Added test cases with PRC, that seem to work?

irods · Jan 16, 2024 · 57d59d7 · 57d59d7
1 parent 425cb59
commit 57d59d7
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 18 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -77,12 +77,17 @@ install(FILES ${CMAKE_SOURCE_DIR}/packaging/run_metadata_guard_test.py
         DESTINATION ${IRODS_HOME_DIRECTORY}/scripts
         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
 
+install(FILES ${CMAKE_SOURCE_DIR}/packaging/irods_prc_tests/test_rule_engine_plugin_metadata_guard_atomic.py
+        DESTINATION ${IRODS_HOME_DIRECTORY}/scripts/irods_prc_tests
+        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
 set(PLUGIN_PACKAGE_NAME irods-rule-engine-plugin-metadata-guard)
 
 include(IrodsCPackCommon)
 
 list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}${IRODS_HOME_DIRECTORY}")
 list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}${IRODS_HOME_DIRECTORY}/scripts")
+list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}${IRODS_HOME_DIRECTORY}/scripts/prc_test")
 list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}${IRODS_HOME_DIRECTORY}/scripts/irods")
 list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}${IRODS_HOME_DIRECTORY}/scripts/irods/test")
 

diff --git a/irods_consortium_continuous_integration_test_hook.py b/irods_consortium_continuous_integration_test_hook.py
@@ -35,6 +35,7 @@ def main():
         irods_python_ci_utilities.subprocess_get_output(['sudo', 'su', '-', 'irods', '-c',
             f'python3 scripts/run_tests.py --xml_output --run_s {test} 2>&1 | tee {test_output_file}; exit $PIPESTATUS'],
             check_rc=True)
+        irods_python_ci_utilities.subprocess_get_output(['sudo', 'su', '-', 'irods', '-c', f'python3 scripts/irods_prc_tests/test_rule_engine_plugin_metadata_guard_atomic.py 2>&1 | tee {test_output_file}; exit $PIPESTATUS'], check_rc=True)
     finally:
         output_root_directory = options.output_root_directory
         if output_root_directory:

diff --git a/packaging/irods_prc_tests/test_rule_engine_plugin_metadata_guard_atomic.py b/packaging/irods_prc_tests/test_rule_engine_plugin_metadata_guard_atomic.py
@@ -0,0 +1,57 @@
+from irods.session import iRODSSession
+from irods.meta import iRODSMeta
+from irods.meta import iRODSMeta, AVUOperation
+
+import irods.exception
+
+import sys
+import unittest
+import tempfile
+import shutil
+import os
+import json
+
+class test_metadata_guard(unittest.TestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        with iRODSSession(host='localhost', port=1247, user='rods', password='rods', zone='tempZone') as session:
+            a = session.users.create_with_password('alice', 'test') 
+            with iRODSSession(host='localhost', port=1247, user='alice', password='test', zone='tempZone') as new_session:
+                new_session.data_objects.create("/tempZone/home/alice/test1")
+            coll = session.collections.get("/tempZone")
+            if 'irods::metadata_guard' not in coll.metadata:
+                coll.metadata.add('irods::metadata_guard', '{"prefixes": ["irods::"], "admin_only": true}') 
+            cls.temp_path = os.path.join(tempfile.mkdtemp(), 'irods_config_backup')
+            shutil.copy2('/etc/irods/server_config.json', cls.temp_path)
+            with open('/etc/irods/server_config.json', 'r+') as config_file:
+                config_json = json.load(config_file)
+                config_json['plugin_configuration']['rule_engines'].insert(0, json.loads('{"instance_name":"irods_rule_engine_plugin-metadata_guard-instance","plugin_name":"irods_rule_engine_plugin-metadata_guard","plugin_specific_configuration":{}}'))
+            with open('/etc/irods/server_config.json', 'wt') as config_file:
+                json.dump(config_json, config_file)
+
+    @classmethod
+    def tearDownClass(cls):
+            shutil.copy2(cls.temp_path,'/etc/irods/server_config.json')
+
+    def test_guard_atomic_operations_admin_only(self):
+        with iRODSSession(host='localhost', port=1247, user='rods', password='rods', zone='tempZone') as session:
+            coll = session.collections.get("/tempZone")
+            coll.metadata['irods::metadata_guard'] = iRODSMeta('irods::metadata_guard', '{"prefixes": ["irods::"], "admin_only": true}')
+        with iRODSSession(host='localhost', port=1247, user='alice', password='test', zone='tempZone') as session:
+            obj = session.data_objects.get("/tempZone/home/alice/test1")
+            obj.metadata.apply_atomic_operations( AVUOperation(operation='add', avu=iRODSMeta('unguarded::atr1','val1')))
+            self.assertEqual(obj.metadata['unguarded::atr1'], iRODSMeta('unguarded::atr1', 'val1'))
+            self.assertRaises(irods.exception.CAT_INSUFFICIENT_PRIVILEGE_LEVEL, lambda: obj.metadata.apply_atomic_operations( AVUOperation(operation='add', avu=iRODSMeta('irods::atr','val'))))
+
+    def test_guard_atomic_operations_editor_list(self):
+        with iRODSSession(host='localhost', port=1247, user='rods', password='rods', zone='tempZone') as session:
+            coll = session.collections.get("/tempZone")
+            coll.metadata['irods::metadata_guard'] = iRODSMeta('irods::metadata_guard', '{"prefixes": ["irods::"], "admin_only": false, "editors": {"type": "user", "name": "alice"}}')
+        with iRODSSession(host='localhost', port=1247, user='alice', password='test', zone='tempZone') as session:
+            obj = session.data_objects.get("/tempZone/home/alice/test1")
+            obj.metadata.apply_atomic_operations( AVUOperation(operation='add', avu=iRODSMeta('irods::atr2','val2')))
+            self.assertEqual(obj.metadata['irods::atr2'], iRODSMeta('irods::atr2', 'val2'))
+
+if __name__ == '__main__':
+    unittest.main()
diff --git a/packaging/test_rule_engine_plugin_metadata_guard.py b/packaging/test_rule_engine_plugin_metadata_guard.py
@@ -124,18 +124,7 @@ def test_unauthorized_users_cannot_manipulate_metadata_in_guarded_namespace(self
                 attribute_name = 'irods::guarded_attribute'
                 self.admin.assert_icommand(['imeta', 'set', '-C', coll, attribute_name, 'abc'])
                 self.admin.assert_icommand(['imeta', 'add', '-C', coll, attribute_name, 'def'])
-                atomic_input  = json.dumps({
-                        'entity_name': coll,
-                        'entity_type': 'collection',
-                        'operations': [
-                        {
-                        'operation': 'add',
-                        'attribute': attribute_name,
-                        'value': 'GHI',
-                        }
-                        ]
-                        })
-
+
                 def check_metadata():
                     out, err, ec = self.admin.run_icommand(['imeta', 'ls', '-C', coll])
                     self.assertEquals(ec, 0)
@@ -157,12 +146,6 @@ def check_metadata():
                 # Show that the plugin protected the metadata.
                 check_metadata()
 
-                # Same as above, but with atomic_apply_metadata
-                rep_name = 'irods_rule_engine_plugin-irods_rule_language-instance'
-                rule = "msi_atomic_apply_metadata_operations('{0}', *ignored)".format(atomic_input)
-                self.user.assert_icommand(['irule', '-r', rep_name, rule, 'null', 'null'], 'STDERR', ['CAT_INSUFFICIENT_PRIVILEGE_LEVEL'])
-                check_metadata()
-
             # Clean up.
             self.rods.assert_icommand(['imeta', 'rm', '-C', root_coll, self.metadata_guard_attribute_name(), json_config])