Full list of tenant-permission tests

data-dot-all · Nov 15, 2024 · 7ff6c8d · 7ff6c8d
1 parent c87f712
commit 7ff6c8d
Showing 1 changed file with 76 additions and 67 deletions.
diff --git a/tests/test_tenant_unauthorized.py b/tests/test_tenant_unauthorized.py
@@ -10,68 +10,20 @@
 
 load_modules(modes={ImportMode.API})
 
-NO_CHECK_PERMS = [
-    'Mutation.updateGroupTenantPermissions',
-    'Mutation.updateSSMParameter',
-    'Mutation.createNetwork',
-    'Mutation.deleteNetwork',
-    'Mutation.updateStack',
-    'Mutation.updateKeyValueTags',
-    'Mutation.createMetadataForm',
-    'Mutation.createMetadataFormVersion',
-    'Mutation.createAttachedMetadataForm',
-    'Mutation.deleteMetadataForm',
-    'Mutation.deleteMetadataFormVersion',
-    'Mutation.deleteAttachedMetadataForm',
-    'Mutation.createMetadataFormFields',
-    'Mutation.deleteMetadataFormField',
-    'Mutation.batchMetadataFormFieldUpdates',
-    'Mutation.startMaintenanceWindow',
-    'Mutation.stopMaintenanceWindow',
-    'Mutation.markNotificationAsRead',
-    'Mutation.deleteNotification',
-    'Mutation.postFeedMessage',
-    'Mutation.createGlossary',
-    'Mutation.updateGlossary',
-    'Mutation.deleteGlossary',
-    'Mutation.createCategory',
-    'Mutation.updateCategory',
-    'Mutation.deleteCategory',
-    'Mutation.createTerm',
-    'Mutation.updateTerm',
-    'Mutation.deleteTerm',
-    'Mutation.approveTermAssociation',
-    'Mutation.dismissTermAssociation',
-    'Mutation.startReindexCatalog',
-    'Mutation.createShareObject',
-    'Mutation.deleteShareObject',
-    'Mutation.cancelShareExtension',
-    'Mutation.addSharedItem',
-    'Mutation.removeSharedItem',
-    'Mutation.submitShareObject',
-    'Mutation.submitShareExtension',
-    'Mutation.approveShareObject',
-    'Mutation.approveShareExtension',
-    'Mutation.rejectShareObject',
-    'Mutation.revokeItemsShareObject',
-    'Mutation.verifyItemsShareObject',
-    'Mutation.reApplyItemsShareObject',
-    'Mutation.updateShareRejectReason',
-    'Mutation.updateShareExpirationPeriod',
-    'Mutation.updateShareExtensionReason',
-    'Mutation.updateShareRequestReason',
-    'Mutation.updateShareItemFilters',
-    'Mutation.removeShareItemFilter',
-    'Mutation.upVote',
-]
+## Those Mutations that are commented out either need to be assessed or fixed. They might not need the check of permissions
+## or they might require additional work to add permissions or to adjust the tests.
 
 CHECK_PERMS = [
+    # 'Mutation.updateGroupTenantPermissions', ---> admin action. No need for tenant permission check
+    # 'Mutation.updateSSMParameter', ---> admin action. No need for tenant permission check
     'Mutation.createOrganization',
     'Mutation.updateOrganization',
     'Mutation.archiveOrganization',
     'Mutation.inviteGroupToOrganization',
     'Mutation.updateOrganizationGroup',
     'Mutation.removeGroupFromOrganization',
+    'Mutation.createNetwork',
+    'Mutation.deleteNetwork',
     'Mutation.createEnvironment',
     'Mutation.updateEnvironment',
     'Mutation.inviteGroupOnEnvironment',
@@ -83,12 +35,64 @@
     'Mutation.enableDataSubscriptions',
     'Mutation.DisableDataSubscriptions',
     'Mutation.updateConsumptionRole',
+    # 'Query.generateEnvironmentAccessToken',
+    # 'Query.getEnvironmentAssumeRoleUrl',
+    # 'Mutation.updateStack', ---> permission needs to be added inside the service
+    # 'Mutation.updateKeyValueTags', ---> permission needs to be added inside the service
     'Mutation.createSagemakerStudioUser',
     'Mutation.deleteSagemakerStudioUser',
+    'Query.getSagemakerStudioUserPresignedUrl',
     'Mutation.createSagemakerNotebook',
     'Mutation.startSagemakerNotebook',
     'Mutation.stopSagemakerNotebook',
     'Mutation.deleteSagemakerNotebook',
+    # 'Query.getSagemakerNotebookPresignedUrl'
+    'Mutation.createMetadataForm',
+    'Mutation.createMetadataFormVersion',
+    # 'Mutation.createAttachedMetadataForm',
+    'Mutation.deleteMetadataForm',
+    'Mutation.deleteMetadataFormVersion',
+    # 'Mutation.deleteAttachedMetadataForm',
+    'Mutation.createMetadataFormFields',
+    'Mutation.deleteMetadataFormField',
+    'Mutation.batchMetadataFormFieldUpdates',
+    # 'Mutation.startMaintenanceWindow',  ---> admin action. No need for tenant permission check
+    # 'Mutation.stopMaintenanceWindow',  ---> admin action. No need for tenant permission check
+    # 'Mutation.markNotificationAsRead',
+    # 'Mutation.deleteNotification',
+    'Mutation.createGlossary',
+    'Mutation.updateGlossary',
+    'Mutation.deleteGlossary',
+    'Mutation.createCategory',
+    'Mutation.updateCategory',
+    'Mutation.deleteCategory',
+    'Mutation.createTerm',
+    'Mutation.updateTerm',
+    'Mutation.deleteTerm',
+    'Mutation.approveTermAssociation',
+    'Mutation.dismissTermAssociation',
+    # 'Mutation.startReindexCatalog',  ---> admin action. No need for tenant permission check
+    # 'Mutation.postFeedMessage',
+    # 'Mutation.createShareObject',
+    # 'Mutation.deleteShareObject',
+    # 'Mutation.cancelShareExtension',
+    # 'Mutation.addSharedItem',
+    # 'Mutation.removeSharedItem',
+    # 'Mutation.submitShareObject',
+    # 'Mutation.submitShareExtension',
+    # 'Mutation.approveShareObject',
+    # 'Mutation.approveShareExtension',
+    # 'Mutation.rejectShareObject',
+    # 'Mutation.revokeItemsShareObject',
+    # 'Mutation.verifyItemsShareObject',
+    # 'Mutation.reApplyItemsShareObject',
+    # 'Mutation.updateShareRejectReason',
+    # 'Mutation.updateShareExpirationPeriod',
+    # 'Mutation.updateShareExtensionReason',
+    # 'Mutation.updateShareRequestReason',
+    # 'Mutation.updateShareItemFilters',
+    # 'Mutation.removeShareItemFilter',
+    # 'Mutation.upVote',
     # 'Mutation.syncDatasetTableColumns',
     # 'Mutation.updateDatasetTableColumn',
     # 'Mutation.startDatasetProfilingRun',
@@ -98,36 +102,41 @@
     # 'Mutation.createDataset',
     # 'Mutation.updateDataset',
     # 'Mutation.generateDatasetAccessToken',
-    # 'Mutation.deleteDataset',
+    'Mutation.deleteDataset',
     # 'Mutation.importDataset',
     # 'Mutation.startGlueCrawler',
-    # 'Mutation.updateDatasetTable',
-    # 'Mutation.deleteDatasetTable',
-    # 'Mutation.syncTables',
+    'Mutation.updateDatasetTable',
+    'Mutation.deleteDatasetTable',
+    'Mutation.syncTables',
     # 'Mutation.createTableDataFilter',
     # 'Mutation.deleteTableDataFilter',
+    # 'Query.getDatasetAssumeRoleUrl',
+    # 'Query.getDatasetPresignedUrl',
     # 'Mutation.createRedshiftConnection',
     # 'Mutation.deleteRedshiftConnection',
     # 'Mutation.addConnectionGroupPermission',
     # 'Mutation.deleteConnectionGroupPermission',
-    # 'Mutation.importRedshiftDataset',
-    # 'Mutation.updateRedshiftDataset',
-    # 'Mutation.deleteRedshiftDataset',
-    # 'Mutation.addRedshiftDatasetTables',
-    # 'Mutation.deleteRedshiftDatasetTable',
-    # 'Mutation.updateRedshiftDatasetTable',
+    'Mutation.importRedshiftDataset',
+    'Mutation.updateRedshiftDataset',
+    'Mutation.deleteRedshiftDataset',
+    'Mutation.addRedshiftDatasetTables',
+    'Mutation.deleteRedshiftDatasetTable',
+    'Mutation.updateRedshiftDatasetTable',
     'Mutation.importDashboard',
     'Mutation.updateDashboard',
     'Mutation.deleteDashboard',
     'Mutation.requestDashboardShare',
     'Mutation.approveDashboardShare',
     'Mutation.rejectDashboardShare',
-    # 'Mutation.createQuicksightDataSourceSet',
-    # 'Mutation.verifyDatasetShareObjects',
-    # 'Mutation.reApplyShareObjectItemsOnDataset',
+    # 'Mutation.createQuicksightDataSourceSet',  ---> admin action. No need for tenant permission check
+    # 'Query.getAuthorSession',
+    'Mutation.verifyDatasetShareObjects',
+    'Mutation.reApplyShareObjectItemsOnDataset',
+    # 'Query.getDatasetSharedAssumeRoleUrl'
     'Mutation.createWorksheet',
     'Mutation.updateWorksheet',
     'Mutation.deleteWorksheet',
+    # 'Query.runAthenaSqlQuery'
 ]
 
 ALL_RESOLVERS = {