fix(mock-authz): running locally does not require auth header (#156)

Author: paulineribeyre

bin/setup_psqlgraph.py

@@ -98,7 +98,7 @@ def create_indexes(host, user, password, database):
     index = lambda t, c: ["CREATE INDEX ON {} ({})".format(t, x) for x in c]
     for scls in Node.get_subclasses():
         tablename = scls.__tablename__
-        list(map(engine.execute, index(tablename, ["node_id",])))
+        list(map(engine.execute, index(tablename, ["node_id"])))
         list(
             map(
                 engine.execute,
@@ -113,7 +113,7 @@ def create_indexes(host, user, password, database):
         list(
             map(
                 engine.execute,
-                index(scls.__tablename__, ["src_id", "dst_id", "dst_id, src_id",]),
+                index(scls.__tablename__, ["src_id", "dst_id", "dst_id, src_id"]),
             )
         )
 

bin/setup_test_database.py

@@ -11,11 +11,7 @@
 
 import argparse
 
-from setup_psqlgraph import (
-    setup_database,
-    create_tables,
-    create_indexes,
-)
+from setup_psqlgraph import setup_database, create_tables, create_indexes
 
 
 if __name__ == "__main__":

peregrine/api.py

@@ -71,14 +71,10 @@ def db_init(app):
 
 # Set CORS options on app configuration
 def cors_init(app):
-    accepted_headers = [
-        "Content-Type",
-        "X-Requested-With",
-        "X-CSRFToken",
-    ]
+    accepted_headers = ["Content-Type", "X-Requested-With", "X-CSRFToken"]
     CORS(
         app,
-        resources={r"/*": {"origins": "*"},},
+        resources={r"/*": {"origins": "*"}},
         headers=accepted_headers,
         expose_headers=["Content-Disposition"],
     )
@@ -174,11 +170,7 @@ def version():
         "version": pkg_resources.get_distribution("gen3dictionary").version,
         "commit": "",
     }
-    base = {
-        "version": VERSION,
-        "commit": COMMIT,
-        "dictionary": dictver,
-    }
+    base = {"version": VERSION, "commit": COMMIT, "dictionary": dictver}
 
     return jsonify(base), 200
 

peregrine/dev_settings.example.py

@@ -43,10 +43,7 @@
         },
     }
 }
-SUBMISSION = {
-    "bucket": "test_submission",
-    "host": CLEVERSAFE_HOST,
-}
+SUBMISSION = {"bucket": "test_submission", "host": CLEVERSAFE_HOST}
 # Postgres
 PSQLGRAPH = {
     "host": os.getenv("GDC_PG_HOST", "localhost"),

peregrine/dev_settings.py

@@ -50,10 +50,7 @@
         },
     }
 }
-SUBMISSION = {
-    "bucket": "test_submission",
-    "host": CLEVERSAFE_HOST,
-}
+SUBMISSION = {"bucket": "test_submission", "host": CLEVERSAFE_HOST}
 # Postgres
 PSQLGRAPH = {
     "host": os.getenv("GDC_PG_HOST", "localhost"),

peregrine/dictionary.py

@@ -16,14 +16,9 @@
 this_module = sys.modules[__name__]
 
 #: The data dictionary must implement these attributes.
-required_attrs = [
-    "resolvers",
-    "schema",
-]
-
-optional_attrs = [
-    "settings",
-]
+required_attrs = ["resolvers", "schema"]
+
+optional_attrs = ["settings"]
 
 resolvers = None
 schema = None

peregrine/models.py

@@ -24,12 +24,7 @@
 this_module = sys.modules[__name__]
 
 #: The data model must implement these attributes.
-required_attrs = [
-    "Program",
-    "Project",
-    "submission",
-    "VersionedNode",
-]
+required_attrs = ["Program", "Project", "submission", "VersionedNode"]
 
 # These could be assigned programatically, as in:
 #

peregrine/resources/submission/__init__.py

@@ -12,7 +12,7 @@
 import datamodelutils.models as models
 import flask
 
-from peregrine.auth import current_user, get_read_access_projects
+from peregrine.auth import get_read_access_projects
 import peregrine.blueprints
 from peregrine.resources.submission import graphql
 

peregrine/resources/submission/constants.py

@@ -95,15 +95,11 @@ def submitted_state():
 
 #: This is a list of states that an entity must be in to allow
 #: deletion
-ALLOWED_DELETION_STATES = [
-    "validated",
-]
+ALLOWED_DELETION_STATES = ["validated"]
 
 #: This is a list of file_states that a a file must be in to allow
 #: deletion
-ALLOWED_DELETION_FILE_STATES = [
-    submitted_state,
-]
+ALLOWED_DELETION_FILE_STATES = [submitted_state]
 
 
 #: These categories should all have a ``state`` associated with each type
@@ -119,19 +115,15 @@ def submitted_state():
 
 #: Possible entity.state transitions
 #: { to_state: from_state }
-ENTITY_STATE_TRANSITIONS = {
-    "submitted": ["validated", None],
-}
+ENTITY_STATE_TRANSITIONS = {"submitted": ["validated", None]}
 
 #: The key that specifies the high level state that a file is in the
 #: pipeline
 FILE_STATE_KEY = "file_state"
 
 #: Possible data_file.file_state transitions
 #: { to_state: from_state }
-FILE_STATE_TRANSITIONS = {
-    "submitted": ["validated"],
-}
+FILE_STATE_TRANSITIONS = {"submitted": ["validated"]}
 
 #: The auth role required to take action actions
 ROLE_SUBMIT = "release"

peregrine/resources/submission/graphql/counts.py

@@ -7,10 +7,7 @@
 import node_subclass as ns
 from . import transaction
 
-from .base import (
-    assert_type,
-    munge,
-)
+from .base import assert_type, munge
 
 from .util import clean_count
 

peregrine/resources/submission/graphql/node.py

@@ -416,9 +416,7 @@ class Node(graphene.Interface):
     updated_datetime = graphene.String()
 
     # These fields depend on these columns being loaded
-    fields_depend_on_columns = {
-        "project_id": {"program", "code"},
-    }
+    fields_depend_on_columns = {"project_id": {"program", "code"}}
 
 
 def resolve_node(self, info, **args):
@@ -549,7 +547,7 @@ def get_node_class_property_args(cls, not_props_io={}):
         args_not = {}
         args_not.update(get_node_class_property_attrs(cls))
         not_props_io[not_props_io_name] = type(
-            not_props_io_name, (graphene.InputObjectType,), args_not,
+            not_props_io_name, (graphene.InputObjectType,), args_not
         )
         globals()[not_props_io[not_props_io_name].__name__] = not_props_io[
             not_props_io_name
@@ -689,7 +687,7 @@ def get_node_class_special_attrs(cls):
 def get_node_class_link_attrs(cls):
     attrs = {
         name: graphene.List(
-            __name__ + "." + link["type"].label, args=get_node_class_args(link["type"]),
+            __name__ + "." + link["type"].label, args=get_node_class_args(link["type"])
         )
         for name, link in cls._pg_edges.items()
     }
@@ -703,7 +701,7 @@ def resolve__related_cases(self, info, args):
 
         q = with_path_to(
             get_authorized_query(md.Case),
-            {"type": cls.label, "id": self.id,},
+            {"type": cls.label, "id": self.id},
             info,
             name="related_cases",
         )
@@ -735,7 +733,7 @@ def resolve_transaction_logs_count(self, info, **args):
 
     attrs["resolve__transaction_logs_count"] = resolve_transaction_logs_count
     attrs["_transaction_logs_count"] = graphene.Field(
-        graphene.Int, args=transaction.get_transaction_log_args(),
+        graphene.Int, args=transaction.get_transaction_log_args()
     )
 
     def resolve_transaction_logs(self, info, **args):
@@ -744,7 +742,7 @@ def resolve_transaction_logs(self, info, **args):
 
     attrs["resolve__transaction_logs"] = resolve_transaction_logs
     attrs["_transaction_logs"] = graphene.List(
-        transaction.TransactionLog, args=transaction.get_transaction_log_args(),
+        transaction.TransactionLog, args=transaction.get_transaction_log_args()
     )
 
     _links_args = get_node_interface_args()
@@ -948,9 +946,7 @@ def resolver(self, info, cls=cls, gql_object=gql_object, **args):
                 capp.logger.exception(e)
                 raise
 
-        field = graphene.Field(
-            graphene.List(gql_object), args=get_node_class_args(cls),
-        )
+        field = graphene.Field(graphene.List(gql_object), args=get_node_class_args(cls))
 
         res_name = "resolve_{}".format(name)
         resolver.__name__ = res_name
@@ -1062,7 +1058,7 @@ def instantiate_graphene(t):
 
         # add required node fields
         DataNode.shared_fields.update(
-            {"id": graphene.String(), "type": graphene.String(),}
+            {"id": graphene.String(), "type": graphene.String()}
         )
 
     return DataNode.shared_fields
@@ -1085,7 +1081,7 @@ def get_datanode_interface_args():
     args = get_base_node_args()
     args.update(get_datanode_fields_dict())
     args.update(
-        {"of_type": graphene.List(graphene.String), "project_id": graphene.String(),}
+        {"of_type": graphene.List(graphene.String), "project_id": graphene.String()}
     )
     return args
 

peregrine/resources/submission/graphql/transaction.py

@@ -180,9 +180,7 @@ class TransactionDocument(graphene.ObjectType):
     response = graphene.Field(TransactionResponse)
 
     # These fields depend on these columns being loaded
-    fields_depend_on_columns = {
-        "doc_size": {"doc"},
-    }
+    fields_depend_on_columns = {"doc_size": {"doc"}}
 
     @classmethod
     def resolve_doc_size(cls, document, *args, **kwargs):
@@ -224,10 +222,7 @@ class TransactionLog(graphene.ObjectType):
     related_cases = graphene.List(TransactionResponseEntityRelatedCases)
 
     # These fields depend on these columns being loaded
-    fields_depend_on_columns = {
-        "type": {"role"},
-        "project_id": {"project", "program"},
-    }
+    fields_depend_on_columns = {"type": {"role"}, "project_id": {"project", "program"}}
 
     TYPE_MAP = {
         "update": "upload",
@@ -457,8 +452,6 @@ def resolve_transaction_log_count(self, info, **args):
     return q.count()
 
 
-TransactionLogField = graphene.List(TransactionLog, args=get_transaction_log_args(),)
+TransactionLogField = graphene.List(TransactionLog, args=get_transaction_log_args())
 
-TransactionLogCountField = graphene.Field(
-    graphene.Int, args=get_transaction_log_args(),
-)
+TransactionLogCountField = graphene.Field(graphene.Int, args=get_transaction_log_args())

peregrine/resources/submission/graphql/traversal.py

@@ -34,12 +34,7 @@
 # to annotation.
 #
 # See :func:`is_valid_direction` for more details.
-CATEGORY_LEVEL = {
-    "administrative": 0,
-    "biospecimen": 1,
-    "clinical": 1,
-    "data_file": 3,
-}
+CATEGORY_LEVEL = {"administrative": 0, "biospecimen": 1, "clinical": 1, "data_file": 3}
 
 
 def is_valid_direction(node, visited):

peregrine/test_settings.py

@@ -13,10 +13,7 @@
     "user_domain_name": "some_domain",
 }
 
-SUBMISSION = {
-    "bucket": "test_submission",
-    "host": "host",
-}
+SUBMISSION = {"bucket": "test_submission", "host": "host"}
 STORAGE = {"s3": {"keys": {}, "kwargs": {}}}
 STORAGE["s3"]["keys"]["host"] = {"access_key": "fake", "secret_key": "sooper_sekrit"}
 STORAGE["s3"]["kwargs"]["host"] = {}
@@ -34,10 +31,7 @@
 PEREGRINE_PORT = "443"
 
 # Slicing settings
-SLICING = {
-    "host": "localhost",
-    "gencode": "REPLACEME",
-}
+SLICING = {"host": "localhost", "gencode": "REPLACEME"}
 
 FLASK_SECRET_KEY = "flask_test_key"
 

peregrine/utils/scheduling.py

@@ -4,10 +4,7 @@
 import cdispyutils
 
 from peregrine.errors import InternalError
-from peregrine.globals import (
-    ASYNC_MAX_Q_LEN,
-    ERR_ASYNC_SCHEDULING,
-)
+from peregrine.globals import ASYNC_MAX_Q_LEN, ERR_ASYNC_SCHEDULING
 
 logger = cdispyutils.log.get_logger("submission.scheduling")
 
@@ -67,7 +64,7 @@ def grow(self, n_workers):
         started immediately.
         """
         workers = [
-            self.worker_class(target=async_pool_consumer, args=(self.task_queue,),)
+            self.worker_class(target=async_pool_consumer, args=(self.task_queue,))
             for _ in range(n_workers)
         ]
 

run.py

@@ -89,20 +89,24 @@ def run_with_fake_auth():
         new_callable=PropertyMock,
         return_value=lambda: True,
     ), patch(
-        "peregrine.auth.verify_hmac", new=set_user,
+        "peregrine.auth.verify_hmac", new=set_user
     ):
         run_for_development(debug=debug, threaded=True)
 
 
 def run_with_fake_authz():
     """
-    Mocks arborist calls.
+    By mocking `get_read_access_projects`, we avoid checking the
+    Authorization header and access token, and avoid making arborist
+    calls to fetch a list of authorized resources.
     """
-    auth_mapping = {}  # modify this to mock specific access
+    # `user_projects` contains a list of `project_id`s (in format
+    # "<program.name>-<project.code>") the user has access to.
+    # Update it to mock specific access:
+    user_projects = []
     with patch(
-        "gen3authz.client.arborist.client.ArboristClient.auth_mapping",
-        new_callable=PropertyMock,
-        return_value=lambda x: auth_mapping,
+        "peregrine.resources.submission.get_read_access_projects",
+        return_value=user_projects,
     ):
         run_for_development(debug=debug, threaded=True)