|
12 | 12 | from py_hamt import HAMT, IPFSStore, create_zarr_encryption_transformers |
13 | 13 |
|
14 | 14 |
|
15 | | -@pytest.fixture |
| 15 | +@pytest.fixture(scope="module") |
16 | 16 | def random_zarr_dataset(): |
17 | 17 | """Creates a random xarray Dataset and saves it to a temporary zarr store. |
18 | 18 |
|
@@ -139,105 +139,41 @@ def test_encryption(random_zarr_dataset: tuple[str, xr.Dataset]): |
139 | 139 | ds.precip.sum() |
140 | 140 |
|
141 | 141 |
|
| 142 | +# This test assumes the other IPFSStore zarr ipfs tests are working fine, so if other things are breaking check those first |
142 | 143 | def test_authenticated_gateway(random_zarr_dataset: tuple[str, xr.Dataset]): |
143 | | - zarr_path, expected_ds = random_zarr_dataset |
144 | | - test_ds = xr.open_zarr(zarr_path) |
145 | | - |
146 | | - with pytest.raises(ValueError, match="Encryption key is not 32 bytes"): |
147 | | - create_zarr_encryption_transformers(bytes(), bytes()) |
148 | | - |
149 | | - encryption_key = bytes(32) |
150 | | - # Encrypt only precipitation, not temperature |
151 | | - encrypt, decrypt = create_zarr_encryption_transformers( |
152 | | - encryption_key, header="sample-header".encode(), exclude_vars=["temp"] |
153 | | - ) |
| 144 | + zarr_path, test_ds = random_zarr_dataset |
| 145 | + |
| 146 | + def write_and_check(store: IPFSStore) -> bool: |
| 147 | + store.rpc_uri_stem = "http://127.0.0.1:5002" # 5002 is the port configured in the run-checks.yaml actions file for nginx to serve the proxy on |
| 148 | + hamt = HAMT(store=store) |
| 149 | + test_ds.to_zarr(store=hamt, mode="w") |
| 150 | + loaded_ds = xr.open_zarr(store=hamt) |
| 151 | + try: |
| 152 | + xr.testing.assert_identical(test_ds, loaded_ds) |
| 153 | + return True |
| 154 | + except AssertionError as _: |
| 155 | + return False |
154 | 156 |
|
155 | 157 | # Test with API Key |
156 | | - hamt = HAMT( |
157 | | - store=IPFSStore( |
158 | | - # Reverse proxy on port 5002 |
159 | | - rpc_uri_stem="http://127.0.0.1:5002", |
160 | | - api_key="test", |
161 | | - ), |
162 | | - transformer_encode=encrypt, |
163 | | - transformer_decode=decrypt, |
164 | | - ) |
165 | | - test_ds.to_zarr(store=hamt, mode="w") |
166 | | - |
167 | | - hamt.make_read_only() |
168 | | - loaded_ds = xr.open_zarr(store=hamt) |
169 | | - xr.testing.assert_identical(loaded_ds, expected_ds) |
| 158 | + api_key_store = IPFSStore(api_key="test") |
| 159 | + assert write_and_check(api_key_store) |
170 | 160 |
|
171 | | - # Test with wrong API Key |
172 | | - with pytest.raises(Exception): |
173 | | - hamt = HAMT( |
174 | | - store=IPFSStore( |
175 | | - rpc_uri_stem="http://127.0.0.1:5002", |
176 | | - api_key="badKey", |
177 | | - ), |
178 | | - transformer_encode=encrypt, |
179 | | - transformer_decode=decrypt, |
180 | | - ) |
| 161 | + # Test that wrong API Key fails |
| 162 | + bad_api_key_store = IPFSStore(api_key="badKey") |
| 163 | + assert not write_and_check(bad_api_key_store) |
181 | 164 |
|
182 | | - # Test with just bearer_token key |
183 | | - hamt = HAMT( |
184 | | - store=IPFSStore( |
185 | | - bearer_token="test", |
186 | | - rpc_uri_stem="http://127.0.0.1:5002", |
187 | | - ), |
188 | | - transformer_encode=encrypt, |
189 | | - transformer_decode=decrypt, |
190 | | - ) |
191 | | - test_ds.to_zarr(store=hamt, mode="w") |
192 | | - |
193 | | - hamt.make_read_only() |
194 | | - loaded_ds = xr.open_zarr(store=hamt) |
195 | | - xr.testing.assert_identical(loaded_ds, expected_ds) |
| 165 | + # Test just bearer token |
| 166 | + bearer_ipfs_store = IPFSStore(bearer_token="test") |
| 167 | + assert write_and_check(bearer_ipfs_store) |
196 | 168 |
|
197 | 169 | # Test with wrong bearer |
198 | | - with pytest.raises(Exception): |
199 | | - hamt = HAMT( |
200 | | - store=IPFSStore( |
201 | | - bearer_token="wrongBearer", |
202 | | - rpc_uri_stem="http://127.0.0.1:5002", |
203 | | - ), |
204 | | - transformer_encode=encrypt, |
205 | | - transformer_decode=decrypt, |
206 | | - ) |
| 170 | + bad_bearer_store = IPFSStore(bearer_token="wrongBearer") |
| 171 | + assert not write_and_check(bad_bearer_store) |
207 | 172 |
|
208 | 173 | # Test with just basic auth |
209 | | - hamt = HAMT( |
210 | | - store=IPFSStore( |
211 | | - basic_auth=("test", "test"), |
212 | | - rpc_uri_stem="http://127.0.0.1:5002", |
213 | | - ), |
214 | | - transformer_encode=encrypt, |
215 | | - transformer_decode=decrypt, |
216 | | - ) |
217 | | - test_ds.to_zarr(store=hamt, mode="w") |
218 | | - |
219 | | - hamt.make_read_only() |
220 | | - loaded_ds = xr.open_zarr(store=hamt) |
221 | | - xr.testing.assert_identical(loaded_ds, expected_ds) |
| 174 | + basic_auth_store = IPFSStore(basic_auth=("test", "test")) |
| 175 | + assert write_and_check(basic_auth_store) |
222 | 176 |
|
223 | 177 | # Test with wrong basic auth |
224 | | - with pytest.raises(Exception): |
225 | | - hamt = HAMT( |
226 | | - store=IPFSStore( |
227 | | - basic_auth=("wrong", "wrong"), |
228 | | - rpc_uri_stem="http://127.0.0.1:5002", |
229 | | - ), |
230 | | - transformer_encode=encrypt, |
231 | | - transformer_decode=decrypt, |
232 | | - ) |
233 | | - |
234 | | - # Now trying to load without a decryptor, xarray should be able to read the metadata and still perform operations on the unencrypted variable |
235 | | - print("Attempting to read and print metadata of partially encrypted zarr") |
236 | | - ds = xr.open_zarr( |
237 | | - store=HAMT(store=IPFSStore(), root_node_id=hamt.root_node_id, read_only=True) |
238 | | - ) |
239 | | - print(ds) |
240 | | - assert ds.temp.sum() == expected_ds.temp.sum() |
241 | | - # We should be unable to read precipitation values which are still encrypted |
242 | | - with pytest.raises(Exception): |
243 | | - ds.precip.sum() |
| 178 | + bad_basic_auth_store = IPFSStore(basic_auth=("wrong", "wrong")) |
| 179 | + assert not write_and_check(bad_basic_auth_store) |
0 commit comments