From 1ef85f19b901c3c0e460c3064c0ce10d1f26de29 Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <andrey.zhavoronkov@intel.com>
Date: Tue, 8 Feb 2022 17:39:49 +0300
Subject: [PATCH 1/5] added simple test for analytics

---
 .github/workflows/main.yml            |  2 +-
 tests/rest_api/test_0004_analytics.py | 30 +++++++++++++++++++++++++++
 tests/rest_api/utils/config.py        | 16 +++++++++++---
 3 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 tests/rest_api/test_0004_analytics.py

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 3d11d66d20a8..05129d4930e3 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -75,7 +75,7 @@ jobs:
         env:
           API_ABOUT_PAGE: "localhost:8080/api/server/about"
         run: |
-          docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml up -d
+          docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml -f components/analytics/docker-compose.analytics.yml up -d
           /bin/bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${API_ABOUT_PAGE})" != "401" ]]; do sleep 5; done'
           pip3 install --user -r tests/rest_api/requirements.txt
           pytest tests/rest_api/
diff --git a/tests/rest_api/test_0004_analytics.py b/tests/rest_api/test_0004_analytics.py
new file mode 100644
index 000000000000..874ed5030563
--- /dev/null
+++ b/tests/rest_api/test_0004_analytics.py
@@ -0,0 +1,30 @@
+# Copyright (C) 2022 Intel Corporation
+#
+# SPDX-License-Identifier: MIT
+
+from http import HTTPStatus
+from .utils.config import server_get
+
+class TestGetAnalytics:
+    endpoint = 'analytics/app/kibana'
+    def _test_can_see(self, user):
+        response = server_get(user, self.endpoint)
+
+        assert response.status_code == HTTPStatus.OK
+
+    def _test_cannot_see(self, user):
+        response = server_get(user, self.endpoint)
+
+        assert response.status_code == HTTPStatus.FORBIDDEN
+
+    def test_admin_can_see(self):
+        self._test_can_see('admin2')
+
+    def test_business_can_see(self):
+        self._test_can_see('business1')
+
+    def test_user_cannot_see_(self):
+        self._test_cannot_see('user1')
+
+    def test_worker_cannot_see_(self):
+        self._test_cannot_see('worker1')
diff --git a/tests/rest_api/utils/config.py b/tests/rest_api/utils/config.py
index 057389fda407..0eb058710e5b 100644
--- a/tests/rest_api/utils/config.py
+++ b/tests/rest_api/utils/config.py
@@ -9,10 +9,17 @@
 ASSETS_DIR = osp.abspath(osp.join(ROOT_DIR, '..', 'assets'))
 # Suppress the warning from Bandit about hardcoded passwords
 USER_PASS = '!Q@W#E$R' # nosec
-BASE_URL = 'http://localhost:8080/api/'
+BASE_URL = 'http://localhost:8080/'
+API_URL = BASE_URL + 'api/'
+
+def _to_query_params(**kwargs):
+    return '&'.join([f'{k}={v}' for k,v in kwargs.items()])
+
+def get_server_url(endpoint, **kwargs):
+    return BASE_URL + endpoint + '?' + _to_query_params(**kwargs)
 
 def get_api_url(endpoint, **kwargs):
-    return BASE_URL + endpoint + '?' + '&'.join([f'{k}={v}' for k,v in kwargs.items()])
+    return API_URL + endpoint + '?' + _to_query_params(**kwargs)
 
 def get_method(username, endpoint, **kwargs):
     return requests.get(get_api_url(endpoint, **kwargs), auth=(username, USER_PASS))
@@ -21,4 +28,7 @@ def delete_method(username, endpoint, **kwargs):
     return requests.delete(get_api_url(endpoint, **kwargs), auth=(username, USER_PASS))
 
 def patch_method(username, endpoint, data, **kwargs):
-    return requests.patch(get_api_url(endpoint, **kwargs), json=data, auth=(username, USER_PASS))
\ No newline at end of file
+    return requests.patch(get_api_url(endpoint, **kwargs), json=data, auth=(username, USER_PASS))
+
+def server_get(username, endpoint, **kwargs):
+    return requests.get(get_server_url(endpoint, **kwargs), auth=(username, USER_PASS))

From 2f43ff433ae90e998ed00cd0be4487c4da0c959d Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <andrey.zhavoronkov@intel.com>
Date: Wed, 9 Feb 2022 13:59:35 +0300
Subject: [PATCH 2/5] added missed compose config

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 05129d4930e3..188b4572cdd1 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -79,7 +79,7 @@ jobs:
           /bin/bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${API_ABOUT_PAGE})" != "401" ]]; do sleep 5; done'
           pip3 install --user -r tests/rest_api/requirements.txt
           pytest tests/rest_api/
-          docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml down -v
+          docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f components/serverless/docker-compose.serverless.yml -f components/analytics/docker-compose.analytics.yml down -v
       - name: Running unit tests
         env:
           HOST_COVERAGE_DATA_DIR: ${{ github.workspace }}

From 2c8bc206f612794439e569ec544f714dbcaa9f45 Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <andrey.zhavoronkov@intel.com>
Date: Wed, 16 Feb 2022 13:15:35 +0300
Subject: [PATCH 3/5] fixed 'Could not satisfy the request Accept header' for
 the analytics authentification endpoint

---
 components/analytics/kibana_conf.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/analytics/kibana_conf.yml b/components/analytics/kibana_conf.yml
index c2eb5a95835e..3a36812299d5 100644
--- a/components/analytics/kibana_conf.yml
+++ b/components/analytics/kibana_conf.yml
@@ -13,6 +13,9 @@ http:
     analytics-auth:
       forwardauth:
         address: http://cvat:8080/analytics
+        authRequestHeaders:
+          - "Cookie"
+
     strip-prefix:
       stripprefix:
         prefixes:

From 598ef5dee14a21a9a577a11d3fe69747c4a9cc85 Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <andrey.zhavoronkov@intel.com>
Date: Wed, 16 Feb 2022 13:49:33 +0300
Subject: [PATCH 4/5] fix

---
 components/analytics/kibana_conf.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/analytics/kibana_conf.yml b/components/analytics/kibana_conf.yml
index 3a36812299d5..347d561105f1 100644
--- a/components/analytics/kibana_conf.yml
+++ b/components/analytics/kibana_conf.yml
@@ -15,6 +15,7 @@ http:
         address: http://cvat:8080/analytics
         authRequestHeaders:
           - "Cookie"
+          - "Authorization"
 
     strip-prefix:
       stripprefix:

From 54d0b2471670642d7a345544c93cece374e18a24 Mon Sep 17 00:00:00 2001
From: kirill-sizov <kirill.sizov@intel.com>
Date: Wed, 16 Feb 2022 17:28:19 +0300
Subject: [PATCH 5/5] REST API tests for analytics: make tests independent of
 usernames

---
 tests/rest_api/test_0004_analytics.py | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/tests/rest_api/test_0004_analytics.py b/tests/rest_api/test_0004_analytics.py
index 874ed5030563..a5e76cc360d4 100644
--- a/tests/rest_api/test_0004_analytics.py
+++ b/tests/rest_api/test_0004_analytics.py
@@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: MIT
 
+import pytest
 from http import HTTPStatus
 from .utils.config import server_get
 
@@ -17,14 +18,14 @@ def _test_cannot_see(self, user):
 
         assert response.status_code == HTTPStatus.FORBIDDEN
 
-    def test_admin_can_see(self):
-        self._test_can_see('admin2')
-
-    def test_business_can_see(self):
-        self._test_can_see('business1')
-
-    def test_user_cannot_see_(self):
-        self._test_cannot_see('user1')
-
-    def test_worker_cannot_see_(self):
-        self._test_cannot_see('worker1')
+    @pytest.mark.parametrize('privilege, is_allow', [
+        ('admin', True), ('business', True),
+        ('worker', False), ('user', False)
+    ])
+    def test_can_see(self, privilege, is_allow, find_users):
+        user = find_users(privilege=privilege)[0]['username']
+
+        if is_allow:
+            self._test_can_see(user)
+        else:
+            self._test_cannot_see(user)