Skip to content

Commit

Permalink
Add omics create_run unauthorized test and improve other tests (#1723)
Browse files Browse the repository at this point in the history 
### Feature or Bugfix
- Feature

### Detail
In the functional tests (`/tests`)
- Add a new test to check create_omics_run permissions
- improve the assertions in the other unauthorized tests

As a result we achieve a 97% coverage for omics service (the remaining
3% is an edge case that results from a messy clean-up of the db)
<img width="313" alt="image"
src="https://github.com/user-attachments/assets/a5c4fd44-2b97-441a-9207-d9361f1c75d4">


### Relates

### Security
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
  • Loading branch information
@dlpzx
dlpzx authored Nov 28, 2024
1 parent 90dd1e3 commit a79fb35
Showing 1 changed file with 112 additions and 236 deletions.
348 changes: 112 additions & 236 deletions tests/modules/omics/test_omics.py
View file
Original file line number Diff line number Diff line change
@@ -1,145 +1,131 @@
import pytest
from assertpy import assert_that


def test_create_omics_run(run1, group):
"""
Tests creation of omics Run
def delete_omics_run(client, runUri, user, group):
query = """
mutation deleteOmicsRun($input: OmicsDeleteInput!) {
deleteOmicsRun(input: $input)
}
"""
assert run1.runUri
assert run1.SamlAdminGroupName == group.name
assert run1.label == 'my omics run'
return client.query(
query,
input={
'runUris': [runUri],
'deleteFromAWS': True,
},
username=user.username,
groups=[group.name],
)


def test_list_user_omics_runs(client, user, group, run1):
def list_omics_runs(client, user, group, filter=None):
query = """
query listOmicsRuns($filter: OmicsFilter) {
listOmicsRuns(filter: $filter) {
count
page
pages
hasNext
hasPrevious
nodes {
runUri
workflowUri
name
owner
SamlAdminGroupName
outputDatasetUri
description
label
created
tags
environment {
label
name
environmentUri
AwsAccountId
region
SamlGroupName
}
organization {
label
name
organizationUri
}
workflow {
label
name
workflowUri
id
description
parameterTemplate
type
}
status {
status
statusMessage
query listOmicsRuns($filter: OmicsFilter) {
listOmicsRuns(filter: $filter) {
count
page
pages
hasNext
hasPrevious
nodes {
runUri
workflowUri
name
owner
SamlAdminGroupName
outputDatasetUri
description
label
created
tags
environment {
label
name
environmentUri
AwsAccountId
region
SamlGroupName
}
organization {
label
name
organizationUri
}
workflow {
label
name
workflowUri
id
description
parameterTemplate
type
}
status {
status
statusMessage
}
}
}
}
}
}
"""
"""

response = client.query(
return client.query(
query,
filter=None,
filter=filter,
username=user.username,
groups=[group.name],
)

assert response.data.listOmicsRuns['count'] == 1
assert len(response.data.listOmicsRuns['nodes']) == 1

response = client.query(
query,
filter={'term': 'my omics'},
username=user.username,
groups=[group.name],
)
assert response.data.listOmicsRuns['count'] == 1
assert len(response.data.listOmicsRuns['nodes']) == 1
def test_create_omics_run(run1, group):
"""
Tests creation of omics Run
"""
assert run1.runUri
assert run1.SamlAdminGroupName == group.name
assert run1.label == 'my omics run'


def test_nopermissions_list_user_omics_runs(client, user2, group2, run1):
query = """
query listOmicsRuns($filter: OmicsFilter) {
listOmicsRuns(filter: $filter) {
count
page
pages
hasNext
hasPrevious
nodes {
runUri
workflowUri
name
owner
SamlAdminGroupName
outputDatasetUri
description
label
created
tags
environment {
label
name
environmentUri
AwsAccountId
region
SamlGroupName
}
organization {
label
name
organizationUri
}
workflow {
def test_create_omics_run_unauthorized(client, user2, group2, env_fixture, workflow1, dataset1):
response = client.query(
"""
mutation createOmicsRun($input: NewOmicsRunInput!) {
createOmicsRun(input: $input) {
label
name
workflowUri
id
description
parameterTemplate
type
}
status {
status
statusMessage
runUri
SamlAdminGroupName
}
}
}
}
"""

response = client.query(
query,
filter=None,
""",
input={
'label': 'my omics run',
'SamlAdminGroupName': group2.name,
'environmentUri': env_fixture.environmentUri,
'workflowUri': workflow1.workflowUri,
'destination': dataset1.datasetUri,
'parameterTemplate': '{"something"}',
},
username=user2.username,
groups=[group2.name],
)
assert response.data.listOmicsRuns['count'] == 0
assert len(response.data.listOmicsRuns['nodes']) == 0
assert_that(response.errors[0].message).contains(
'UnauthorizedOperation', 'CREATE_OMICS_RUN', env_fixture.environmentUri
)


def test_list_user_omics_runs(client, user, group, run1):
response = list_omics_runs(client, user, group)
assert_that(response.data.listOmicsRuns['count']).is_equal_to(1)
assert_that(response.data.listOmicsRuns['nodes'][0]['runUri']).is_equal_to(run1.runUri)

response = list_omics_runs(client, user, group, filter={'term': 'my omics'})
assert_that(response.data.listOmicsRuns['count']).is_equal_to(1)
assert_that(response.data.listOmicsRuns['nodes'][0]['runUri']).is_equal_to(run1.runUri)


def test_list_user_omics_runs_unauthorized(client, user2, group2, run1):
response = list_omics_runs(client, user2, group2)
assert_that(response.data.listOmicsRuns['count']).is_equal_to(0)


def test_list_omics_workflows(client, user, group, workflow1):
Expand Down Expand Up @@ -201,123 +187,13 @@ def test_get_omics_workflow(client, user, group, workflow1):
assert response.data.getOmicsWorkflow['type'] == workflow1.type


def test_delete_omics_run_does_not_exist(client, user, group, run1):
query = """
mutation deleteOmicsRun($input: OmicsDeleteInput!) {
deleteOmicsRun(input: $input)
}
"""

response = client.query(
query,
input={
'runUris': ['random-string'],
'deleteFromAWS': True,
},
username=user.username,
groups=[group.name],
)
print(response)
print(response.data)
assert not response.data.deleteOmicsRun


def test_nopermissions_delete_omics_run(client, user2, group2, run1):
query = """
mutation deleteOmicsRun($input: OmicsDeleteInput!) {
deleteOmicsRun(input: $input)
}
"""

response = client.query(
query,
input={
'runUris': [run1.runUri],
'deleteFromAWS': True,
},
username=user2.username,
groups=[group2.name],
)
print(response)
print(response.data)
assert not response.data.deleteOmicsRun
def test_delete_omics_run_unauthorized(client, user2, group2, run1):
response = delete_omics_run(client, run1.runUri, user2, group2)
assert_that(response.errors[0].message).contains('UnauthorizedOperation', 'DELETE_OMICS_RUN', run1.runUri)


def test_delete_omics_run(client, user, group, run1):
query = """
mutation deleteOmicsRun($input: OmicsDeleteInput!) {
deleteOmicsRun(input: $input)
}
"""

response = client.query(
query,
input={
'runUris': [run1.runUri],
'deleteFromAWS': True,
},
username=user.username,
groups=[group.name],
)
print(response)
print(response.data)
assert response.data.deleteOmicsRun
query = """
query listOmicsRuns($filter: OmicsFilter) {
listOmicsRuns(filter: $filter) {
count
page
pages
hasNext
hasPrevious
nodes {
runUri
workflowUri
name
owner
SamlAdminGroupName
outputDatasetUri
description
label
created
tags
environment {
label
name
environmentUri
AwsAccountId
region
SamlGroupName
}
organization {
label
name
organizationUri
}
workflow {
label
name
workflowUri
id
description
parameterTemplate
type
}
status {
status
statusMessage
}
}
}
}
"""

response = client.query(
query,
filter=None,
username=user.username,
groups=[group.name],
)

assert response.data.listOmicsRuns['count'] == 0
assert len(response.data.listOmicsRuns['nodes']) == 0
response = delete_omics_run(client, run1.runUri, user, group)
assert_that(response.data.deleteOmicsRun).is_true()
response = list_omics_runs(client, user, group)
assert_that(response.data.listOmicsRuns['count']).is_equal_to(0)

0 comments on commit a79fb35

Please sign in to comment.