Add access tests using shared-key for auth (#291)

.github/workflows/run_tests_access_drogon_manage_sharedkey.yaml

@@ -0,0 +1,47 @@
+name: Test access to Sumo with DROGON-MANAGE shared-key
+
+on:
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "48 4 * * *"
+  workflow_dispatch:
+
+jobs:
+  build_pywheels:
+    name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+        os: [ubuntu-latest]
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install fmu-sumo
+        run: >
+          python -m pip install --upgrade pip &&
+          python -m pip install .[test]
+
+      - name: Run tests
+        shell: bash
+        env:
+          sharedkey: ${{ secrets.SHARED_KEY_DROGON_MANAGE_DEV }}
+        run: |
+          pip list | grep -i sumo
+          
+          echo "Length of sharedkey variable read from Github Secrets:" ${#sharedkey}
+          mkdir ~/.sumo
+          echo $sharedkey > ~/.sumo/88d2b022-3539-4dda-9e66-853801334a86.sharedkey
+          ls -l ~/.sumo/88d2b022-3539-4dda-9e66-853801334a86.sharedkey
+
+          pytest -s --timeout=300 tests/test_access/tst_access_drogon_manage_login.py

.github/workflows/run_tests_access_drogon_read_sharedkey.yaml

@@ -0,0 +1,47 @@
+name: Test access to Sumo with DROGON-READ shared-key
+
+on:
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "48 4 * * *"
+  workflow_dispatch:
+
+jobs:
+  build_pywheels:
+    name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+        os: [ubuntu-latest]
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install fmu-sumo
+        run: >
+          python -m pip install --upgrade pip &&
+          python -m pip install .[test]
+
+      - name: Run tests
+        shell: bash
+        env:
+          sharedkey: ${{ secrets.SHARED_KEY_DROGON_READ_DEV }}
+        run: |
+          pip list | grep -i sumo
+          
+          echo "Length of sharedkey variable read from Github Secrets:" ${#sharedkey}
+          mkdir ~/.sumo
+          echo $sharedkey > ~/.sumo/88d2b022-3539-4dda-9e66-853801334a86.sharedkey
+          ls -l ~/.sumo/88d2b022-3539-4dda-9e66-853801334a86.sharedkey
+
+          pytest -s --timeout=300 tests/test_access/tst_access_drogon_read_login.py

.github/workflows/run_tests_access_drogon_write_sharedkey.yaml

@@ -0,0 +1,47 @@
+name: Test access to Sumo with DROGON-WRITE shared-key
+
+on:
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "48 4 * * *"
+  workflow_dispatch:
+
+jobs:
+  build_pywheels:
+    name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+        os: [ubuntu-latest]
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install fmu-sumo
+        run: >
+          python -m pip install --upgrade pip &&
+          python -m pip install .[test]
+
+      - name: Run tests
+        shell: bash
+        env:
+          sharedkey: ${{ secrets.SHARED_KEY_DROGON_WRITE_DEV }}
+        run: |
+          pip list | grep -i sumo
+          
+          echo "Length of sharedkey variable read from Github Secrets:" ${#sharedkey}
+          mkdir ~/.sumo
+          echo $sharedkey > ~/.sumo/88d2b022-3539-4dda-9e66-853801334a86.sharedkey
+          ls -l ~/.sumo/88d2b022-3539-4dda-9e66-853801334a86.sharedkey
+
+          pytest -s --timeout=300 tests/test_access/tst_access_drogon_write_login.py

tests/test_access/README.md

@@ -43,3 +43,20 @@ Relevant App Registrations:
 The Azure Entra ID 'App Registrations' blade named 'API permissions' is where the access is 
 given. 
 
+## Test access using shared-key
+
+Shared key authentication is also tested. The shared keys are manually created with the /admin/make-shared-access-key, then manually put into Github Actions Secrets. Note that these secrets must be replaced when they expire after a year. 
+
+It is not possible to run a 'no-access' test with shared key. 
+
+Example /admin/make-shared-access-key in Swagger:
+
+* user: [email protected]
+* roles: one of DROGON-READ, DROGON-WRITE, DROGON-MANAGE
+* duration: 365
+
+Then paste the response body into the corresponding secret in Github, Settings, Secrets and variables, Actions, edit repository secret. 
+
+Relevant files:
+
+.github\workflows\*_sharedkey.yaml

tests/test_access/tst_access_drogon_manage_login.py

@@ -181,3 +181,4 @@ def test_get_message_log_truncate(explorer: Explorer):
         print("Execution should never reach this line")
         print("Unexpected status: ", response.status_code)
         print("Unexpected response: ", response.text)
+