d91ff0-48d8-42fe-a121-29302959b295]\n",
" Code: [403]\n",
" Access: [Denied]\n",
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-no-perm-2c7310e6-1781-4eaf-beca-ba059bd19daa]\n",
" Code: [401]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-no-perm-aadee8c3-d416-4d67-965b-5d3d2bc45591]\n",
" Code: [403]\n",
" Access: [Denied]\n",
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-e0ad80ca-61aa-44f3-807a-e6d95a6d9b8d]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-58d91ff0-48d8-42fe-a121-29302959b295]\n",
" Code: [200]\n",
" Access: [Allowed]\n",
"Detail:\n",
" Resource: [https://pavics.ouranos.ca/geoserver-secured/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-no-perm-2c7310e6-1781-4eaf-beca-ba059bd19daa]\n",
" Code: [401]\n",
" Resource: [https://pavics.ouranos.ca/geoserver/test_workspace/wfs?typeNames=test_workspace:Espace_Vert&request=DescribeStoredQueries]\n",
" User: [test-user-no-perm-aadee8c3-d416-4d67-965b-5d3d2bc45591]\n",
" Code: [403]\n",
" Access: [Denied]\n"
]
}
Expand All @@ -605,15 +617,15 @@
"has_access(res_path, test_user_session, MAGPIE_TEST_USER, False)\n",
"has_access(res_path, no_perm_user_session, MAGPIE_NO_PERM_USER, False)\n",
"\n",
"set_permission(\"describestoredqueries-allow-match\", layer_res, \"users\", MAGPIE_TEST_USER)\n",
"set_permission(\"describestoredqueries-allow-match\", layer_res[\"resource_id\"], layer_res[\"resource_name\"], \"users\", MAGPIE_TEST_USER)\n",
"\n",
"has_access(res_path, test_user_session, MAGPIE_TEST_USER, True)\n",
"has_access(res_path, no_perm_user_session, MAGPIE_NO_PERM_USER, False)"
]
},
{
"cell_type": "code",
"execution_count": 16,
"execution_count": 17,
"id": "66e26c1f-c8b4-40d3-9440-e8e82bc613d3",
"metadata": {},
"outputs": [
Expand Down

0 comments on commit 45ecd65

Please sign in to comment.