fix(888): update backend and admin management hardcode access admin r…

…ole to be admin, refs: #888

server/admin_management/api/app/routers/router_guards.py

@@ -39,7 +39,7 @@
 
 
 def authorize_by_fam_admin(claims: dict = Depends(validate_token)):
-    required_role = "FAM_ACCESS_ADMIN"
+    required_role = "FAM_ADMIN"
     access_roles = get_access_roles(claims)
 
     if required_role not in access_roles:

server/admin_management/tests/constants.py

@@ -2,7 +2,7 @@
 
 
 TEST_CREATOR = "TESTER"
-TEST_FOM_DEV_ADMIN_ROLE = "FOM_DEV_ACCESS_ADMIN"
+TEST_FOM_DEV_ADMIN_ROLE = "FOM_DEV_ADMIN"
 INVALID_APPLICATION_ID = "invalid_application_id"
 
 # ---------------------- test user data ----------------------------- #

server/admin_management/tests/jwt_utils.py

@@ -16,7 +16,7 @@
 def create_jwt_claims():
     return {
         "sub": "51b661cf-4109-4616-b7a5-178daf51fc12",
-        "cognito:groups": ["FAM_ACCESS_ADMIN"],
+        "cognito:groups": ["FAM_ADMIN"],
         "iss": f"https://cognito-idp.{COGNITO_REGION}.amazonaws.com/{COGNITO_USER_POOL_ID}",
         "version": 2,
         "client_id": COGNITO_CLIENT_ID,
@@ -33,7 +33,7 @@ def create_jwt_claims():
 
 def create_jwt_token(
     test_rsa_key,
-    roles=["FAM_ACCESS_ADMIN"],
+    roles=["FAM_ADMIN"],
     claims=create_jwt_claims(),
     test_algorithm="RS256",
     test_headers={"kid": "12345"},

server/backend/api/app/crud/crud_application.py

@@ -40,7 +40,7 @@ def get_applications_by_granted_apps(db: Session, access_roles: List[str]) -> Li
     LOGGER.debug(f"Running get_applications_by_granted_app, access_roles: {access_roles}")
 
     # Filter out others and only contains Access Admin roles
-    ACCESS_ADMIN_ROLE_SUFFIX = "_ACCESS_ADMIN"
+    ACCESS_ADMIN_ROLE_SUFFIX = "_ADMIN"
     admin_access_roles = filter(
         lambda x: x.endswith(ACCESS_ADMIN_ROLE_SUFFIX), access_roles
     )

server/backend/api/app/routers/router_guards.py

@@ -61,7 +61,7 @@ def authorize_by_app_id(
             headers={"WWW-Authenticate": "Bearer"},
         )
 
-    required_role = f"{application.application_name.upper()}_ACCESS_ADMIN"
+    required_role = f"{application.application_name.upper()}_ADMIN"
     access_roles = get_access_roles(claims)
 
     if required_role not in access_roles:
@@ -117,7 +117,7 @@ def authorize_by_application_role(
 ):
     """
     This router validation is currently design to validate logged on "admin"
-    has authority to perform actions for application with roles in [app]_ACCESS_ADMIN.
+    has authority to perform actions for application with roles in [app]_ADMIN.
     This function basically is the same and depends on (authorize_by_app_id()) but for
     the need that some routers contains target role_id in the request (instead of application_id).
     """

server/backend/testspg/crud/test_crud_utils.py

@@ -26,14 +26,14 @@ def test_to_upper(str_list_to_test, expcted_str_list):
 
 @pytest.mark.parametrize("str_list_to_test, str_to_replace, replace_with, expcted_str_list", [
     (
-        ['FAM_ACCESS_ADMIN', 'FOM_DEV_ACCESS_ADMIN', 'FOM_TEST_ACCESS_ADMIN'],
-        "_ACCESS_ADMIN", "",
+        ['FAM_ADMIN', 'FOM_DEV_ADMIN', 'FOM_TEST_ADMIN'],
+        "_ADMIN", "",
         ['FAM', 'FOM_DEV', 'FOM_TEST']
     ),
     (
         ['FAM_ACCESS', 'FOM_DEV', 'FOM'],
-        "_ACCESS", "_ACCESS_ADMIN",
-        ['FAM_ACCESS_ADMIN', 'FOM_DEV', 'FOM']
+        "_ACCESS", "_ADMIN",
+        ['FAM_ADMIN', 'FOM_DEV', 'FOM']
     ),
     (None, "something", "some_other_thing", None)
 ])

server/backend/testspg/crud/test_idim_proxy_service.py

@@ -23,7 +23,7 @@ def setup_class(self):
                 "cognito_user_id": "dev-idir_e72a12c916a44f39e5dcdffae7@idir",
                 "user_name": "IANLIU",
                 "user_type": "I",
-                "access_roles": ["FAM_ACCESS_ADMIN", "FOM_DEV_ACCESS_ADMIN"]
+                "access_roles": ["FAM_ADMIN", "FOM_DEV_ADMIN"]
             }
         )
 

server/backend/testspg/jwt_utils.py

@@ -17,7 +17,7 @@ def create_jwt_claims():
     return {
         "sub": "51b661cf-4109-4616-b7a5-178daf51fc12",
         "cognito:groups": [
-            "FAM_ACCESS_ADMIN"
+            "FAM_ADMIN"
         ],
         "iss": f"https://cognito-idp.{COGNITO_REGION}.amazonaws.com/{COGNITO_USER_POOL_ID}",
         "version": 2,
@@ -35,7 +35,7 @@ def create_jwt_claims():
 
 def create_jwt_token(
     test_rsa_key,
-    roles=["FAM_ACCESS_ADMIN"],
+    roles=["FAM_ADMIN"],
     claims=create_jwt_claims(),
     test_algorithm='RS256',
     test_headers={"kid": "12345"},

server/backend/testspg/router/test_router_application.py

@@ -20,24 +20,24 @@ def test_get_applications(
     test_client_fixture: starlette.testclient.TestClient,
     test_rsa_key
 ):
-    # Test Accss Roles: FAM_ACCESS_ADMIN only
-    access_roles_fam_only = ["FAM_ACCESS_ADMIN"]
+    # Test Accss Roles: FAM_ADMIN only
+    access_roles_fam_only = ["FAM_ADMIN"]
     token = jwt_utils.create_jwt_token(test_rsa_key, access_roles_fam_only)
     response = test_client_fixture.get(f"{endPoint}", headers=jwt_utils.headers(token))
     data = response.json()
     assert len(data) == 1
     assert data[0]["application_name"] == "FAM"
 
-    # Test Accss Roles: FOM_DEV_ACCESS_ADMIN only
-    access_roles_fom_dev_only = ["FOM_DEV_ACCESS_ADMIN"]
+    # Test Accss Roles: FOM_DEV_ADMIN only
+    access_roles_fom_dev_only = ["FOM_DEV_ADMIN"]
     token = jwt_utils.create_jwt_token(test_rsa_key, access_roles_fom_dev_only)
     response = test_client_fixture.get(f"{endPoint}", headers=jwt_utils.headers(token))
     data = response.json()
     assert len(data) == 1
     assert data[0]["application_name"] == "FOM_DEV"
 
-    # Test Accss Roles: both FAM_ACCESS_ADMIN and FOM_DEV_ACCESS_ADMIN
-    access_roles_fam_fom_dev = ["FAM_ACCESS_ADMIN", "FOM_DEV_ACCESS_ADMIN"]
+    # Test Accss Roles: both FAM_ADMIN and FOM_DEV_ADMIN
+    access_roles_fam_fom_dev = ["FAM_ADMIN", "FOM_DEV_ADMIN"]
     token = jwt_utils.create_jwt_token(test_rsa_key, access_roles_fam_fom_dev)
     response = test_client_fixture.get(f"{endPoint}", headers=jwt_utils.headers(token))
     data = response.json()
@@ -55,8 +55,8 @@ def test_get_applications(
         assert "update_date" in app
         assert "app_environment" in app
 
-    # Test Accss Roles: on NO_APP_ACCESS_ADMIN
-    access_roles_no_app = ["NO_APP_ACCESS_ADMIN"]
+    # Test Accss Roles: on NO_APP_ADMIN
+    access_roles_no_app = ["NO_APP_ADMIN"]
     token = jwt_utils.create_jwt_token(test_rsa_key, access_roles_no_app)
     response = test_client_fixture.get(f"{endPoint}", headers=jwt_utils.headers(token))
     data = response.json()
@@ -69,7 +69,7 @@ def test_get_fam_application_roles(
 ):
     # create a concrete role with an abstract role as parent
     # this role won't be returned
-    access_roles_fom_dev_only = ["FOM_DEV_ACCESS_ADMIN"]
+    access_roles_fom_dev_only = ["FOM_DEV_ADMIN"]
     token = jwt_utils.create_jwt_token(test_rsa_key, access_roles_fom_dev_only)
 
     response = test_client_fixture.post(
@@ -134,7 +134,7 @@ def test_get_fam_application_user_role_assignment_no_role_assignments(
     test_client_fixture: starlette.testclient.TestClient,
     test_rsa_key
 ):
-    access_roles_fom_dev_only = ["FOM_DEV_ACCESS_ADMIN"]
+    access_roles_fom_dev_only = ["FOM_DEV_ADMIN"]
 
     # test no user role assignment for the application
     role_assignment_end_point = endPoint + \
@@ -150,7 +150,7 @@ def test_get_fam_application_user_role_assignment_concrete_role(
     test_client_fixture: starlette.testclient.TestClient,
     test_rsa_key
 ):
-    access_roles_fom_dev_only = ["FOM_DEV_ACCESS_ADMIN"]
+    access_roles_fom_dev_only = ["FOM_DEV_ADMIN"]
 
     role_assignment_end_point = endPoint + \
         f"/{TEST_FOM_DEV_APPLICATION_ID}/user_role_assignment"
@@ -184,7 +184,7 @@ def test_get_fam_application_user_role_assignment_abstract_role(
     test_client_fixture: starlette.testclient.TestClient,
     test_rsa_key
 ):
-    access_roles_fom_dev_only = ["FOM_DEV_ACCESS_ADMIN"]
+    access_roles_fom_dev_only = ["FOM_DEV_ADMIN"]
 
     role_assignment_end_point = endPoint + \
         f"/{TEST_FOM_DEV_APPLICATION_ID}/user_role_assignment"

server/backend/testspg/router/test_router_idim_proxy.py

@@ -21,7 +21,7 @@
     "cognito_user_id": "dev-idir_e72a12c916a44f39e5dcdffae7@idir",
     "user_name": "IANLIU",
     "user_type_code": UserType.IDIR,
-    "access_roles": ["FAM_ACCESS_ADMIN", "FOM_DEV_ACCESS_ADMIN"]
+    "access_roles": ["FAM_ADMIN", "FOM_DEV_ADMIN"]
 }
 
 

server/backend/testspg/router/test_router_user_role_assignment.py

@@ -28,8 +28,8 @@
 LOGGER = logging.getLogger(__name__)
 endPoint = f"{apiPrefix}/user_role_assignment"
 
-FOM_DEV_ADMIN_ROLE = "FOM_DEV_ACCESS_ADMIN"
-FOM_TEST_ADMIN_ROLE = "FOM_TEST_ACCESS_ADMIN"
+FOM_DEV_ADMIN_ROLE = "FOM_DEV_ADMIN"
+FOM_TEST_ADMIN_ROLE = "FOM_TEST_ADMIN"
 ERROR_DUPLICATE_USER_ROLE = "Role already assigned to user."
 
 @pytest.fixture(scope="function")
@@ -68,7 +68,7 @@ def test_create_user_role_assignment_not_authorized(
 ):
     """
     test user has no authentication to the app
-    user without FOM_DEV_ACCESS_ADMIN role cannot grant FOM_DEV roles
+    user without FOM_DEV_ADMIN role cannot grant FOM_DEV roles
     """
     token = jwt_utils.create_jwt_token(test_rsa_key)
     response = test_client_fixture.post(