ashb commented on a change in pull request #14664: URL: https://github.com/apache/airflow/pull/14664#discussion_r594482447
########## File path: tests/api_connexion/endpoints/test_role_and_permission_endpoint.py ########## @@ -0,0 +1,155 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +import unittest + +from parameterized import parameterized + +from airflow.api_connexion.exceptions import EXCEPTIONS_LINK_MAP +from airflow.security import permissions +from airflow.www import app +from airflow.www.security import EXISTING_ROLES +from tests.test_utils.api_connexion_utils import assert_401, create_user, delete_user +from tests.test_utils.config import conf_vars +from tests.test_utils.decorators import dont_initialize_flask_app_submodules + + +class TestRoleEndpoint(unittest.TestCase): + @classmethod + @dont_initialize_flask_app_submodules( + skip_all_except=["init_appbuilder", "init_api_experimental_auth", "init_api_connexion"] + ) + def setUpClass(cls) -> None: + super().setUpClass() + with conf_vars({("api", "auth_backend"): "tests.test_utils.remote_user_api_auth_backend"}): + cls.app = app.create_app(testing=True) # type:ignore + cls.appbuilder = cls.app.appbuilder # pylint: disable=no-member + cls.security_manager = cls.appbuilder.sm # type:ignore + create_user( + cls.app, # type: ignore + username="test", + role_name="Test", + permissions=[ + (permissions.ACTION_CAN_LIST, permissions.RESOURCE_ROLE_MODEL_VIEW), + (permissions.ACTION_CAN_SHOW, permissions.RESOURCE_ROLE_MODEL_VIEW), + (permissions.ACTION_CAN_LIST, permissions.RESOURCE_PERMISSION_MODEL_VIEW), + ], + ) + create_user(cls.app, username="test_no_permissions", role_name="TestNoPermissions") # type: ignore + + def setUp(self) -> None: + self.client = self.app.test_client() # type:ignore + + @classmethod + def tearDownClass(cls) -> None: + delete_user(cls.app, username="test") # type: ignore + delete_user(cls.app, username="test_no_permissions") # type: ignore + + +class TestGetRoleEndpoint(TestRoleEndpoint): + def test_should_response_200(self): + response = self.client.get("/api/v1/roles/Admin", environ_overrides={'REMOTE_USER': "test"}) + assert response.status_code == 200 + assert response.json['name'] == "Admin" + + def test_should_respond_404(self): + response = self.client.get("/api/v1/roles/invalid-role", environ_overrides={'REMOTE_USER': "test"}) + assert response.status_code == 404 + assert { + 'detail': "The Role with name `invalid-role` was not found", + 'status': 404, + 'title': 'Role not found', + 'type': EXCEPTIONS_LINK_MAP[404], + } == response.json + + def test_should_raises_401_unauthenticated(self): + response = self.client.get("/api/v1/roles/Admin") + assert_401(response) + + def test_should_raise_403_forbidden(self): + response = self.client.get( + "/api/v1/roles/Admin", environ_overrides={'REMOTE_USER': "test_no_permissions"} + ) + assert response.status_code == 403 + + +class TestGetRolesEndpoint(TestRoleEndpoint): + def test_should_response_200(self): + response = self.client.get("/api/v1/roles", environ_overrides={'REMOTE_USER': "test"}) + assert response.status_code == 200 + EXISTING_ROLES.update(['Test', 'TestNoPermissions']) Review comment: I think we should avoid modifying this in place please -- it might have side-effects on other tests as a result. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
