[Tests] Refactoring test accounts (#3747)

* Create all accounts as service principals.
* Handling empty collections of user accounts.
* Set up new app environment variables.
* Expand the use of service principals.
This commit is contained in:
Fernando Henrique Inocêncio Borba Ferreira 2024-03-13 14:15:06 -07:00 коммит произвёл GitHub
Родитель b0a7c0a01f
Коммит fc632d7d71
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
14 изменённых файлов: 125 добавлений и 118 удалений

Просмотреть файл

@ -125,15 +125,15 @@ steps:
'app_nativeClient_secret': $(app_nativeClient_secret)
'app_wrongAudienceClient_id': $(app_wrongAudienceClient_id)
'app_wrongAudienceClient_secret': $(app_wrongAudienceClient_secret)
'user_globalAdminUser_id': $(user_globalAdminUser_id)
'user_globalAdminUser_secret': $(user_globalAdminUser_secret)
'user_globalConverterUser_id': $(user_globalConverterUser_id)
'user_globalConverterUser_secret': $(user_globalConverterUser_secret)
'user_globalExporterUser_id': $(user_globalExporterUser_id)
'user_globalExporterUser_secret': $(user_globalExporterUser_secret)
'user_globalImporterUser_id': $(user_globalImporterUser_id)
'user_globalImporterUser_secret': $(user_globalImporterUser_secret)
'user_globalReaderUser_id': $(user_globalReaderUser_id)
'user_globalReaderUser_secret': $(user_globalReaderUser_secret)
'user_globalWriterUser_id': $(user_globalWriterUser_id)
'user_globalWriterUser_secret': $(user_globalWriterUser_secret)
'app_globalAdminUser_id': $(app_globalAdminUser_id)
'app_globalAdminUser_secret': $(app_globalAdminUser_secret)
'app_globalConverterUser_id': $(app_globalConverterUser_id)
'app_globalConverterUser_secret': $(app_globalConverterUser_secret)
'app_globalExporterUser_id': $(app_globalExporterUser_id)
'app_globalExporterUser_secret': $(app_globalExporterUser_secret)
'app_globalImporterUser_id': $(app_globalImporterUser_id)
'app_globalImporterUser_secret': $(app_globalImporterUser_secret)
'app_globalReaderUser_id': $(app_globalReaderUser_id)
'app_globalReaderUser_secret': $(app_globalReaderUser_secret)
'app_globalWriterUser_id': $(app_globalWriterUser_id)
'app_globalWriterUser_secret': $(app_globalWriterUser_secret)

Просмотреть файл

@ -95,16 +95,18 @@ jobs:
'app_nativeClient_secret': $(app_nativeClient_secret)
'app_wrongAudienceClient_id': $(app_wrongAudienceClient_id)
'app_wrongAudienceClient_secret': $(app_wrongAudienceClient_secret)
'user_globalAdminUser_id': $(user_globalAdminUser_id)
'user_globalAdminUser_secret': $(user_globalAdminUser_secret)
'user_globalConverterUser_id': $(user_globalConverterUser_id)
'user_globalConverterUser_secret': $(user_globalConverterUser_secret)
'user_globalExporterUser_id': $(user_globalExporterUser_id)
'user_globalExporterUser_secret': $(user_globalExporterUser_secret)
'user_globalReaderUser_id': $(user_globalReaderUser_id)
'user_globalReaderUser_secret': $(user_globalReaderUser_secret)
'user_globalWriterUser_id': $(user_globalWriterUser_id)
'user_globalWriterUser_secret': $(user_globalWriterUser_secret)
'app_globalAdminUser_id': $(app_globalAdminUser_id)
'app_globalAdminUser_secret': $(app_globalAdminUser_secret)
'app_globalConverterUser_id': $(app_globalConverterUser_id)
'app_globalConverterUser_secret': $(app_globalConverterUser_secret)
'app_globalExporterUser_id': $(app_globalExporterUser_id)
'app_globalExporterUser_secret': $(app_globalExporterUser_secret)
'app_globalImporterUser_id': $(app_globalImporterUser_id)
'app_globalImporterUser_secret': $(app_globalImporterUser_secret)
'app_globalReaderUser_id': $(app_globalReaderUser_id)
'app_globalReaderUser_secret': $(app_globalReaderUser_secret)
'app_globalWriterUser_id': $(app_globalWriterUser_id)
'app_globalWriterUser_secret': $(app_globalWriterUser_secret)
- job: 'sqlE2eTests'
dependsOn: []
@ -196,14 +198,16 @@ jobs:
'app_nativeClient_secret': $(app_nativeClient_secret)
'app_wrongAudienceClient_id': $(app_wrongAudienceClient_id)
'app_wrongAudienceClient_secret': $(app_wrongAudienceClient_secret)
'user_globalAdminUser_id': $(user_globalAdminUser_id)
'user_globalAdminUser_secret': $(user_globalAdminUser_secret)
'user_globalConverterUser_id': $(user_globalConverterUser_id)
'user_globalConverterUser_secret': $(user_globalConverterUser_secret)
'user_globalExporterUser_id': $(user_globalExporterUser_id)
'user_globalExporterUser_secret': $(user_globalExporterUser_secret)
'user_globalReaderUser_id': $(user_globalReaderUser_id)
'user_globalReaderUser_secret': $(user_globalReaderUser_secret)
'user_globalWriterUser_id': $(user_globalWriterUser_id)
'user_globalWriterUser_secret': $(user_globalWriterUser_secret)
'app_globalAdminUser_id': $(app_globalAdminUser_id)
'app_globalAdminUser_secret': $(app_globalAdminUser_secret)
'app_globalConverterUser_id': $(app_globalConverterUser_id)
'app_globalConverterUser_secret': $(app_globalConverterUser_secret)
'app_globalExporterUser_id': $(app_globalExporterUser_id)
'app_globalExporterUser_secret': $(app_globalExporterUser_secret)
'app_globalImporterUser_id': $(app_globalImporterUser_id)
'app_globalImporterUser_secret': $(app_globalImporterUser_secret)
'app_globalReaderUser_id': $(app_globalReaderUser_id)
'app_globalReaderUser_secret': $(app_globalReaderUser_secret)
'app_globalWriterUser_id': $(app_globalWriterUser_id)
'app_globalWriterUser_secret': $(app_globalWriterUser_secret)

Просмотреть файл

@ -125,14 +125,26 @@ function Add-AadTestAuthEnvironment {
}
Write-Host "Setting roles on API Application"
$appRoles = ($testAuthEnvironment.users.roles + $testAuthEnvironment.clientApplications.roles) | Select-Object -Unique
# 1 - Setting up roles
if ($testAuthEnvironment.users.length -eq 0) {
# List of users can be empty, then rely only in the list of client applications
$appRoles = $testAuthEnvironment.clientApplications.roles | Select-Object -Unique
}
else {
$appRoles = ($testAuthEnvironment.users.roles + $testAuthEnvironment.clientApplications.roles) | Select-Object -Unique
}
Set-FhirServerApiApplicationRoles -ApiAppId $application.AppId -AppRoles $appRoles | Out-Null
Write-Host "Ensuring users and role assignments for API Application exist"
$environmentUsers = Set-FhirServerApiUsers -UserNamePrefix $EnvironmentName -TenantDomain $tenantInfo.TenantDomain -ApiAppId $application.AppId -UserConfiguration $testAuthEnvironment.Users -KeyVaultName $KeyVaultName
# 2 - Validating users
$environmentUsers = @()
if ($testAuthEnvironment.users.length -gt 0) {
Write-Host "Ensuring users and role assignments for API Application exist"
$environmentUsers = Set-FhirServerApiUsers -UserNamePrefix $EnvironmentName -TenantDomain $tenantInfo.TenantDomain -ApiAppId $application.AppId -UserConfiguration $testAuthEnvironment.users -KeyVaultName $KeyVaultName
}
# 3 - Validating client applications
$environmentClientApplications = @()
Write-Host "Ensuring client application exists"
foreach ($clientApp in $testAuthEnvironment.clientApplications) {
$displayName = Get-ApplicationDisplayName -EnvironmentName $EnvironmentName -AppId $clientApp.Id

Просмотреть файл

@ -16,6 +16,5 @@
<Compile Include="$(MSBuildThisFileDirectory)TestApplication.cs" />
<Compile Include="$(MSBuildThisFileDirectory)TestApplications.cs" />
<Compile Include="$(MSBuildThisFileDirectory)TestUser.cs" />
<Compile Include="$(MSBuildThisFileDirectory)TestUsers.cs" />
</ItemGroup>
</Project>

Просмотреть файл

@ -5,16 +5,35 @@
namespace Microsoft.Health.Fhir.Tests.E2E.Common
{
/*
* When adding a new service principals they must be added in the following locations:
* - /build/jobs/e2e-tests.yml
* - /build/jobs/run-export-tests.yml
* - /testauthenvironment.json
*/
public static class TestApplications
{
public static TestApplication GlobalAdminServicePrincipal { get; } = new TestApplication("globalAdminServicePrincipal");
public static TestApplication AdminUser { get; } = new TestApplication("globalAdminUser");
public static TestApplication NativeClient { get; } = new TestApplication("nativeClient");
public static TestApplication BulkImportUser { get; } = new TestApplication("globalImporterUser");
public static TestApplication ConvertDataUser { get; } = new TestApplication("globalConverterUser");
public static TestApplication ExportUser { get; } = new TestApplication("globalExporterUser");
public static TestApplication GlobalAdminServicePrincipal { get; } = new TestApplication("globalAdminServicePrincipal");
public static TestApplication InvalidClient { get; } = new TestApplication("invalidclient");
public static TestApplication WrongAudienceClient { get; } = new TestApplication("wrongAudienceClient");
public static TestApplication NativeClient { get; } = new TestApplication("nativeClient");
public static TestApplication ReadOnlyUser { get; } = new TestApplication("globalReaderUser");
public static TestApplication ReadWriteUser { get; } = new TestApplication("globalWriterUser");
public static TestApplication SmartUserClient { get; } = new TestApplication("smartUserClient");
public static TestApplication WrongAudienceClient { get; } = new TestApplication("wrongAudienceClient");
}
}

Просмотреть файл

@ -1,28 +0,0 @@
// -------------------------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
// -------------------------------------------------------------------------------------------------
namespace Microsoft.Health.Fhir.Tests.E2E.Common
{
/*
* When adding a new user they must be added in the following locations:
* - /build/jobs/run-tests.yml DotNetCoreCLI@2 Tasks
* - /testauthenvironment.json
*/
public static class TestUsers
{
public static TestUser ReadOnlyUser { get; } = new TestUser("globalReaderUser");
public static TestUser ReadWriteUser { get; } = new TestUser("globalWriterUser");
public static TestUser ExportUser { get; } = new TestUser("globalExporterUser");
public static TestUser ConvertDataUser { get; } = new TestUser("globalConverterUser");
public static TestUser BulkImportUser { get; } = new TestUser("globalImporterUser");
public static TestUser AdminUser { get; } = new TestUser("globalAdminUser");
}
}

Просмотреть файл

@ -467,7 +467,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Audit
("search-type", "Patient?name=peter", HttpStatusCode.OK, ResourceType.Patient),
};
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
await ExecuteAndValidateBundle(
() => tempClient.PostBundleAsync(batch),

Просмотреть файл

@ -48,50 +48,50 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
_convertDataEnabled = convertDataConfiguration?.Enabled ?? false;
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithNoCreatePermissions_WhenCreatingAResource_TheServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>()));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithNoWritePermissions_WhenUpdatingAResource_TheServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.UpdateAsync(createdResource));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithNoHardDeletePermissions_WhenHardDeletingAResource_TheServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.HardDeleteAsync(createdResource));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithHardDeletePermissions_WhenHardDeletingAResource_TheServerShouldReturnSuccess()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
tempClient = _client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
tempClient = _client.CreateClientForClientApplication(TestApplications.AdminUser);
// Hard-delete the resource.
await tempClient.HardDeleteAsync(createdResource);
tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
// Getting the resource should result in NotFound.
await ExecuteAndValidateNotFoundStatus(() => tempClient.ReadAsync<Observation>(ResourceType.Observation, createdResource.Id));
@ -104,14 +104,14 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
}
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithUpdatePermissions_WhenUpdatingAResource_TheServerShouldReturnSuccess()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.AdminUser);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
createdResource.Text = new Narrative
{
@ -179,14 +179,14 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithReadPermissions_WhenGettingAResource_TheServerShouldReturnSuccess()
{
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.GlobalAdminServicePrincipal);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco<Observation>());
tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
using FhirResponse<Observation> readResponse = await tempClient.ReadAsync<Observation>(ResourceType.Observation, createdResource.Id);
Observation readResource = readResponse.Resource;
@ -196,22 +196,22 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithNoExportPermissions_WhenExportResources_TheServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
FhirClientException fhirException = await Assert.ThrowsAsync<FhirClientException>(async () => await tempClient.ExportAsync());
Assert.StartsWith(ForbiddenMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode);
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenAUserWithExportPermissions_WhenExportResources_TheServerShouldReturnSuccess()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ExportUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ExportUser);
Uri contentLocation = await tempClient.ExportAsync();
await tempClient.CancelExport(contentLocation);
@ -223,7 +223,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
{
Skip.IfNot(_convertDataEnabled);
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
var parameters = Samples.GetDefaultConvertDataParameter().ToPoco<Parameters>();
@ -236,7 +236,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
{
Skip.IfNot(_convertDataEnabled);
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ConvertDataUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ConvertDataUser);
var parameters = Samples.GetDefaultConvertDataParameter().ToPoco<Parameters>();
var response = await tempClient.ConvertDataAsync(parameters);
@ -245,62 +245,62 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
Assert.NotEmpty(result);
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenUserWithNoProfileAdminPermission_WhenCreateProfileDefinitionResource_ThenServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.CreateAsync<ValueSet>(resource));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenUserWithNoProfileAdminPermission_WhenUpdateProfileDefinitionResource_ThenServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.UpdateAsync<ValueSet>(resource));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenUserWithNoProfileAdminPermission_WhenConditionalCreateProfileDefinitionResource_ThenServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.CreateAsync<ValueSet>(resource, "identifier=boo"));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenUserWithNoProfileAdminPermission_WhenConditionalUpdateProfileDefinitionResource_ThenServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
var weakETag = "W/\"identifier=boo\"";
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.UpdateAsync<ValueSet>(resource, weakETag));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenUserWithNoProfileAdminPermission_WhenDeleteProfileDefinitionResource_ThenServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadWriteUser);
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
await RunRequestsSupposedToFailWithForbiddenAccessAsync(async () => await tempClient.DeleteAsync<ValueSet>(resource));
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task GivenUserWithProfileAdminPermission_WhenCUDActionOnProfileDefinitionResource_ThenServerShouldReturnOk()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.AdminUser);
var resource = Samples.GetJsonSample("ValueSet").ToPoco<ValueSet>();
var valueSetResponse = await tempClient.CreateAsync<ValueSet>(resource);
Assert.Equal(HttpStatusCode.Created, valueSetResponse.Response.StatusCode);

Просмотреть файл

@ -153,14 +153,15 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
BundleTestsUtil.ValidateOperationOutcome(resourceAfterPostingSameBundle.Entry[9].Response.Status, resourceAfterPostingSameBundle.Entry[9].Response.Outcome as OperationOutcome, _statusCodeMap[HttpStatusCode.NotFound], "Resource type 'Patient' with id '12334' couldn't be found.", IssueType.NotFound);
}
[SkippableTheory(Skip = "Auth Refactoring")]
[Theory]
[Trait(Traits.Priority, Priority.One)]
[Trait(Traits.Category, Categories.Authorization)]
[InlineData(FhirBundleProcessingLogic.Parallel)]
[InlineData(FhirBundleProcessingLogic.Sequential)]
[Trait(Traits.Category, Categories.Authorization)]
public async Task GivenAValidBundleWithReadonlyUser_WhenSubmittingABatch_ThenForbiddenAndOutcomeIsReturned(FhirBundleProcessingLogic processingLogic)
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
Bundle requestBundle = Samples.GetDefaultBatch().ToPoco<Bundle>();
using FhirResponse<Bundle> fhirResponse = await tempClient.PostBundleAsync(requestBundle, new FhirBundleOptions() { BundleProcessingLogic = processingLogic });

Просмотреть файл

@ -165,12 +165,12 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest
ValidateOperationOutcome(expectedDiagnostics, expectedCodeType, fhirException.OperationOutcome);
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Priority, Priority.One)]
[Trait(Traits.Category, Categories.Authorization)]
public async Task GivenAValidBundleWithForbiddenUser_WhenSubmittingATransaction_ThenOperationOutcomeWithForbiddenStatusIsReturned()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
var id = Guid.NewGuid().ToString();
var bundleAsString = Samples.GetJson("Bundle-TransactionWithValidBundleEntry");

Просмотреть файл

@ -49,7 +49,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
}
_metricHandler?.ResetCount();
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.BulkImportUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.BulkImportUser);
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
patientNdJsonResource = Regex.Replace(patientNdJsonResource, "##PatientID##", m => Guid.NewGuid().ToString("N"));
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);

Просмотреть файл

@ -261,12 +261,12 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
}
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Category, Categories.Authorization)]
public async Task GivenAUserWithoutImportPermissions_WhenImportData_ThenServerShouldReturnForbidden_WithNoImportNotification()
{
_metricHandler?.ResetCount();
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);
@ -420,14 +420,14 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
return ndJson;
}
[SkippableTheory(Skip = "Auth Refactoring")]
[Theory]
[InlineData(true)]
[InlineData(false)]
[Trait(Traits.Category, Categories.Authorization)]
public async Task GivenAUserWithImportPermissions_WhenImportData_TheServerShouldReturnSuccess(bool setResourceType)
{
_metricHandler?.ResetCount();
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.BulkImportUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.BulkImportUser);
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
patientNdJsonResource = Regex.Replace(patientNdJsonResource, "##PatientID##", m => Guid.NewGuid().ToString("N"));
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);
@ -449,11 +449,11 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Import
}
}
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
[Trait(Traits.Category, Categories.Authorization)]
public async Task GivenAUserWithoutImportPermissions_WhenImportData_ThenServerShouldReturnForbidden()
{
TestFhirClient tempClient = _client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
TestFhirClient tempClient = _client.CreateClientForClientApplication(TestApplications.ReadOnlyUser);
string patientNdJsonResource = Samples.GetNdJson("Import-Patient");
(Uri location, string etag) = await ImportTestHelper.UploadFileAsync(patientNdJsonResource, _fixture.StorageAccount);

Просмотреть файл

@ -265,7 +265,7 @@ namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Search
}
[HttpIntegrationFixtureArgumentSets(DataStore.CosmosDb, Format.Json)]
[SkippableFact(Skip = "Auth Refactoring")]
[Fact]
public async Task GivenANonSelectiveChainingQueryInCosmosDb_WhenSearched_ThenAnErrorShouldBeThrown()
{
string query = $"subject:Patient.gender=male";

Просмотреть файл

@ -1,5 +1,7 @@
{
"users": [
],
"clientApplications": [
{
"id": "globalReaderUser",
"roles": [
@ -35,9 +37,7 @@
"roles": [
"globalAdmin"
]
}
],
"clientApplications": [
},
{
"id": "globalAdminServicePrincipal",
"roles": [