diff --git a/fence/sync/sync_users.py b/fence/sync/sync_users.py index 6c1375a88..4e1f5de69 100644 --- a/fence/sync/sync_users.py +++ b/fence/sync/sync_users.py @@ -1074,8 +1074,8 @@ def _update_arborist(self, session, user_yaml): policies = user_yaml.rbac.get("policies", []) for policy in policies: try: - response = self.arborist_client.create_policy( - policy, skip_if_exists=True + response = self.arborist_client.update_policy( + policy["id"], policy, create_if_not_exist=True ) if response: self._created_policies.add(policy["id"]) @@ -1190,14 +1190,15 @@ def _update_authz_in_arborist(self, session, user_projects, user_yaml=None): policy_id = _format_policy_id(path, permission) if policy_id not in self._created_policies: try: - self.arborist_client.create_policy( + self.arborist_client.update_policy( + policy_id, { "id": policy_id, "description": "policy created by fence sync", "role_ids": [permission], "resource_paths": [path], }, - skip_if_exists=True, + create_if_not_exist=True, ) except ArboristError as e: self.logger.info( diff --git a/requirements.txt b/requirements.txt index 5038f6be4..d57951f51 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,7 +15,7 @@ Flask-CORS==3.0.3 Flask_OAuthlib==0.9.4 flask-restful==0.3.6 Flask_SQLAlchemy_Session==1.1 -gen3authz==0.2.1 +gen3authz==0.2.2 gen3config==0.1.7 gen3cirrus==1.1.1 gen3users diff --git a/tests/conftest.py b/tests/conftest.py index 1f5d9b635..e777c379b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -194,44 +194,31 @@ def do_patch(urls_to_responses=None): defaults.update(urls_to_responses) urls_to_responses = defaults - def make_mock_response(method): - def response(url, *args, **kwargs): - mocked_response = MagicMock(requests.Response) - if url not in urls_to_responses: - mocked_response.status_code = 404 - return mocked_response - if method not in urls_to_responses[url]: - mocked_response.status_code = 405 - return mocked_response + def response_for(method, url, *args, **kwargs): + method = method.upper() + mocked_response = MagicMock(requests.Response) + if url not in urls_to_responses: + mocked_response.status_code = 404 + mocked_response.text = "NOT FOUND" + elif method not in urls_to_responses[url]: + mocked_response.status_code = 405 + mocked_response.text = "METHOD NOT ALLOWED" + else: content, code = urls_to_responses[url][method] mocked_response.status_code = code if isinstance(content, dict): mocked_response.json.return_value = content - return mocked_response - - return response - - mocked_get = MagicMock(side_effect=make_mock_response("GET")) - mocked_post = MagicMock(side_effect=make_mock_response("POST")) - mocked_delete = MagicMock(side_effect=make_mock_response("DELETE")) + else: + mocked_response.text = content + return mocked_response - patch_get = mock.patch( - "gen3authz.client.arborist.client.requests.get", mocked_get + mocked_method = MagicMock(side_effect=response_for) + patch_method = mock.patch( + "gen3authz.client.arborist.client.requests.request", mocked_method ) - patch_post = mock.patch( - "gen3authz.client.arborist.client.requests.post", mocked_post - ) - patch_delete = mock.patch( - "gen3authz.client.arborist.client.requests.delete", mocked_delete - ) - - patch_get.start() - patch_post.start() - patch_delete.start() - request.addfinalizer(patch_get.stop) - request.addfinalizer(patch_post.stop) - request.addfinalizer(patch_delete.stop) + patch_method.start() + request.addfinalizer(patch_method.stop) return do_patch diff --git a/tests/data/test_data.py b/tests/data/test_data.py index 7ed50154e..f13746583 100644 --- a/tests/data/test_data.py +++ b/tests/data/test_data.py @@ -493,8 +493,8 @@ def json(self): } ) data_requests.post.return_value.status_code = 200 - arborist_requests.post.return_value = MockResponse({"auth": True}) - arborist_requests.post.return_value.status_code = 200 + arborist_requests.request.return_value = MockResponse({"auth": True}) + arborist_requests.request.return_value.status_code = 200 headers = { "Authorization": "Bearer " + encoded_creds_jwt.jwt, "Content-Type": "application/json", @@ -755,8 +755,8 @@ def json(self): ) with data_requests_mocker as data_requests, arborist_requests_mocker as arborist_requests: # pretend arborist says "no" - arborist_requests.post.return_value = MockResponse({"auth": False}) - arborist_requests.post.return_value.status_code = 200 + arborist_requests.request.return_value = MockResponse({"auth": False}) + arborist_requests.request.return_value.status_code = 200 headers = { "Authorization": "Bearer " + encoded_creds_jwt.jwt, "Content-Type": "application/json", @@ -843,8 +843,8 @@ def json(self): } ) data_requests.post.return_value.status_code = 200 - arborist_requests.post.return_value = MockResponse({"auth": True}) - arborist_requests.post.return_value.status_code = 200 + arborist_requests.request.return_value = MockResponse({"auth": True}) + arborist_requests.request.return_value.status_code = 200 fence.blueprints.data.indexd.BlankIndex.init_multipart_upload.return_value = ( "test_uploadId" ) @@ -898,8 +898,8 @@ def json(self): } ) data_requests.post.return_value.status_code = 200 - arborist_requests.post.return_value = MockResponse({"auth": True}) - arborist_requests.post.return_value.status_code = 200 + arborist_requests.request.return_value = MockResponse({"auth": True}) + arborist_requests.request.return_value.status_code = 200 fence.blueprints.data.indexd.BlankIndex.generate_aws_presigned_url_for_part.return_value = ( "test_presigned" ) @@ -945,8 +945,8 @@ def json(self): } ) data_requests.post.return_value.status_code = 200 - arborist_requests.post.return_value = MockResponse({"auth": True}) - arborist_requests.post.return_value.status_code = 200 + arborist_requests.request.return_value = MockResponse({"auth": True}) + arborist_requests.request.return_value.status_code = 200 fence.blueprints.data.indexd.BlankIndex.generate_aws_presigned_url_for_part.return_value = ( "test_presigned" )