Merge branch 'pr/public-read-auth-write.SOFTWARE-5727' into wip/itb-p…

…ublic-read-auth-write

* pr/public-read-auth-write.SOFTWARE-5727:
  Add namespaces json correctness test for public read/auth write
  Fix test issuer section name in test_scitokens_issuer_public_read_auth_write()
  Add tests for public read/auth write (i.e. scitokens.conf being generated for a namespace with PUBLIC authorization)

src/tests/data/testvo.yaml

@@ -45,13 +45,18 @@ DataFederations:
       - Path: /testvo/PUBLIC
         Authorizations:
           - PUBLIC
+          - SciTokens:
+              Issuer: https://test.wisc.edu
+              Base Path: /testvo
+              Map Subject: False
         AllowedOrigins:
           # sc-origin.test.wisc.edu
           - TEST_STASHCACHE_ORIGIN
           # sc-origin2000.test.wisc.edu
           - TEST_STASHCACHE_ORIGIN_2000
         AllowedCaches:
           - ANY
+        Writeback: "https://sc-origin.test.wisc.edu:1095"
 
       - Path: /testvo/itb/helm-origin/PUBLIC
         Authorizations:

src/tests/test_stashcache.py

@@ -25,8 +25,9 @@
 EMPTY_LINE_REGEX = re.compile(r'^\s*(#|$)')  # Empty or comment-only lines
 I2_TEST_CACHE = "osg-sunnyvale-stashcache.nrp.internet2.edu"
 # ^^ one of the Internet2 caches; these serve both public and LIGO data
+# fake origins in our test data:
 TEST_ITB_HELM_ORIGIN = "helm-origin.osgdev.test.io"
-# ^^ a fake origin that's in our test data
+TEST_SC_ORIGIN = "sc-origin.test.wisc.edu"
 
 
 # Some DNs I can use for testing and the hashes they map to.
@@ -127,6 +128,44 @@ def test_scitokens_issuer_sections(self, client: flask.Flask):
             print(f"Generated origin scitokens.conf text:\n{origin_scitokens_conf}\n", file=sys.stderr)
             raise
 
+    def test_scitokens_issuer_public_read_auth_write_namespaces_info(self, client: flask.Flask):
+        test_global_data = get_test_global_data(global_data)
+
+        namespaces_json = stashcache.get_namespaces_info(test_global_data)
+        namespaces = namespaces_json["namespaces"]
+        testvo_PUBLIC_namespace_list = [
+            ns for ns in namespaces if ns.get("path") == "/testvo/PUBLIC"
+        ]
+        assert testvo_PUBLIC_namespace_list, "/testvo/PUBLIC namespace not found"
+        ns = testvo_PUBLIC_namespace_list[0]
+        assert ns["usetokenonread"] is False, \
+            "usetokenonread is wrong for public namespace"
+        assert ns["readhttps"] is False, \
+            "readhttps is wrong for public namespace"
+        assert ns["writebackhost"] == f"https://{TEST_SC_ORIGIN}:1095", \
+            "writebackhost is wrong for namespace with auth write"
+
+    def test_scitokens_issuer_public_read_auth_write_scitokens_conf(self, client: flask.Flask):
+        test_global_data = get_test_global_data(global_data)
+
+        origin_scitokens_conf = stashcache.generate_origin_scitokens(
+            test_global_data, TEST_SC_ORIGIN)
+        assert origin_scitokens_conf.strip(), "Generated scitokens.conf empty"
+
+        cp = ConfigParser()
+        cp.read_string(origin_scitokens_conf, "origin_scitokens.conf")
+        try:
+            assert "Global" in cp, "Missing Global section"
+            assert "Issuer https://test.wisc.edu" in cp, \
+                "Expected issuer missing"
+            assert "base_path" in cp["Issuer https://test.wisc.edu"], \
+                "'Issuer https://test.wisc.edu' section missing expected attribute"
+            assert cp["Issuer https://test.wisc.edu"]["base_path"] == "/testvo", \
+                "'Issuer https://test.wisc.edu' section has wrong base path"
+        except AssertionError:
+            print(f"Generated origin scitokens.conf text:\n{origin_scitokens_conf}\n", file=sys.stderr)
+            raise
+
     def test_None_fdqn_isnt_error(self, client: flask.Flask):
         stashcache.generate_cache_authfile(global_data, None)