diff --git a/deploy/configs/cognito_urls_config.py b/deploy/configs/cognito_urls_config.py deleted file mode 100644 index 2562cfbdd..000000000 --- a/deploy/configs/cognito_urls_config.py +++ /dev/null @@ -1,168 +0,0 @@ -import json -import os -import random -import string - -import boto3 -from botocore.exceptions import ClientError - - -def shuffle_password(pwd): - chars = list(pwd) - random.shuffle(chars) - return ''.join(chars) - - -def setup_cognito( - region, - resource_prefix, - envname, - internet_facing='True', - custom_domain='False', - enable_cw_canaries='False', -): - ssm = boto3.client('ssm', region_name=region) - user_pool_id = ssm.get_parameter(Name=f'/dataall/{envname}/cognito/userpool')['Parameter']['Value'] - print(f'Cognito Pool ID: {user_pool_id}') - app_client = ssm.get_parameter(Name=f'/dataall/{envname}/cognito/appclient')['Parameter']['Value'] - - if custom_domain == 'False' and internet_facing == 'True': - print('Switching to us-east-1 region...') - ssm = boto3.client('ssm', region_name='us-east-1') - signin_singout_link = ssm.get_parameter(Name=f'/dataall/{envname}/CloudfrontDistributionDomainName')[ - 'Parameter' - ]['Value'] - user_guide_link = ssm.get_parameter( - Name=f'/dataall/{envname}/cloudfront/docs/user/CloudfrontDistributionDomainName' - )['Parameter']['Value'] - else: - signin_singout_link = ssm.get_parameter(Name=f'/dataall/{envname}/frontend/custom_domain_name')['Parameter'][ - 'Value' - ] - user_guide_link = ssm.get_parameter(Name=f'/dataall/{envname}/userguide/custom_domain_name')['Parameter'][ - 'Value' - ] - - print(f'UI: {signin_singout_link}') - print(f'USERGUIDE: {user_guide_link}') - - cognito = boto3.client('cognito-idp', region_name=region) - try: - user_pool = cognito.describe_user_pool_client(UserPoolId=user_pool_id, ClientId=app_client) - - del user_pool['UserPoolClient']['CreationDate'] - del user_pool['UserPoolClient']['LastModifiedDate'] - - config_callbacks = [ - f'https://{signin_singout_link}', - f'https://{user_guide_link}/parseauth', - ] - existing_callbacks = user_pool['UserPoolClient'].get('CallbackURLs', []) - if 'https://example.com' in existing_callbacks: - existing_callbacks.remove('https://example.com') - updated_callbacks = existing_callbacks + list(set(config_callbacks) - set(existing_callbacks)) - print(f'Updated CallBackUrls: {updated_callbacks}') - - config_logout_urls = [f'https://{signin_singout_link}'] - existing_logout_urls = user_pool['UserPoolClient'].get('LogoutURLs', []) - updated_logout_urls = existing_logout_urls + list(set(config_logout_urls) - set(existing_logout_urls)) - print(f'Updated LogOutUrls: {updated_logout_urls}') - - user_pool['UserPoolClient']['CallbackURLs'] = updated_callbacks - user_pool['UserPoolClient']['LogoutURLs'] = updated_logout_urls - - response = cognito.update_user_pool_client( - **user_pool['UserPoolClient'], - ) - - print(f'CallbackUrls and LogOutUrls updated successfully: {response}') - - try: - response = cognito.create_group( - GroupName='DAAdministrators', - UserPoolId=user_pool_id, - Description='administrators group', - ) - print(f'Administrators group created Successfully...: {response}') - except ClientError as e: - if 'GroupExistsException' in str(e): - print('Group already exists') - else: - raise e - - if enable_cw_canaries == 'True': - sm = boto3.client('secretsmanager', region_name=region) - secret = sm.get_secret_value(SecretId=f'{resource_prefix}-{envname}-cognito-canary-user') - creds = json.loads(secret['SecretString']) - username = creds['username'] - print('Creating Canaries user...') - try: - response = cognito.admin_create_user( - UserPoolId=user_pool_id, - Username=username, - UserAttributes=[{'Name': 'email', 'Value': f'{username}@amazonaws.com'}], - TemporaryPassword='da@' - + shuffle_password( - random.SystemRandom().choice(string.ascii_uppercase) - + random.SystemRandom().choice(string.digits) - + ''.join( - random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(11) - ) - ), - MessageAction='SUPPRESS', - ) - print(f'User Created Successfully...: {response}') - except ClientError as e: - if 'UsernameExistsException' in str(e): - print('User already exists') - else: - raise e - - print('Updating Canaries user password...') - response = cognito.admin_set_user_password( - UserPoolId=user_pool_id, - Username=username, - Password=creds['password'], - Permanent=True, - ) - print(f'User password updated Successfully...: {response}') - try: - response = cognito.create_group( - GroupName='CWCanaries', - UserPoolId=user_pool_id, - Description='CW Canary group', - ) - print(f'Canaries group created Successfully...: {response}') - except ClientError as e: - if 'GroupExistsException' in str(e): - print('Group already exists') - else: - raise e - - response = cognito.admin_add_user_to_group( - GroupName='CWCanaries', UserPoolId=user_pool_id, Username=username - ) - print(f'User added to group Successfully...: {response}') - - except ClientError as e: - print(f'Failed to setup cognito due to: {e}') - raise e - - -if __name__ == '__main__': - print('Starting Cognito Configuration...') - envname = os.environ.get('envname') - region = os.environ.get('deployment_region') - internet_facing = os.environ.get('internet_facing') - custom_domain = os.environ.get('custom_domain') - enable_cw_canaries = os.environ.get('enable_cw_canaries') - resource_prefix = os.environ.get('resource_prefix') - setup_cognito( - region, - resource_prefix, - envname, - internet_facing, - custom_domain, - enable_cw_canaries, - ) - print('Cognito Configuration Finished Successfully') diff --git a/deploy/custom_resources/cognito_config/__init__.py b/deploy/custom_resources/cognito_config/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/deploy/custom_resources/cognito_config/cognito_urls_config.py b/deploy/custom_resources/cognito_config/cognito_urls_config.py new file mode 100644 index 000000000..585ef0fdd --- /dev/null +++ b/deploy/custom_resources/cognito_config/cognito_urls_config.py @@ -0,0 +1,179 @@ +import json +import logging +import os +import random +import string + +import boto3 +from botocore.exceptions import ClientError + +logger = logging.getLogger() +logger.setLevel(os.environ.get('LOG_LEVEL', 'INFO')) +log = logging.getLogger(__name__) + + +def shuffle_password(pwd): + chars = list(pwd) + random.shuffle(chars) + return ''.join(chars) + + +def setup_cognito( + region, + resource_prefix, + envname, + internet_facing='True', + custom_domain='False', + enable_cw_canaries='False', + with_approval_tests='False', +): + ssm = boto3.client('ssm', region_name=region) + user_pool_id = ssm.get_parameter(Name=f'/dataall/{envname}/cognito/userpool')['Parameter']['Value'] + log.info(f'Cognito Pool ID: {user_pool_id}') + app_client = ssm.get_parameter(Name=f'/dataall/{envname}/cognito/appclient')['Parameter']['Value'] + + if custom_domain == 'False' and internet_facing == 'True': + log.info('Switching to us-east-1 region...') + ssm = boto3.client('ssm', region_name='us-east-1') + signin_singout_link = ssm.get_parameter(Name=f'/dataall/{envname}/CloudfrontDistributionDomainName')[ + 'Parameter' + ]['Value'] + user_guide_link = ssm.get_parameter( + Name=f'/dataall/{envname}/cloudfront/docs/user/CloudfrontDistributionDomainName' + )['Parameter']['Value'] + else: + signin_singout_link = ssm.get_parameter(Name=f'/dataall/{envname}/frontend/custom_domain_name')['Parameter'][ + 'Value' + ] + user_guide_link = ssm.get_parameter(Name=f'/dataall/{envname}/userguide/custom_domain_name')['Parameter'][ + 'Value' + ] + + log.info(f'UI: {signin_singout_link}') + log.info(f'USERGUIDE: {user_guide_link}') + + cognito = boto3.client('cognito-idp', region_name=region) + user_pool = cognito.describe_user_pool_client(UserPoolId=user_pool_id, ClientId=app_client) + + del user_pool['UserPoolClient']['CreationDate'] + del user_pool['UserPoolClient']['LastModifiedDate'] + + config_callbacks = [ + f'https://{signin_singout_link}', + f'https://{user_guide_link}/parseauth', + ] + existing_callbacks = user_pool['UserPoolClient'].get('CallbackURLs', []) + if 'https://example.com' in existing_callbacks: + existing_callbacks.remove('https://example.com') + updated_callbacks = existing_callbacks + list(set(config_callbacks) - set(existing_callbacks)) + log.info(f'Updated CallBackUrls: {updated_callbacks}') + + config_logout_urls = [f'https://{signin_singout_link}'] + existing_logout_urls = user_pool['UserPoolClient'].get('LogoutURLs', []) + updated_logout_urls = existing_logout_urls + list(set(config_logout_urls) - set(existing_logout_urls)) + log.info(f'Updated LogOutUrls: {updated_logout_urls}') + + user_pool['UserPoolClient']['CallbackURLs'] = updated_callbacks + user_pool['UserPoolClient']['LogoutURLs'] = updated_logout_urls + + response = cognito.update_user_pool_client( + **user_pool['UserPoolClient'], + ) + + log.info(f'CallbackUrls and LogOutUrls updated successfully: {response}') + + try: + response = cognito.create_group( + GroupName='DAAdministrators', + UserPoolId=user_pool_id, + Description='administrators group', + ) + log.info(f'Administrators group created Successfully...: {response}') + except ClientError as e: + if 'GroupExistsException' in str(e): + log.info('Group already exists') + else: + raise e + + if enable_cw_canaries == 'True': + sm = boto3.client('secretsmanager', region_name=region) + secret = sm.get_secret_value(SecretId=f'{resource_prefix}-{envname}-cognito-canary-user') + creds = json.loads(secret['SecretString']) + create_user(cognito, user_pool_id, creds['username'], creds['password'], ['CWCanaries']) + + if with_approval_tests == 'True': + ssm = boto3.client('ssm', region_name=region) + users = json.loads( + ssm.get_parameter(Name=os.path.join('/dataall', envname, 'cognito-test-users'))['Parameter']['Value'] + ) + for username, data in users.items(): + create_user(cognito, user_pool_id, username, data['password'], data['groups']) + + +def create_user(cognito, user_pool_id, username, password, groups=[]): + log.info('Creating user...') + try: + response = cognito.admin_create_user( + UserPoolId=user_pool_id, + Username=username, + UserAttributes=[{'Name': 'email', 'Value': f'{username}@amazonaws.com'}], + TemporaryPassword='da@' + + shuffle_password( + random.SystemRandom().choice(string.ascii_uppercase) + + random.SystemRandom().choice(string.digits) + + ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(11)) + ), + MessageAction='SUPPRESS', + ) + log.info(f'User Created Successfully...: {response}') + except ClientError as e: + if 'UsernameExistsException' in str(e): + log.info('User already exists') + else: + raise e + + log.info('Updating user password...') + response = cognito.admin_set_user_password( + UserPoolId=user_pool_id, + Username=username, + Password=password, + Permanent=True, + ) + log.info(f'User password updated Successfully...: {response}') + + for group in groups: + try: + response = cognito.create_group( + GroupName=group, + UserPoolId=user_pool_id, + ) + log.info(f'Group created Successfully...: {response}') + except ClientError as e: + if 'GroupExistsException' in str(e): + log.info('Group already exists') + else: + raise e + + response = cognito.admin_add_user_to_group(GroupName=group, UserPoolId=user_pool_id, Username=username) + log.info(f'User added to group Successfully...: {response}') + + +def handler(event, context) -> None: + log.info('Starting Cognito Configuration...') + envname = os.environ.get('envname') + region = os.environ.get('deployment_region') + internet_facing = os.environ.get('internet_facing') + custom_domain = os.environ.get('custom_domain') + enable_cw_canaries = os.environ.get('enable_cw_canaries') + resource_prefix = os.environ.get('resource_prefix') + with_approval_tests = os.environ.get('with_approval_tests') + setup_cognito( + region, + resource_prefix, + envname, + internet_facing, + custom_domain, + enable_cw_canaries, + with_approval_tests, + ) + log.info('Cognito Configuration Finished Successfully') diff --git a/deploy/custom_resources/cognito_config/requirements.txt b/deploy/custom_resources/cognito_config/requirements.txt new file mode 100644 index 000000000..e69de29bb diff --git a/deploy/stacks/backend_stack.py b/deploy/stacks/backend_stack.py index 7b0a96709..54dc80a1f 100644 --- a/deploy/stacks/backend_stack.py +++ b/deploy/stacks/backend_stack.py @@ -56,6 +56,7 @@ def __init__( cognito_user_session_timeout_inmins=43200, custom_auth=None, custom_waf_rules=None, + with_approval_tests=False, **kwargs, ): super().__init__(scope, id, **kwargs) @@ -126,6 +127,7 @@ def __init__( vpc=vpc, cognito_user_session_timeout_inmins=cognito_user_session_timeout_inmins, custom_waf_rules=custom_waf_rules, + with_approval_tests=with_approval_tests, **kwargs, ) else: diff --git a/deploy/stacks/backend_stage.py b/deploy/stacks/backend_stage.py index 0c8a5720c..81d2e4ac3 100644 --- a/deploy/stacks/backend_stage.py +++ b/deploy/stacks/backend_stage.py @@ -36,6 +36,7 @@ def __init__( cognito_user_session_timeout_inmins=43200, custom_auth=None, custom_waf_rules=None, + with_approval_tests=False, **kwargs, ): super().__init__(scope, id, **kwargs) @@ -69,6 +70,7 @@ def __init__( cognito_user_session_timeout_inmins=cognito_user_session_timeout_inmins, custom_auth=custom_auth, custom_waf_rules=custom_waf_rules, + with_approval_tests=with_approval_tests, **kwargs, ) diff --git a/deploy/stacks/cognito.py b/deploy/stacks/cognito.py index bf5487c3e..00f782c1d 100644 --- a/deploy/stacks/cognito.py +++ b/deploy/stacks/cognito.py @@ -12,6 +12,8 @@ Duration, CustomResource, ) +from aws_cdk.aws_cognito import AuthFlow +from aws_cdk.triggers import TriggerFunction from .pyNestedStack import pyNestedClass from .solution_bundling import SolutionBundling @@ -32,6 +34,7 @@ def __init__( tooling_account_id=None, enable_cw_rum=False, cognito_user_session_timeout_inmins=43200, + with_approval_tests=False, **kwargs, ): super().__init__(scope, id, **kwargs) @@ -93,11 +96,11 @@ def __init__( domain_prefix=f"{resource_prefix.replace('-', '')}{envname}{self.region.replace('-', '')}{self.account}" ), ) - self.client = cognito.UserPoolClient( self, f'AppClient-{envname}', user_pool=self.user_pool, + auth_flows=AuthFlow(user_password=with_approval_tests, user_srp=True, custom=True), prevent_user_existence_errors=True, refresh_token_validity=Duration.minutes(cognito_user_session_timeout_inmins), ) @@ -311,6 +314,82 @@ def __init__( sync_cr.node.add_dependency(domain_name) sync_cr.node.add_dependency(pool_arn) + cognito_config_assets = os.path.realpath( + os.path.join( + os.path.dirname(__file__), + '..', + 'custom_resources', + 'cognito_config', + ) + ) + + cognito_config_code = _lambda.Code.from_asset( + path=cognito_config_assets, + bundling=BundlingOptions( + image=_lambda.Runtime.PYTHON_3_9.bundling_image, + local=SolutionBundling(source_path=cognito_config_assets), + ), + ) + + TriggerFunction( + self, + 'TriggerFunction-CognitoConfig', + function_name=f'{resource_prefix}-{envname}-cognito_config', + description='dataall CognitoConfig trigger function', + initial_policy=[ + iam.PolicyStatement( + effect=iam.Effect.ALLOW, + actions=[ + 'cognito-idp:AddCustomAttributes', + 'cognito-idp:UpdateUserPool', + 'cognito-idp:DescribeUserPoolClient', + 'cognito-idp:CreateGroup', + 'cognito-idp:UpdateUserPoolClient', + 'cognito-idp:AdminSetUserPassword', + 'cognito-idp:AdminCreateUser', + 'cognito-idp:DescribeUserPool', + 'cognito-idp:AdminAddUserToGroup', + 'secretsmanager:DescribeSecret', + 'secretsmanager:GetSecretValue', + 'ssm:GetParameterHistory', + 'ssm:GetParameters', + 'ssm:GetParameter', + 'ssm:GetParametersByPath', + 'kms:Decrypt', + 'kms:GenerateDataKey', + 'kms:DescribeKey', + 'rum:GetAppMonitor', + ], + resources=[ + self.user_pool.user_pool_arn, + f'arn:aws:kms:{self.region}:{self.account}:key/*', + f'arn:aws:ssm:*:{self.account}:parameter/*dataall*', + f'arn:aws:secretsmanager:{self.region}:{self.account}:secret:*dataall*', + f'arn:aws:rum:{self.region}:{self.account}:appmonitor/*dataall*', + ], + ), + ], + code=cognito_config_code, + vpc=vpc, + memory_size=256, + timeout=Duration.minutes(15), + environment={ + 'envname': envname, + 'deployment_region': self.region, + 'internet_facing': str(internet_facing), + 'custom_domain': str(not domain_name), + 'enable_cw_canaries': str(enable_cw_rum), + 'resource_prefix': resource_prefix, + 'with_approval_tests': str(with_approval_tests), + }, + tracing=_lambda.Tracing.ACTIVE, + retry_attempts=0, + runtime=_lambda.Runtime.PYTHON_3_9, + handler='cognito_urls_config.handler', + execute_after=[self.client], + execute_on_handler_change=True, + ) + CfnOutput( self, 'CognitoDomainName', diff --git a/deploy/stacks/pipeline.py b/deploy/stacks/pipeline.py index fc4159629..2cc1382d9 100644 --- a/deploy/stacks/pipeline.py +++ b/deploy/stacks/pipeline.py @@ -1,3 +1,4 @@ +import os import re import uuid from typing import List @@ -9,6 +10,7 @@ from aws_cdk import aws_iam as iam from aws_cdk import aws_s3 as s3 from aws_cdk import pipelines +from aws_cdk.aws_codebuild import BuildEnvironmentVariable, BuildEnvironmentVariableType from aws_cdk.pipelines import CodePipelineSource from .albfront_stage import AlbFrontStage @@ -648,6 +650,7 @@ def set_backend_stage(self, target_env, repository_name): cognito_user_session_timeout_inmins=target_env.get('cognito_user_session_timeout_inmins', 43200), custom_auth=target_env.get('custom_auth', None), custom_waf_rules=target_env.get('custom_waf_rules', None), + with_approval_tests=target_env.get('with_approval_tests', False), ) ) return backend_stage @@ -667,6 +670,12 @@ def set_approval_tests_stage( id='ApprovalTests', build_environment=codebuild.BuildEnvironment( build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_5, + environment_variables={ + 'USERDATA': BuildEnvironmentVariable( + value=os.path.join('/', self.resource_prefix, target_env['envname'], 'cognito-test-users'), + type=BuildEnvironmentVariableType.PARAMETER_STORE, + ), + }, ), partial_build_spec=codebuild.BuildSpec.from_object( dict( @@ -767,7 +776,7 @@ def set_cloudfront_stage(self, target_env): f'export internet_facing={target_env.get("internet_facing", True)}', f'export custom_domain={str(True) if target_env.get("custom_domain") else str(False)}', f'export deployment_region={target_env.get("region", self.region)}', - f'export enable_cw_rum={target_env.get("enable_cw_rum", False) and target_env.get("custom_auth", None) is None }', + f'export enable_cw_rum={target_env.get("enable_cw_rum", False) and target_env.get("custom_auth", None) is None}', f'export resource_prefix={self.resource_prefix}', f'export reauth_ttl={str(target_env.get("reauth_config", {}).get("ttl", 5))}', f'export custom_auth_provider={str(target_env.get("custom_auth", {}).get("provider", "None"))}', @@ -803,11 +812,6 @@ def set_cloudfront_stage(self, target_env): vpc=self.vpc, ), ) - if target_env.get('custom_auth', None) is None: - front_stage_actions = ( - *front_stage_actions, - self.cognito_config_action(target_env), - ) if target_env.get('enable_cw_rum', False) and target_env.get('custom_auth', None) is None: front_stage_actions = ( *front_stage_actions, @@ -868,33 +872,6 @@ def cw_rum_config_action(self, target_env): vpc=self.vpc, ) - def cognito_config_action(self, target_env): - return pipelines.CodeBuildStep( - id='ConfigureCognito', - build_environment=codebuild.BuildEnvironment( - build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_5, - ), - commands=[ - f'export envname={target_env["envname"]}', - f'export resource_prefix={self.resource_prefix}', - f'export internet_facing={target_env.get("internet_facing", True)}', - f'export custom_domain={str(True) if target_env.get("custom_domain") else str(False)}', - f'export deployment_region={target_env.get("region", self.region)}', - f'export enable_cw_canaries={target_env.get("enable_cw_canaries", False)}', - 'mkdir ~/.aws/ && touch ~/.aws/config', - 'echo "[profile buildprofile]" > ~/.aws/config', - f'echo "role_arn = arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-cognito-config-role" >> ~/.aws/config', - 'echo "credential_source = EcsContainer" >> ~/.aws/config', - 'aws sts get-caller-identity --profile buildprofile', - 'export AWS_PROFILE=buildprofile', - 'pip install --upgrade pip', - 'pip install boto3==1.34.35', - 'python deploy/configs/cognito_urls_config.py', - ], - role=self.expanded_codebuild_role.without_policy_updates(), - vpc=self.vpc, - ) - def set_albfront_stage(self, target_env, repository_name): if target_env.get('custom_auth', None) is None: frontend_deployment_role_arn = f'arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-cognito-config-role' @@ -971,9 +948,6 @@ def set_albfront_stage(self, target_env, repository_name): if target_env.get('custom_auth') is None: albfront_stage.add_pre(self.user_guide_pre_build_alb(repository_name)) - if target_env.get('custom_auth') is None: - albfront_stage.add_post(self.cognito_config_action(target_env)) - if target_env.get('enable_cw_rum', False) and target_env.get('custom_auth', None) is None: albfront_stage.add_post(self.cw_rum_config_action(target_env)) diff --git a/tests_new/integration_tests/README.md b/tests_new/integration_tests/README.md index 4b3a658bc..4e0aa2e3a 100644 --- a/tests_new/integration_tests/README.md +++ b/tests_new/integration_tests/README.md @@ -1,15 +1,30 @@ # Integration tests + The purpose of these tests is to automatically validate functionalities of data.all on a real deployment. ## Pre-requisites + - A real deployment of data.all in AWS -- 4 Cognito users (at the moment only Cognito is supported) like the ones defined in `conftest`(e.g. `testUser1` with password `Pass1Word!`) +- An SSM parameter (`/{resource_prefix/{env_name}/cognito-test-users`) with the following contents + ``` + { + "testUserTenant": {"password": "yourPassword", "groups": ["DAAdministrators"]}, + "testUser1": {"password": "yourPassword", "groups": ["testGroup1"]}, + "testUser2": {"password": "yourPassword", "groups": ["testGroup2"]}, + "testUser3": {"password": "yourPassword", "groups": ["testGroup3"]}, + "testUser4": {"password": "yourPassword", "groups": ["testGroup4"]} + } + ``` +- If you are not using Cognito then you must manually create the users/groups +- If you are using Cognito the pipeline will create the users/groups ## Run tests -The tests are executed in CodeBuild as part of the CICD pipeline if the cdk.json parameter `with_approval_tests` is set to True. +The tests are executed in CodeBuild as part of the CICD pipeline if the cdk.json parameter `with_approval_tests` is set +to True. But you can also run the tests locally with deployment account credentials: + ```bash export ENVNAME = "Introduce deployment environment name" export AWS_REGION = "Introduce backend region" @@ -17,6 +32,7 @@ make integration-tests ``` or run the tests locally without credentials: + ```bash export ENVNAME = "Introduce deployment environment name" export AWS_REGION = "Introduce backend region" @@ -26,4 +42,5 @@ make integration-tests ``` ## Coverage + At the moment integration tests only cover Organizations module as an example. \ No newline at end of file diff --git a/tests_new/integration_tests/conftest.py b/tests_new/integration_tests/conftest.py index 22ff24c38..531b4d814 100644 --- a/tests_new/integration_tests/conftest.py +++ b/tests_new/integration_tests/conftest.py @@ -1,4 +1,7 @@ +import json +import os from dataclasses import dataclass +from typing import List import pytest @@ -11,36 +14,45 @@ class User: username: str password: str + @staticmethod + def from_userdata(userdata, username): + return User(username, userdata[username]['password']) + + +@pytest.fixture(scope='module', autouse=True) +def userdata(): + yield json.loads(os.getenv('USERDATA')) + @pytest.fixture(scope='module', autouse=True) -def userTenant(): +def userTenant(userdata): # Existing user with name and password # This user needs to belong to `DAAdministrators` group - yield User('testUserTenant', 'Pass1Word!') + yield User.from_userdata(userdata, 'testUserTenant') @pytest.fixture(scope='module', autouse=True) -def user1(): +def user1(userdata): # Existing user with name and password - yield User('testUser1', 'Pass1Word!') + yield User.from_userdata(userdata, 'testUser1') @pytest.fixture(scope='module', autouse=True) -def user2(): +def user2(userdata): # Existing user with name and password - yield User('testUser2', 'Pass1Word!') + yield User.from_userdata(userdata, 'testUser2') @pytest.fixture(scope='module', autouse=True) -def user3(): +def user3(userdata): # Existing user with name and password - yield User('testUser3', 'Pass1Word!') + yield User.from_userdata(userdata, 'testUser3') @pytest.fixture(scope='module', autouse=True) -def user4(): +def user4(userdata): # Existing user with name and password - yield User('testUser4', 'Pass1Word!') + yield User.from_userdata(userdata, 'testUser4') @pytest.fixture(scope='module', autouse=True)