fix: add method to get new token for adv tests (#638)

* Add Raymond Test

* Add env w/ studies provisioning test case and support for env type configurations

* Use MatchObject matcher and improve test descriptions

* bug: multiple workflows provisioning

* Add polling utility function and termination code for workspaces

* chore: fix linting errors

* Add delay between api call and polling

* Move terminate workflow code to support file

* Add verify study permissions test for EC2Linux

* Fix import statement in resource file

* Add node-ssh package

* Update pnpm lock file

* Fix linting errors

* Add external study to config

* fix: Add more cleanup to adv int tests

* fix: Rename externalStudy to byobStudy

* fix: emrConfigId name update

* chore: empty commit to fix mainline protection

* fix: Comment out adv tests to debug

* fix: correct default ui timeout

* fix: remove adv test file

* fix: refresh token in tests that start workflows

* feat: add method to get new token

* feat: add new token method to other tests that poll workflows

* fix: remove debug line

* fix: uncomment sleep import

* chore: empty commit to fix mainline protection

* chore: remove debug new-token

* chore: remove console logs

Co-authored-by: Raymond Yu <raymyu@amazon.com>
Co-authored-by: Sanket Dharwadkar <sdharwad@amazon.com>

main/integration-tests/__test__/advanced-tests/study-permissions/verify-linux-study-permissions.test.js

@@ -0,0 +1,221 @@
+/*
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License").
+ *  You may not use this file except in compliance with the License.
+ *  A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ *  or in the "license" file accompanying this file. This file is distributed
+ *  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *  express or implied. See the License for the specific language governing
+ *  permissions and limitations under the License.
+ */
+const { sleep } = require('@aws-ee/base-services/lib/helpers/utils');
+const { NodeSSH } = require('node-ssh');
+const { mountStudies, readWrite } = require('../../../support/complex/run-shell-command');
+const { runSetup } = require('../../../support/setup');
+const { getIdToken } = require('../../../support/utils/id-token');
+
+describe('EC2 Linux scenarios', () => {
+  let setup;
+  let ssh;
+  // Obtains new global token to prevent mid-test expiration
+  async function newToken() {
+    const content = setup.settings.content;
+    setup.settings.content.adminIdToken = await getIdToken({
+      username: content.username,
+      password: content.password,
+      apiEndpoint: content.apiEndpoint,
+      authenticationProviderId: content.authenticationProviderId,
+    });
+  }
+  async function testSetup() {
+    const adminSession = await setup.createAdminSession();
+    const admin2Session = await setup.createAdminSession();
+    await newToken();
+    const keyPair = await admin2Session.resources.keyPairs.create();
+    return { adminSession, admin2Session, keyPair };
+  }
+
+  beforeAll(async () => {
+    setup = await runSetup();
+    ssh = new NodeSSH();
+    jest.retryTimes(0);
+  });
+  afterAll(async () => {
+    await newToken();
+    await setup.cleanup();
+  });
+
+  describe('Updates to mounted study permissions', () => {
+    it('should propagate for Org Study', async () => {
+      const { adminSession, admin2Session, keyPair } = await testSetup();
+      const studyId = setup.gen.string({ prefix: `create-org-study-test` });
+      await adminSession.resources.studies.create({ id: studyId, name: studyId, category: 'Organization' });
+      await adminSession.resources.studies
+        .study(studyId)
+        .propagatePermission(admin2Session, ['admin', 'readwrite'], []);
+
+      const workspaceName = setup.gen.string({ prefix: 'workspace-sc-test' });
+
+      const env = await admin2Session.resources.workspaceServiceCatalogs.create({
+        name: workspaceName,
+        envTypeId: setup.defaults.envTypes.ec2Linux.envTypeId,
+        envTypeConfigId: setup.defaults.envTypes.ec2Linux.envTypeConfigId,
+        studyIds: [studyId],
+        description: 'test',
+        projectId: setup.defaults.project.id,
+        cidr: '0.0.0.0/0',
+      });
+      // Poll until workspace is provisioned
+      await sleep(2000);
+      await adminSession.resources.workflows
+        .versions('wf-provision-environment-sc')
+        .version(1)
+        .findAndPollWorkflow(env.id, 10000, 48);
+
+      // Connect to workspace
+      const networkInfo = await admin2Session.resources.workspaceServiceCatalogs
+        .workspaceServiceCatalog(env.id) // env.id
+        .connections()
+        .connection('id-1')
+        .sendSshPublicKey({ keyPairId: keyPair.id });
+
+      await ssh.connect({
+        host: networkInfo.networkInterfaces[0].publicDnsName,
+        username: 'ec2-user',
+        privateKey: keyPair.privateKey,
+      });
+
+      // Mount studies
+      let output;
+      output = await mountStudies(ssh, studyId);
+
+      // Readwrite permission level
+      output = await readWrite(ssh, studyId);
+      expect(output.stdout).toEqual(expect.stringMatching(/ec2-user 20/));
+
+      // Admin permission level
+      await adminSession.resources.studies.study(studyId).propagatePermission(admin2Session, ['admin'], ['readwrite']);
+      output = await readWrite(ssh, studyId);
+      expect(output.stderr).toEqual(expect.stringMatching(/write error: Permission denied/));
+
+      // Readonly permission level
+      await adminSession.resources.studies.study(studyId).propagatePermission(admin2Session, ['readonly'], ['admin']);
+      output = await readWrite(ssh, studyId);
+      expect(output.stderr).toEqual(expect.stringMatching(/write error: Permission denied/));
+
+      // None permission level
+      await adminSession.resources.studies.study(studyId).propagatePermission(admin2Session, [], ['readonly']);
+      output = await readWrite(ssh, studyId);
+      expect(output.stderr).toEqual(expect.stringMatching(/reading directory .: Permission denied/));
+
+      await ssh.dispose();
+      await newToken();
+      await setup.cleanup();
+    });
+
+    it('should propagate for BYOB Study', async () => {
+      const { adminSession, admin2Session, keyPair } = await testSetup();
+      const externalStudy = setup.defaults.byobStudy;
+      const workspaceName = setup.gen.string({ prefix: 'workspace-sc-test' });
+      await adminSession.resources.studies.study(externalStudy).propagatePermission(admin2Session, ['readwrite'], []);
+
+      const env = await admin2Session.resources.workspaceServiceCatalogs.create({
+        name: workspaceName,
+        envTypeId: setup.defaults.envTypes.ec2Linux.envTypeId,
+        envTypeConfigId: setup.defaults.envTypes.ec2Linux.envTypeConfigId,
+        studyIds: [externalStudy],
+        description: 'test',
+        projectId: setup.defaults.project.id,
+        cidr: '0.0.0.0/0',
+      });
+      // Poll until workspace is provisioned
+      await sleep(2000);
+      await adminSession.resources.workflows
+        .versions('wf-provision-environment-sc')
+        .version(1)
+        .findAndPollWorkflow(env.id, 10000, 48);
+      // Connect to workspace
+      const networkInfo = await admin2Session.resources.workspaceServiceCatalogs
+        .workspaceServiceCatalog(env.id) // env.id
+        .connections()
+        .connection('id-1')
+        .sendSshPublicKey({ keyPairId: keyPair.id });
+
+      await ssh.connect({
+        host: networkInfo.networkInterfaces[0].publicDnsName,
+        username: 'ec2-user',
+        privateKey: keyPair.privateKey,
+      });
+
+      // Mount studies
+      let output;
+      output = await mountStudies(ssh, externalStudy);
+      // console.log(`STDOUT:\n${output.stdout}\n\nSTDERR:\n${output.stderr}`);
+
+      // Readwrite permission level
+      output = await readWrite(ssh, externalStudy);
+      expect(output.stdout).toEqual(expect.stringMatching(/ec2-user 20/));
+
+      // Readonly permission level
+      await adminSession.resources.studies
+        .study(externalStudy)
+        .propagatePermission(admin2Session, ['readonly'], ['readwrite']);
+      output = await readWrite(ssh, externalStudy);
+      expect(output.stderr).toEqual(expect.stringMatching(/reading directory .: Permission denied/));
+
+      await ssh.dispose();
+      // Removes user permission
+      await adminSession.resources.studies.study(externalStudy).propagatePermission(admin2Session, [], ['readonly']);
+      await newToken();
+      await setup.cleanup();
+    });
+  });
+
+  describe('Confirm study permissions', () => {
+    it('should pass for My Study', async () => {
+      const { adminSession, admin2Session, keyPair } = await testSetup();
+      const studyId = setup.gen.string({ prefix: `create-my-study-test` });
+      await admin2Session.resources.studies.create({ id: studyId, name: studyId, category: 'My Studies' });
+
+      const workspaceName = setup.gen.string({ prefix: 'workspace-sc-test' });
+      const env = await admin2Session.resources.workspaceServiceCatalogs.create({
+        name: workspaceName,
+        envTypeId: setup.defaults.envTypes.ec2Linux.envTypeId,
+        envTypeConfigId: setup.defaults.envTypes.ec2Linux.envTypeConfigId,
+        studyIds: [studyId],
+        description: 'test',
+        projectId: setup.defaults.project.id,
+        cidr: '0.0.0.0/0',
+      });
+
+      // Poll until workspace is provisioned
+      await sleep(2000);
+      await adminSession.resources.workflows
+        .versions('wf-provision-environment-sc')
+        .version(1)
+        .findAndPollWorkflow(env.id, 10000, 48);
+
+      // Connect to workspace
+      const networkInfo = await admin2Session.resources.workspaceServiceCatalogs
+        .workspaceServiceCatalog(env.id) // env.id
+        .connections()
+        .connection('id-1')
+        .sendSshPublicKey({ keyPairId: keyPair.id });
+
+      await ssh.connect({
+        host: networkInfo.networkInterfaces[0].publicDnsName,
+        username: 'ec2-user',
+        privateKey: keyPair.privateKey,
+      });
+
+      const output = await mountStudies(ssh, studyId);
+      expect(output.stdout).toEqual(expect.stringMatching(/output.txt/));
+      await newToken();
+      await setup.cleanup();
+    });
+  });
+});

main/integration-tests/__test__/api-tests/workflows/get-workflow-instances.test.js

@@ -17,15 +17,28 @@ const _ = require('lodash');
 
 const { runSetup } = require('../../../support/setup');
 const errorCode = require('../../../support/utils/error-code');
+const { getIdToken } = require('../../../support/utils/id-token');
 
 describe('Get workflow instances scenarios', () => {
   let setup;
   let adminSession;
   let workflow;
   let instanceId;
 
+  async function newToken() {
+    const content = setup.settings.content;
+    setup.settings.content.adminIdToken = await getIdToken({
+      username: content.username,
+      password: content.password,
+      apiEndpoint: content.apiEndpoint,
+      authenticationProviderId: content.authenticationProviderId,
+    });
+  }
+
   beforeAll(async () => {
     setup = await runSetup();
+    await newToken();
+
     adminSession = await setup.defaultAdminSession();
     const workflowId = setup.gen.string({ prefix: 'get-wf-instances-test' });
     workflow = await adminSession.resources.workflows.versions(workflowId).create();
@@ -41,6 +54,7 @@ describe('Get workflow instances scenarios', () => {
   });
 
   afterAll(async () => {
+    await newToken();
     await setup.cleanup();
   });
 

main/integration-tests/__test__/api-tests/workspace-service-catalogs/create-workspace-service-catalog.test.js

@@ -14,7 +14,7 @@
  *  permissions and limitations under the License.
  */
 
-// const { sleep } = require('@aws-ee/base-services/lib/helpers/utils');
+const { sleep } = require('@aws-ee/base-services/lib/helpers/utils');
 const { runSetup } = require('../../../support/setup');
 const {
   createWorkspaceTypeAndConfiguration,
@@ -24,21 +24,33 @@ const {
   deleteDefaultServiceCatalogProduct,
 } = require('../../../support/complex/default-integration-test-product');
 const errorCode = require('../../../support/utils/error-code');
+const { getIdToken } = require('../../../support/utils/id-token');
 
 describe('Create workspace-service-catalog scenarios', () => {
   let setup;
   let adminSession;
   let productInfo;
-
+  async function newToken() {
+    const content = setup.settings.content;
+    setup.settings.content.adminIdToken = await getIdToken({
+      username: content.username,
+      password: content.password,
+      apiEndpoint: content.apiEndpoint,
+      authenticationProviderId: content.authenticationProviderId,
+    });
+  }
   beforeAll(async () => {
     setup = await runSetup();
+    await newToken();
+
     adminSession = await setup.defaultAdminSession();
     productInfo = await createDefaultServiceCatalogProduct(setup);
     jest.retryTimes(1);
   });
 
   afterAll(async () => {
     await deleteDefaultServiceCatalogProduct(setup, productInfo);
+    await newToken();
     await setup.cleanup();
   });
 
@@ -168,4 +180,52 @@ describe('Create workspace-service-catalog scenarios', () => {
       });
     });
   });
+  describe('Workspace SC env with studies', () => {
+    it('for EC2Linux should provision correctly', async () => {
+      const admin1Session = await setup.createAdminSession();
+
+      const studyIds = [];
+      let studyId = setup.gen.string({ prefix: `create-study-ray-my-study` });
+      await expect(
+        admin1Session.resources.studies.create({ id: studyId, name: studyId, category: 'My Studies' }),
+      ).resolves.toMatchObject({
+        id: studyId,
+      });
+      studyIds.push(studyId);
+
+      studyId = setup.gen.string({ prefix: `create-study-ray-org-study` });
+      await expect(
+        admin1Session.resources.studies.create({ id: studyId, name: studyId, category: 'Organization' }),
+      ).resolves.toMatchObject({
+        id: studyId,
+      });
+      studyIds.push(studyId);
+
+      const workspaceName = setup.gen.string({ prefix: 'workspace-sc-test' });
+      const env = await admin1Session.resources.workspaceServiceCatalogs.create({
+        name: workspaceName,
+        envTypeId: setup.defaults.envTypes.ec2Linux.envTypeId,
+        envTypeConfigId: setup.defaults.envTypes.ec2Linux.envTypeConfigId,
+        studyIds,
+        description: 'assignment',
+        projectId: setup.defaults.project.id,
+        cidr: '123.123.123.123/12',
+      });
+      expect(env).toMatchObject({
+        name: workspaceName,
+        envTypeId: setup.defaults.envTypes.ec2Linux.envTypeId,
+        envTypeConfigId: setup.defaults.envTypes.ec2Linux.envTypeConfigId,
+        studyIds,
+      });
+
+      // Poll until workspace is provisioned
+      await sleep(2000);
+      await admin1Session.resources.workflows
+        .versions('wf-provision-environment-sc')
+        .version(1)
+        .findAndPollWorkflow(env.id, 10000, 48);
+      await newToken();
+      await setup.cleanup();
+    });
+  });
 });

main/integration-tests/config/settings/example.yml

@@ -38,7 +38,6 @@ isLocal: false
 
 # Set this to the API endpoint if different than the following
 localApiEndpoint: http://localhost:4000
-
 # Provide the id of the available EC2-Linux Service Catalog product
 # ec2LinuxEnvTypeId: "prod-sampleEC2Linux-pa-sampleEC2Linux"
 # Provide the id of a configuration for an imported EC2-Linux environment
@@ -59,5 +58,5 @@ localApiEndpoint: http://localhost:4000
 # Provide the id of a configuration for an imported EMR environment
 # emrConfigId: ""
 
-# Provide the name of the external BYOB Data Source study
+# Provide the id of the external BYOB Data Source study
 # byobStudy: ""