diff --git a/CMakeModules/testing_cpp.cmake b/CMakeModules/testing_cpp.cmake
index af30b9f802b0adf31f95a012855ea6586c711f7e..cd62e14b3178ba319c894c06ca8e124db9ddc066 100644
--- a/CMakeModules/testing_cpp.cmake
+++ b/CMakeModules/testing_cpp.cmake
@@ -2,6 +2,18 @@ if (BUILD_TESTS OR BUILD_INTEGRATION_TESTS OR BUILD_EXAMPLES)
enable_testing()
endif ()
+set (TOKENS "ASAPO_TEST_RW_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyMXJqaXB0MzVja3MzYTEwZyIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlcyI6WyJyZWFkIiwid3JpdGUiXX19.3PFdG0f48yKrOyJwPErYcewpcbZgnd8rBmBphw_kdJ0")
+set (TOKENS "${TOKENS};ASAPO_CREATE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyYzMzaXB0Mzdkb3IzYmZjZyIsInN1YiI6ImFkbWluIiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZXMiOlsiY3JlYXRlIl19fQ.AI41cZ7dZL0g-rrdKIQgd7ijjzuyH1Fm0xojCXwLNBo")
+set (TOKENS "${TOKENS};C20180508_000_COM20181_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyaDRiaXB0Mzd1cGo1aDdlMCIsInN1YiI6ImJ0X2MyMDE4MDUwOC0wMDAtQ09NMjAxODEiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlcyI6WyJyZWFkIiwid3JpdGUiXX19.yONpjW2ybZMc9E9Eu4Hmn1roVR-mxf2OQQyXfnel5C8")
+set (TOKENS "${TOKENS};BT11000015_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyajZqaXB0MzA3aHU1amwxZyIsInN1YiI6ImJ0XzExMDAwMDE1IiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZXMiOlsicmVhZCJdfX0.kVs669HAS4sj9VAZk8pWTLrYNQp46mOnH4id4-_qd9g")
+set (TOKENS "${TOKENS};BT11000016_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyajQzaXB0MzA3OWxwc3Z2ZyIsInN1YiI6ImJ0XzExMDAwMDE2IiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZXMiOlsicmVhZCJdfX0.mpTVGtcdR0l4NaeHFTf16iWrfMYaLzh2pAjN5muil6Q")
+set (TOKENS "${TOKENS};BLP07_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyaXBqaXB0MzAzajNsZ3NnZyIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGVzIjpbInJlYWQiXX19.L0kNSCj32WHMEfzV9t0c2tKabK_klQFPZgLu66voDFc")
+set (TOKENS "${TOKENS};BLP07_W_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkya3BiaXB0MzBkMjJmMTBmMCIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGVzIjpbIndyaXRlIl19fQ.BEHzU8gjHWSS-E5VbSwXzOBmeqScIceVD2XACGKZ46E")
+set (TOKENS "${TOKENS};BT_DATA_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkybXEzaXB0MzBnbGp0YzlzMCIsInN1YiI6ImJ0X2RhdGEiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlcyI6WyJyZWFkIl19fQ.A5lLIJl-F6BGdWHdD9o0YOs5E9UPPFTylIdJocB10HI")
+set (TOKENS "${TOKENS};BT_TEST_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkybnViaXB0MzBsMjlpcXNxMCIsInN1YiI6ImJ0X3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlcyI6WyJyZWFkIl19fQ.8dh4KIusIVk75MGiWjoj23_cesLLWSMDjU8vb0RHVtU")
+set (TOKENS "${TOKENS};BT_AAA_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkycDFiaXB0MzBub3AwcTNlZyIsInN1YiI6ImJ0X2FhYSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGVzIjpbInJlYWQiXX19.dt3ifrG3zqQP4uM2kaoe7ydDjUdFeasOB07fVRfFApE")
+set (TOKENS "${TOKENS};BT_TEST_RUN_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTk0NjYzaXB0Mzdma2w0YmVrMCIsInN1YiI6ImJ0X3Rlc3RfcnVuIiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZXMiOlsicmVhZCJdfX0.QJjoGOlzMvOUk7dK2bbDgSEM5-1mO6wmpmESYL6McdU")
+
if (BUILD_TESTS)
set(ASAPO_MINIMUM_COVERAGE 70)
find_package(Threads)
@@ -203,6 +215,7 @@ function(add_script_test testname arguments)
separate_arguments(memargs)
add_test(NAME memtest-${testname} COMMAND bash ${CMAKE_CURRENT_SOURCE_DIR}/check_linux.sh
${memargs})
+ set_tests_properties(memtest-${testname} PROPERTIES ENVIRONMENT "${TOKENS}")
set_tests_properties(memtest-${testname} PROPERTIES
LABELS "memcheck_${label};all"
DEPENDS test-${testname}
@@ -211,6 +224,7 @@ function(add_script_test testname arguments)
endif ()
endif ()
ENDIF ()
+ set_tests_properties(test-${testname} PROPERTIES ENVIRONMENT "${TOKENS}")
set_tests_properties(test-${testname} PROPERTIES
LABELS "example;all"
)
diff --git a/asapo_tools/src/asapo_tools/cli/command_test.go b/asapo_tools/src/asapo_tools/cli/command_test.go
index 358090965eccc2ecf6d506963eb592589024f995..a02899e1725f039ee004b3e5aaa215dd6977fc2b 100644
--- a/asapo_tools/src/asapo_tools/cli/command_test.go
+++ b/asapo_tools/src/asapo_tools/cli/command_test.go
@@ -10,7 +10,7 @@ var CommandTests = []struct {
cmd command
answer string
}{
- {command{"token", []string{"-secret", "secret_file","-type","read","-endpoint","bla", "beamtime"}}, "secret"},
+ {command{"token", []string{"-secret", "secret_file","-types","read","-endpoint","bla", "beamtime"}}, "secret"},
{command{"dummy", []string{"description"}}, "wrong"},
}
diff --git a/asapo_tools/src/asapo_tools/cli/token.go b/asapo_tools/src/asapo_tools/cli/token.go
index d3567b38ab22447842454fc336dde2681624669b..be2aca99b47a46191ce1b71804f6ef20c57b1715 100644
--- a/asapo_tools/src/asapo_tools/cli/token.go
+++ b/asapo_tools/src/asapo_tools/cli/token.go
@@ -11,13 +11,15 @@ import (
"io"
"net/http"
"os"
+ "strings"
)
type tokenFlags struct {
Name string
Endpoint string
- AccessType string
+ AccessTypes []string
SecretFile string
+ DaysValid int
TokenDetails bool
}
@@ -53,8 +55,8 @@ func (cmd *command) CommandToken() error {
request := structs.IssueTokenRequest{
Subject: map[string]string{"beamtimeId": flags.Name},
- DaysValid: 180,
- AccessType: flags.AccessType,
+ DaysValid: flags.DaysValid,
+ AccessTypes: flags.AccessTypes,
}
json_data, _ := json.Marshal(request)
path := flags.Endpoint + "/admin/issue"
@@ -100,12 +102,17 @@ func (cmd *command) parseTokenFlags(message_string string) (tokenFlags, error) {
var flags tokenFlags
flagset := cmd.createDefaultFlagset(message_string, "<token_body>")
flagset.StringVar(&flags.SecretFile, "secret", "", "path to file with secret")
- flagset.StringVar(&flags.AccessType, "type", "", "access type")
+ var at string
+ flagset.StringVar(&at, "types", "", "access typea")
flagset.StringVar(&flags.Endpoint, "endpoint", "", "asapo endpoint")
flagset.BoolVar(&flags.TokenDetails, "token-details", false, "output token details")
+ flagset.IntVar(&flags.DaysValid, "duration-days", 180, "token duration in days")
flagset.Parse(cmd.args)
+ flags.AccessTypes = strings.Split(at,",")
+
+
if printHelp(flagset) {
os.Exit(0)
}
@@ -124,8 +131,10 @@ func (cmd *command) parseTokenFlags(message_string string) (tokenFlags, error) {
return flags, errors.New("endpoint missed ")
}
- if flags.AccessType != "read" && flags.AccessType != "write" {
- return flags, errors.New("incorrect or missed token access type ")
+ for _,at:=range flags.AccessTypes {
+ if at!="read" && at!="write" {
+ return flags,errors.New("incorrect access type")
+ }
}
return flags, nil
diff --git a/asapo_tools/src/asapo_tools/cli/token_test.go b/asapo_tools/src/asapo_tools/cli/token_test.go
index c1b54b2961f7227f0623f23f497aa8c134569478..c43ad293be48b77667b583c55b73fbb2fae2abbf 100644
--- a/asapo_tools/src/asapo_tools/cli/token_test.go
+++ b/asapo_tools/src/asapo_tools/cli/token_test.go
@@ -23,9 +23,9 @@ var tokenTests = []struct {
{command{args: []string{"-secret","secret.tmp"}}, false,false, "no file"},
{command{args: []string{"-secret","not_existing_file","payload"}}, false, false, "no file"},
{command{args: []string{"-secret","secret.tmp","beamtime_id"}},false, false, "type is missing"},
- {command{args: []string{"-secret","secret.tmp","-type","read","beamtime_id"}}, false, false, "endpoint is missing"},
- {command{args: []string{"-secret","secret.tmp","-type","read","-endpoint","endpoint","-token-details","beamtime_id"}},true, true, "ok"},
- {command{args: []string{"-secret","secret.tmp","-type","read","-endpoint","endpoint","beamtime_id"}}, false,true, "without details"},
+ {command{args: []string{"-secret","secret.tmp","-types","read","beamtime_id"}}, false, false, "endpoint is missing"},
+ {command{args: []string{"-secret","secret.tmp","-types","read","-endpoint","endpoint","-token-details","beamtime_id"}},true, true, "ok"},
+ {command{args: []string{"-secret","secret.tmp","-types","read","-endpoint","endpoint","beamtime_id"}}, false,true, "without details"},
}
func TestParseTokenFlags(t *testing.T) {
diff --git a/authorizer/src/asapo_authorizer/authorization/authorization.go b/authorizer/src/asapo_authorizer/authorization/authorization.go
index 6d15baab442dde0acaf39e1a4c7cc75400cc9d23..1a0e85b25a6041b26e69a87705f36732f96a5838 100644
--- a/authorizer/src/asapo_authorizer/authorization/authorization.go
+++ b/authorizer/src/asapo_authorizer/authorization/authorization.go
@@ -50,7 +50,7 @@ func (auth *Auth) PrepareAccessToken(request structs.IssueTokenRequest, userToke
claims.Subject = subjectFromRequest(request)
- extraClaim.AccessType = request.AccessType
+ extraClaim.AccessTypes = request.AccessTypes
claims.ExtraClaims = &extraClaim
claims.SetExpiration(time.Duration(request.DaysValid*24) * time.Hour)
uid := xid.New()
@@ -69,10 +69,10 @@ func UserTokenResponce(request structs.IssueTokenRequest, token string) []byte {
expires = time.Now().Add(time.Duration(request.DaysValid*24) * time.Hour).UTC().Format(time.RFC3339)
}
answer := structs.IssueTokenResponse{
- Token: token,
- AccessType: request.AccessType,
- Sub: subjectFromRequest(request),
- Expires: expires,
+ Token: token,
+ AccessTypes: request.AccessTypes,
+ Sub: subjectFromRequest(request),
+ Expires: expires,
}
res, _ := json.Marshal(answer)
return res
diff --git a/authorizer/src/asapo_authorizer/cli/command_test.go b/authorizer/src/asapo_authorizer/cli/command_test.go
index d1aad81b78e2267b69d7593eb150292083ba12e1..dd457455f141710adbc4ffed143ad0bdc8d045a6 100644
--- a/authorizer/src/asapo_authorizer/cli/command_test.go
+++ b/authorizer/src/asapo_authorizer/cli/command_test.go
@@ -14,7 +14,7 @@ var CommandTests = []struct {
ok bool
msg string
}{
- {command{"create-token", []string{"-type", "user-token", "-beamtime","123","-access-type","read","-duration-days","1"}}, true,"ok"},
+ {command{"create-token", []string{"-type", "user-token", "-beamtime","123","-access-types","read","-duration-days","1"}}, true,"ok"},
{command{"dummy", []string{"description"}}, false,"wrong command"},
}
diff --git a/authorizer/src/asapo_authorizer/cli/create_token.go b/authorizer/src/asapo_authorizer/cli/create_token.go
index a77416df704094e9646ff0b62dd90c69f4eb4c26..ba06241279ffc28371ed2021fd982ba11cfdd9c1 100644
--- a/authorizer/src/asapo_authorizer/cli/create_token.go
+++ b/authorizer/src/asapo_authorizer/cli/create_token.go
@@ -7,6 +7,7 @@ import (
"errors"
"fmt"
"os"
+ "strings"
)
type tokenFlags struct {
@@ -21,9 +22,6 @@ func userTokenRequest(flags tokenFlags) (request structs.IssueTokenRequest, err
if (flags.Beamline=="" && flags.Beamtime=="") || (flags.Beamline!="" && flags.Beamtime!="") {
return request,errors.New("beamtime or beamline must be set")
}
- if flags.AccessType!="read" && flags.AccessType!="write" {
- return request,errors.New("access type must be read of write")
- }
request.Subject = make(map[string]string,1)
if (flags.Beamline!="") {
@@ -31,7 +29,14 @@ func userTokenRequest(flags tokenFlags) (request structs.IssueTokenRequest, err
} else {
request.Subject["beamtimeId"]=flags.Beamtime
}
- request.AccessType = flags.AccessType
+
+ request.AccessTypes = strings.Split(flags.AccessType,",")
+ for _,at:=range request.AccessTypes {
+ if at!="read" && at!="write" {
+ return request,errors.New("access type must be read of write")
+ }
+ }
+
request.DaysValid = flags.DaysValid
return
@@ -42,12 +47,16 @@ func adminTokenRequest(flags tokenFlags) (request structs.IssueTokenRequest, err
if flags.Beamline+flags.Beamtime!="" {
return request,errors.New("beamtime and beamline must not be set for admin token")
}
- if flags.AccessType!="create" && flags.AccessType!="revoke" && flags.AccessType!="list" {
- return request,errors.New("access type must be create,revoke of list")
+
+ request.AccessTypes = strings.Split(flags.AccessType,",")
+ for _,at:=range request.AccessTypes {
+ if at!="create" && at!="revoke" && at!="list" {
+ return request,errors.New("access type must be create,revoke of list")
+ }
}
+
request.Subject = make(map[string]string,1)
request.Subject["user"]="admin"
- request.AccessType = flags.AccessType
request.DaysValid = flags.DaysValid
return
@@ -104,7 +113,7 @@ func (cmd *command) parseTokenFlags(message_string string) (tokenFlags, error) {
flagset.StringVar(&flags.Type, "type", "", "token type")
flagset.StringVar(&flags.Beamtime, "beamtime", "", "beamtime for user token")
flagset.StringVar(&flags.Beamline, "beamline", "", "beamline for user token")
- flagset.StringVar(&flags.AccessType, "access-type", "", "read/write for user token")
+ flagset.StringVar(&flags.AccessType, "access-types", "", "read/write for user token")
flagset.IntVar(&flags.DaysValid, "duration-days", 0, "token duration (in days)")
diff --git a/authorizer/src/asapo_authorizer/cli/create_token_test.go b/authorizer/src/asapo_authorizer/cli/create_token_test.go
index 8264d6b5ec33a7ff972501c24162de82fde74369..ca16f199ed5c20d2a0f0946c76bd00c06d168778 100644
--- a/authorizer/src/asapo_authorizer/cli/create_token_test.go
+++ b/authorizer/src/asapo_authorizer/cli/create_token_test.go
@@ -16,27 +16,27 @@ var tokenTests = []struct {
cmd command
key string
ok bool
- tokenAccessType string
+ tokenAccessTypes []string
tokenSubject string
tokenExpires bool
msg string
}{
// good
- {command{args: []string{"-type", "user-token", "-beamtime","123","-access-type","read","-duration-days","10"}},
- "secret_user",true, "read", "bt_123", true,"user token beamtime ok"},
- {command{args: []string{"-type", "user-token", "-beamline","123","-access-type","read","-duration-days","10"}},
- "secret_user", true, "read", "bl_123", true,"user token beamline ok"},
- {command{args: []string{"-type", "admin-token","-access-type","create"}},
- "secret_admin",true, "create", "admin", false,"admin token ok"},
+ {command{args: []string{"-type", "user-token", "-beamtime","123","-access-types","read","-duration-days","10"}},
+ "secret_user",true, []string{"read"}, "bt_123", true,"user token beamtime ok"},
+ {command{args: []string{"-type", "user-token", "-beamline","123","-access-types","read","-duration-days","10"}},
+ "secret_user", true, []string{"read"}, "bl_123", true,"user token beamline ok"},
+ {command{args: []string{"-type", "admin-token","-access-types","create"}},
+ "secret_admin",true, []string{"create"}, "admin", false,"admin token ok"},
// bad
- {command{args: []string{"-type", "user-token", "-beamtime","123","-access-type","create","-duration-days","10"}},
- "secret_user",false, "", "", true,"user token wrong type"},
- {command{args: []string{"-type", "user-token", "-access-type","create","-duration-days","10"}},
- "secret_user",false, "", "", true,"user token no beamtime or beamline"},
- {command{args: []string{"-type", "user-token", "-beamtime","123","-beamline","1234", "-access-type","create","-duration-days","10"}},
- "secret_user",false, "", "", true,"user token both beamtime and beamline"},
- {command{args: []string{"-type", "admin-token","-access-type","bla"}},
- "secret_admin",false, "", "", false,"admin token wrong type"},
+ {command{args: []string{"-type", "user-token", "-beamtime","123","-access-types","create","-duration-days","10"}},
+ "secret_user",false, nil, "", true,"user token wrong type"},
+ {command{args: []string{"-type", "user-token", "-access-types","create","-duration-days","10"}},
+ "secret_user",false, nil, "", true,"user token no beamtime or beamline"},
+ {command{args: []string{"-type", "user-token", "-beamtime","123","-beamline","1234", "-access-types","create","-duration-days","10"}},
+ "secret_user",false, nil, "", true,"user token both beamtime and beamline"},
+ {command{args: []string{"-type", "admin-token","-access-types","bla"}},
+ "secret_admin",false, nil ,"", false,"admin token wrong type"},
}
func TestGenerateToken(t *testing.T) {
@@ -57,7 +57,7 @@ func TestGenerateToken(t *testing.T) {
var extra_claim structs.AccessTokenExtraClaim
utils.MapToStruct(cclaims.ExtraClaims.(map[string]interface{}), &extra_claim)
assert.Equal(t, test.tokenSubject, cclaims.Subject, test.msg)
- assert.Equal(t, test.tokenAccessType, extra_claim.AccessType, test.msg)
+ assert.Equal(t, test.tokenAccessTypes, extra_claim.AccessTypes, test.msg)
if test.tokenExpires {
assert.Equal(t, true, len(token.Expires)>0, test.msg)
} else {
diff --git a/authorizer/src/asapo_authorizer/server/authorize.go b/authorizer/src/asapo_authorizer/server/authorize.go
index 2be720f1f85b16b262cecaa9063c2560da5fc21d..a70f03439d255d3151440803b48886f5e9a319a8 100644
--- a/authorizer/src/asapo_authorizer/server/authorize.go
+++ b/authorizer/src/asapo_authorizer/server/authorize.go
@@ -127,7 +127,7 @@ func alwaysAllowed(creds SourceCredentials) (beamtimeMeta, bool) {
if pair.BeamtimeId == creds.BeamtimeId {
pair.DataSource = creds.DataSource
pair.Type = creds.Type
- pair.AccessType = "write"
+ pair.AccessTypes = []string{"read","write"}
return pair, true
}
}
@@ -154,20 +154,24 @@ func needHostAuthorization(creds SourceCredentials) bool {
return creds.Type == "raw" || len(creds.Token) == 0
}
-func checkToken(token string, subject_expect string) (accessType string, err error) {
+func checkToken(token string, subject_expect string) (accessTypes []string, err error) {
var extra_claim structs.AccessTokenExtraClaim
subject,err := Auth.UserAuth().CheckAndGetContent(token,&extra_claim)
if err!=nil {
- return "",err
+ return nil,err
+ }
+
+ if extra_claim.AccessTypes==nil || len(extra_claim.AccessTypes)==0 {
+ return nil,errors.New("missing access types")
}
if subject!=subject_expect {
- return "",errors.New("wrong token for "+subject_expect)
+ return nil,errors.New("wrong token for "+subject_expect)
}
- return extra_claim.AccessType,err
+ return extra_claim.AccessTypes,err
}
-func authorizeByToken(creds SourceCredentials) (accessType string, err error) {
+func authorizeByToken(creds SourceCredentials) (accessTypes []string, err error) {
subject_expect:=""
if (creds.BeamtimeId != "auto") {
subject_expect = utils.SubjectFromBeamtime(creds.BeamtimeId)
@@ -207,30 +211,30 @@ func findMeta(creds SourceCredentials) (beamtimeMeta, error) {
return meta, nil
}
-func authorizeMeta(meta beamtimeMeta, request authorizationRequest, creds SourceCredentials) (accessType string, err error) {
- accessType = ""
+func authorizeMeta(meta beamtimeMeta, request authorizationRequest, creds SourceCredentials) (accessTypes []string, err error) {
+ accessTypes = nil
if creds.Type=="raw" && meta.OnlinePath=="" {
err_string := "beamtime "+meta.BeamtimeId+" is not online"
log.Error(err_string)
- return "",errors.New(err_string)
+ return nil,errors.New(err_string)
}
if creds.Beamline != "auto" && meta.Beamline != creds.Beamline {
err_string := "given beamline (" + creds.Beamline + ") does not match the found one (" + meta.Beamline + ")"
log.Debug(err_string)
- return "",errors.New(err_string)
+ return nil,errors.New(err_string)
}
if needHostAuthorization(creds) {
if err := authorizeByHost(request.OriginHost, meta.Beamline); err != nil {
- return "",err
+ return nil,err
}
- accessType = "write"
+ accessTypes = []string{"read","write"}
} else {
- accessType,err = authorizeByToken(creds)
+ accessTypes,err = authorizeByToken(creds)
}
- return accessType,err
+ return accessTypes,err
}
func authorize(request authorizationRequest, creds SourceCredentials) (beamtimeMeta, error) {
@@ -243,14 +247,14 @@ func authorize(request authorizationRequest, creds SourceCredentials) (beamtimeM
return beamtimeMeta{}, err
}
- var accessType string
- if accessType, err = authorizeMeta(meta, request, creds); err != nil {
+ var accessTypes []string
+ if accessTypes, err = authorizeMeta(meta, request, creds); err != nil {
return beamtimeMeta{}, err
}
- meta.AccessType = accessType
+ meta.AccessTypes = accessTypes
log.Debug("authorized beamtime " + meta.BeamtimeId + " for " + request.OriginHost + " in " +
- meta.Beamline+", type "+meta.Type +"access type: "+accessType)
+ meta.Beamline+", type "+meta.Type)
return meta, nil
}
diff --git a/authorizer/src/asapo_authorizer/server/authorize_test.go b/authorizer/src/asapo_authorizer/server/authorize_test.go
index 513969baf68a3048fc8ea9b2a923e8d0418d0f84..e4448cc69d89d815d326289bb1e85e2e36bd5b1d 100644
--- a/authorizer/src/asapo_authorizer/server/authorize_test.go
+++ b/authorizer/src/asapo_authorizer/server/authorize_test.go
@@ -17,12 +17,12 @@ import (
)
-func prepareUserToken(payload string, accessType string) string{
+func prepareUserToken(payload string, accessTypes []string) string{
auth := authorization.NewAuth(nil,utils.NewJWTAuth("secret_user"),nil)
var claims utils.CustomClaims
var extraClaim structs.AccessTokenExtraClaim
claims.Subject = payload
- extraClaim.AccessType = accessType
+ extraClaim.AccessTypes = accessTypes
claims.ExtraClaims = &extraClaim
token, _ := auth.AdminAuth().GenerateToken(&claims)
return token
@@ -34,7 +34,7 @@ func prepareAdminToken(payload string) string{
var claims utils.CustomClaims
var extraClaim structs.AccessTokenExtraClaim
claims.Subject = payload
- extraClaim.AccessType = "create"
+ extraClaim.AccessTypes = []string{"create"}
claims.ExtraClaims = &extraClaim
token, _ := auth.AdminAuth().GenerateToken(&claims)
return token
@@ -109,7 +109,7 @@ func TestSplitCreds(t *testing.T) {
}
func TestAuthorizeDefaultOK(t *testing.T) {
- allowBeamlines([]beamtimeMeta{{"asapo_test","beamline","","2019","tf","",""}})
+ allowBeamlines([]beamtimeMeta{{"asapo_test","beamline","","2019","tf","",nil}})
request := makeRequest(authorizationRequest{"processed%asapo_test%%%","host"})
w := doPostRequest("/authorize",request,"")
@@ -180,38 +180,42 @@ var authTests = [] struct {
message string
answer string
}{
- {"processed","test","auto","dataSource", prepareUserToken("bt_test","write"),"127.0.0.2",http.StatusOK,"user source with correct token",
- `{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-type":"write"}`},
- {"processed","test_online","auto","dataSource", prepareUserToken("bt_test_online","read"),"127.0.0.1",http.StatusOK,"with online path, processed type",
- `{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"","source-type":"processed","access-type":"read"}`},
- {"processed","test1","auto","dataSource", prepareUserToken("bt_test1","read"),"127.0.0.1",http.StatusUnauthorized,"correct token, beamtime not found",
+ {"processed","test","auto","dataSource", prepareUserToken("bt_test",nil),"127.0.0.2",http.StatusUnauthorized,"missing access types",
""},
- {"processed","test","auto","dataSource", prepareUserToken("wrong","read"),"127.0.0.1",http.StatusUnauthorized,"user source with wrong token",
+ {"processed","test","auto","dataSource", prepareUserToken("bt_test",[]string{}),"127.0.0.2",http.StatusUnauthorized,"empty access types",
""},
- {"processed","test","bl1","dataSource", prepareUserToken("bt_test","read"),"127.0.0.1",http.StatusOK,"correct beamline given",
- `{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-type":"read"}`},
- {"processed","test","bl2","dataSource", prepareUserToken("bt_test","read"),"127.0.0.1",http.StatusUnauthorized,"incorrect beamline given",
+ {"processed","test","auto","dataSource", prepareUserToken("bt_test",[]string{"write"}),"127.0.0.2",http.StatusOK,"user source with correct token",
+ `{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["write"]}`},
+ {"processed","test_online","auto","dataSource", prepareUserToken("bt_test_online",[]string{"read"}),"127.0.0.1",http.StatusOK,"with online path, processed type",
+ `{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"","source-type":"processed","access-types":["read"]}`},
+ {"processed","test1","auto","dataSource", prepareUserToken("bt_test1",[]string{"read"}),"127.0.0.1",http.StatusUnauthorized,"correct token, beamtime not found",
""},
- {"processed","auto","p07", "dataSource", prepareUserToken("bl_p07","read"),"127.0.0.1",http.StatusOK,"beamtime found",
- `{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","core-path":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"","source-type":"processed","access-type":"read"}`},
- {"processed","auto","p07", "dataSource", prepareUserToken("bl_p06","read"),"127.0.0.1",http.StatusUnauthorized,"wrong token",
+ {"processed","test","auto","dataSource", prepareUserToken("wrong",[]string{"read"}),"127.0.0.1",http.StatusUnauthorized,"user source with wrong token",
""},
- {"processed","auto","p08", "dataSource", prepareUserToken("bl_p08","read"),"127.0.0.1",http.StatusUnauthorized,"beamtime not found",
+ {"processed","test","bl1","dataSource", prepareUserToken("bt_test",[]string{"read"}),"127.0.0.1",http.StatusOK,"correct beamline given",
+ `{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read"]}`},
+ {"processed","test","bl2","dataSource", prepareUserToken("bt_test",[]string{"read"}),"127.0.0.1",http.StatusUnauthorized,"incorrect beamline given",
+ ""},
+ {"processed","auto","p07", "dataSource", prepareUserToken("bl_p07",[]string{"read"}),"127.0.0.1",http.StatusOK,"beamtime found",
+ `{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","core-path":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"","source-type":"processed","access-types":["read"]}`},
+ {"processed","auto","p07", "dataSource", prepareUserToken("bl_p06",[]string{"read"}),"127.0.0.1",http.StatusUnauthorized,"wrong token",
+ ""},
+ {"processed","auto","p08", "dataSource", prepareUserToken("bl_p08",[]string{"read"}),"127.0.0.1",http.StatusUnauthorized,"beamtime not found",
""},
{"raw","test_online","auto","dataSource", "","127.0.0.1",http.StatusOK,"raw type",
- `{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-type":"write"}`},
+ `{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-types":["read","write"]}`},
{"raw","test_online","auto","dataSource", "","127.0.0.1",http.StatusOK,"raw type",
- `{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-type":"write"}`},
+ `{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-types":["read","write"]}`},
{"raw","auto","p07","dataSource", "","127.0.0.1",http.StatusOK,"raw type, auto beamtime",
- `{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","core-path":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"./p07/current","source-type":"raw","access-type":"write"}`},
+ `{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","core-path":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"./p07/current","source-type":"raw","access-types":["read","write"]}`},
{"raw","auto","p07","noldap", "","127.0.0.1",http.StatusNotFound,"no conection to ldap",
""},
{"raw","test_online","auto","dataSource", "","127.0.0.2",http.StatusUnauthorized,"raw type, wrong origin host",
""},
- {"raw","test","auto","dataSource", prepareUserToken("bt_test","read"),"127.0.0.1",http.StatusUnauthorized,"raw when not online",
+ {"raw","test","auto","dataSource", prepareUserToken("bt_test",[]string{"read"}),"127.0.0.1",http.StatusUnauthorized,"raw when not online",
""},
{"processed","test","auto","dataSource", "","127.0.0.1:1001",http.StatusOK,"processed without token",
- `{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-type":"write"}`},
+ `{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read","write"]}`},
{"processed","test","auto","dataSource", "","127.0.0.2",http.StatusUnauthorized,"processed without token, wrong host",
""},
}
@@ -288,7 +292,7 @@ func TestAuthorizeWrongPath(t *testing.T) {
}
func TestDoNotAuthorizeIfNotInAllowed(t *testing.T) {
- allowBeamlines([]beamtimeMeta{{"test","beamline","","2019","tf","",""}})
+ allowBeamlines([]beamtimeMeta{{"test","beamline","","2019","tf","",nil}})
request := authorizationRequest{"asapo_test%%","host"}
creds,_ := getSourceCredentials(request)
diff --git a/authorizer/src/asapo_authorizer/server/folder_token_test.go b/authorizer/src/asapo_authorizer/server/folder_token_test.go
index 0e1c1aa232f2bc2d4423a4d692d9a9f271b19f71..5b89f3b39ccf62e353b7feb622e214ad9d3de04c 100644
--- a/authorizer/src/asapo_authorizer/server/folder_token_test.go
+++ b/authorizer/src/asapo_authorizer/server/folder_token_test.go
@@ -20,13 +20,13 @@ var fodlerTokenTests = [] struct {
status int
message string
}{
- {"test", "tf/gpfs/bl1/2019/data/test", prepareUserToken("bt_test","read"),http.StatusOK,"beamtime found"},
-/* {"test_online", "bl1/current", prepareUserToken("bt_test_online","read"),http.StatusOK,"online beamtime found"},
- {"test", "bl1/current", prepareUserToken("bt_test","read"),http.StatusUnauthorized,"no online beamtime found"},
- {"test_online", "bl2/current", prepareUserToken("bt_test_online","read"),http.StatusUnauthorized,"wrong online folder"},
- {"test", "tf/gpfs/bl1/2019/data/test1", prepareUserToken("bt_test","read"),http.StatusUnauthorized,"wrong folder"},
- {"test", "tf/gpfs/bl1/2019/data/test", prepareUserToken("bt_test1","read"),http.StatusUnauthorized,"wrong token"},
- {"11111111", "tf/gpfs/bl1/2019/data/test", prepareUserToken("bt_11111111","read"),http.StatusBadRequest,"bad request"},*/
+ {"test", "tf/gpfs/bl1/2019/data/test", prepareUserToken("bt_test",[]string{"read"}),http.StatusOK,"beamtime found"},
+ {"test_online", "bl1/current", prepareUserToken("bt_test_online",[]string{"read"}),http.StatusOK,"online beamtime found"},
+ {"test", "bl1/current", prepareUserToken("bt_test",[]string{"read"}),http.StatusUnauthorized,"no online beamtime found"},
+ {"test_online", "bl2/current", prepareUserToken("bt_test_online",[]string{"read"}),http.StatusUnauthorized,"wrong online folder"},
+ {"test", "tf/gpfs/bl1/2019/data/test1", prepareUserToken("bt_test",[]string{"read"}),http.StatusUnauthorized,"wrong folder"},
+ {"test", "tf/gpfs/bl1/2019/data/test", prepareUserToken("bt_test1",[]string{"read"}),http.StatusUnauthorized,"wrong token"},
+ {"11111111", "tf/gpfs/bl1/2019/data/test", prepareUserToken("bt_11111111",[]string{"read"}),http.StatusBadRequest,"bad request"},
}
func TestFolderToken(t *testing.T) {
diff --git a/authorizer/src/asapo_authorizer/server/introspect.go b/authorizer/src/asapo_authorizer/server/introspect.go
index e6c07a31fd6faa017e71ac7f4d89f5823c8a008a..1cc6bd37add60a6f8604ef0c47bc91b7eecb5345 100644
--- a/authorizer/src/asapo_authorizer/server/introspect.go
+++ b/authorizer/src/asapo_authorizer/server/introspect.go
@@ -23,7 +23,7 @@ func verifyUserToken(token string) (response structs.IntrospectTokenResponse, er
if err!=nil {
return
}
- response.AccessType = extra_claim.AccessType
+ response.AccessTypes = extra_claim.AccessTypes
return
}
diff --git a/authorizer/src/asapo_authorizer/server/introspect_test.go b/authorizer/src/asapo_authorizer/server/introspect_test.go
index 28d13b1c899ef72a37837aaa17a2c906cbe96c9c..a9827bea06e6eba2c8d842def06037e86a9d896d 100644
--- a/authorizer/src/asapo_authorizer/server/introspect_test.go
+++ b/authorizer/src/asapo_authorizer/server/introspect_test.go
@@ -14,12 +14,12 @@ import (
var IntrospectTests = [] struct {
tokenSubject string
- role string
+ roles []string
status int
message string
}{
- {"bt_test","read",http.StatusOK,"valid token"},
- {"","",http.StatusUnauthorized,"invalid token"},
+ {"bt_test",[]string{"read"},http.StatusOK,"valid token"},
+ {"",nil,http.StatusUnauthorized,"invalid token"},
}
@@ -29,7 +29,7 @@ func TestIntrospect(t *testing.T) {
authUser := utils.NewJWTAuth("secret_user")
Auth = authorization.NewAuth(authUser,authAdmin,authJWT)
for _, test := range IntrospectTests {
- token := prepareUserToken(test.tokenSubject,test.role)
+ token := prepareUserToken(test.tokenSubject,test.roles)
if test.status==http.StatusUnauthorized {
token = "blabla"
}
@@ -41,7 +41,7 @@ func TestIntrospect(t *testing.T) {
var token structs.IntrospectTokenResponse
json.Unmarshal(body,&token)
assert.Equal(t, token.Sub , test.tokenSubject, test.message)
- assert.Equal(t, token.AccessType , test.role, test.message)
+ assert.Equal(t, token.AccessTypes, test.roles, test.message)
} else {
body, _ := ioutil.ReadAll(w.Body)
fmt.Println(string(body))
diff --git a/authorizer/src/asapo_authorizer/server/issue_token.go b/authorizer/src/asapo_authorizer/server/issue_token.go
index b4f534d83cc207a8931cde5636d63f371ae7ee28..7a332ad935d23c502514e98b440d9239afb4e560 100644
--- a/authorizer/src/asapo_authorizer/server/issue_token.go
+++ b/authorizer/src/asapo_authorizer/server/issue_token.go
@@ -23,12 +23,14 @@ func extractUserTokenrequest(r *http.Request) (request structs.IssueTokenRequest
return request, errors.New("set only one of beamtime/beamline")
}
- if request.DaysValid<=0 {
+ if request.DaysValid <= 0 {
return request, errors.New("set token valid period")
}
- if request.AccessType != "read" && request.AccessType != "write" {
- return request, errors.New("wrong access type: " + request.AccessType)
+ for _, ar := range request.AccessTypes {
+ if ar != "read" && ar != "write" {
+ return request, errors.New("wrong requested access rights: "+ar)
+ }
}
return request, nil
@@ -44,7 +46,7 @@ func checkAccessToken(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusInternalServerError)
w.Write([]byte(err.Error()))
}
- if claims.Subject != "admin" || extraClaim.AccessType != "create" {
+ if claims.Subject != "admin" || !utils.StringInSlice("create",extraClaim.AccessTypes) {
err_txt := "wrong token claims"
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(err_txt))
@@ -60,7 +62,7 @@ func issueUserToken(w http.ResponseWriter, r *http.Request) {
return
}
- token, err := Auth.PrepareAccessToken(request,true)
+ token, err := Auth.PrepareAccessToken(request, true)
if err != nil {
utils.WriteServerError(w, err, http.StatusInternalServerError)
return
diff --git a/authorizer/src/asapo_authorizer/server/issue_token_test.go b/authorizer/src/asapo_authorizer/server/issue_token_test.go
index 223af38d80ce2d671ac9332bc325a28d7ffee467..5ed8c9b6a865449ecbda9f61f1c31183f3eb8d93 100644
--- a/authorizer/src/asapo_authorizer/server/issue_token_test.go
+++ b/authorizer/src/asapo_authorizer/server/issue_token_test.go
@@ -15,21 +15,21 @@ import (
var IssueTokenTests = [] struct {
requestSubject map[string]string
- tokenSubject string
- role string
- validDays int
- adminToken string
- resToken string
- status int
- message string
+ tokenSubject string
+ roles []string
+ validDays int
+ adminToken string
+ resToken string
+ status int
+ message string
}{
- {map[string]string{"beamtimeId":"test"},"bt_test","read",180,prepareAdminToken("admin"),"aaa",http.StatusOK,"read for beamtime"},
- {map[string]string{"beamtimeId":"test"},"bt_test","read",90,prepareAdminToken("admin"),"aaa",http.StatusOK,"write for beamtime"},
- {map[string]string{"beamline":"test"},"bl_test","read",180,prepareAdminToken("admin"),"aaa",http.StatusOK,"read for beamline"},
- {map[string]string{"blabla":"test"},"","read",180,prepareAdminToken("admin"),"",http.StatusBadRequest,"beamline or beamtime not given"},
- {map[string]string{"beamtimeId":"test"},"","bla",180,prepareAdminToken("admin"),"",http.StatusBadRequest,"wrong role"},
- {map[string]string{"beamtimeId":"test"},"","read",180,prepareAdminToken("bla"),"",http.StatusUnauthorized,"wrong admin token"},
- {map[string]string{"beamtimeId":"test"},"bt_test","read",0,prepareAdminToken("admin"),"aaa",http.StatusBadRequest,"0 valid days"},
+ {map[string]string{"beamtimeId":"test"},"bt_test",[]string{"read"},180,prepareAdminToken("admin"),"aaa",http.StatusOK,"read for beamtime"},
+ {map[string]string{"beamtimeId":"test"},"bt_test",[]string{"read"},90,prepareAdminToken("admin"),"aaa",http.StatusOK,"write for beamtime"},
+ {map[string]string{"beamline":"test"},"bl_test",[]string{"read"},180,prepareAdminToken("admin"),"aaa",http.StatusOK,"read for beamline"},
+ {map[string]string{"blabla":"test"},"",[]string{"read"},180,prepareAdminToken("admin"),"",http.StatusBadRequest,"beamline or beamtime not given"},
+ {map[string]string{"beamtimeId":"test"},"",[]string{"bla"},180,prepareAdminToken("admin"),"",http.StatusBadRequest,"wrong role"},
+ {map[string]string{"beamtimeId":"test"},"",[]string{"read"},180,prepareAdminToken("bla"),"",http.StatusUnauthorized,"wrong admin token"},
+ {map[string]string{"beamtimeId":"test"},"bt_test",[]string{"read"},0,prepareAdminToken("admin"),"aaa",http.StatusBadRequest,"0 valid days"},
}
@@ -39,7 +39,7 @@ func TestIssueToken(t *testing.T) {
authUser := utils.NewJWTAuth("secret_user")
Auth = authorization.NewAuth(authUser,authAdmin,authJWT)
for _, test := range IssueTokenTests {
- request := makeRequest(structs.IssueTokenRequest{test.requestSubject,test.validDays,test.role})
+ request := makeRequest(structs.IssueTokenRequest{test.requestSubject,test.validDays,test.roles})
w := doPostRequest("/admin/issue",request,authAdmin.Name()+" "+test.adminToken)
if w.Code == http.StatusOK {
body, _ := ioutil.ReadAll(w.Body)
@@ -52,7 +52,7 @@ func TestIssueToken(t *testing.T) {
assert.Equal(t, cclaims.Subject , test.tokenSubject, test.message)
assert.True(t, cclaims.ExpiresAt-time.Now().Unix()>int64(test.validDays)*24*60*60-10, test.message)
assert.True(t, cclaims.ExpiresAt-time.Now().Unix()<int64(test.validDays)*24*60*60+10, test.message)
- assert.Equal(t, extra_claim.AccessType, test.role, test.message)
+ assert.Equal(t, extra_claim.AccessTypes, test.roles, test.message)
assert.NotEmpty(t, cclaims.Id , test.message)
} else {
body, _ := ioutil.ReadAll(w.Body)
diff --git a/authorizer/src/asapo_authorizer/server/server.go b/authorizer/src/asapo_authorizer/server/server.go
index 9e01e914cdd3498b97ca608fdb2dc6319936dc11..8e26efcf473ccf444b9477bcaf4fb75d086a3147 100644
--- a/authorizer/src/asapo_authorizer/server/server.go
+++ b/authorizer/src/asapo_authorizer/server/server.go
@@ -12,7 +12,7 @@ type beamtimeMeta struct {
OfflinePath string `json:"core-path"`
OnlinePath string `json:"beamline-path"`
Type string `json:"source-type"`
- AccessType string `json:"access-type"`
+ AccessTypes []string `json:"access-types"`
}
type serverSettings struct {
diff --git a/broker/src/asapo_broker/database/mongodb_streams.go b/broker/src/asapo_broker/database/mongodb_streams.go
index 9720b404e890d72744c745d08873d58ed8c96135..ce1ce2cdac11aa19bba2c9fec166d4997a63b6f2 100644
--- a/broker/src/asapo_broker/database/mongodb_streams.go
+++ b/broker/src/asapo_broker/database/mongodb_streams.go
@@ -170,7 +170,9 @@ func (ss *Streams) updateFromDb(db *Mongodb, db_name string) (StreamsRecord, err
sortRecords(&rec)
if len(rec.Streams) > 0 {
- ss.records[db_name] = rec
+ res :=StreamsRecord{}
+ utils.DeepCopy(rec,&res)
+ ss.records[db_name] = res
ss.lastUpdated = time.Now().UnixNano()
}
return rec, nil
diff --git a/broker/src/asapo_broker/server/authorizer.go b/broker/src/asapo_broker/server/authorizer.go
index abe6e353b98c1b54abbded439b98af0fe3eb602b..07cf4ddfe63db13a9eef3aa4b6b7201d38f3c934 100644
--- a/broker/src/asapo_broker/server/authorizer.go
+++ b/broker/src/asapo_broker/server/authorizer.go
@@ -1,6 +1,7 @@
package server
import (
+ "asapo_common/structs"
"bytes"
"encoding/json"
"errors"
@@ -11,8 +12,7 @@ import (
)
type Token struct {
- Sub string
- AccessType string
+ structs.IntrospectTokenResponse
}
type Authorizer interface {
diff --git a/broker/src/asapo_broker/server/authorizer_test.go b/broker/src/asapo_broker/server/authorizer_test.go
index baf060dc8a4129cf60a4faadf1f5bae1a059055c..a58681460c80b6a412091f6982afca7c6eecdc14 100644
--- a/broker/src/asapo_broker/server/authorizer_test.go
+++ b/broker/src/asapo_broker/server/authorizer_test.go
@@ -1,6 +1,7 @@
package server
import (
+ "asapo_common/structs"
"bytes"
"encoding/json"
"errors"
@@ -36,7 +37,7 @@ func matchRequest(req *http.Request) bool {
}
func responseOk() (*http.Response, error) {
- token := Token{Sub: "subject",AccessType: "read"}
+ token := Token{structs.IntrospectTokenResponse{AccessTypes: []string{"read"},Sub: "subject"}}
b,_:=json.Marshal(&token)
r := ioutil.NopCloser(bytes.NewReader(b))
return &http.Response{
@@ -54,7 +55,7 @@ func responseUnauth() (*http.Response, error) {
}
func responseErr() (*http.Response, error) {
- return &http.Response{}, errors.New("cannpt connect")
+ return &http.Response{}, errors.New("cannot connect")
}
var authTests = []struct {
@@ -87,7 +88,7 @@ func TestAuthorize(t *testing.T) {
if test.ok {
assert.Nil(t,err,test.message)
assert.Equal(t,"subject",token.Sub,test.message)
- assert.Equal(t,"read",token.AccessType,test.message)
+ assert.Contains(t,token.AccessTypes,"read",test.message)
} else {
assert.NotNil(t,err,test.message)
}
diff --git a/broker/src/asapo_broker/server/process_request_test.go b/broker/src/asapo_broker/server/process_request_test.go
index ba9a23de59544b2f93a2411d790583ff55d9bcb0..f84907035beb7627df65ef55556eec9863ea96cb 100644
--- a/broker/src/asapo_broker/server/process_request_test.go
+++ b/broker/src/asapo_broker/server/process_request_test.go
@@ -3,6 +3,7 @@ package server
import (
"asapo_broker/database"
"asapo_common/logger"
+ "asapo_common/structs"
"asapo_common/utils"
"errors"
"github.com/stretchr/testify/assert"
@@ -29,8 +30,10 @@ type MockAuthServer struct {
func (a * MockAuthServer) AuthorizeToken(tokenJWT string) (token Token, err error) {
if tokenJWT =="ok" {
return Token{
+ structs.IntrospectTokenResponse{
Sub: "bt_"+expectedBeamtimeId,
- AccessType: "read",
+ AccessTypes: []string{"read"},
+ },
},nil
} else {
return Token{},errors.New("wrong JWT token")
diff --git a/broker/src/asapo_broker/server/request_common.go b/broker/src/asapo_broker/server/request_common.go
index 6912523e8340282ca6bb82165e223c2a4859804d..9476a5a7c0ced30369aa3f05be93360188c727a7 100644
--- a/broker/src/asapo_broker/server/request_common.go
+++ b/broker/src/asapo_broker/server/request_common.go
@@ -67,7 +67,7 @@ func authorize(r *http.Request, beamtime_id string) error {
return err
}
- return checkAccessType(token.AccessType)
+ return checkAccessType(token.AccessTypes)
}
func checkSubject(subject string, beamtime_id string) error {
@@ -77,8 +77,8 @@ func checkSubject(subject string, beamtime_id string) error {
return nil
}
-func checkAccessType(accessType string) error {
- if accessType != "read" && accessType != "write" {
+func checkAccessType(accessTypes []string) error {
+ if !utils.StringInSlice("read",accessTypes) {
return errors.New("wrong token access type")
}
return nil
diff --git a/common/go/src/asapo_common/structs/structs.go b/common/go/src/asapo_common/structs/structs.go
index 07d8fb6d28f8e5c88ce8052ef30fbb3fb8cbb198..e6517c12d67cae9799a098500798a5a663dba3af 100644
--- a/common/go/src/asapo_common/structs/structs.go
+++ b/common/go/src/asapo_common/structs/structs.go
@@ -5,7 +5,7 @@ type FolderTokenTokenExtraClaim struct {
}
type AccessTokenExtraClaim struct {
- AccessType string
+ AccessTypes []string
}
type IntrospectTokenRequest struct {
@@ -13,19 +13,19 @@ type IntrospectTokenRequest struct {
}
type IntrospectTokenResponse struct {
- Sub string
- AccessType string
+ Sub string
+ AccessTypes []string
}
type IssueTokenRequest struct {
- Subject map[string]string
- DaysValid int
- AccessType string
+ Subject map[string]string
+ DaysValid int
+ AccessTypes []string
}
type IssueTokenResponse struct {
- Token string
- Sub string
- AccessType string
- Expires string
+ Token string
+ Sub string
+ AccessTypes []string
+ Expires string
}
diff --git a/deploy/asapo_services/asap3.tfvars b/deploy/asapo_services/asap3.tfvars
index 972dafffdeb937973bdf418d21d7b038514f6236..c3c5434b8828865ead3f552ff91240392cedabe8 100644
--- a/deploy/asapo_services/asap3.tfvars
+++ b/deploy/asapo_services/asap3.tfvars
@@ -1,6 +1,10 @@
elk_logs = true
-asapo_image_tag = "develop"
+asapo_imagename_suffix = ""
+asapo_image_tag = ""
+
+influxdb_version="1.8.4"
+
service_dir="/gpfs/asapo/shared/service_dir"
online_dir="/beamline"
diff --git a/deploy/asapo_services/scripts/authorizer.json.tpl b/deploy/asapo_services/scripts/authorizer.json.tpl
index dc556433b469725f6b8e9e1917fb47c67a539adb..6e63929204521df21479cdce3c86a07db09c5f77 100644
--- a/deploy/asapo_services/scripts/authorizer.json.tpl
+++ b/deploy/asapo_services/scripts/authorizer.json.tpl
@@ -1,9 +1,9 @@
{
"Port": {{ env "NOMAD_PORT_authorizer" }},
"LogLevel":"debug",
- "AlwaysAllowedBeamtimes":[{"beamtimeId":"asapo_test","beamline":"test","core-path":"{{ env "NOMAD_META_offline_dir" }}/test_facility/gpfs/test/2019/data/asapo_test"},
- {"beamtimeId":"asapo_test1","beamline":"test1","core-path":"{{ env "NOMAD_META_offline_dir" }}/test_facility/gpfs/test1/2019/data/asapo_test1"},
- {"beamtimeId":"asapo_test2","beamline":"test2","core-path":"{{ env "NOMAD_META_offline_dir" }}/test_facility/gpfs/test2/2019/data/asapo_test2"}],
+ "AlwaysAllowedBeamtimes":[{"beamtimeId":"asapo_test","beamline":"test","core-path":"{{ env "NOMAD_META_offline_dir" }}/test_facility/gpfs/test/2019/data/asapo_test", "beamline-path":"{{ env "NOMAD_META_online_dir" }}/test/current"},
+ {"beamtimeId":"asapo_test1","beamline":"test1","core-path":"{{ env "NOMAD_META_offline_dir" }}/test_facility/gpfs/test1/2019/data/asapo_test1", "beamline-path":"{{ env "NOMAD_META_online_dir" }}/test1/current"},
+ {"beamtimeId":"asapo_test2","beamline":"test2","core-path":"{{ env "NOMAD_META_offline_dir" }}/test_facility/gpfs/test2/2019/data/asapo_test2", "beamline-path":"{{ env "NOMAD_META_online_dir" }}/test2/current"}],
"RootBeamtimesFolder":"{{ env "NOMAD_META_offline_dir" }}",
"CurrentBeamlinesFolder":"{{ env "NOMAD_META_online_dir" }}",
"UserSecretFile":"/local/secret.key",
diff --git a/examples/consumer/getnext/check_linux.sh b/examples/consumer/getnext/check_linux.sh
index 049a9c4c9fa9e242990937d1759924b1936400c5..a8c0ec75089eeff7ab9ca5049ea4dbbc530abd27 100644
--- a/examples/consumer/getnext/check_linux.sh
+++ b/examples/consumer/getnext/check_linux.sh
@@ -4,7 +4,7 @@ source_path=dummy
beamtime_id=test_run
data_source=detector
database_name=${beamtime_id}_${data_source}
-token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+token_test_run=$BT_TEST_RUN_TOKEN
set -e
diff --git a/examples/consumer/getnext/check_windows.bat b/examples/consumer/getnext/check_windows.bat
index b9cc3044bfeed8936605ead243ef803d020f358b..1a3db40dff18fa2808fcdf3c3957eeb40f990e58 100644
--- a/examples/consumer/getnext/check_windows.bat
+++ b/examples/consumer/getnext/check_windows.bat
@@ -5,7 +5,7 @@ SET data_source=detector
SET database_name=%beamtime_id%_%data_source%
SET mongo_exe="c:\Program Files\MongoDB\Server\4.2\bin\mongo.exe"
-set token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+set token_test_run=%BT_TEST_RUN_TOKEN%
call start_services.bat
diff --git a/examples/consumer/getnext_python/check_linux.sh b/examples/consumer/getnext_python/check_linux.sh
index 2ac44afddabac4641741cbb6214294b0500eff2b..50c4b25cfa5364a5566b8440a6296649cb043497 100644
--- a/examples/consumer/getnext_python/check_linux.sh
+++ b/examples/consumer/getnext_python/check_linux.sh
@@ -4,7 +4,7 @@ source_path=dummy
beamtime_id=test_run
data_source=detector
database_name=${beamtime_id}_${data_source}
-token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+token_test_run=$BT_TEST_RUN_TOKEN
group_id=bif31l2uiddd4r0q6b40
set -e
diff --git a/examples/consumer/getnext_python/check_windows.bat b/examples/consumer/getnext_python/check_windows.bat
index 448e1c2652f18e99c1772b6289e96b7d35528fac..9b96ec00e6ddc2373237820eb86ee333f0f2b7b0 100644
--- a/examples/consumer/getnext_python/check_windows.bat
+++ b/examples/consumer/getnext_python/check_windows.bat
@@ -4,7 +4,7 @@ SET data_source=detector
SET database_name=%beamtime_id%_%data_source%
SET mongo_exe="c:\Program Files\MongoDB\Server\4.2\bin\mongo.exe"
-set token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+set token_test_run=%BT_TEST_RUN_TOKEN%
set group_id=bif31l2uiddd4r0q6b40
call start_services.bat
diff --git a/examples/pipeline/in_to_out/check_linux.sh b/examples/pipeline/in_to_out/check_linux.sh
index f6d5943a0d93574102deec221547cf7451880b27..120bad4d0fc3a2e95e40fe9397e154f98bda7855 100644
--- a/examples/pipeline/in_to_out/check_linux.sh
+++ b/examples/pipeline/in_to_out/check_linux.sh
@@ -11,7 +11,7 @@ outdatabase_name=${beamtime_id}_${data_source_out}
outdatabase_name2=${beamtime_id}_${data_source_out2}
#asapo_test read token
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+token=$ASAPO_TEST_RW_TOKEN
beamline=test
receiver_root_folder=/tmp/asapo/receiver/files
@@ -19,8 +19,6 @@ facility=test_facility
year=2019
receiver_folder=${receiver_root_folder}/${facility}/gpfs/${beamline}/${year}/data/${beamtime_id}
-
-
set -e
trap Cleanup EXIT
diff --git a/examples/pipeline/in_to_out/check_windows.bat b/examples/pipeline/in_to_out/check_windows.bat
index f464ea5d8e57679a00d1e9e26eee791c35eba1b6..57485dbe442e4ae171f7e63641a69aa5a31a4d5a 100644
--- a/examples/pipeline/in_to_out/check_windows.bat
+++ b/examples/pipeline/in_to_out/check_windows.bat
@@ -8,7 +8,7 @@ SET indatabase_name=%beamtime_id%_%data_source_in%
SET outdatabase_name=%beamtime_id%_%data_source_out%
SET outdatabase_name2=%beamtime_id%_%data_source_out2%
-SET token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+SET token=%ASAPO_TEST_RW_TOKEN%
SET beamline=test
diff --git a/examples/pipeline/in_to_out_python/CMakeLists.txt b/examples/pipeline/in_to_out_python/CMakeLists.txt
index cebedb3f70ecaab5e94677e78d192db8e1a8a8a8..bdac25363e1a04cf6afa0b7b7ca85ccaaf3feed3 100644
--- a/examples/pipeline/in_to_out_python/CMakeLists.txt
+++ b/examples/pipeline/in_to_out_python/CMakeLists.txt
@@ -13,4 +13,3 @@ endif()
file(TO_NATIVE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/in_to_out.py TEST_SCRIPT )
add_script_test("${TARGET_NAME}" "${Python_EXECUTABLE} ${PYTHON_LIBS_CONSUMER} ${PYTHON_LIBS_PRODUCER} ${TEST_SCRIPT} " nomem)
-
diff --git a/examples/pipeline/in_to_out_python/check_linux.sh b/examples/pipeline/in_to_out_python/check_linux.sh
index 7da5ccf9a86560ece423d16d8133a8dd397d468f..12f7444f8c7462af63d647efb8eb1ebed74c4ec1 100644
--- a/examples/pipeline/in_to_out_python/check_linux.sh
+++ b/examples/pipeline/in_to_out_python/check_linux.sh
@@ -13,7 +13,7 @@ indatabase_name=${beamtime_id}_${data_source_in}
outdatabase_name=${beamtime_id}_${data_source_out}
#asapo_test read token
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+token=$ASAPO_TEST_RW_TOKEN
beamline=test
receiver_root_folder=/tmp/asapo/receiver/files
diff --git a/examples/pipeline/in_to_out_python/check_windows.bat b/examples/pipeline/in_to_out_python/check_windows.bat
index de9982180aead654ea7db9f85a3ea15b1fcbc890..ff761ad8262930e138399b75e106c77b25c0e89a 100644
--- a/examples/pipeline/in_to_out_python/check_windows.bat
+++ b/examples/pipeline/in_to_out_python/check_windows.bat
@@ -6,7 +6,7 @@ SET data_source_out=simulation
SET indatabase_name=%beamtime_id%_%data_source_in%
SET outdatabase_name=%beamtime_id%_%data_source_out%
-SET token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+SET token=%ASAPO_TEST_RW_TOKEN%
SET beamline=test
diff --git a/receiver/src/request_handler/request_handler_authorize.cpp b/receiver/src/request_handler/request_handler_authorize.cpp
index f3dbfa3650e09d1dc3a5e31575ca0ade68463cce..ca67af48f9d62783e61e3abeb915da7eea09e1a8 100644
--- a/receiver/src/request_handler/request_handler_authorize.cpp
+++ b/receiver/src/request_handler/request_handler_authorize.cpp
@@ -26,11 +26,12 @@ Error RequestHandlerAuthorize::ErrorFromAuthorizationServerResponse(const Error&
}
}
-Error CheckAccessType(const std::string& access_type) {
- if (access_type!="write") {
- return asapo::ReceiverErrorTemplates::kAuthorizationFailure.Generate("wrong access type: " + access_type);
+Error CheckAccessType(const std::vector<std::string>& access_types) {
+ if(std::find(access_types.begin(), access_types.end(), "write") != access_types.end()) {
+ return nullptr;
+ } else {
+ return asapo::ReceiverErrorTemplates::kAuthorizationFailure.Generate("wrong access types");
}
- return nullptr;
}
@@ -50,7 +51,7 @@ Error RequestHandlerAuthorize::Authorize(Request* request, const char* source_cr
}
std::string stype;
- std::string access_type;
+ std::vector<std::string> access_types;
JsonStringParser parser{response};
(err = parser.GetString("beamtimeId", &beamtime_id_)) ||
@@ -58,14 +59,14 @@ Error RequestHandlerAuthorize::Authorize(Request* request, const char* source_cr
(err = parser.GetString("core-path", &offline_path_)) ||
(err = parser.GetString("beamline-path", &online_path_)) ||
(err = parser.GetString("source-type", &stype)) ||
- (err = parser.GetString("access-type", &access_type)) ||
+ (err = parser.GetArrayString("access-types", &access_types)) ||
(err = GetSourceTypeFromString(stype, &source_type_)) ||
(err = parser.GetString("beamline", &beamline_));
if (err) {
return ErrorFromAuthorizationServerResponse(err, code);
}
- err = CheckAccessType(access_type);
+ err = CheckAccessType(access_types);
if (err) {
log__->Error("failure authorizing at " + GetReceiverConfig()->authorization_server + " request: " + request_string +
" - " +
diff --git a/receiver/unittests/request_handler/test_request_handler_authorizer.cpp b/receiver/unittests/request_handler/test_request_handler_authorizer.cpp
index e85038de4c1cf9dbb23e6e4d336179840b7bf959..c79ec92c965b441454fe60d8cc7bf66a18976c04 100644
--- a/receiver/unittests/request_handler/test_request_handler_authorizer.cpp
+++ b/receiver/unittests/request_handler/test_request_handler_authorizer.cpp
@@ -74,7 +74,7 @@ class AuthorizerHandlerTests : public Test {
std::string expected_source_credentials;
asapo::SourceType expected_source_type = asapo::SourceType::kProcessed;
std::string expected_source_type_str = "processed";
- std::string expected_access_type_str = "write";
+ std::string expected_access_type_str = "[\"write\"]";
void MockRequestData();
void SetUp() override {
GenericRequestHeader request_header;
@@ -117,7 +117,7 @@ class AuthorizerHandlerTests : public Test {
"\",\"core-path\":" + "\"" + expected_core_path +
"\",\"source-type\":" + "\"" + expected_source_type_str +
"\",\"beamline\":" + "\"" + expected_beamline +
- "\",\"access-type\":" + "\"" + expected_access_type_str + "\"}")
+ "\",\"access-types\":" + expected_access_type_str + "}")
));
if (code != HttpCode::OK) {
EXPECT_CALL(mock_logger, Error(AllOf(HasSubstr("failure authorizing"),
@@ -128,7 +128,7 @@ class AuthorizerHandlerTests : public Test {
HasSubstr(expected_data_source),
HasSubstr(expected_producer_uri),
HasSubstr(expected_authorization_server))));
- } else if (expected_access_type_str=="write") {
+ } else if (expected_access_type_str=="[\"write\"]") {
EXPECT_CALL(mock_logger, Debug(AllOf(HasSubstr("authorized"),
HasSubstr(expected_beamtime_id),
HasSubstr(expected_beamline),
@@ -136,8 +136,7 @@ class AuthorizerHandlerTests : public Test {
HasSubstr(expected_data_source),
HasSubstr(expected_producer_uri))));
} else {
- EXPECT_CALL(mock_logger, Error(AllOf(HasSubstr(expected_access_type_str),
- HasSubstr(expected_access_type_str))));
+ EXPECT_CALL(mock_logger, Error(HasSubstr("wrong")));
}
}
@@ -213,7 +212,7 @@ TEST_F(AuthorizerHandlerTests, AuthorizeOk) {
TEST_F(AuthorizerHandlerTests, AuthorizeFailsOnWrongAccessType) {
- expected_access_type_str = "read";
+ expected_access_type_str = "[\"read\"]";
auto err = MockFirstAuthorization(false);
ASSERT_THAT(err, Eq(asapo::ReceiverErrorTemplates::kAuthorizationFailure));
diff --git a/tests/automatic/authorizer/check_authorize/CMakeLists.txt b/tests/automatic/authorizer/check_authorize/CMakeLists.txt
index 811a295b62482cca1741d9b4bd81575df69609a5..9847c8707a00b9cb64cf8241a3600e8b96e46772 100644
--- a/tests/automatic/authorizer/check_authorize/CMakeLists.txt
+++ b/tests/automatic/authorizer/check_authorize/CMakeLists.txt
@@ -19,7 +19,6 @@ configure_file(${CMAKE_SOURCE_DIR}/tests/automatic/settings/auth_secret_admin.ke
configure_file(beamtime-metadata-11111111.json beamtime-metadata-11111111.json COPYONLY)
-
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/settings.json.in settings.json @ONLY)
add_script_test("${TARGET_NAME}-authorize" "$<TARGET_PROPERTY:${TARGET_NAME},EXENAME>" nomem
)
diff --git a/tests/automatic/authorizer/check_authorize/check_linux.sh b/tests/automatic/authorizer/check_authorize/check_linux.sh
index 21d2561126a943f2002641d227dae9b62e350664..5eb25bcc32c255a757fe846b25b9c34676cf79fd 100644
--- a/tests/automatic/authorizer/check_authorize/check_linux.sh
+++ b/tests/automatic/authorizer/check_authorize/check_linux.sh
@@ -19,30 +19,34 @@ mkdir -p asap3/petra3/gpfs/p00/2019/data/11000015
mkdir -p beamline/p07/current
cp beamtime-metadata* beamline/p07/current/
+
#tokens
-AdminToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTNvcGpyaXB0MzNlb2ZjbWJuZyIsInN1YiI6ImFkbWluIiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZSI6ImNyZWF0ZSJ9fQ.uRjtGPaRpOlOfKroijHRgMDNaZHnXsVPf0JaJ1XMg7o
-curl -v --silent -H "Authorization: Bearer $AdminToken" --data '{"Subject": {"beamtimeId":"12345678"},"DaysValid":123,"AccessType":"read"}' 127.0.0.1:5007/admin/issue --stderr - | tee /dev/stderr | grep "bt_12345678"
-curl -v --silent -H "Authorization: Bearer blabla" --data '{"Subject": {"beamtimeId":"12345678"},"DaysValid":123,"AccessType":"read"}' 127.0.0.1:5007/admin/issue --stderr - | tee /dev/stderr | grep "token does not match"
+AdminToken=$ASAPO_CREATE_TOKEN
+echo admin $AdminToken
+
+curl -v --silent -H "Authorization: Bearer $AdminToken" --data '{"Subject": {"beamtimeId":"12345678"},"DaysValid":123,"AccessType":["read"]}' 127.0.0.1:5007/admin/issue --stderr - | tee /dev/stderr | grep "bt_12345678"
+curl -v --silent -H "Authorization: Bearer blabla" --data '{"Subject": {"beamtimeId":"12345678"},"DaysValid":123,"AccessType":["read"]}' 127.0.0.1:5007/admin/issue --stderr - | tee /dev/stderr | grep "token does not match"
curl -v --silent --data '{"SourceCredentials":"processed%c20180508-000-COM20181%%detector%","OriginHost":"127.0.0.1:5555"}' 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep c20180508-000-COM20181
curl -v --silent --data '{"SourceCredentials":"processed%c20180508-000-COM20181%%detector%","OriginHost":"127.0.0.1:5555"}' 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep p00
curl -v --silent --data '{"SourceCredentials":"processed%c20180508-000-COM20181%%detector%","OriginHost":"127.0.0.1:5555"}' 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep detector
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTNxZWpyaXB0MzUybHQxNjhyZyIsInN1YiI6ImJ0X2MyMDE4MDUwOC0wMDAtQ09NMjAxODEiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.MDuQa_f0yOcn35xIgiCfoVVT56oTQ5tSiuKu9VqO_tE #token for c20180508-000-COM20181
+token=$C20180508_000_COM20181_TOKEN
curl -v --silent --data "{\"SourceCredentials\":\"processed%c20180508-000-COM20181%%detector%$token\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep detector
curl -v --silent --data "{\"SourceCredentials\":\"processed%c20180508-000-COM20181%auto%detector%$token\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep p00
curl -v --silent --data '{"SourceCredentials":"processed%c20180508-000-COM20181%%detector%bla","OriginHost":"bla"}' 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep 401
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTNxYnZqaXB0MzR0cTNtMGM5ZyIsInN1YiI6ImJ0XzExMDAwMDE1IiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZSI6InJlYWQifX0.oiweTX_mHIRHkX7_jfOJfHM8lncapROfdQlD7cR7_84 #token for 11000015
+token=$BT11000015_TOKEN
#beamtine not online
curl -v --silent --data "{\"SourceCredentials\":\"raw%11000015%%detector%$token\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep 401
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTNxYzNqaXB0MzR0cjlyOWhiZyIsInN1YiI6ImJ0XzExMDAwMDE2IiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZSI6InJlYWQifX0.2UxFNyI9rNwX9H0ErPNjJxZBy9WEv7CYq1N1d-93Jmg #token for 11000016
+token=$BT11000016_TOKEN
curl -v --silent --data "{\"SourceCredentials\":\"raw%11000016%%detector%${token}\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep 401
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTNxcmFyaXB0MzVjcWpuMmUxZyIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.KQFj3hOJRpc7hPqwJyYmnQ31IrR1zSz4EifUuulmP5E # for beamlne p07
+token=$BLP07_TOKEN
+
curl -v --silent --data "{\"SourceCredentials\":\"processed%auto%p07%detector%$token\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep 11111111
curl -v --silent --data "{\"SourceCredentials\":\"raw%auto%p07%detector%$token\",\"OriginHost\":\"127.0.0.1:5007\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep 11111111
curl -v --silent --data "{\"SourceCredentials\":\"raw%auto%p07%detector%$token\",\"OriginHost\":\"127.0.0.1:5007\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep p07
@@ -52,7 +56,7 @@ curl -v --silent --data "{\"SourceCredentials\":\"raw%auto%p07%detector%$token\"
curl -v --silent --data "{\"SourceCredentials\":\"processed%auto%p07%detector%$token\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep read
#write access
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTQ4MG1yaXB0Mzc2Z2xvNWo3MCIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJ3cml0ZSJ9fQ.8e4Xo1w-ICJzKjOwj2sGtpVfGppSGgPHv1yPLJwsdSA # for beamlne p07, write access
+token=$BLP07_W_TOKEN
curl -v --silent --data "{\"SourceCredentials\":\"processed%auto%p07%detector%$token\",\"OriginHost\":\"bla\"}" 127.0.0.1:5007/authorize --stderr - | tee /dev/stderr | grep write
rm -rf asap3 beamline
\ No newline at end of file
diff --git a/tests/automatic/authorizer/check_authorize/check_windows.bat b/tests/automatic/authorizer/check_authorize/check_windows.bat
index 64a02ff130fb865098dd7395b50314f59c5c5b6a..866756d98356dcad5f39421c6882d98947ea3bd8 100644
--- a/tests/automatic/authorizer/check_authorize/check_windows.bat
+++ b/tests/automatic/authorizer/check_authorize/check_windows.bat
@@ -15,7 +15,7 @@ C:\Curl\curl.exe -v --silent --data "{\"SourceCredentials\":\"processed%%c20180
C:\Curl\curl.exe -v --silent --data "{\"SourceCredentials\":\"raw%%c20180508-000-COM20181%%%%detector%%wrong\",\"OriginHost\":\"127.0.0.1:5555\"}" 127.0.0.1:5007/authorize --stderr - | findstr 401 || goto :error
-set token="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTNxcmFyaXB0MzVjcWpuMmUxZyIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.KQFj3hOJRpc7hPqwJyYmnQ31IrR1zSz4EifUuulmP5E"
+set token=%BLP07_TOKEN%
C:\Curl\curl.exe -v --silent --data "{\"SourceCredentials\":\"raw%%auto%%p07%%detector%%%token%\",\"OriginHost\":\"127.0.0.1:5555\"}" 127.0.0.1:5007/authorize --stderr - | findstr 11111111 || goto :error
goto :clean
diff --git a/tests/automatic/broker/check_monitoring/check_linux.sh b/tests/automatic/broker/check_monitoring/check_linux.sh
index cc7b53abb8dda8104ac75f322dd858912215d3ad..a9c64328bb00c0de187b3ffed01009a7bf3f0c1b 100644
--- a/tests/automatic/broker/check_monitoring/check_linux.sh
+++ b/tests/automatic/broker/check_monitoring/check_linux.sh
@@ -23,7 +23,8 @@ nomad run nginx.nmd
nomad run authorizer.nmd
sleep 1
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5MzU3NjgsImp0aSI6ImMxNGNwbTNpcHQzZGRrbnFwYm9nIiwic3ViIjoiYnRfZGF0YSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.Jnhmj2i8zUbTzlmRCo6CUkqkD_FdyMxfNj_PztmnN-0
+
+token=$BT_DATA_TOKEN
$1 -config settings.json &
diff --git a/tests/automatic/broker/get_last/check_linux.sh b/tests/automatic/broker/get_last/check_linux.sh
index 643002fb7302b43c3a8bbd40581c0cd62f27f25e..b40aad08881ca2b7ee0c34b53716deec9e30f06b 100644
--- a/tests/automatic/broker/get_last/check_linux.sh
+++ b/tests/automatic/broker/get_last/check_linux.sh
@@ -19,7 +19,7 @@ Cleanup() {
echo "db.data_${stream}.insert({"_id":2})" | mongo ${database_name}
echo "db.data_${stream}.insert({"_id":1})" | mongo ${database_name}
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5MzU3NjgsImp0aSI6ImMxNGNwbTNpcHQzZGRrbnFwYm9nIiwic3ViIjoiYnRfZGF0YSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.Jnhmj2i8zUbTzlmRCo6CUkqkD_FdyMxfNj_PztmnN-0
+token=$BT_DATA_TOKEN
nomad run nginx.nmd
nomad run authorizer.nmd
diff --git a/tests/automatic/broker/get_last/check_windows.bat b/tests/automatic/broker/get_last/check_windows.bat
index 9830fcec3f5561cdb10eeedfd4801192b469292e..580140b410aec1549d06fe16bd19a499a706a980 100644
--- a/tests/automatic/broker/get_last/check_windows.bat
+++ b/tests/automatic/broker/get_last/check_windows.bat
@@ -12,7 +12,7 @@ c:\opt\consul\nomad run nginx.nmd
ping 192.0.2.1 -n 1 -w 3000 > nul
-set token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5MzU3NjgsImp0aSI6ImMxNGNwbTNpcHQzZGRrbnFwYm9nIiwic3ViIjoiYnRfZGF0YSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.Jnhmj2i8zUbTzlmRCo6CUkqkD_FdyMxfNj_PztmnN-0
+set token=%BT_DATA_TOKEN%
start /B "" "%full_name%" -config settings.json
ping 192.0.2.1 -n 1 -w 1000 > nul
diff --git a/tests/automatic/broker/get_meta/check_linux.sh b/tests/automatic/broker/get_meta/check_linux.sh
index a0a1c5dc0e7c0d9d3093a50e0acacbcaa851d528..2130592555500717d6b207f57817636455a0bd8a 100644
--- a/tests/automatic/broker/get_meta/check_linux.sh
+++ b/tests/automatic/broker/get_meta/check_linux.sh
@@ -17,7 +17,7 @@ Cleanup() {
echo 'db.meta.insert({"_id":0,"data":"test"})' | mongo ${database_name}
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5MzU5MDEsImp0aSI6ImMxNGNxbmJpcHQzZGY2bDRvNHIwIiwic3ViIjoiYnRfdGVzdCIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.D71Gv2AwSPIEkaeejWXs70sSoQzvKDonrTmtPk2J9AI
+token=$BT_TEST_TOKEN
nomad run nginx.nmd
nomad run authorizer.nmd
diff --git a/tests/automatic/broker/get_meta/check_windows.bat b/tests/automatic/broker/get_meta/check_windows.bat
index 5372fc77de0cf6bcbdb6f46dfef9329981a1c3b6..cf16f3d18a6100657038480b92667f63c932c5ea 100644
--- a/tests/automatic/broker/get_meta/check_windows.bat
+++ b/tests/automatic/broker/get_meta/check_windows.bat
@@ -11,7 +11,7 @@ c:\opt\consul\nomad run nginx.nmd
ping 192.0.2.1 -n 1 -w 3000 > nul
-set token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5MzU3NjgsImp0aSI6ImMxNGNwbTNpcHQzZGRrbnFwYm9nIiwic3ViIjoiYnRfZGF0YSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.Jnhmj2i8zUbTzlmRCo6CUkqkD_FdyMxfNj_PztmnN-0
+set token=%BT_DATA_TOKEN%
start /B "" "%full_name%" -config settings.json
diff --git a/tests/automatic/broker/get_next/check_linux.sh b/tests/automatic/broker/get_next/check_linux.sh
index 195338dfc09b2e9771b81b2ce5b3febb4d322c56..cd204d7248a21956e8dec317e7dfd7435823b4d8 100644
--- a/tests/automatic/broker/get_next/check_linux.sh
+++ b/tests/automatic/broker/get_next/check_linux.sh
@@ -19,7 +19,7 @@ Cleanup() {
echo "db.data_${stream}.insert({"_id":2})" | mongo ${database_name}
echo "db.data_${stream}.insert({"_id":1})" | mongo ${database_name}
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDIxMjcsImp0aSI6ImMxNGViYnJpcHQzZHQ4Y2JhczUwIiwic3ViIjoiYnRfZGF0YSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.U776By_privbW9WbQCSTmk9hLZVTXzTWNNap1XOIFlM
+token=$BT_DATA_TOKEN
nomad run nginx.nmd
nomad run authorizer.nmd
diff --git a/tests/automatic/broker/get_next/check_windows.bat b/tests/automatic/broker/get_next/check_windows.bat
index fee3de987a77f41b2a3a2da96437ce91f314e83b..4d5ed42b65ed9ff318e72739621176c975b50832 100644
--- a/tests/automatic/broker/get_next/check_windows.bat
+++ b/tests/automatic/broker/get_next/check_windows.bat
@@ -7,7 +7,7 @@ echo db.data_default.insert({"_id":2}) | %mongo_exe% %database_name% || goto :e
set full_name="%1"
set short_name="%~nx1"
-set token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDIxMjcsImp0aSI6ImMxNGViYnJpcHQzZHQ4Y2JhczUwIiwic3ViIjoiYnRfZGF0YSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.U776By_privbW9WbQCSTmk9hLZVTXzTWNNap1XOIFlM
+set token=%BT_DATA_TOKEN%
c:\opt\consul\nomad run authorizer.nmd
c:\opt\consul\nomad run nginx.nmd
diff --git a/tests/automatic/bug_fixes/consumer_python_memleak/check_linux.sh b/tests/automatic/bug_fixes/consumer_python_memleak/check_linux.sh
index 4f8e40847b8ab78aaa164f19b94481646be67daf..f06e415503d8880ec671ad4cb9523bdeab92aab5 100644
--- a/tests/automatic/bug_fixes/consumer_python_memleak/check_linux.sh
+++ b/tests/automatic/bug_fixes/consumer_python_memleak/check_linux.sh
@@ -7,7 +7,7 @@ endpoint=127.0.0.1:8400
path=.
beamtime_id=asapo_test
#asapo_test read token
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+token=$ASAPO_TEST_RW_TOKEN
Cleanup() {
diff --git a/tests/automatic/bug_fixes/producer_send_after_restart/check_windows.bat b/tests/automatic/bug_fixes/producer_send_after_restart/check_windows.bat
index ee6f034540209846a58a78c94ed2620efbe60ea6..b039195e0a103dc00763d16a212d545d7c804b4f 100644
--- a/tests/automatic/bug_fixes/producer_send_after_restart/check_windows.bat
+++ b/tests/automatic/bug_fixes/producer_send_after_restart/check_windows.bat
@@ -14,7 +14,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
REM producer
diff --git a/tests/automatic/consumer/consumer_api/check_linux.sh b/tests/automatic/consumer/consumer_api/check_linux.sh
index f674a67ed37f4b94c8428100c51d165cd30254fb..7e0f342a598a82b8de05a33e95ad617a981cbce8 100644
--- a/tests/automatic/consumer/consumer_api/check_linux.sh
+++ b/tests/automatic/consumer/consumer_api/check_linux.sh
@@ -3,7 +3,9 @@
beamtime_id=test_run
data_source=detector
database_name=${beamtime_id}_${data_source}
-token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+token_test_run=$BT_TEST_RUN_TOKEN
+
+
set -e
diff --git a/tests/automatic/consumer/consumer_api/check_windows.bat b/tests/automatic/consumer/consumer_api/check_windows.bat
index 4764a3852817ba8eb4f4e14030b62c6be40a6ec3..9e3be222df17dbb674d4c7312abc02fe46a584cc 100644
--- a/tests/automatic/consumer/consumer_api/check_windows.bat
+++ b/tests/automatic/consumer/consumer_api/check_windows.bat
@@ -4,7 +4,7 @@ SET data_source=detector
SET database_name=%beamtime_id%_%data_source%
SET mongo_exe="c:\Program Files\MongoDB\Server\4.2\bin\mongo.exe"
-set token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+set token_test_run=%BT_TEST_RUN_TOKEN%
call start_services.bat
diff --git a/tests/automatic/consumer/consumer_api_python/check_linux.sh b/tests/automatic/consumer/consumer_api_python/check_linux.sh
index 47396174ee2d5d7d7c5a61d60a53786fdb0dec65..fabcbdc2e737426d4d2b1843c73685498dc84660 100644
--- a/tests/automatic/consumer/consumer_api_python/check_linux.sh
+++ b/tests/automatic/consumer/consumer_api_python/check_linux.sh
@@ -4,10 +4,9 @@ beamtime_id=test_run
source_path=`pwd`/asap3/petra3/gpfs/p01/2019/data/$beamtime_id
data_source=detector
database_name=${beamtime_id}_${data_source}
-token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+token_test_run=$BT_TEST_RUN_TOKEN
set -e
-
trap Cleanup EXIT
Cleanup() {
diff --git a/tests/automatic/consumer/consumer_api_python/check_windows.bat b/tests/automatic/consumer/consumer_api_python/check_windows.bat
index 055a5efafc2ef849e7313f30436993d481ec8ae0..6f56883eb624186cf375822f27c913f558e7817e 100644
--- a/tests/automatic/consumer/consumer_api_python/check_windows.bat
+++ b/tests/automatic/consumer/consumer_api_python/check_windows.bat
@@ -8,8 +8,7 @@ SET data_source=detector
SET database_name=%beamtime_id%_%data_source%
SET mongo_exe="c:\Program Files\MongoDB\Server\4.2\bin\mongo.exe"
-set token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
-
+set token_test_run=%BT_TEST_RUN_TOKEN%
call start_services.bat
for /l %%x in (1, 1, 5) do echo db.data_default.insert({"_id":%%x,"size":6,"name":"%%x","timestamp":0,"source":"none","buf_id":0,"dataset_substream":0,"meta":{"test":10}}) | %mongo_exe% %database_name% || goto :error
diff --git a/tests/automatic/consumer/next_multithread_broker/check_linux.sh b/tests/automatic/consumer/next_multithread_broker/check_linux.sh
index 7da3c8b69223aa8d239bc56fb72f6a63488ab0e6..d507f1e9fc261b660e7a5a77cd32eff4868c7436 100644
--- a/tests/automatic/consumer/next_multithread_broker/check_linux.sh
+++ b/tests/automatic/consumer/next_multithread_broker/check_linux.sh
@@ -1,8 +1,7 @@
#!/usr/bin/env bash
database_name=test_run_detector
-token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
-
+token_test_run=$BT_TEST_RUN_TOKEN
set -e
trap Cleanup EXIT
diff --git a/tests/automatic/consumer/next_multithread_broker/check_windows.bat b/tests/automatic/consumer/next_multithread_broker/check_windows.bat
index 607adcff43d61835865d1840a4161ee9de3f47c1..d995d7cec883a1b6a71059035d6b52d094fe682e 100644
--- a/tests/automatic/consumer/next_multithread_broker/check_windows.bat
+++ b/tests/automatic/consumer/next_multithread_broker/check_windows.bat
@@ -1,6 +1,6 @@
SET database_name=test_run_detector
SET mongo_exe="c:\Program Files\MongoDB\Server\4.2\bin\mongo.exe"
-set token_test_run=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI0MjQsImp0aSI6ImMxNGVkbTNpcHQzZHQ4Y2JhczVnIiwic3ViIjoiYnRfdGVzdF9ydW4iLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.SBzrEy-d3ayhVZMSskYUMLM2LVHw3yiM32mIOcITh0g
+set token_test_run=%BT_TEST_RUN_TOKEN%
call start_services.bat
diff --git a/tests/automatic/curl_http_client/curl_http_client_command/curl_httpclient_command.cpp b/tests/automatic/curl_http_client/curl_http_client_command/curl_httpclient_command.cpp
index 114137050e729f12beb8e9a453e7e4feada69403..5d03140816ab9dc7651daf7173f31b2bbc7243c8 100644
--- a/tests/automatic/curl_http_client/curl_http_client_command/curl_httpclient_command.cpp
+++ b/tests/automatic/curl_http_client/curl_http_client_command/curl_httpclient_command.cpp
@@ -28,7 +28,7 @@ Args GetArgs(int argc, char* argv[]) {
int main(int argc, char* argv[]) {
auto args = GetArgs(argc, argv);
- auto token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzA5NDI2MDMsImp0aSI6ImMxNGVmMnJpcHQzZHQ4Y2JhczYwIiwic3ViIjoiYnRfYWFhIiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZSI6InJlYWQifX0.xvU-EaemmBhcPzmCvjPVUkCxkTjglo-072aJZjDhGBM"; //token for aaa
+ auto token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkycDFiaXB0MzBub3AwcTNlZyIsInN1YiI6ImJ0X2FhYSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGVzIjpbInJlYWQiXX19.dt3ifrG3zqQP4uM2kaoe7ydDjUdFeasOB07fVRfFApE"; //token for aaa
std::string authorize_request = "{\"Folder\":\"" + args.folder + "\",\"BeamtimeId\":\"aaa\",\"Token\":\"" + token +
"\"}";
asapo::Error err;
diff --git a/tests/automatic/file_transfer_service/rest_api/check_linux.sh b/tests/automatic/file_transfer_service/rest_api/check_linux.sh
index 4b1a7e4ffab3fa21749da112baf8016db091e542..2822d4c15ea4edff502d3816006b7c1994b0f6d0 100644
--- a/tests/automatic/file_transfer_service/rest_api/check_linux.sh
+++ b/tests/automatic/file_transfer_service/rest_api/check_linux.sh
@@ -21,8 +21,7 @@ sleep 1
mkdir -p $file_transfer_folder
- #token for aaa
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhdTFiaXB0M2FzbzNoYzJvZyIsInN1YiI6ImJ0X2FhYSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.rvtEPZhvqwG91sod6-iBPCMUXWtMQtmFsqpXNv5HvFc
+token=$BT_AAA_TOKEN
folder_token=`curl --silent --data "{\"Folder\":\"$file_transfer_folder\",\"BeamtimeId\":\"aaa\",\"Token\":\"$token\"}" 127.0.0.1:5007/folder`
echo $folder_token
diff --git a/tests/automatic/file_transfer_service/rest_api/check_windows.bat b/tests/automatic/file_transfer_service/rest_api/check_windows.bat
index 70d3d4c8d8b2929b04634e9036d2acee282b6226..2a49fecc6206a9d5cdf2eae712f2e42907673eee 100644
--- a/tests/automatic/file_transfer_service/rest_api/check_windows.bat
+++ b/tests/automatic/file_transfer_service/rest_api/check_windows.bat
@@ -9,7 +9,7 @@ c:\opt\consul\nomad run file_transfer.nmd
ping 192.0.2.1 -n 1 -w 1000 > nul
-set token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhdTFiaXB0M2FzbzNoYzJvZyIsInN1YiI6ImJ0X2FhYSIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJyZWFkIn19.rvtEPZhvqwG91sod6-iBPCMUXWtMQtmFsqpXNv5HvFc
+set token=%BT_AAA_TOKEN%
mkdir %file_transfer_folder%
diff --git a/tests/automatic/full_chain/send_recv_streams/check_linux.sh b/tests/automatic/full_chain/send_recv_streams/check_linux.sh
index 949ac36eddb18df4e421c730b179098621428cbb..49aaba84a8a519ed586a6107df83ef75d830dadb 100644
--- a/tests/automatic/full_chain/send_recv_streams/check_linux.sh
+++ b/tests/automatic/full_chain/send_recv_streams/check_linux.sh
@@ -7,7 +7,7 @@ stream_in=detector
indatabase_name=${beamtime_id}_${stream_in}
#asapo_test read token
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+token=$ASAPO_TEST_RW_TOKEN
beamline=test
diff --git a/tests/automatic/full_chain/send_recv_streams/check_windows.bat b/tests/automatic/full_chain/send_recv_streams/check_windows.bat
index c531b53797faca6e085617f5191af5e2a4b5334c..e4c54b28b3878f3cceee27f1fb41993e9747f798 100644
--- a/tests/automatic/full_chain/send_recv_streams/check_windows.bat
+++ b/tests/automatic/full_chain/send_recv_streams/check_windows.bat
@@ -4,7 +4,7 @@ SET stream_in=detector
SET indatabase_name=%beamtime_id%_%stream_in%
-SET token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+SET token=%ASAPO_TEST_RW_TOKEN%
SET beamline=test
diff --git a/tests/automatic/full_chain/send_recv_streams_python/check_linux.sh b/tests/automatic/full_chain/send_recv_streams_python/check_linux.sh
index d79f8c1b76719324b867a1bc9a1350a060d50833..490f7cd40bdf1aa801454845dcfdbd865b84fbec 100644
--- a/tests/automatic/full_chain/send_recv_streams_python/check_linux.sh
+++ b/tests/automatic/full_chain/send_recv_streams_python/check_linux.sh
@@ -5,7 +5,7 @@ beamtime_id=asapo_test
stream_in=detector
indatabase_name=${beamtime_id}_${stream_in}
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+token=$ASAPO_TEST_RW_TOKEN
beamline=test
diff --git a/tests/automatic/full_chain/send_recv_streams_python/check_windows.bat b/tests/automatic/full_chain/send_recv_streams_python/check_windows.bat
index 333ae035116f2b05cbdb8a2f5b33f3ae8ab1a735..8df8923517b5058397c4e7f8d5cdeed9fdb60679 100644
--- a/tests/automatic/full_chain/send_recv_streams_python/check_windows.bat
+++ b/tests/automatic/full_chain/send_recv_streams_python/check_windows.bat
@@ -4,7 +4,7 @@ SET stream_in=detector
SET indatabase_name=%beamtime_id%_%stream_in%
-SET token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhcDQzaXB0M2E0bmNpMDkwMCIsInN1YiI6ImJ0X2FzYXBvX3Rlc3QiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlIjoicmVhZCJ9fQ.X5Up3PBd81i4X7wUBXGkIrLEVSL-WO9kijDtzOqasgg
+SET token=%ASAPO_TEST_RW_TOKEN%
SET beamline=test
SET mongo_exe="c:\Program Files\MongoDB\Server\4.2\bin\mongo.exe"
diff --git a/tests/automatic/full_chain/simple_chain/check_linux.sh b/tests/automatic/full_chain/simple_chain/check_linux.sh
index 259b9292284c54ee979311c6ee925bc799dd4fdf..0baea68ff6ff629c0b1ab4881e1440edba4e9782 100755
--- a/tests/automatic/full_chain/simple_chain/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain/check_linux.sh
@@ -48,7 +48,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
diff --git a/tests/automatic/full_chain/simple_chain/check_windows.bat b/tests/automatic/full_chain/simple_chain/check_windows.bat
index 135a342b3042493651a40ccb4f0a61f3fe2efd10..f6a7cb7925c6b75fbf2cbb36e18a4b039731740f 100644
--- a/tests/automatic/full_chain/simple_chain/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain/check_windows.bat
@@ -11,7 +11,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
REM producer
diff --git a/tests/automatic/full_chain/simple_chain_dataset/check_linux.sh b/tests/automatic/full_chain/simple_chain_dataset/check_linux.sh
index 2250eaaa5b659bd497b61d4cc31d172f6b735873..93f9960a88f635916d0717f2ee42c27112dd4706 100644
--- a/tests/automatic/full_chain/simple_chain_dataset/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_dataset/check_linux.sh
@@ -45,7 +45,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
mkdir -p ${receiver_folder}
diff --git a/tests/automatic/full_chain/simple_chain_dataset/check_windows.bat b/tests/automatic/full_chain/simple_chain_dataset/check_windows.bat
index f3c612e3fc9cd38bec62bbde6c21149bd44c7caf..7057a8d9b3cd63f48f59cc9ac7da4e403cf35bef 100644
--- a/tests/automatic/full_chain/simple_chain_dataset/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_dataset/check_windows.bat
@@ -10,7 +10,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
REM producer
diff --git a/tests/automatic/full_chain/simple_chain_filegen/check_linux.sh b/tests/automatic/full_chain/simple_chain_filegen/check_linux.sh
index 469211b3e1afede8b45ad4cec0543657210e47bc..0bd69ff985116b9f46df3ace65571196af175243 100644
--- a/tests/automatic/full_chain/simple_chain_filegen/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_filegen/check_linux.sh
@@ -46,7 +46,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
mkdir -p ${receiver_folder}
diff --git a/tests/automatic/full_chain/simple_chain_filegen/check_windows.bat b/tests/automatic/full_chain/simple_chain_filegen/check_windows.bat
index 0687ae3aed8a9b186c5328c8444fb20abe464e25..dbbfd65225dc280002466170429ddffa097fa187 100644
--- a/tests/automatic/full_chain/simple_chain_filegen/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_filegen/check_windows.bat
@@ -14,7 +14,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/simple_chain_filegen_batches/check_linux.sh b/tests/automatic/full_chain/simple_chain_filegen_batches/check_linux.sh
index 2a12c2a84164ae90a0efa775e20ac544d427d665..553a3b90c33b12c4cbaf3e3d6750596b4f5e8db3 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_batches/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_filegen_batches/check_linux.sh
@@ -49,7 +49,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
mkdir /tmp/asapo/test_in/processed/test1
diff --git a/tests/automatic/full_chain/simple_chain_filegen_batches/check_windows.bat b/tests/automatic/full_chain/simple_chain_filegen_batches/check_windows.bat
index 09406417657667e09877d10d605a81ddfb11a0a6..bc1a1402ae6b96aa54776e20c1bea2cc082cae48 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_batches/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_filegen_batches/check_windows.bat
@@ -14,7 +14,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/simple_chain_filegen_multisource/check_linux.sh b/tests/automatic/full_chain/simple_chain_filegen_multisource/check_linux.sh
index e7579449e6f28984275aa8c23190c7ca741dd0e9..9619e32b3ceb6c42a966fc7a501fa623f1b6b576 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_multisource/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_filegen_multisource/check_linux.sh
@@ -47,7 +47,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
mkdir -p /tmp/asapo/test_in1/processed
mkdir -p /tmp/asapo/test_in2/processed
diff --git a/tests/automatic/full_chain/simple_chain_filegen_multisource/check_windows.bat b/tests/automatic/full_chain/simple_chain_filegen_multisource/check_windows.bat
index 6e346be0bf570842df1d13a1bc16eea2ebb34a3d..ef7d8294e3e380550237571139a0b7910cb729dd 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_multisource/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_filegen_multisource/check_windows.bat
@@ -14,7 +14,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_linux.sh b/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_linux.sh
index cc1ffe2ca2ed3c4694901fc96aae377817c0dff5..0e12523a64c39ebd2f6f34be348d791804f4b395 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_linux.sh
@@ -49,7 +49,7 @@ nomad run broker.nmd
sleep 1
-token=`$3 token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$3 token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
mkdir -p ${receiver_folder}
diff --git a/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_windows.bat b/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_windows.bat
index f9356e4a67e49a5d86dbaebd4279cfc63d8da20c..dfde693b8fbd64470c3d8bc5cbd3b6e750548775 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_filegen_readdata_cache/check_windows.bat
@@ -14,7 +14,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_linux.sh b/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_linux.sh
index b59287d9a9ba501ef6f6758918726b1da74baf8c..748986058523fcfb329688bf4c3eda99234a61d0 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_linux.sh
@@ -49,7 +49,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
diff --git a/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_windows.bat b/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_windows.bat
index c0b68bef17b4d5f103195e7d2c5ac2d394826a08..63a5f3521d5485552aeae57a6efbefe39b8a976b 100644
--- a/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_filegen_readdata_file/check_windows.bat
@@ -14,7 +14,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/simple_chain_metadata/check_linux.sh b/tests/automatic/full_chain/simple_chain_metadata/check_linux.sh
index b5fb650d915f9296d96d7442b3698698d5193af9..70fc2dfe2b509b1e783076f89c2cf9403d295766 100644
--- a/tests/automatic/full_chain/simple_chain_metadata/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_metadata/check_linux.sh
@@ -44,7 +44,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
diff --git a/tests/automatic/full_chain/simple_chain_metadata/check_windows.bat b/tests/automatic/full_chain/simple_chain_metadata/check_windows.bat
index 38bc1fa6b3f4eb37ca3fec874a7e9397b6756372..f5121e9f4e478607434b2810c238b83fc1f25523 100644
--- a/tests/automatic/full_chain/simple_chain_metadata/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_metadata/check_windows.bat
@@ -10,7 +10,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
REM producer
diff --git a/tests/automatic/full_chain/simple_chain_raw/check_linux.sh b/tests/automatic/full_chain/simple_chain_raw/check_linux.sh
index 3c1d99888df58ab46e2d323c32d50f94648ef7fb..176da746d3e600097f498ed8084b5a1bdc4e8bc8 100644
--- a/tests/automatic/full_chain/simple_chain_raw/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_raw/check_linux.sh
@@ -39,7 +39,7 @@ nomad run broker.nmd
sleep 1
-token=`$3 token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$3 token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
#producer
$1 localhost:8400 ${beamtime_id} 100 10 4 100 100
diff --git a/tests/automatic/full_chain/simple_chain_raw/check_windows.bat b/tests/automatic/full_chain/simple_chain_raw/check_windows.bat
index cabbe08cae7dba38d89d1bbc2dd4fcc3f58147f4..c60ca7696ac0ddd01837f8cbf94d9c468e50a83a 100644
--- a/tests/automatic/full_chain/simple_chain_raw/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_raw/check_windows.bat
@@ -10,7 +10,7 @@ set proxy_address="127.0.0.1:8400"
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/simple_chain_usermeta_python/check_linux.sh b/tests/automatic/full_chain/simple_chain_usermeta_python/check_linux.sh
index bca082f65443818ec8728adef6ade493f2946fef..129b8298c423c022e4c5887a7ff8119a98b02474 100644
--- a/tests/automatic/full_chain/simple_chain_usermeta_python/check_linux.sh
+++ b/tests/automatic/full_chain/simple_chain_usermeta_python/check_linux.sh
@@ -43,7 +43,7 @@ nomad run broker.nmd
sleep 2
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producer"
diff --git a/tests/automatic/full_chain/simple_chain_usermeta_python/check_windows.bat b/tests/automatic/full_chain/simple_chain_usermeta_python/check_windows.bat
index 14a0d6e3952da2046d7d02cd10f442d22f495bd9..86d039d555c236bba13be0f03fe65d8925b87007 100644
--- a/tests/automatic/full_chain/simple_chain_usermeta_python/check_windows.bat
+++ b/tests/automatic/full_chain/simple_chain_usermeta_python/check_windows.bat
@@ -10,7 +10,7 @@ echo db.%beamtime_id%_detector.insert({dummy:1}) | %mongo_exe% %beamtime_id%_det
call start_services.bat
-"%2" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%2" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
diff --git a/tests/automatic/full_chain/two_beamlines/check_linux.sh b/tests/automatic/full_chain/two_beamlines/check_linux.sh
index 302b8380567d4bf62924b405a960d2542e83b9c8..f43ddad7bb44e55d68bae73b56c271f082c1aabb 100644
--- a/tests/automatic/full_chain/two_beamlines/check_linux.sh
+++ b/tests/automatic/full_chain/two_beamlines/check_linux.sh
@@ -54,8 +54,8 @@ nomad run broker.nmd
sleep 3
-token1=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id1`
-token2=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id2`
+token1=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id1`
+token2=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id2`
echo "Start producers"
mkdir -p ${receiver_folder1}
diff --git a/tests/automatic/full_chain/two_beamlines/check_windows.bat b/tests/automatic/full_chain/two_beamlines/check_windows.bat
index 9504f9d3a6bdee23c73c0e98adf220685c1111d3..1d7390636b4c7a0aefd9a916c3f76cc519a0e5fe 100644
--- a/tests/automatic/full_chain/two_beamlines/check_windows.bat
+++ b/tests/automatic/full_chain/two_beamlines/check_windows.bat
@@ -20,9 +20,9 @@ echo db.%beamtime_id2%_%data_source%.insert({dummy:1}) | %mongo_exe% %beamtime_i
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id1% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id1% > token
set /P token1=< token
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id2% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id2% > token
set /P token2=< token
diff --git a/tests/automatic/full_chain/two_streams/check_linux.sh b/tests/automatic/full_chain/two_streams/check_linux.sh
index cdf4e592109b12da9a248ec3d93a2afe4b99d06e..835de3037b542248963514aaf3cba5db493d8d34 100644
--- a/tests/automatic/full_chain/two_streams/check_linux.sh
+++ b/tests/automatic/full_chain/two_streams/check_linux.sh
@@ -48,7 +48,7 @@ nomad run broker.nmd
sleep 3
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "Start producers"
mkdir -p ${receiver_folder}
diff --git a/tests/automatic/full_chain/two_streams/check_windows.bat b/tests/automatic/full_chain/two_streams/check_windows.bat
index 67812b3ce876ae520f89c5a6c603e84c22ef598b..5e3b68c2c92e7b6baa3920540be8eb77266553e8 100644
--- a/tests/automatic/full_chain/two_streams/check_windows.bat
+++ b/tests/automatic/full_chain/two_streams/check_windows.bat
@@ -15,7 +15,7 @@ echo db.%beamtime_id%_%stream2%.insert({dummy:1}) | %mongo_exe% %beamtime_id%_%s
call start_services.bat
-"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -type read %beamtime_id% > token
+"%3" token -endpoint http://127.0.0.1:8400/asapo-authorizer -secret admin_token.key -types read %beamtime_id% > token
set /P token=< token
REM producer
diff --git a/tests/automatic/high_avail/broker_mongo_restart/check_linux.sh b/tests/automatic/high_avail/broker_mongo_restart/check_linux.sh
index c8fe078ca268437a69e4354e3f9f4c88f6a28650..89a8247cb4cbdf3e36e9c572f893b69b05f33ad0 100755
--- a/tests/automatic/high_avail/broker_mongo_restart/check_linux.sh
+++ b/tests/automatic/high_avail/broker_mongo_restart/check_linux.sh
@@ -80,7 +80,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "db.${beamtime_id}_detector.insert({dummy:1})" | mongo --port 27016 ${beamtime_id}_detector
diff --git a/tests/automatic/high_avail/services_restart/check_linux.sh b/tests/automatic/high_avail/services_restart/check_linux.sh
index d01713f908460e8f9ae2dd6c71153a717fa3c3cd..a9e011210b329a56a3174bbfa42bfb82b26446a9 100644
--- a/tests/automatic/high_avail/services_restart/check_linux.sh
+++ b/tests/automatic/high_avail/services_restart/check_linux.sh
@@ -44,7 +44,7 @@ nomad run broker.nmd
sleep 1
-token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -type read $beamtime_id`
+token=`$asapo_tool_bin token -endpoint http://localhost:8400/asapo-authorizer -secret admin_token.key -types read $beamtime_id`
echo "db.${beamtime_id}_detector.insert({dummy:1})" | mongo ${beamtime_id}_detector
diff --git a/tests/automatic/producer/aai/check_linux.sh b/tests/automatic/producer/aai/check_linux.sh
index db89820bd85cdad1c9ebf8d1414c8f34de9c5f51..d5aeba38c60264f46a24053b42c9976280b9fd98 100644
--- a/tests/automatic/producer/aai/check_linux.sh
+++ b/tests/automatic/producer/aai/check_linux.sh
@@ -13,7 +13,7 @@ facility=test_facility
year=2019
receiver_folder=${receiver_root_folder}/${facility}/gpfs/${beamline}/${year}/data/${beamtime_id}
receiver_folder2=${receiver_root_folder}/${facility}/gpfs/${beamline}/${year}/data/${beamtime_id2}
-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhbHRyaXB0MzltZTRqcXB0ZyIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJ3cml0ZSJ9fQ._yy0E42cOGMv81GDj3WKZJlF8mBmjKtHNDPnN5NTxvk # write token for bl_p07
+token=$BLP07_W_TOKEN
Cleanup() {
echo cleanup
diff --git a/tests/automatic/producer/aai/check_windows.bat b/tests/automatic/producer/aai/check_windows.bat
index 3b07ae5774d32f4319717a690e1304774f9d0233..fa0c3b90200640a4b293687a05da34cb7c47639f 100644
--- a/tests/automatic/producer/aai/check_windows.bat
+++ b/tests/automatic/producer/aai/check_windows.bat
@@ -8,7 +8,7 @@ SET receiver_folder="%receiver_root_folder%\test_facility\gpfs\%beamline%\2019\d
SET receiver_folder2="%receiver_root_folder%\test_facility\gpfs\%beamline%\2019\data\%beamtime_id2%"
SET dbname=%beamtime_id%_%data_source%
SET dbname2=%beamtime_id2%_%data_source%
-SET token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRhbHRyaXB0MzltZTRqcXB0ZyIsInN1YiI6ImJsX3AwNyIsIkV4dHJhQ2xhaW1zIjp7IkFjY2Vzc1R5cGUiOiJ3cml0ZSJ9fQ._yy0E42cOGMv81GDj3WKZJlF8mBmjKtHNDPnN5NTxvk
+SET token=%BLP07_W_TOKEN%
echo db.%dbname%.insert({dummy:1})" | %mongo_exe% %dbname%
diff --git a/tests/automatic/settings/admin_token.key b/tests/automatic/settings/admin_token.key
index cdbaeda52ec8c038c904b32076ca41cd51d6ba22..eaffcbbc648302e631187cfd1b4c9eeed73c457a 100644
--- a/tests/automatic/settings/admin_token.key
+++ b/tests/automatic/settings/admin_token.key
@@ -1 +1 @@
-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTRjNm5iaXB0M2JubW1ycjRmMCIsInN1YiI6ImFkbWluIiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZSI6ImNyZWF0ZSJ9fQ.VMSX2Bnb-BRYWoe4T5AmMFn_vBZs69iKG1YOl0kQycI
\ No newline at end of file
+eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTkyc29qaXB0MzB1dGQ3bDdhZyIsInN1YiI6ImFkbWluIiwiRXh0cmFDbGFpbXMiOnsiQWNjZXNzVHlwZXMiOlsiY3JlYXRlIl19fQ.gVEFtqaAcP9HSzttWX2GrNBaM52np5k8k-7BqDAJ3xw
\ No newline at end of file