force caching off during test-thredds requests to allow subsequent permission-update/access-requests

fmigneault · fmigneault · commit 35c5a4247d15 · 2021-08-11T14:43:08.000-04:00
diff --git a/notebooks-auth/test_thredds.ipynb b/notebooks-auth/test_thredds.ipynb
@@ -29,7 +29,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 10,
+   "execution_count": 1,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -56,15 +56,15 @@
     "import requests\n",
     "print(\"Setup configuration parameters...\")\n",
     "\n",
-    "PAVICS_HOST = os.getenv(\"PAVICS_HOST\", \"pavics.ouranos.ca\").rstrip(\"/\")\n",
+    "PAVICS_HOST = (os.getenv(\"PAVICS_HOST\") or \"pavics.ouranos.ca\").rstrip(\"/\")\n",
     "if not PAVICS_HOST:\n",
     "    raise ValueError(\"Cannot run test without a PAVICS_HOST value.\")\n",
     "\n",
     "PAVICS_URL = \"https://{}\".format(PAVICS_HOST)\n",
     "VERIFY_SSL = True if \"DISABLE_VERIFY_SSL\" not in os.environ else False\n",
-    "MAGPIE_URL = os.getenv(\"MAGPIE_URL\", PAVICS_URL + \"/magpie\")\n",
+    "MAGPIE_URL = os.getenv(\"MAGPIE_URL\") or (PAVICS_URL + \"/magpie\")\n",
     "TWITCHER_PROXY = \"/twitcher/ows/proxy\"\n",
-    "TWITCHER_URL = os.getenv(\"TWITCHER_URL\", PAVICS_URL + TWITCHER_PROXY)\n",
+    "TWITCHER_URL = os.getenv(\"TWITCHER_URL\") or (PAVICS_URL + TWITCHER_PROXY)\n",
     "THREDDS_SERVICE = \"thredds\"\n",
     "THREDDS_URL = \"{}/{}\".format(TWITCHER_URL, THREDDS_SERVICE)\n",
     "\n",
@@ -76,6 +76,13 @@
     "TEST_MAGPIE_ADMIN_PASSWORD = os.getenv(\"TEST_MAGPIE_ADMIN_PASSWORD\")\n",
     "if not TEST_MAGPIE_ADMIN_USERNAME or not TEST_MAGPIE_ADMIN_PASSWORD:\n",
     "    raise ValueError(\"Missing test admin credentials to run tests.\")\n",
+    "    \n",
+    "TEST_GROUP_NAME = os.getenv(\"TEST_MAGPIE_THREDDS_GROUP\") or \"test-auth-{!s}\".format(uuid.uuid4())\n",
+    "TEST_USER_NAME = os.getenv(\"TEST_MAGPIE_THREDDS_USERNAME\") or \"test-user-{!s}\".format(uuid.uuid4())\n",
+    "# password must not be displayed to keep minimal obfuscation\n",
+    "#   since test user name will be logged, and eventually receive slightly more access than 'anonymous',\n",
+    "#   don't give a chance for anyone to guess the credentials\n",
+    "TEST_USER_PWD = os.getenv(\"TEST_MAGPIE_THREDDS_PASSWORD\") or str(uuid.uuid4())\n",
     "\n",
     "print(\"  Will use Magpie URL:   [{}]\".format(MAGPIE_URL))\n",
     "print(\"  Will use Twitcher URL: [{}]\".format(TWITCHER_URL))\n",
@@ -118,7 +125,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 11,
+   "execution_count": 2,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -180,7 +187,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 12,
+   "execution_count": 3,
    "metadata": {
     "collapsed": false,
     "jupyter": {
@@ -194,12 +201,6 @@
    "source": [
     "# NBVAL_IGNORE_OUTPUT\n",
     "\n",
-    "TEST_GROUP_NAME = os.getenv(\"TEST_MAGPIE_THREDDS_GROUP\", \"test-auth-{!s}\".format(uuid.uuid4()))\n",
-    "TEST_USER_NAME = os.getenv(\"TEST_MAGPIE_THREDDS_USERNAME\", \"test-user-{!s}\".format(uuid.uuid4()))\n",
-    "# password must not be displayed to keep minimal obfuscation\n",
-    "#   since test user name will be logged, and eventually receive slightly more access than 'anonymous',\n",
-    "#   don't give a chance for anyone to guess the credentials\n",
-    "TEST_USER_PWD = os.getenv(\"TEST_MAGPIE_THREDDS_PASSWORD\", str(uuid.uuid4()))\n",
     "CLEANUP_CALLED = False\n",
     "\n",
     "def cleanup_test_data(skip_fail=True):\n",
@@ -251,7 +252,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 13,
+   "execution_count": 4,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -263,8 +264,8 @@
      "output_type": "stream",
      "text": [
       "Create test group and test user... \n",
-      "  Will use TEST_USER_NAME:  [test-birdhouse-thredds]\n",
-      "  Will use TEST_GROUP_NAME: [test-auth-300e787d-b83d-4e0b-ab20-1dea33062f78]\n",
+      "  Will use TEST_USER_NAME:  [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
+      "  Will use TEST_GROUP_NAME: [test-auth-113a7553-cc63-4309-9419-5d8f1ac3fb2e]\n",
       "Creation: OK\n"
      ]
     }
@@ -312,7 +313,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 14,
+   "execution_count": 5,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -412,7 +413,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 15,
+   "execution_count": 6,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -466,15 +467,19 @@
     "\n",
     "Only public resources will be accessible by anyone. Therefore, anything under `secure` directory will be blocked to both the anonymous identify (no user logged in), and the specific test user. Being logged in as the test user does not provide any more access at this point than simply not being logged in at all.\n",
     "\n",
-    "#### **Note**\n",
+    "#### **Note 1**\n",
     "\n",
     "Resources allowed/denied access result could differ if `thredds` is not correctly configured since custom configuration is effective.\n",
-    "If errors occur, make sure that `configuration` settings from `GET {MAGPIE_URL}/services/thredds` response correspond to `configuration` definition under the corresponding service applied onto the server from: https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/magpie/providers.cfg.template\n"
+    "If errors occur, make sure that `configuration` settings from `GET {MAGPIE_URL}/services/thredds` response correspond to `configuration` definition under the corresponding service applied onto the server from: https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/magpie/providers.cfg.template\n",
+    "\n",
+    "#### **Note 2**\n",
+    "\n",
+    "Because permissions are applied onto Magpie and are resolved for access by Twitcher instead, any active caching of older requests is not yet synchronized on Twitcher side right after the permission update on Magpie side (caches are not shared, and therefore not invalidated on permission update). Following requests to the same resources (within the caching expiration delay) will hit the cached response triggered by the access during the previous requests. New permissions resolution will not be effective until the cache expires. For this reason, we explicitly ask (via request headers) to ignore caches during those resource access requests to bypass the synchronization problem. Caching is not a critical component performance-wise for one-shot requests, and can be safely disabled for this test. \n"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 16,
+   "execution_count": 7,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -518,32 +523,32 @@
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/catalog.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/testdata/catalog.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/testdata/secure/catalog.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [403]\n",
       "  Access:   [Denied]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/fileServer/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [403]\n",
       "  Access:   [Denied]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/ncml/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [403]\n",
       "  Access:   [Denied]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/dodsC/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [403]\n",
       "  Access:   [Denied]\n",
       "Detail:\n",
@@ -594,8 +599,9 @@
     "\n",
     "\n",
     "def has_access(resource_path, user_cookies, user_name):\n",
+    "    _header_ignore_cache = {\"Cache-Control\": \"no-cache\"}\n",
     "    _path = \"{}/{}\".format(THREDDS_URL, resource_path)\n",
-    "    _resp = requests.get(_path, verify=VERIFY_SSL, cookies=user_cookies)\n",
+    "    _resp = requests.get(_path, verify=VERIFY_SSL, cookies=user_cookies, headers=_header_ignore_cache)\n",
     "    _code = _resp.status_code\n",
     "    if _code in [200, 401, 403]:\n",
     "        is_allowed = _code == 200\n",
@@ -654,13 +660,14 @@
     "\n",
     "Anonymous user will still not have access to resources under `secure` as its is not a member of the test group.\n",
     "\n",
-    "**Note**:\n",
-    "What defines an endpoint to require `browse` vs `read` access is according to THREDDS service configuration in Magpie (see previous cell Note)."
+    "#### **Note**\n",
+    "\n",
+    "What defines an endpoint to require `browse` vs `read` access is according to THREDDS service configuration in Magpie (see previous cell Note).\n"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 18,
+   "execution_count": 8,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -673,32 +680,32 @@
      "text": [
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/catalog.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/testdata/catalog.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/testdata/secure/catalog.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/ncml/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/fileServer/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [403]\n",
       "  Access:   [Denied]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/dodsC/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc.html]\n",
-      "  User:     [test-birdhouse-thredds]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [403]\n",
       "  Access:   [Denied]\n",
       "Detail:\n",
@@ -769,7 +776,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 42,
+   "execution_count": 9,
    "metadata": {
     "pycharm": {
      "name": "#%%\n"
@@ -782,32 +789,32 @@
      "text": [
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/catalog.html]\n",
-      "  User:     [test-user-7f51bcf6-81d4-4931-aa37-ec2b15af5141]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/testdata/catalog.html]\n",
-      "  User:     [test-user-7f51bcf6-81d4-4931-aa37-ec2b15af5141]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/catalog/birdhouse/testdata/secure/catalog.html]\n",
-      "  User:     [test-user-7f51bcf6-81d4-4931-aa37-ec2b15af5141]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/ncml/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc]\n",
-      "  User:     [test-user-7f51bcf6-81d4-4931-aa37-ec2b15af5141]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/fileServer/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc]\n",
-      "  User:     [test-user-7f51bcf6-81d4-4931-aa37-ec2b15af5141]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
       "  Resource: [http://localhost:8001/ows/proxy/thredds/dodsC/birdhouse/testdata/secure/tasmax_Amon_MPI-ESM-MR_rcp45_r2i1p1_200601-200612.nc.html]\n",
-      "  User:     [test-user-7f51bcf6-81d4-4931-aa37-ec2b15af5141]\n",
+      "  User:     [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]\n",
       "  Code:     [200]\n",
       "  Access:   [Allowed]\n",
       "Detail:\n",
@@ -871,7 +878,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 19,
+   "execution_count": 10,
    "metadata": {
     "collapsed": false,
     "jupyter": {
@@ -886,7 +893,8 @@
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "WARNING - Skipping test data cleanup because of TEST_MAGPIE_DISABLE_CLEANUP option!\n",
+      "Cleanup of TEST_USER_NAME [test-user-58ec4722-afcd-4f90-95a9-3ccee8dc162b]: OK\n",
+      "Cleanup of TEST_GROUP_NAME [test-auth-113a7553-cc63-4309-9419-5d8f1ac3fb2e]: OK\n",
       "All tests: OK\n"
      ]
     }
@@ -901,8 +909,10 @@
    ]
   },
   {
-   "cell_type": "markdown",
+   "cell_type": "code",
+   "execution_count": null,
    "metadata": {},
+   "outputs": [],
    "source": []
   }
  ],
