Add Permissions integration tests (data-dot-all#1550)

### Feature or Bugfix
- Feature: testing

### Detail
Implement tests for Permissions api calls (inside core/permissions) as
part of data-dot-all#1220

!Excludes updateSSMParameter mutation - I think it is unused

### Relates
- data-dot-all#1220

### Security
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

tests_new/integration_tests/core/permissions/queries.py

@@ -0,0 +1,64 @@
+# TODO: This file will be replaced by using the SDK directly
+def update_group_tenant_permissions(client, group_uri, permissions=[]):
+    query = {
+        'operationName': 'updateGroupTenantPermissions',
+        'variables': {
+            'input': {
+                'groupUri': group_uri,
+                'permissions': permissions,
+            }
+        },
+        'query': """    
+                mutation updateGroupTenantPermissions(
+                  $input: UpdateGroupTenantPermissionsInput!
+                ) {
+                  updateGroupTenantPermissions(input: $input)
+                }
+                """,
+    }
+    response = client.query(query=query)
+    return response.data.updateGroupTenantPermissions
+
+
+def list_tenant_permissions(client):
+    query = {
+        'operationName': 'listTenantPermissions',
+        'variables': {},
+        'query': """    
+                query listTenantPermissions {
+                  listTenantPermissions {
+                    name
+                    description
+                  }
+                }
+                """,
+    }
+    response = client.query(query=query)
+    return response.data.listTenantPermissions
+
+
+def list_tenant_groups(client, term=''):
+    query = {
+        'operationName': 'listTenantGroups',
+        'variables': {'filter': {'term': term}},
+        'query': """    
+            query listTenantGroups($filter: GroupFilter) {
+              listTenantGroups(filter: $filter) {
+                count
+                page
+                pages
+                hasNext
+                hasPrevious
+                nodes {
+                  groupUri
+                  tenantPermissions {
+                    name
+                    description
+                  }
+                }
+              }
+            }
+            """,
+    }
+    response = client.query(query=query)
+    return response.data.listTenantGroups

tests_new/integration_tests/core/permissions/test_permissions.py

@@ -0,0 +1,57 @@
+from assertpy import assert_that
+
+from integration_tests.core.permissions.queries import (
+    update_group_tenant_permissions,
+    list_tenant_permissions,
+    list_tenant_groups,
+)
+from integration_tests.errors import GqlError
+
+
+def test_list_tenant_permissions(clientTenant):
+    response = list_tenant_permissions(clientTenant)
+    assert_that(response).is_not_empty()
+    assert_that(len(response)).is_greater_than_or_equal_to(3)
+    assert_that(response).does_not_contain([None, '', False])
+    assert_that([p.name for p in response]).does_not_contain([None, '', False])
+
+
+def test_list_tenant_permissions_unauthorized(client1):
+    assert_that(list_tenant_permissions).raises(GqlError).when_called_with(client1).contains(
+        'UnauthorizedOperation', 'LIST_TENANT_TEAM_PERMISSIONS'
+    )
+
+
+def test_list_tenant_groups(clientTenant):
+    response = list_tenant_groups(clientTenant)
+    assert_that(response.count).is_greater_than_or_equal_to(4)
+    assert_that(response.nodes).is_not_empty()
+    assert_that(response.nodes[0]).contains_key('tenantPermissions')
+    ## Testing admin group DAAdministrators exists
+    admin_group = next(group for group in response.nodes if group.groupUri == 'DHAdmins')
+    assert_that(admin_group).contains_key('tenantPermissions')
+
+
+def test_list_tenant_groups_unauthorized(client1):
+    assert_that(list_tenant_groups).raises(GqlError).when_called_with(client1).contains(
+        'UnauthorizedOperation', 'LIST_TENANT_TEAMS'
+    )
+
+
+def test_update_group_tenant_permissions(clientTenant, group1):
+    # get group with permissions
+    response = list_tenant_groups(clientTenant, term=group1)
+    assert_that(response.count).is_equal_to(1)
+    assert_that(len(response.nodes[0].tenantPermissions)).is_greater_than_or_equal_to(1)
+    group1_perms = [p.name for p in response.nodes[0].tenantPermissions]
+    # update permissions
+    response = update_group_tenant_permissions(clientTenant, group1, group1_perms[:-1])
+    assert_that(response).is_true()
+    # check permissions were updated
+    response = list_tenant_groups(clientTenant, term=group1)
+    assert_that(response.count).is_equal_to(1)
+    group1_p_updated = response.nodes[0]
+    assert_that(len(group1_p_updated.tenantPermissions)).is_equal_to(len(group1_perms) - 1)
+    assert_that(group1_p_updated.tenantPermissions).does_not_contain(group1_perms[-1])
+    # update permissions back to initial state
+    update_group_tenant_permissions(clientTenant, group1, group1_perms)