[Tests] Refactoring test accounts (#3747)
* Create all accounts as service principals. * Handling empty collections of user accounts. * Set up new app environment variables. * Expand the use of service principals.
This commit is contained in:
Родитель
b0a7c0a01f
Коммит
fc632d7d71
|
@ -125,15 +125,15 @@ steps:
|
|||
'app_nativeClient_secret': $(app_nativeClient_secret)
|
||||
'app_wrongAudienceClient_id': $(app_wrongAudienceClient_id)
|
||||
'app_wrongAudienceClient_secret': $(app_wrongAudienceClient_secret)
|
||||
'user_globalAdminUser_id': $(user_globalAdminUser_id)
|
||||
'user_globalAdminUser_secret': $(user_globalAdminUser_secret)
|
||||
'user_globalConverterUser_id': $(user_globalConverterUser_id)
|
||||
'user_globalConverterUser_secret': $(user_globalConverterUser_secret)
|
||||
'user_globalExporterUser_id': $(user_globalExporterUser_id)
|
||||
'user_globalExporterUser_secret': $(user_globalExporterUser_secret)
|
||||
'user_globalImporterUser_id': $(user_globalImporterUser_id)
|
||||
'user_globalImporterUser_secret': $(user_globalImporterUser_secret)
|
||||
'user_globalReaderUser_id': $(user_globalReaderUser_id)
|
||||
'user_globalReaderUser_secret': $(user_globalReaderUser_secret)
|
||||
'user_globalWriterUser_id': $(user_globalWriterUser_id)
|
||||
'user_globalWriterUser_secret': $(user_globalWriterUser_secret)
|
||||
'app_globalAdminUser_id': $(app_globalAdminUser_id)
|
||||
'app_globalAdminUser_secret': $(app_globalAdminUser_secret)
|
||||
'app_globalConverterUser_id': $(app_globalConverterUser_id)
|
||||
'app_globalConverterUser_secret': $(app_globalConverterUser_secret)
|
||||
'app_globalExporterUser_id': $(app_globalExporterUser_id)
|
||||
'app_globalExporterUser_secret': $(app_globalExporterUser_secret)
|
||||
'app_globalImporterUser_id': $(app_globalImporterUser_id)
|
||||
'app_globalImporterUser_secret': $(app_globalImporterUser_secret)
|
||||
'app_globalReaderUser_id': $(app_globalReaderUser_id)
|
||||
'app_globalReaderUser_secret': $(app_globalReaderUser_secret)
|
||||
'app_globalWriterUser_id': $(app_globalWriterUser_id)
|
||||
'app_globalWriterUser_secret': $(app_globalWriterUser_secret)
|
||||
|
|
|
@ -95,16 +95,18 @@ jobs:
|
|||
'app_nativeClient_secret': $(app_nativeClient_secret)
|
||||
'app_wrongAudienceClient_id': $(app_wrongAudienceClient_id)
|
||||
'app_wrongAudienceClient_secret': $(app_wrongAudienceClient_secret)
|
||||
'user_globalAdminUser_id': $(user_globalAdminUser_id)
|
||||
'user_globalAdminUser_secret': $(user_globalAdminUser_secret)
|
||||
'user_globalConverterUser_id': $(user_globalConverterUser_id)
|
||||
'user_globalConverterUser_secret': $(user_globalConverterUser_secret)
|
||||
'user_globalExporterUser_id': $(user_globalExporterUser_id)
|
||||
'user_globalExporterUser_secret': $(user_globalExporterUser_secret)
|
||||
'user_globalReaderUser_id': $(user_globalReaderUser_id)
|
||||
'user_globalReaderUser_secret': $(user_globalReaderUser_secret)
|
||||
'user_globalWriterUser_id': $(user_globalWriterUser_id)
|
||||
'user_globalWriterUser_secret': $(user_globalWriterUser_secret)
|
||||
'app_globalAdminUser_id': $(app_globalAdminUser_id)
|
||||
'app_globalAdminUser_secret': $(app_globalAdminUser_secret)
|
||||
'app_globalConverterUser_id': $(app_globalConverterUser_id)
|
||||
'app_globalConverterUser_secret': $(app_globalConverterUser_secret)
|
||||
'app_globalExporterUser_id': $(app_globalExporterUser_id)
|
||||
'app_globalExporterUser_secret': $(app_globalExporterUser_secret)
|
||||
'app_globalImporterUser_id': $(app_globalImporterUser_id)
|
||||
'app_globalImporterUser_secret': $(app_globalImporterUser_secret)
|
||||
'app_globalReaderUser_id': $(app_globalReaderUser_id)
|
||||
'app_globalReaderUser_secret': $(app_globalReaderUser_secret)
|
||||
'app_globalWriterUser_id': $(app_globalWriterUser_id)
|
||||
'app_globalWriterUser_secret': $(app_globalWriterUser_secret)
|
||||
|
||||
- job: 'sqlE2eTests'
|
||||
dependsOn: []
|
||||
|
@ -196,14 +198,16 @@ jobs:
|
|||
'app_nativeClient_secret': $(app_nativeClient_secret)
|
||||
'app_wrongAudienceClient_id': $(app_wrongAudienceClient_id)
|
||||
'app_wrongAudienceClient_secret': $(app_wrongAudienceClient_secret)
|
||||
'user_globalAdminUser_id': $(user_globalAdminUser_id)
|
||||
'user_globalAdminUser_secret': $(user_globalAdminUser_secret)
|
||||
'user_globalConverterUser_id': $(user_globalConverterUser_id)
|
||||
'user_globalConverterUser_secret': $(user_globalConverterUser_secret)
|
||||
'user_globalExporterUser_id': $(user_globalExporterUser_id)
|
||||
'user_globalExporterUser_secret': $(user_globalExporterUser_secret)
|
||||
'user_globalReaderUser_id': $(user_globalReaderUser_id)
|
||||
'user_globalReaderUser_secret': $(user_globalReaderUser_secret)
|
||||
'user_globalWriterUser_id': $(user_globalWriterUser_id)
|
||||
'user_globalWriterUser_secret': $(user_globalWriterUser_secret)
|
||||
'app_globalAdminUser_id': $(app_globalAdminUser_id)
|
||||
'app_globalAdminUser_secret': $(app_globalAdminUser_secret)
|
||||
'app_globalConverterUser_id': $(app_globalConverterUser_id)
|
||||
'app_globalConverterUser_secret': $(app_globalConverterUser_secret)
|
||||
'app_globalExporterUser_id': $(app_globalExporterUser_id)
|
||||
'app_globalExporterUser_secret': $(app_globalExporterUser_secret)
|
||||
'app_globalImporterUser_id': $(app_globalImporterUser_id)
|
||||
'app_globalImporterUser_secret': $(app_globalImporterUser_secret)
|
||||
'app_globalReaderUser_id': $(app_globalReaderUser_id)
|
||||
'app_globalReaderUser_secret': $(app_globalReaderUser_secret)
|
||||
'app_globalWriterUser_id': $(app_globalWriterUser_id)
|
||||
'app_globalWriterUser_secret': $(app_globalWriterUser_secret)
|
||||
|
||||
|
|
|
@ -125,14 +125,26 @@ function Add-AadTestAuthEnvironment {
|
|||
}
|
||||
|
||||
Write-Host "Setting roles on API Application"
|
||||
$appRoles = ($testAuthEnvironment.users.roles + $testAuthEnvironment.clientApplications.roles) | Select-Object -Unique
|
||||
|
||||
# 1 - Setting up roles
|
||||
if ($testAuthEnvironment.users.length -eq 0) {
|
||||
# List of users can be empty, then rely only in the list of client applications
|
||||
$appRoles = $testAuthEnvironment.clientApplications.roles | Select-Object -Unique
|
||||
}
|
||||
else {
|
||||
$appRoles = ($testAuthEnvironment.users.roles + $testAuthEnvironment.clientApplications.roles) | Select-Object -Unique
|
||||
}
|
||||
Set-FhirServerApiApplicationRoles -ApiAppId $application.AppId -AppRoles $appRoles | Out-Null
|
||||
|
||||
Write-Host "Ensuring users and role assignments for API Application exist"
|
||||
$environmentUsers = Set-FhirServerApiUsers -UserNamePrefix $EnvironmentName -TenantDomain $tenantInfo.TenantDomain -ApiAppId $application.AppId -UserConfiguration $testAuthEnvironment.Users -KeyVaultName $KeyVaultName
|
||||
# 2 - Validating users
|
||||
$environmentUsers = @()
|
||||
if ($testAuthEnvironment.users.length -gt 0) {
|
||||
Write-Host "Ensuring users and role assignments for API Application exist"
|
||||
$environmentUsers = Set-FhirServerApiUsers -UserNamePrefix $EnvironmentName -TenantDomain $tenantInfo.TenantDomain -ApiAppId $application.AppId -UserConfiguration $testAuthEnvironment.users -KeyVaultName $KeyVaultName
|
||||
}
|
||||
|
||||
# 3 - Validating client applications
|
||||
$environmentClientApplications = @()
|
||||
|
||||
Write-Host "Ensuring client application exists"
|
||||
foreach ($clientApp in $testAuthEnvironment.clientApplications) {
|
||||
$displayName = Get-ApplicationDisplayName -EnvironmentName $EnvironmentName -AppId $clientApp.Id
|
||||
|
|
|
@ -16,6 +16,5 @@
|
|||
<Compile Include="$(MSBuildThisFileDirectory)TestApplication.cs" />
|
||||
<Compile Include="$(MSBuildThisFileDirectory)TestApplications.cs" />
|
||||
<Compile Include="$(MSBuildThisFileDirectory)TestUser.cs" />
|
||||
<Compile Include="$(MSBuildThisFileDirectory)TestUsers.cs" />
|
||||
</ItemGroup>
|
||||
</Project>
|
|
@ -5,16 +5,35 @@
|
|||
|
||||
namespace Microsoft.Health.Fhir.Tests.E2E.Common
|
||||
{
|
||||
/*
|
||||
* When adding a new service principals they must be added in the following locations:
|
||||
* - /build/jobs/e2e-tests.yml
|
||||
* - /build/jobs/run-export-tests.yml
|
||||
* - /testauthenvironment.json
|
||||
*/
|
||||
|
||||
public static class TestApplications
|
||||
{
|
||||
public static TestApplication GlobalAdminServicePrincipal { get; } = new TestApplication("globalAdminServicePrincipal");
|
||||
public static TestApplication AdminUser { get; } = new TestApplication("globalAdminUser");
|
||||
|
||||
public static TestApplication NativeClient { get; } = new TestApplication("nativeClient");
|
||||
public static TestApplication BulkImportUser { get; } = new TestApplication("globalImporterUser");
|
||||
|
||||
public static TestApplication ConvertDataUser { get; } = new TestApplication("globalConverterUser");
|
||||
|
||||
public static TestApplication ExportUser { get; } = new TestApplication("globalExporterUser");
|
||||
|
||||
public static TestApplication GlobalAdminServicePrincipal { get; } = new TestApplication("globalAdminServicePrincipal");
|
||||
|
||||
public static TestApplication InvalidClient { get; } = new TestApplication("invalidclient");
|
||||
|
||||
public static TestApplication WrongAudienceClient { get; } = new TestApplication("wrongAudienceClient");
|
||||
public static TestApplication NativeClient { get; } = new TestApplication("nativeClient");
|
||||
|
||||
public static TestApplication ReadOnlyUser { get; } = new TestApplication("globalReaderUser");
|
||||
|
||||
public static TestApplication ReadWriteUser { get; } = new TestApplication("globalWriterUser");
|
||||
|
||||
public static TestApplication SmartUserClient { get; } = new TestApplication("smartUserClient");
|
||||
|
||||
public static TestApplication WrongAudienceClient { get; } = new TestApplication("wrongAudienceClient");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
// -------------------------------------------------------------------------------------------------
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
// Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
|
||||
// -------------------------------------------------------------------------------------------------
|
||||
|
||||
namespace Microsoft.Health.Fhir.Tests.E2E.Common
|
||||
{
|
||||
/*
|
||||
* When adding a new user they must be added in the following locations:
|
||||
* - /build/jobs/run-tests.yml DotNetCoreCLI@2 Tasks
|
||||
* - /testauthenvironment.json
|
||||
*/
|
||||
|
||||
public static class TestUsers
|
||||
{
|
||||
public static TestUser ReadOnlyUser { get; } = new TestUser("globalReaderUser");
|
||||
|
||||
public static TestUser ReadWriteUser { get; } = new TestUser("globalWriterUser");
|
||||
|
||||
public static TestUser ExportUser { get; } = new TestUser("globalExporterUser");
|
||||
|
||||
public static TestUser ConvertDataUser { get; } = new TestUser("globalConverterUser");
|
||||
|
||||
public static TestUser BulkImportUser { get; } = new TestUser("globalImporterUser");
|
||||
|
||||
public static TestUser AdminUser { get; } = new TestUser("globalAdminUser");
|
||||
}
|
||||
}
|
|
@ -467,7 +467,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Audit
|
|||
("search-type", "Patient?name=peter", HttpStatusCode.OK, ResourceType.Patient),
|
||||
};
|
||||
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
await ExecuteAndValidateBundle(
|
||||
() => tempClient.PostBundleAsync(batch),
|
||||
|
|
|
@ -48,50 +48,50 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
_convertDataEnabled = convertDataConfiguration?.Enabled ?? false;
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithNoCreatePermissions_WhenCreatingAResource_TheServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>()));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithNoWritePermissions_WhenUpdatingAResource_TheServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
|
||||
|
||||
tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.UpdateAsync(createdResource));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithNoHardDeletePermissions_WhenHardDeletingAResource_TheServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.HardDeleteAsync(createdResource));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithHardDeletePermissions_WhenHardDeletingAResource_TheServerShouldReturnSuccess()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
|
||||
|
||||
tempClient = _client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
|
||||
tempClient = _client.CreateClientForClientApplication(TestApplications.AdminUser);
|
||||
|
||||
// Hard-delete the resource.
|
||||
await tempClient.HardDeleteAsync(createdResource);
|
||||
|
||||
tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
// Getting the resource should result in NotFound.
|
||||
await ExecuteAndValidateNotFoundStatus(() => tempClient.ReadAsync<Observation>(ResourceType.Observation, createdResource.Id));
|
||||
|
@ -104,14 +104,14 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
}
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithUpdatePermissions_WhenUpdatingAResource_TheServerShouldReturnSuccess()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.AdminUser);
|
||||
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
|
||||
|
||||
tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
|
||||
createdResource.Text = new Narrative
|
||||
{
|
||||
|
@ -179,14 +179,14 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithReadPermissions_WhenGettingAResource_TheServerShouldReturnSuccess()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.GlobalAdminServicePrincipal);
|
||||
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
|
||||
|
||||
tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
using FhirResponse<Observation> readResponse = await tempClient.ReadAsync<Observation>(ResourceType.Observation, createdResource.Id);
|
||||
|
||||
Observation readResource = readResponse.Resource;
|
||||
|
@ -196,22 +196,22 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithNoExportPermissions_WhenExportResources_TheServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
FhirClientException fhirException = await Assert.ThrowsAsync<FhirClientException>(async () => await tempClient.ExportAsync());
|
||||
Assert.StartsWith(ForbiddenMessage, fhirException.Message);
|
||||
Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode);
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenAUserWithExportPermissions_WhenExportResources_TheServerShouldReturnSuccess()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ExportUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ExportUser);
|
||||
|
||||
Uri contentLocation = await tempClient.ExportAsync();
|
||||
await tempClient.CancelExport(contentLocation);
|
||||
|
@ -223,7 +223,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
{
|
||||
Skip.IfNot(_convertDataEnabled);
|
||||
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
var parameters = Samples.GetDefaultConvertDataParameter().ToPoco<Parameters>();
|
||||
|
||||
|
@ -236,7 +236,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
{
|
||||
Skip.IfNot(_convertDataEnabled);
|
||||
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ConvertDataUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ConvertDataUser);
|
||||
var parameters = Samples.GetDefaultConvertDataParameter().ToPoco<Parameters>();
|
||||
var response = await tempClient.ConvertDataAsync(parameters);
|
||||
|
||||
|
@ -245,62 +245,62 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
Assert.NotEmpty(result);
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenUserWithNoProfileAdminPermission_WhenCreateProfileDefinitionResource_ThenServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.CreateAsync<ValueSet>(resource));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenUserWithNoProfileAdminPermission_WhenUpdateProfileDefinitionResource_ThenServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.UpdateAsync<ValueSet>(resource));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenUserWithNoProfileAdminPermission_WhenConditionalCreateProfileDefinitionResource_ThenServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.CreateAsync<ValueSet>(resource, "identifier=boo"));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenUserWithNoProfileAdminPermission_WhenConditionalUpdateProfileDefinitionResource_ThenServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
|
||||
var weakETag = "W/\"identifier=boo\"";
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.UpdateAsync<ValueSet>(resource, weakETag));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenUserWithNoProfileAdminPermission_WhenDeleteProfileDefinitionResource_ThenServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
|
||||
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
|
||||
|
||||
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.DeleteAsync<ValueSet>(resource));
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
public async Task GivenUserWithProfileAdminPermission_WhenCUDActionOnProfileDefinitionResource_ThenServerShouldReturnOk()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.AdminUser);
|
||||
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
|
||||
var valueSetResponse = await tempClient.CreateAsync<ValueSet>(resource);
|
||||
Assert.Equal(HttpStatusCode.Created, valueSetResponse.Response.StatusCode);
|
||||
|
|
|
@ -153,14 +153,15 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
BundleTestsUtil.ValidateOperationOutcome(resourceAfterPostingSameBundle.Entry[9].Response.Status, resourceAfterPostingSameBundle.Entry[9].Response.Outcome as OperationOutcome, _statusCodeMap[HttpStatusCode.NotFound], "Resource type 'Patient' with id '12334' couldn't be found.", IssueType.NotFound);
|
||||
}
|
||||
|
||||
[SkippableTheory(Skip = "Auth Refactoring")]
|
||||
[Theory]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
[Trait(Traits.Category, Categories.Authorization)]
|
||||
[InlineData(FhirBundleProcessingLogic.Parallel)]
|
||||
[InlineData(FhirBundleProcessingLogic.Sequential)]
|
||||
[Trait(Traits.Category, Categories.Authorization)]
|
||||
public async Task GivenAValidBundleWithReadonlyUser_WhenSubmittingABatch_ThenForbiddenAndOutcomeIsReturned(FhirBundleProcessingLogic processingLogic)
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
Bundle requestBundle = Samples.GetDefaultBatch().ToPoco<Bundle>();
|
||||
|
||||
using FhirResponse<Bundle> fhirResponse = await tempClient.PostBundleAsync(requestBundle, new FhirBundleOptions() { BundleProcessingLogic = processingLogic });
|
||||
|
|
|
@ -165,12 +165,12 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
|
|||
ValidateOperationOutcome(expectedDiagnostics, expectedCodeType, fhirException.OperationOutcome);
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Priority, Priority.One)]
|
||||
[Trait(Traits.Category, Categories.Authorization)]
|
||||
public async Task GivenAValidBundleWithForbiddenUser_WhenSubmittingATransaction_ThenOperationOutcomeWithForbiddenStatusIsReturned()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
|
||||
var id = Guid.NewGuid().ToString();
|
||||
var bundleAsString = Samples.GetJson("Bundle-TransactionWithValidBundleEntry");
|
||||
|
|
|
@ -49,7 +49,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
|
|||
}
|
||||
|
||||
_metricHandler?.ResetCount();
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.BulkImportUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.BulkImportUser);
|
||||
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
|
||||
patientNdJsonResource = Regex.Replace(patientNdJsonResource, "##PatientID##", m => Guid.NewGuid().ToString("N"));
|
||||
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);
|
||||
|
|
|
@ -261,12 +261,12 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
|
|||
}
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Category, Categories.Authorization)]
|
||||
public async Task GivenAUserWithoutImportPermissions_WhenImportData_ThenServerShouldReturnForbidden_WithNoImportNotification()
|
||||
{
|
||||
_metricHandler?.ResetCount();
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
|
||||
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);
|
||||
|
||||
|
@ -420,14 +420,14 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
|
|||
return ndJson;
|
||||
}
|
||||
|
||||
[SkippableTheory(Skip = "Auth Refactoring")]
|
||||
[Theory]
|
||||
[InlineData(true)]
|
||||
[InlineData(false)]
|
||||
[Trait(Traits.Category, Categories.Authorization)]
|
||||
public async Task GivenAUserWithImportPermissions_WhenImportData_TheServerShouldReturnSuccess(bool setResourceType)
|
||||
{
|
||||
_metricHandler?.ResetCount();
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.BulkImportUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.BulkImportUser);
|
||||
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
|
||||
patientNdJsonResource = Regex.Replace(patientNdJsonResource, "##PatientID##", m => Guid.NewGuid().ToString("N"));
|
||||
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);
|
||||
|
@ -449,11 +449,11 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
|
|||
}
|
||||
}
|
||||
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
[Trait(Traits.Category, Categories.Authorization)]
|
||||
public async Task GivenAUserWithoutImportPermissions_WhenImportData_ThenServerShouldReturnForbidden()
|
||||
{
|
||||
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
|
||||
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
|
||||
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
|
||||
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);
|
||||
|
||||
|
|
|
@ -265,7 +265,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Search
|
|||
}
|
||||
|
||||
[HttpIntegrationFixtureArgumentSets(DataStore.CosmosDb, Format.Json)]
|
||||
[SkippableFact(Skip = "Auth Refactoring")]
|
||||
[Fact]
|
||||
public async Task GivenANonSelectiveChainingQueryInCosmosDb_WhenSearched_ThenAnErrorShouldBeThrown()
|
||||
{
|
||||
string query = $"subject:Patient.gender=male";
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{
|
||||
"users": [
|
||||
],
|
||||
"clientApplications": [
|
||||
{
|
||||
"id": "globalReaderUser",
|
||||
"roles": [
|
||||
|
@ -35,9 +37,7 @@
|
|||
"roles": [
|
||||
"globalAdmin"
|
||||
]
|
||||
}
|
||||
],
|
||||
"clientApplications": [
|
||||
},
|
||||
{
|
||||
"id": "globalAdminServicePrincipal",
|
||||
"roles": [
|
||||
|
|
Загрузка…
Ссылка в новой задаче