Skip to content

Commit

Permalink
Merge pull request #491 from isb-cgc/isb-cgc-prod-sp
Browse files Browse the repository at this point in the history 
Sprint 24: Release
  • Loading branch information
@s-paquette
s-paquette authored Feb 28, 2018
2 parents f993b64 + 254830d commit 072c3e5
Show file tree
Hide file tree
Showing 14 changed files with 555 additions and 438 deletions.
21 changes: 19 additions & 2 deletions accounts/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,30 @@ class Meta:
def get_google_email(self):
return User.objects.get(pk=self.user_id).email

# Returns a QuerySet of AuthorizedDatasets for which this NIH User is authorized
def get_auth_datasets(self):
result = None
try:
result = AuthorizedDataset.objects.filter(
id__in=self.userauthorizeddatasets_set.all().values_list('authorized_dataset', flat=True))
except Exception as e:
logger.error("[ERROR] While retrieving authorized datasets: ")
logger.error("[ERROR] While retrieving authorized datasets for {}: ".format(self.NIH_username))
logger.exception(e)
return result

# Deletes all UserAuthorizedDataset entries for this NIH User and
# returns a list of the whitelist_id values for the AuthorizedDatasets
# matching those delete UserAuthorizedDataset entries
def delete_all_auth_datasets(self):
result = None
try:
result = self.get_auth_datasets().values_list('whitelist_id',flat=True)
user_datasets = self.userauthorizeddatasets_set.all()
for dataset in user_datasets:
dataset.delete()

except Exception as e:
logger.error("[ERROR] While deleting user authorized datasets for {}: ".format(self.NIH_username))
logger.exception(e)
return result

Expand All @@ -59,7 +76,7 @@ class GoogleProject(models.Model):
active = models.BooleanField(default=False, null=False)

def __str__(self):
return self.project_name
return "{} ({})".format(self.project_name, self.project_id)

def active_service_accounts(self):
return self.serviceaccount_set.filter(active=1)
Expand Down
369 changes: 369 additions & 0 deletions accounts/sa_utils.py
View file

Large diffs are not rendered by default.

25 changes: 20 additions & 5 deletions accounts/tests/test_acl_action_runner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,9 @@

from django.contrib.auth.models import User
from accounts.models import AuthorizedDataset, NIH_User, GoogleProject, ServiceAccount, UserAuthorizedDatasets, ServiceAccountAuthorizedDatasets
#from tasks.nih_whitelist_processor.auth_list_processor.nih_auth_list import NIHDatasetAuthorizationList
from dataset_utils.nih_auth_list import NIHDatasetAuthorizationList
from tasks.nih_whitelist_processor.utils import DatasetToACLMapping
from tasks.nih_whitelist_processor.acl_group_util import ACLGroupSupportSimulator
from tasks.nih_whitelist_processor.django_utils import AccessControlUpdater, \
from cgc_cron.django_utils import AccessControlUpdater, \
AccessControlActionRunner, ExpiredServiceAccountRemover, ServiceAccountDeactivateAction, ServiceAccountRemoveAction
from tasks.tests.data_generators import create_csv_file_object

Expand Down Expand Up @@ -83,7 +81,7 @@ def setUp(self):
self.auth_dataset_123.save()

self.project_123 = GoogleProject(project_name="project123",
project_id="123",
project_id="a-123",
big_query_dataset="bq_dataset1")
self.project_123.save()
self.project_123.user.add(self.auth_user)
Expand All @@ -99,7 +97,7 @@ def setUp(self):
self.auth_dataset_456.save()

self.project_456 = GoogleProject(project_name="project456",
project_id="456",
project_id="b-456",
big_query_dataset="bq_dataset2")
self.project_456.save()
self.project_456.user.add(self.auth_user)
Expand Down Expand Up @@ -326,3 +324,20 @@ def test_expired_service_account_deactivated_and_removed(self):

# there should be no ServiceAccountAuthorizedDatasets for service account 123
self.assertEquals(len(ServiceAccountAuthorizedDatasets.objects.filter(service_account=account_123_expired)), 0)


class ACLGroupSupportSimulator(object):
def __init__(self, initial_acls):
self.acls = {}

for acl_name, items in initial_acls.iteritems():
self.acls[acl_name] = set(items)

def add_group_member(self, acl_group_name, user_email):
self.acls[acl_group_name].add(user_email)

def get_group_members(self, acl_group_name):
return self.acls[acl_group_name]

def remove_email_from_group(self, acl_group_name, email_to_remove):
self.acls[acl_group_name].remove(email_to_remove)
4 changes: 2 additions & 2 deletions accounts/tests/test_gcp_membership_checker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ def setUp(self):
self.auth_dataset_123.save()

self.project_123 = GoogleProject(project_name="project1",
project_id="123",
project_id="a-123",
big_query_dataset="bq_dataset1")
self.project_123.save()
self.project_123.user.add(self.auth_user)
Expand Down Expand Up @@ -107,7 +107,7 @@ def setUp(self):
self.auth_dataset_123.save()

self.project_123 = GoogleProject(project_name="project1",
project_id="123",
project_id="a-123",
big_query_dataset="bq_dataset1")
self.project_123.save()
self.project_123.user.add(self.auth_user_1)
Expand Down
2 changes: 1 addition & 1 deletion accounts/tests/test_multiple_whitelists.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
#from tasks.nih_whitelist_processor.auth_list_processor.nih_auth_list import NIHDatasetAuthorizationList
from dataset_utils.nih_auth_list import NIHDatasetAuthorizationList
from tasks.nih_whitelist_processor.utils import DatasetToACLMapping
from tasks.nih_whitelist_processor.django_utils import ERAUserAuthDatasetUpdater, NIHDatasetAdder
from cgc_cron.django_utils import ERAUserAuthDatasetAnalyzer, NIHDatasetAdder
from tasks.tests.data_generators import create_csv_file_object

logging.basicConfig(
Expand Down
16 changes: 10 additions & 6 deletions accounts/tests/test_service_account_removal.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

from accounts.models import NIH_User, AuthorizedDataset, GoogleProject, ServiceAccount, ServiceAccountAuthorizedDatasets

from tasks.nih_whitelist_processor.django_utils import ServiceAccountDatasetRemover
#from tasks.nih_whitelist_processor.django_utils import ServiceAccountDatasetRemover


logging.basicConfig(
Expand All @@ -48,8 +48,8 @@ def test_one_service_account(self):
auth_dataset = AuthorizedDataset(name="dataset1", whitelist_id='phs000000', acl_google_group='test_acl')
auth_dataset.save()

project = GoogleProject(project_name="project1",
project_id="123",
project = GoogleProject(project_name="Test Project",
project_id="a-133",
big_query_dataset="bq_dataset1")
project.save()
project.user.add(user)
Expand All @@ -60,8 +60,12 @@ def test_one_service_account(self):
saad = ServiceAccountAuthorizedDatasets(service_account=account,authorized_dataset=auth_dataset)
saad.save()

sadr = ServiceAccountDatasetRemover('USERNAME1')
sadr.process([auth_dataset])
# The ServiceAccountDatasetRemover in cron was doing the wrong thing, and was actually only being used
# in this test (not to actually remove SAs). Remove from testing, but keep this test around for actual
# testing in the future:
#sadr = ServiceAccountDatasetRemover('USERNAME1')
#sadr.process([auth_dataset])

self.assertEquals(ServiceAccount.objects.filter(google_project=project, service_account="abc").count(), 0)
#self.assertEquals(ServiceAccount.objects.filter(google_project=project, service_account="abc").count(), 0)
self.assertEquals(0, 0)

2 changes: 1 addition & 1 deletion accounts/tests/test_whitelist_datasets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
#from tasks.nih_whitelist_processor.auth_list_processor.nih_auth_list import NIHDatasetAuthorizationList
from dataset_utils.nih_auth_list import NIHDatasetAuthorizationList
from tasks.nih_whitelist_processor.utils import DatasetToACLMapping
from tasks.nih_whitelist_processor.django_utils import ERAUserAuthDatasetUpdater, NIHDatasetAdder
from cgc_cron.django_utils import ERAUserAuthDatasetAnalyzer, NIHDatasetAdder
from tasks.tests.data_generators import create_csv_file_object

logging.basicConfig(
Expand Down
10 changes: 5 additions & 5 deletions accounts/tests/test_whitelist_multi_acl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
from accounts.models import AuthorizedDataset, NIH_User, GoogleProject, ServiceAccount, UserAuthorizedDatasets, ServiceAccountAuthorizedDatasets
from dataset_utils.nih_auth_list import NIHDatasetAuthorizationList
from tasks.nih_whitelist_processor.utils import DatasetToACLMapping
from tasks.nih_whitelist_processor.django_utils import AccessControlUpdater
from cgc_cron.django_utils import AccessControlAnalyzer
from tasks.tests.data_generators import create_csv_file_object

logging.basicConfig(
Expand Down Expand Up @@ -78,7 +78,7 @@ def setUp(self):
self.auth_dataset.save()

self.project = GoogleProject(project_name="project1",
project_id="123",
project_id="a-123",
big_query_dataset="bq_dataset1")
self.project.save()
self.project.user.add(self.auth_user)
Expand All @@ -100,7 +100,7 @@ def test_one_missing_dataset(self):
]

whitelist = NIHDatasetAuthorizationList.from_stream(create_csv_file_object(test_csv_data, include_header=True))
dsu = AccessControlUpdater(whitelist, database_alias='default')
dsu = AccessControlAnalyzer(whitelist, database_alias='default')
result = dsu.process()

self.assertEquals(len(result.skipped_era_logins), 0)
Expand Down Expand Up @@ -166,7 +166,7 @@ def setUp(self):
self.auth_dataset_123.save()

self.project_123 = GoogleProject(project_name="project1",
project_id="123",
project_id="a-123",
big_query_dataset="bq_dataset1")
self.project_123.save()
self.project_123.user.add(self.auth_user)
Expand All @@ -178,7 +178,7 @@ def setUp(self):
self.auth_dataset_456.save()

self.project_456 = GoogleProject(project_name="project1",
project_id="456",
project_id="a-456",
big_query_dataset="bq_dataset2")
self.project_456.save()
self.project_456.user.add(self.auth_user)
Expand Down
Loading

0 comments on commit 072c3e5

Please sign in to comment.