fix persistent_crossacc shares tests

tests_new/integration_tests/modules/shares/s3_datasets_shares/conftest.py

@@ -194,11 +194,11 @@ def principal1(request, group5, session_consumption_role_1):
 
 
 @pytest.fixture(params=['Group', 'ConsumptionRole'])
-def share_params_main(request, session_share_1, session_share_consrole_1, session_s3_dataset1):
+def share_params_main(request, session_share_1, session_cross_acc_env_1, session_share_consrole_1, session_s3_dataset1):
     if request.param == 'Group':
-        yield session_share_1, session_s3_dataset1
+        yield session_share_1, session_s3_dataset1, session_cross_acc_env_1
     else:
-        yield session_share_consrole_1, session_s3_dataset1
+        yield session_share_consrole_1, session_s3_dataset1, session_cross_acc_env_1
 
 
 @pytest.fixture(params=[(False, 'Group'), (True, 'Group'), (False, 'ConsumptionRole'), (True, 'ConsumptionRole')])
@@ -315,8 +315,10 @@ def persistent_role_share_1(
 
 
 @pytest.fixture(params=['Group', 'ConsumptionRole'])
-def persistent_share_params_main(request, persistent_role_share_1, persistent_group_share_1):
+def persistent_share_params_main(
+    request, persistent_cross_acc_env_1, persistent_role_share_1, persistent_group_share_1
+):
     if request.param == 'Group':
-        yield persistent_group_share_1
+        yield persistent_group_share_1, persistent_cross_acc_env_1
     else:
-        yield persistent_role_share_1
+        yield persistent_role_share_1, persistent_cross_acc_env_1

tests_new/integration_tests/modules/shares/s3_datasets_shares/shared_test_functions.py

@@ -124,27 +124,28 @@ def check_bucket_access(client, s3_client, bucket_name, should_have_access):
 
 
 def check_accesspoint_access(client, s3_client, access_point_arn, item_uri, should_have_access):
+    folder = get_folder(client, item_uri)
     if should_have_access:
-        folder = get_folder(client, item_uri)
         assert_that(s3_client.list_accesspoint_folder_objects(access_point_arn, folder.S3Prefix + '/')).is_not_none()
     else:
-        assert_that(get_folder).raises(Exception).when_called_with(client, item_uri).contains(
-            'is not authorized to perform: GET_DATASET_FOLDER'
-        )
+        assert_that(s3_client.list_accesspoint_folder_objects).raises(ClientError).when_called_with(
+            access_point_arn, folder.S3Prefix + '/'
+        ).contains('AccessDenied')
 
 
 def check_share_items_access(
     client,
     group,
     shareUri,
+    share_environment,
     consumption_role,
     env_client,
 ):
     share = get_share_object(client, shareUri)
     dataset = share.dataset
     principal_type = share.principal.principalType
     if principal_type == 'Group':
-        credentials_str = get_environment_access_token(client, share.environment.environmentUri, group)
+        credentials_str = get_environment_access_token(client, share_environment.environmentUri, group)
         credentials = json.loads(credentials_str)
         session = boto3.Session(
             aws_access_key_id=credentials['AccessKey'],
@@ -169,7 +170,7 @@ def check_share_items_access(
         f'arn:aws:s3:{dataset.region}:{dataset.AwsAccountId}:accesspoint/{consumption_data.s3AccessPointName}'
     )
     if principal_type == 'Group':
-        workgroup = athena_client.get_env_work_group(share.environment.label)
+        workgroup = athena_client.get_env_work_group(share_environment.label)
         athena_workgroup_output_location = None
     else:
         workgroup = 'primary'

tests_new/integration_tests/modules/shares/s3_datasets_shares/test_new_crossacc_s3_share.py

@@ -137,7 +137,7 @@ def test_reject_share(client1, client5, session_cross_acc_env_1, session_s3_data
 
 
 def test_change_share_purpose(client5, share_params_main):
-    share, dataset = share_params_main
+    share, dataset, _ = share_params_main
     change_request_purpose = update_share_request_reason(client5, share.shareUri, 'new purpose')
     assert_that(change_request_purpose).is_true()
     updated_share = get_share_object(client5, share.shareUri)
@@ -153,37 +153,42 @@ def test_submit_object(client5, share_params_all):
 
 @pytest.mark.dependency(name='share_approved', depends=['share_submitted'])
 def test_approve_share(client1, share_params_main):
-    share, dataset = share_params_main
+    share, dataset, _ = share_params_main
     check_approve_share_object(client1, share.shareUri)
 
 
 @pytest.mark.dependency(name='share_succeeded', depends=['share_approved'])
 def test_share_succeeded(client1, share_params_main):
-    share, dataset = share_params_main
+    share, dataset, _ = share_params_main
     check_share_succeeded(client1, share.shareUri, check_contains_all_item_types=True)
 
 
 @pytest.mark.dependency(name='share_verified', depends=['share_succeeded'])
 def test_verify_share_items(client1, share_params_main):
-    share, dataset = share_params_main
+    share, dataset, _ = share_params_main
     check_verify_share_items(client1, share.shareUri)
 
 
 @pytest.mark.dependency(depends=['share_verified'])
 def test_check_item_access(
     client5, session_cross_acc_env_1_aws_client, share_params_main, group5, session_consumption_role_1
 ):
-    share, dataset = share_params_main
+    share, dataset, share_environment = share_params_main
     check_share_items_access(
-        client5, group5, share.shareUri, session_consumption_role_1, session_cross_acc_env_1_aws_client
+        client5,
+        group5,
+        share.shareUri,
+        share_environment,
+        session_consumption_role_1,
+        session_cross_acc_env_1_aws_client,
     )
 
 
 @pytest.mark.dependency(name='unhealthy_items', depends=['share_verified'])
 def test_unhealthy_items(
     client5, session_cross_acc_env_1_aws_client, session_cross_acc_env_1_integration_role_arn, share_params_main
 ):
-    share, _ = share_params_main
+    share, _, __ = share_params_main
     iam = session_cross_acc_env_1_aws_client.resource('iam')
     principal_role = iam.Role(share.principal.principalRoleName)
     # break s3 by removing policies
@@ -209,7 +214,7 @@ def test_unhealthy_items(
 
 @pytest.mark.dependency(depends=['share_approved'])
 def test_reapply_unauthoried(client5, share_params_main):
-    share, _ = share_params_main
+    share, _, __ = share_params_main
     share_uri = share.shareUri
     share_object = get_share_object(client5, share_uri)
     item_uris = [item.shareItemUri for item in share_object['items'].nodes]
@@ -220,7 +225,7 @@ def test_reapply_unauthoried(client5, share_params_main):
 
 @pytest.mark.dependency(depends=['share_approved'])
 def test_reapply(client1, share_params_main):
-    share, _ = share_params_main
+    share, _, __ = share_params_main
     share_uri = share.shareUri
     share_object = get_share_object(client1, share_uri)
     item_uris = [item.shareItemUri for item in share_object['items'].nodes]
@@ -233,7 +238,7 @@ def test_reapply(client1, share_params_main):
 
 @pytest.mark.dependency(name='share_revoked', depends=['share_succeeded'])
 def test_revoke_share(client1, share_params_main):
-    share, dataset = share_params_main
+    share, dataset, _ = share_params_main
     check_share_ready(client1, share.shareUri)
     revoke_and_check_all_shared_items(client1, share.shareUri, check_contains_all_item_types=True)
 
@@ -242,8 +247,13 @@ def test_revoke_share(client1, share_params_main):
 def test_revoke_succeeded(
     client1, client5, session_cross_acc_env_1_aws_client, share_params_main, group5, session_consumption_role_1
 ):
-    share, dataset = share_params_main
+    share, dataset, share_environment = share_params_main
     check_all_items_revoke_job_succeeded(client1, share.shareUri, check_contains_all_item_types=True)
     check_share_items_access(
-        client5, group5, share.shareUri, session_consumption_role_1, session_cross_acc_env_1_aws_client
+        client5,
+        group5,
+        share.shareUri,
+        share_environment,
+        session_consumption_role_1,
+        session_cross_acc_env_1_aws_client,
     )

tests_new/integration_tests/modules/shares/s3_datasets_shares/test_persistent_crossacc_share.py

@@ -25,26 +25,28 @@
 
 
 def test_verify_share_items(client5, persistent_share_params_main):
-    check_verify_share_items(client5, persistent_share_params_main.shareUri)
+    share, _ = persistent_share_params_main
+    check_verify_share_items(client5, share.shareUri)
 
 
 def test_check_share_items_access(
     client5, group5, persistent_share_params_main, persistent_consumption_role_1, persistent_cross_acc_env_1_aws_client
 ):
+    share, env = persistent_share_params_main
     check_share_items_access(
         client5,
         group5,
-        persistent_share_params_main.shareUri,
+        share.shareUri,
+        env,
         persistent_consumption_role_1,
         persistent_cross_acc_env_1_aws_client,
     )
 
 
 def test_revoke_share(client1, persistent_share_params_main):
-    check_share_ready(client1, persistent_share_params_main.shareUri)
-    revoke_and_check_all_shared_items(
-        client1, persistent_share_params_main.shareUri, check_contains_all_item_types=True
-    )
+    share, _ = persistent_share_params_main
+    check_share_ready(client1, share.shareUri)
+    revoke_and_check_all_shared_items(client1, share.shareUri, check_contains_all_item_types=True)
 
 
 def test_revoke_succeeded(
@@ -55,45 +57,51 @@ def test_revoke_succeeded(
     persistent_consumption_role_1,
     persistent_cross_acc_env_1_aws_client,
 ):
-    check_all_items_revoke_job_succeeded(
-        client1, persistent_share_params_main.shareUri, check_contains_all_item_types=True
-    )
+    share, env = persistent_share_params_main
+    check_all_items_revoke_job_succeeded(client1, share.shareUri, check_contains_all_item_types=True)
     check_share_items_access(
         client5,
         group5,
-        persistent_share_params_main.shareUri,
+        share.shareUri,
+        env,
         persistent_consumption_role_1,
         persistent_cross_acc_env_1_aws_client,
     )
 
 
 def test_delete_all_nonshared_items(client5, persistent_share_params_main):
-    check_share_ready(client5, persistent_share_params_main.shareUri)
-    delete_all_non_shared_items(client5, persistent_share_params_main.shareUri)
+    share, _ = persistent_share_params_main
+    check_share_ready(client5, share.shareUri)
+    delete_all_non_shared_items(client5, share.shareUri)
 
 
 def test_add_items_back_to_share(client5, persistent_share_params_main):
-    check_share_ready(client5, persistent_share_params_main.shareUri)
-    add_all_items_to_share(client5, persistent_share_params_main.shareUri)
+    share, _ = persistent_share_params_main
+    check_share_ready(client5, share.shareUri)
+    add_all_items_to_share(client5, share.shareUri)
 
 
 def test_submit_share(client5, persistent_share_params_main, persistent_s3_dataset1):
-    check_submit_share_object(client5, persistent_share_params_main.shareUri, persistent_s3_dataset1)
+    share, _ = persistent_share_params_main
+    check_submit_share_object(client5, share.shareUri, persistent_s3_dataset1)
 
 
 def test_approve_share(client1, persistent_share_params_main):
-    check_approve_share_object(client1, persistent_share_params_main.shareUri)
+    share, _ = persistent_share_params_main
+    check_approve_share_object(client1, share.shareUri)
 
 
 def test_re_share_succeeded(
     client5, persistent_share_params_main, persistent_consumption_role_1, persistent_cross_acc_env_1_aws_client
 ):
-    check_share_succeeded(client5, persistent_share_params_main.shareUri, check_contains_all_item_types=True)
-    check_verify_share_items(client5, persistent_share_params_main.shareUri)
+    share, env = persistent_share_params_main
+    check_share_succeeded(client5, share.shareUri, check_contains_all_item_types=True)
+    check_verify_share_items(client5, share.shareUri)
     check_share_items_access(
         client5,
-        persistent_share_params_main.group,
-        persistent_share_params_main.shareUri,
+        share.group,
+        share.shareUri,
+        env,
         persistent_consumption_role_1,
         persistent_cross_acc_env_1_aws_client,
     )

tests_new/integration_tests/modules/shares/types.py

@@ -69,11 +69,6 @@
 items(filter: $filter){{
     {SharedItemSearchResult}
 }},
-environment{{
-        environmentUri
-        label
-        region
-}}
 canViewLogs,
 userRoleForShareObject,
 """