From d38f01bea414c9d376a37ea53c891d094817dd0a Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Wed, 15 Apr 2026 14:53:28 +0100 Subject: [PATCH 1/8] change to `0.2.10-b2` --- tests/system_tests/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/system_tests/compose.yaml b/tests/system_tests/compose.yaml index b3dfdeadfc..dbac0b264b 100644 --- a/tests/system_tests/compose.yaml +++ b/tests/system_tests/compose.yaml @@ -40,7 +40,7 @@ services: start_period: 30s tiled: - image: ghcr.io/bluesky/tiled:0.2.4 + image: ghcr.io/bluesky/tiled:0.2.10-b2 network_mode: host environment: - PYTHONPATH=/deploy/ From 90fd5fd1a3cf1529e6bb0a9c15b8f08736c0a7b5 Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Wed, 15 Apr 2026 14:54:19 +0100 Subject: [PATCH 2/8] Change to latest changes --- tests/system_tests/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/system_tests/compose.yaml b/tests/system_tests/compose.yaml index dbac0b264b..a7cdb42c7b 100644 --- a/tests/system_tests/compose.yaml +++ b/tests/system_tests/compose.yaml @@ -40,7 +40,7 @@ services: start_period: 30s tiled: - image: ghcr.io/bluesky/tiled:0.2.10-b2 + image: ghcr.io/zohebshaikh/test-tiled-proxided:latest network_mode: host environment: - PYTHONPATH=/deploy/ From 72e9810057dcfadd8caea2ca005df2095914dae9 Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Tue, 12 May 2026 08:05:43 +0100 Subject: [PATCH 3/8] change to '0.2.10-b6' --- tests/system_tests/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/system_tests/compose.yaml b/tests/system_tests/compose.yaml index a7cdb42c7b..aa1e0552fd 100644 --- a/tests/system_tests/compose.yaml +++ b/tests/system_tests/compose.yaml @@ -40,7 +40,7 @@ services: start_period: 30s tiled: - image: ghcr.io/zohebshaikh/test-tiled-proxided:latest + image: ghcr.io/bluesky/tiled:0.2.10-b6 network_mode: host environment: - PYTHONPATH=/deploy/ From 2a8b25322c5c338c5b7195108f7df5a2e1f3fc7f Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Thu, 14 May 2026 09:21:26 +0100 Subject: [PATCH 4/8] Change tiled version for testing --- tests/system_tests/compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/system_tests/compose.yaml b/tests/system_tests/compose.yaml index aa1e0552fd..60a0050225 100644 --- a/tests/system_tests/compose.yaml +++ b/tests/system_tests/compose.yaml @@ -6,7 +6,7 @@ services: image: ghcr.io/diamondlightsource/numtracker:1.0.2 ports: - "8406:8000" - + rabbitmq: image: docker.io/rabbitmq:4.0-management ports: @@ -40,7 +40,7 @@ services: start_period: 30s tiled: - image: ghcr.io/bluesky/tiled:0.2.10-b6 + image: ghcr.io/bluesky/tiled:0.2.7 network_mode: host environment: - PYTHONPATH=/deploy/ From 903a9bd568a855fc3e0f6762d968644e4cb7410c Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Fri, 15 May 2026 13:21:24 +0100 Subject: [PATCH 5/8] test dan`s code --- tests/system_tests/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/system_tests/compose.yaml b/tests/system_tests/compose.yaml index 4f2a004150..61025a9e87 100644 --- a/tests/system_tests/compose.yaml +++ b/tests/system_tests/compose.yaml @@ -46,7 +46,7 @@ services: - label=disable tiled: - image: ghcr.io/bluesky/tiled:0.2.7 + image: ghcr.io/zohebshaikh/test-tiled-proxided:10.0.1 network_mode: host environment: - PYTHONPATH=/deploy/ From 029267ad2bdef4c0c0910382a34dfbf8372c713c Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Fri, 15 May 2026 14:49:47 +0100 Subject: [PATCH 6/8] Update dls.py --- pyproject.toml | 2 +- .../system_tests/services/tiled_config/dls.py | 31 ++----------------- 2 files changed, 3 insertions(+), 30 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 659779994a..d4adbebd3c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -101,7 +101,7 @@ filterwarnings = ["error", "ignore::DeprecationWarning"] # Doctest python code in docs, python code in src docstrings, test functions in tests testpaths = "docs src tests" asyncio_mode = "auto" -timeout = 3 +timeout = 2000 [tool.coverage.run] patch = ["subprocess"] diff --git a/tests/system_tests/services/tiled_config/dls.py b/tests/system_tests/services/tiled_config/dls.py index 5ab3580d40..511107a937 100644 --- a/tests/system_tests/services/tiled_config/dls.py +++ b/tests/system_tests/services/tiled_config/dls.py @@ -1,11 +1,7 @@ import json import logging -from fastapi import HTTPException from pydantic import BaseModel, HttpUrl, TypeAdapter -from starlette.status import ( - HTTP_401_UNAUTHORIZED, -) from tiled.access_control.access_policies import ( ALL_ACCESS, NO_ACCESS, @@ -14,7 +10,7 @@ ) from tiled.adapters.protocols import BaseAdapter from tiled.queries import AccessBlobFilter -from tiled.server.schemas import Principal, PrincipalType +from tiled.server.schemas import Principal from tiled.type_aliases import AccessBlob, AccessTags, Filters, Scopes logger = logging.getLogger(__name__) @@ -26,22 +22,6 @@ class DiamondAccessBlob(BaseModel): beamline: str -def _check_principal(principal: Principal | None): - if not isinstance(principal, Principal): - raise HTTPException( - status_code=HTTP_401_UNAUTHORIZED, - detail="Principal is None", - headers={"WWW-Authenticate": "Bearer"}, - ) - if principal.type != PrincipalType.external: - raise HTTPException( - status_code=HTTP_401_UNAUTHORIZED, - detail=f"Principal of type {PrincipalType.external}" - f" required but given {principal.type}", - headers={"WWW-Authenticate": "Bearer"}, - ) - - class DiamondOpenPolicyAgentAuthorizationPolicy(ExternalPolicyDecisionPoint): def __init__( self, @@ -74,7 +54,6 @@ async def init_node( authn_scopes: Scopes, access_blob: AccessBlob | None = None, ) -> tuple[bool, AccessBlob | None]: - _check_principal(principal) if access_blob is None and self._empty_access_blob_public is not None: return self._empty_access_blob_public, access_blob decision = await self._get_external_decision( @@ -94,7 +73,6 @@ async def modify_node( authn_scopes: Scopes, access_blob: AccessBlob | None, ) -> tuple[bool, AccessBlob | None]: - _check_principal(principal) if access_blob == node.access_blob: # type: ignore logger.info( "Node access_blob not modified;" @@ -119,11 +97,7 @@ def build_input( ) -> str: _input: dict[str, str | int] = {"audience": self._token_audience} - if ( - isinstance(principal, Principal) - and principal.type is PrincipalType.external - and principal.access_token is not None - ): + if isinstance(principal, Principal) and principal.access_token is not None: _input["token"] = principal.access_token.get_secret_value() if ( @@ -147,7 +121,6 @@ async def filters( authn_scopes: Scopes, scopes: Scopes, ) -> Filters: - _check_principal(principal) tags = await self._get_external_decision( self._user_tags, self.build_input(principal, authn_access_tags, authn_scopes), From fdcf7d6ed94f6eaa6f1a8f0cec50ce78721ddd30 Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Fri, 15 May 2026 15:03:51 +0100 Subject: [PATCH 7/8] Update authZ policy --- .../system_tests/services/tiled_config/dls.py | 31 +++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/tests/system_tests/services/tiled_config/dls.py b/tests/system_tests/services/tiled_config/dls.py index 511107a937..875b559d5a 100644 --- a/tests/system_tests/services/tiled_config/dls.py +++ b/tests/system_tests/services/tiled_config/dls.py @@ -1,7 +1,11 @@ import json import logging +from fastapi import HTTPException from pydantic import BaseModel, HttpUrl, TypeAdapter +from starlette.status import ( + HTTP_401_UNAUTHORIZED, +) from tiled.access_control.access_policies import ( ALL_ACCESS, NO_ACCESS, @@ -10,7 +14,7 @@ ) from tiled.adapters.protocols import BaseAdapter from tiled.queries import AccessBlobFilter -from tiled.server.schemas import Principal +from tiled.server.schemas import Principal, PrincipalType from tiled.type_aliases import AccessBlob, AccessTags, Filters, Scopes logger = logging.getLogger(__name__) @@ -22,6 +26,22 @@ class DiamondAccessBlob(BaseModel): beamline: str +def _check_principal(principal: Principal | None): + if not isinstance(principal, Principal): + raise HTTPException( + status_code=HTTP_401_UNAUTHORIZED, + detail="Principal is None", + headers={"WWW-Authenticate": "Bearer"}, + ) + if principal.type != PrincipalType.user: + raise HTTPException( + status_code=HTTP_401_UNAUTHORIZED, + detail=f"Principal of type {PrincipalType.user}" + f" required but given {principal.type}", + headers={"WWW-Authenticate": "Bearer"}, + ) + + class DiamondOpenPolicyAgentAuthorizationPolicy(ExternalPolicyDecisionPoint): def __init__( self, @@ -54,6 +74,7 @@ async def init_node( authn_scopes: Scopes, access_blob: AccessBlob | None = None, ) -> tuple[bool, AccessBlob | None]: + _check_principal(principal) if access_blob is None and self._empty_access_blob_public is not None: return self._empty_access_blob_public, access_blob decision = await self._get_external_decision( @@ -73,6 +94,7 @@ async def modify_node( authn_scopes: Scopes, access_blob: AccessBlob | None, ) -> tuple[bool, AccessBlob | None]: + _check_principal(principal) if access_blob == node.access_blob: # type: ignore logger.info( "Node access_blob not modified;" @@ -97,7 +119,11 @@ def build_input( ) -> str: _input: dict[str, str | int] = {"audience": self._token_audience} - if isinstance(principal, Principal) and principal.access_token is not None: + if ( + isinstance(principal, Principal) + and principal.type is PrincipalType.user + and principal.access_token is not None + ): _input["token"] = principal.access_token.get_secret_value() if ( @@ -121,6 +147,7 @@ async def filters( authn_scopes: Scopes, scopes: Scopes, ) -> Filters: + _check_principal(principal) tags = await self._get_external_decision( self._user_tags, self.build_input(principal, authn_access_tags, authn_scopes), From 901bbf6a7fd2353a8c0d41a8c8e21da0e57f95cf Mon Sep 17 00:00:00 2001 From: Zoheb Shaikh <26975142+ZohebShaikh@users.noreply.github.com> Date: Fri, 15 May 2026 15:04:13 +0100 Subject: [PATCH 8/8] remove timeout --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d4adbebd3c..659779994a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -101,7 +101,7 @@ filterwarnings = ["error", "ignore::DeprecationWarning"] # Doctest python code in docs, python code in src docstrings, test functions in tests testpaths = "docs src tests" asyncio_mode = "auto" -timeout = 2000 +timeout = 3 [tool.coverage.run] patch = ["subprocess"]