Skip to content

Commit

Permalink
Add testing of SUMO accesses, using specific identities in each test
Browse files Browse the repository at this point in the history
  • Loading branch information
roywilly committed Feb 6, 2024
1 parent 70fe5ca commit f4fd4df
Show file tree
Hide file tree
Showing 10 changed files with 697 additions and 0 deletions.
49 changes: 49 additions & 0 deletions .github/workflows/run_tests_access_drogon_manage_login.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Test access to Sumo with DROGON-MANAGE login

on:
schedule:
- cron: "44 4 * * *"
workflow_dispatch:

jobs:
build_pywheels:
name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
python-version: ["3.11"]
os: [ubuntu-latest]
permissions:
contents: read
id-token: write

steps:
- uses: actions/checkout@v3

- name: Azure Login
uses: Azure/login@v1
with:
client-id: 0f8ab6eb-439b-4d3a-b765-301a6bc7f6cb
tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
allow-no-subscriptions: true

- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}

- name: Install fmu-sumo
run: >
python -m pip install --upgrade pip &&
python -m pip install .[test]
- name: Run tests
shell: bash
run: |
az --version
az account list
pip list | grep -i sumo
access_token=$(az account get-access-token --scope api://88d2b022-3539-4dda-9e66-853801334a86/.default --query accessToken --output tsv)
export ACCESS_TOKEN=$access_token
pytest -s --timeout=300 tests/test_access/tst_access_drogon_manage_login.py
49 changes: 49 additions & 0 deletions .github/workflows/run_tests_access_drogon_read_login.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Test access to Sumo with DROGON-READ login

on:
schedule:
- cron: "24 4 * * *"
workflow_dispatch:

jobs:
build_pywheels:
name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
python-version: ["3.11"]
os: [ubuntu-latest]
permissions:
contents: read
id-token: write

steps:
- uses: actions/checkout@v3

- name: Azure Login
uses: Azure/login@v1
with:
client-id: 121279f7-331a-45fd-9a5f-62d9026694a7
tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
allow-no-subscriptions: true

- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}

- name: Install fmu-sumo
run: >
python -m pip install --upgrade pip &&
python -m pip install .[test]
- name: Run tests
shell: bash
run: |
az --version
az account list
pip list | grep -i sumo
access_token=$(az account get-access-token --scope api://88d2b022-3539-4dda-9e66-853801334a86/.default --query accessToken --output tsv)
export ACCESS_TOKEN=$access_token
pytest -s --timeout=300 tests/test_access/tst_access_drogon_read_login.py
49 changes: 49 additions & 0 deletions .github/workflows/run_tests_access_drogon_write_login.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Test access to Sumo with DROGON-WRITE login

on:
schedule:
- cron: "34 4 * * *"
workflow_dispatch:

jobs:
build_pywheels:
name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
python-version: ["3.11"]
os: [ubuntu-latest]
permissions:
contents: read
id-token: write

steps:
- uses: actions/checkout@v3

- name: Azure Login
uses: Azure/login@v1
with:
client-id: 556cac03-e416-4ed6-86d7-d9d3f965d72e
tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
allow-no-subscriptions: true

- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}

- name: Install fmu-sumo
run: >
python -m pip install --upgrade pip &&
python -m pip install .[test]
- name: Run tests
shell: bash
run: |
az --version
az account list
pip list | grep -i sumo
access_token=$(az account get-access-token --scope api://88d2b022-3539-4dda-9e66-853801334a86/.default --query accessToken --output tsv)
export ACCESS_TOKEN=$access_token
pytest -s --timeout=300 tests/test_access/tst_access_drogon_write_login.py
49 changes: 49 additions & 0 deletions .github/workflows/run_tests_access_no_access_login.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Test access to Sumo with NO-ACCESS login

on:
schedule:
- cron: "54 4 * * *"
workflow_dispatch:

jobs:
build_pywheels:
name: PY ${{ matrix.python-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
python-version: ["3.11"]
os: [ubuntu-latest]
permissions:
contents: read
id-token: write

steps:
- uses: actions/checkout@v3

- name: Azure Login
uses: Azure/login@v1
with:
client-id: fea86a50-0f48-4cef-ba4d-1d789a00b701
tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
allow-no-subscriptions: true

- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}

- name: Install fmu-sumo
run: >
python -m pip install --upgrade pip &&
python -m pip install .[test]
- name: Run tests
shell: bash
run: |
az --version
az account list
pip list | grep -i sumo
access_token=$(az account get-access-token --scope api://88d2b022-3539-4dda-9e66-853801334a86/.default --query accessToken --output tsv)
export ACCESS_TOKEN=$access_token
pytest -s --timeout=300 tests/test_access/tst_access_no_access_login.py
64 changes: 64 additions & 0 deletions tests/data/test_case_080/case2.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"$schema": "https://main-fmu-schemas-dev.radix.equinor.com/schemas/0.8.0/fmu_results.json",
"version": "0.8.0",
"source": "fmu",
"class": "case",
"access": {
"asset": {
"name": "Drogon"
}
},
"fmu": {
"model": {
"name": "ff",
"revision": "undefined"
},
"case": {
"name": "01_drogon_design_hubbabubba",
"uuid": "11111111-2222-3333-ba2a-afe535790707",
"user": {
"id": "some_user_01"
},
"description": []
}
},
"masterdata": {
"smda": {
"country": [
{
"identifier": "Norway",
"uuid": "ad214d85-8a1d-19da-e053-c918a4889309"
}
],
"discovery": [
{
"short_identifier": "DROGON",
"uuid": "ad214d85-8a1d-19da-e053-c918a4889309"
}
],
"field": [
{
"identifier": "DROGON",
"uuid": "00000000-0000-0000-0000-000000000000"
}
],
"coordinate_system": {
"identifier": "ST_WGS84_UTM37N_P32637",
"uuid": "ad214d85-dac7-19da-e053-c918a4889309"
},
"stratigraphic_column": {
"identifier": "DROGON_HAS_NO_STRATCOLUMN",
"uuid": "00000000-0000-0000-0000-000000000000"
}
}
},
"tracklog": [
{
"datetime": "2024-02-06T07:01:40.564169+00:00",
"user": {
"id": "some_user"
},
"event": "created"
}
]
}
41 changes: 41 additions & 0 deletions tests/test_access/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Testing access to SUMO

Tests in this folder shall be run inside Github Actions as specific
users with specific access. Each test file is tailored for a specific
user with either no-access, DROGON-READ, DROGON-WRITE or DROGON-MANAGE.
Since you as a developer have different accesses, many tests will fail
if you run them as yourself.

There are pytest skip decorators to avoid running these tests
outside Github Actions.
In addition, the file names use the non-standard 'tst' over 'test' to avoid being picked
up by a call to pytest.

Print statements are used to ensure the Github Actions run provide
information that can be used for debugging.

Use allow-no-subscriptions flag to avoid having to give the App Registrations access to some resource inside the subscription itself. Example:
```
- name: Azure Login
uses: Azure/login@v1
with:
client-id: <relevant App Registration id here>
tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
allow-no-subscriptions: true
```

If you want to run the tests on your laptop, using bash:
export GITHUB_ACTIONS="true"

In theory you could run locally as the App Registration / Service Principal but I
do not think the sumo-wrapper-python makes it possible:
```
az login --service-principal -u <app-id> -p <password-or-cert> --tenant <tenant> --allow-no-subscriptions
```

Relevant App Registrations:

* sumo-test-runner-no-access No access
* sumo-test-runner-drogon-read DROGON-READ
* sumo-test-runner-drogon-write DROGON-WRITE
* sumo-test-runner-drogon-manage DROGON-MANAGE
Loading

0 comments on commit f4fd4df

Please sign in to comment.