def test_positive_create_product_with_limited_user_permission( session, default_sat, test_name, module_org, module_location ): """A user with all permissions in Product and Repositories should be able to create a new product :id: 534a16f9-2d66-4fa1-aa5b-560f00eb4f67 :expectedresults: User successfully creates new product :customerscenario: true :CaseLevel: Component :CaseImportance: High :BZ: 1771937 """ username = gen_string('alpha') password = gen_string('alpha') product_name = gen_string('alpha') product_label = gen_string('alpha') product_description = gen_string('alpha') role = default_sat.api.Role().create() # Calling Products and Repositoy to get all the permissions in it create_role_permissions(role, {'Katello::Product': PERMISSIONS['Katello::Product']}) default_sat.api.User( default_organization=module_org, organization=[module_org], firstname='sample', lastname='test', role=[role], login=username, password=password, mail='*****@*****.**', ).create() with Session(test_name, username, password) as newsession: newsession.product.create( {'name': product_name, 'label': product_label, 'description': product_description} ) assert newsession.product.search(product_name)[0]['Name'] == product_name
def test_positive_list_permission(test_name, module_org, module_repos_col, module_rhva_repos_col): """Show errata only if the User has permissions to view them :id: cdb28f6a-23df-47a2-88ab-cd3b492126b2 :Setup: 1. Create two products with one repo each. Sync them. 2. Make sure that they both have errata. 3. Create a user with view access on one product and not on the other. :Steps: Go to Content -> Errata. :expectedresults: Check that the new user is able to see errata for one product only. :CaseLevel: Integration """ role = entities.Role().create() entities.Filter( organization=[module_org], permission=entities.Permission().search( query={'search': 'resource_type="Katello::Product"'}), role=role, search='name = "{}"'.format(PRDS['rhel']), ).create() user_password = gen_string('alphanumeric') user = entities.User( default_organization=module_org, organization=[module_org], role=[role], password=user_password, ).create() with Session(test_name, user=user.login, password=user_password) as session: assert (session.errata.search( RHVA_ERRATA_ID, applicable=False)[0]['Errata ID'] == RHVA_ERRATA_ID) assert not session.errata.search(CUSTOM_REPO_ERRATA_ID, applicable=False)
def test_positive_content_host_errata_details(session, erratatype_vm, module_org, test_name): """Read for errata details on a content_host by user with only viewer permission :id: 236de56f-8035-4072-b0fa-03abbf3fc692 :Steps: 1. Content Host with applicable security errata. 2. Create a User with 'Viewer' Permission. 3. Go to Content Hosts -> Select content host -> Errata Tab -> Select Errata_Id. :expectedresults: The errata details page should be displayed for User. :BZ: 1655130 :CaseLevel: Integration """ login = gen_string('alpha') password = gen_string('alpha') viewer_role = entities.Role().search(query={'search': 'name="Viewer"'}) default_loc_id = entities.Location().search(query={'search': f'name="{DEFAULT_LOC}"'})[0].id default_loc = entities.Location(id=default_loc_id).read() entities.User( role=viewer_role, login=login, password=password, default_location=default_loc, organization=[module_org], ).create() pkgs = ' '.join(FAKE_9_YUM_OUTDATED_PACKAGES) assert _install_client_package(erratatype_vm, pkgs, errata_applicability=True) with Session(test_name, login, password) as session: session.organization.select(org_name=module_org.name) erratum_details = session.contenthost.read_errata_details( erratatype_vm.hostname, errata_id=CUSTOM_REPO_ERRATA_ID ) assert erratum_details['advisory'] == CUSTOM_REPO_ERRATA_ID assert erratum_details['type'] == 'security'
def test_positive_create_bookmark_public(session, random_entity, module_viewer_user, test_name): """Create and check visibility of the (non)public bookmarks :id: 93139529-7690-429b-83fe-3dcbac4f91dc :Setup: Create a non-admin user with 'viewer' role :Steps: 1. Navigate to the entity page 2. Choose "bookmark this search" from the search drop-down menu 3. Input a random name and query for a bookmark 4. Uncheck 'Public' checkbox for the bookmark 5. Click the create button 6. Repeat steps 2-5 with 'Public' checked off 7. Verify the bookmarks are listed at Administer -> Bookmarks 8. Login as the pre-created user 9. Verify that the non-public bookmark is not listed at Administer -> Bookmarks :expectedresults: No errors, public bookmarks is displayed for all users, non-public bookmark is displayed for creator but not for different user :CaseLevel: Integration """ public_name = gen_string('alphanumeric') nonpublic_name = gen_string('alphanumeric') with session: ui_lib = getattr(session, random_entity['name'].lower()) for name in (public_name, nonpublic_name): ui_lib.create_bookmark({ 'name': name, 'query': gen_string('alphanumeric'), 'public': name == public_name, }) assert session.bookmark.search(name)[0]['Name'] == name with Session(test_name, module_viewer_user.login, module_viewer_user.password) as session: assert session.bookmark.search(public_name)[0]['Name'] == public_name assert not session.bookmark.search(nonpublic_name)
def test_positive_add_host_collection_non_admin(module_org, test_name): """Test that host collection can be associated to Activation Keys by non-admin user. :id: 417f0b36-fd49-4414-87ab-6f72a09696f2 :expectedresults: Activation key is created, added host collection is listed :BZ: 1473212 :CaseLevel: Integration """ ak_name = gen_string('alpha') hc = entities.HostCollection(organization=module_org).create() # Create non-admin user with specified permissions roles = [entities.Role().create()] user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'], } viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0] roles.append(viewer_role) create_role_permissions(roles[0], user_permissions) password = gen_string('alphanumeric') user = entities.User( admin=False, role=roles, password=password, organization=[module_org], ).create() with Session(test_name, user=user.login, password=password) as session: session.activationkey.create({ 'name': ak_name, 'lce': {ENVIRONMENT: True}, }) assert session.activationkey.search(ak_name) == ak_name session.activationkey.add_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name) assert ak[ 'host_collections']['resources']['assigned'][0]['Name'] == hc.name
def test_negative_login_user_with_invalid_password_otp( auth_source_ipa, test_name, ldap_tear_down, ipa_data ): """Login with password with time based OTP :id: 3718c86e-5976-4fb8-9c80-4685d53bd955 :setup: Assure properly functioning IPA server for authentication :steps: Login to server with an IPA user with invalid OTP. :expectedresults: Log in to foreman UI should be failed """ password_with_otp = "{0}{1}".format( ipa_data['ldap_ipa_user_passwd'], gen_string(str_type='numeric', length=6) ) with Session(test_name, ipa_data['ipa_otp_username'], password_with_otp) as ldapsession: with raises(NavigationTriesExceeded) as error: ldapsession.user.search('') assert error.typename == "NavigationTriesExceeded"
def test_negative_delete_rule_with_non_admin_user( module_location, module_org, reader_user, test_name ): """Delete rule with non-admin user by associating discovery_reader role :id: 23a7627c-6a9b-493b-871f-698543adf1d2 :expectedresults: User should validation error and rule should not be deleted successfully. :CaseLevel: Integration """ hg = entities.HostGroup(organization=[module_org]).create() dr = entities.DiscoveryRule( hostgroup=hg, organization=[module_org], location=[module_location] ).create() with Session(test_name, user=reader_user.login, password=reader_user.password) as session: with pytest.raises(ValueError): session.discoveryrule.delete(dr.name) dr_val = session.discoveryrule.read_all() assert dr.name in [rule['Name'] for rule in dr_val]
def test_positive_search_with_non_admin_user(test_name, sc_params_list): """Search for specific smart class parameter using non admin user :id: 79bd4071-1baa-44af-91dd-1e093445af29 :expectedresults: Specified smart class parameter can be found in the system :BZ: 1391556 :CaseLevel: Integration """ sc_param = sc_params_list.pop() username = gen_string('alpha') password = gen_string('alpha') required_user_permissions = { 'Puppetclass': [ 'view_puppetclasses', ], 'PuppetclassLookupKey': [ 'view_external_parameters', 'create_external_parameters', 'edit_external_parameters', 'destroy_external_parameters', ], } role = entities.Role().create() create_role_permissions(role, required_user_permissions) entities.User(login=username, password=password, role=[role], admin=False).create() # assert that the user is not an admin one and cannot read the current # role info (note: view_roles is not in the required permissions) cfg = get_nailgun_config() cfg.auth = (username, password) with raises(HTTPError) as context: entities.Role(cfg, id=role.id).read() assert '403 Client Error: Forbidden' in str(context.value) with Session(test_name, user=username, password=password) as session: assert session.sc_parameter.search( sc_param.parameter)[0]['Parameter'] == sc_param.parameter
def test_positive_add_katello_role( test_name, session, auth_source, ldap_usergroup_name, ldap_tear_down, ldap_data ): """Associate katello roles to User Group. [belonging to external AD User Group.] :id: aa5e3bf4-cb42-43a4-93ea-a2eea54b847a :Steps: 1. Create an UserGroup. 2. Assign some foreman roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access katello entities as per roles. """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name user_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} katello_role = entities.Role().create() create_role_permissions(katello_role, user_permissions) with session: session.usergroup.create( { 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [katello_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, } ) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session(test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']) as session: with raises(NavigationTriesExceeded): session.architecture.search('') session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_remove_user(session, module_org, test_name): """Delete any user who has previously created an activation key and check that activation key still exists :id: f0504bd8-52d2-40cd-91c6-64d71b14c876 :expectedresults: Activation Key can be read :BZ: 1291271 """ ak_name = gen_string('alpha') # Create user password = gen_string('alpha') user = entities.User(admin=True, default_organization=module_org, password=password).create() # Create Activation Key using new user credentials with Session(test_name, user.login, password) as non_admin_session: non_admin_session.activationkey.create({'name': ak_name, 'lce': {ENVIRONMENT: True}}) assert non_admin_session.activationkey.search(ak_name)[0]['Name'] == ak_name # Remove user and check that AK still exists user.delete() with session: assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
def test_positive_delete_rule_with_non_admin_user(manager_loc, manager_user, module_org, test_name): """Delete rule with non-admin user by associating discovery_manager role :id: 7fa56bab-82d7-46c9-a4fa-c44ef173c703 :expectedresults: Rule should be deleted successfully. :CaseLevel: Integration """ hg = entities.HostGroup(organization=[module_org]).create() dr = entities.DiscoveryRule(hostgroup=hg, organization=[module_org], location=[manager_loc]).create() with Session(test_name, user=manager_user.login, password=manager_user.password) as session: dr_val = session.discoveryrule.read_all() assert dr.name in [rule['Name'] for rule in dr_val] session.discoveryrule.delete(dr.name) dr_val = session.discoveryrule.read_all() assert dr.name not in [rule['Name'] for rule in dr_val]
def test_positive_login_ad_user_no_roles(test_name, ldap_data, ldap_user_name, auth_source): """Login with LDAP Auth- AD for user with no roles/rights :id: 7dc8d9a7-ff08-4d8e-a842-d370ffd69741 :setup: assure properly functioning AD server for authentication :steps: Login to server with an AD user. :expectedresults: Log in to foreman UI successfully but cannot access functional areas of UI """ with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.user.search('') assert ldapsession.task.read_all( )['current_user'] == ldap_data['ldap_user_name']
def test_positive_create_filter_admin_user_with_locs(test_name): """Attempt to create a role filter by admin user, who has 6+ locations assigned. :id: 688ecb7d-1d49-494c-97cc-0d5e715f3bb1 :customerscenario: true :expectedresults: filter was successfully created. :BZ: 1315580 :CaseImportance: Critical """ role_name = gen_string('alpha') resource_type = 'Architecture' permissions = ['view_architectures', 'edit_architectures'] org = entities.Organization().create() locations = [ entities.Location(organization=[org]).create() for _ in range(6) ] password = gen_string('alphanumeric') user = entities.User( admin=True, organization=[org], location=locations, default_organization=org, default_location=locations[0], password=password, ).create() with Session(test_name, user=user.login, password=password) as session: session.role.create({'name': role_name}) assert session.role.search(role_name)[0]['Name'] == role_name session.filter.create(role_name, { 'resource_type': resource_type, 'permission.assigned': permissions }) assigned_permissions = session.filter.read_permissions(role_name) assert set(assigned_permissions[resource_type]) == set(permissions)
def test_positive_remove_host_collection_non_admin(module_org, test_name): """Test that host collection can be removed from Activation Keys by non-admin user. :id: 187456ec-5690-4524-9701-8bdb74c7912a :expectedresults: Activation key is created, removed host collection is not listed :CaseLevel: Integration """ ak_name = gen_string('alpha') hc = entities.HostCollection(organization=module_org).create() # Create non-admin user with specified permissions roles = [entities.Role().create()] user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'], } viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0] roles.append(viewer_role) create_role_permissions(roles[0], user_permissions) password = gen_string('alphanumeric') user = entities.User( admin=False, role=roles, password=password, organization=[module_org] ).create() with Session(test_name, user=user.login, password=password) as session: session.activationkey.create({'name': ak_name, 'lce': {ENVIRONMENT: True}}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name session.activationkey.add_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name, widget_names='host_collections') assert ak['host_collections']['resources']['assigned'][0]['Name'] == hc.name # remove Host Collection session.activationkey.remove_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name, widget_names='host_collections') assert not ak['host_collections']['resources']['assigned']
def test_positive_create_filter_admin_user_with_orgs(test_name): """Attempt to create a role filter by admin user, who has 10 organizations assigned. :id: 04208e17-34b5-46b1-84dd-b8a973521d30 :customerscenario: true :expectedresults: filter was successfully created. :BZ: 1389795 :CaseImportance: Critical """ role_name = gen_string('alpha') resource_type = 'Architecture' permissions = ['view_architectures', 'edit_architectures'] password = gen_string('alphanumeric') organizations = [entities.Organization().create() for _ in range(10)] loc = entities.Location(organization=[organizations[0]]).create() user = entities.User( admin=True, organization=organizations, location=[loc], default_organization=organizations[0], default_location=loc, password=password, ).create() with Session(test_name, user=user.login, password=password) as session: session.role.create({'name': role_name}) assert session.role.search(role_name)[0]['Name'] == role_name session.filter.create(role_name, { 'resource_type': resource_type, 'permission.assigned': permissions }) assigned_permissions = session.filter.read_permissions(role_name) assert set(assigned_permissions[resource_type]) == set(permissions)
def test_positive_search_errata_non_admin(session, vm, module_org, test_name, module_viewer_user): """Search for host's errata by non-admin user with enough permissions :id: 5b8887d2-987f-4bce-86a1-8f65ca7e1195 :customerscenario: true :BZ: 1255515, 1662405, 1652938 :expectedresults: User can access errata page and proper errata is listed :CaseLevel: System """ vm.run('yum install -y {0}'.format(FAKE_1_CUSTOM_PACKAGE)) with Session(test_name, user=module_viewer_user.login, password=module_viewer_user.password) as session: chost = session.contenthost.read(vm.hostname, widget_names='errata') assert FAKE_2_ERRATA_ID in { errata['Id'] for errata in chost['errata']['table'] }
def test_positive_login_user_password_otp(auth_source_ipa, test_name, ldap_tear_down, ipa_data): """Login with password with time based OTP :id: be7eb5d6-3228-4660-aa64-c56f9f3ec5e0 :setup: Assure properly functioning IPA server for authentication :steps: Login to server with an IPA user with time_based OTP. :expectedresults: Log in to foreman UI successfully """ password_with_otp = "{0}{1}".format( ipa_data['ldap_ipa_user_passwd'], generate_otp(ipa_data['time_based_secret']) ) with Session(test_name, ipa_data['ipa_otp_username'], password_with_otp) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.user.search('') expected_user = "******".format(ipa_data['ipa_otp_username'], ipa_data['ipa_otp_username']) assert ldapsession.task.read_all()['current_user'] == expected_user users = entities.User().search( query={'search': 'login="******"'.format(ipa_data['ipa_otp_username'])} ) assert users[0].login == ipa_data['ipa_otp_username']
def test_positive_access_with_non_admin_user_with_manifest(test_name): """Access subscription page with user that has only view_subscriptions permission and organization that has a manifest uploaded. :id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4 :expectedresults: Subscription page is rendered properly without errors and the default subscription is visible :BZ: 1417082, 1651981 :customerscenario: true :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() manifests.upload_manifest_locked(org.id) role = entities.Role(organization=[org]).create() create_role_permissions(role, {'Katello::Subscription': ['view_subscriptions']}) user_password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=user_password, organization=[org], default_organization=org, ).create() with Session(test_name, user=user.login, password=user_password) as session: assert ( session.subscription.search('name = "{0}"'.format(DEFAULT_SUBSCRIPTION_NAME))[0][ 'Name' ] == DEFAULT_SUBSCRIPTION_NAME )
def test_positive_custom_user_view_lce(session, test_name): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') lce_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments' ] } create_role_permissions(role, permissions_types_names) entities.User(default_organization=org, organization=[org], role=[role], login=user_login, password=user_password).create() # create a life cycle environment as admin user and ensure it's visible with session: session.organization.select(org.name) session.lifecycleenvironment.create(values={'name': lce_name}) lce_values = session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce'] # ensure the created user also can find the created lifecycle environment link with Session(test_name, user_login, user_password) as non_admin_session: # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist with raises(NavigationTriesExceeded): assert not non_admin_session.host.read_all() # assert that the user can view the lvce created by admin user lce_values = non_admin_session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce']
def test_positive_create_as_non_admin_user_with_cv_published( module_org, test_name): """Create a repository as a non admin user in a product that already contain a repository that is used in a published content view. :id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f :expectedresults: New repository successfully created by non admin user :BZ: 1447829 :CaseLevel: Integration """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') repo_name = gen_string('alpha') user_permissions = { None: ['access_dashboard'], 'Katello::Product': [ 'view_products', 'create_products', 'edit_products', 'destroy_products', 'sync_products', 'export_products', ], } role = entities.Role().create() create_role_permissions(role, user_permissions) entities.User( login=user_login, password=user_password, role=[role], admin=False, default_organization=module_org, organization=[module_org], ).create() prod = entities.Product(organization=module_org).create() repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create() repo.sync() content_view = entities.ContentView(organization=module_org).create() content_view.repository = [repo] content_view = content_view.update(['repository']) content_view.publish() with Session(test_name, user_login, user_password) as session: # ensure that the created user is not a global admin user # check administer->users page with raises(NavigationTriesExceeded): pswd = gen_string('alphanumeric') session.user.create({ 'user.login': gen_string('alphanumeric'), 'user.auth': 'INTERNAL', 'user.password': pswd, 'user.confirm': pswd, }) # ensure that the created user has only the assigned permissions # check that host collections menu tab does not exist with raises(NavigationTriesExceeded): session.hostcollection.create({'name': gen_string('alphanumeric')}) session.repository.create( prod.name, { 'name': repo_name, 'repo_type': REPO_TYPE['yum'], 'repo_content.upstream_url': FAKE_1_YUM_REPO, }) assert session.repository.search(prod.name, repo.name)[0]['Name'] == repo.name
def test_positive_virtwho_manager_role(self, default_org, session, test_name, form_data): """Verify the virt-who manager role can TRULY work. :id: a72023fb-7b23-4582-9adc-c5227dc7859c :expectedresults: Virt-who Manager Role granting all permissions to manage virt-who configurations, user needs this role to create, delete or update configurations. """ username = gen_string('alpha') password = gen_string('alpha') config_name = gen_string('alpha') with session: # Create an user session.user.create({ 'user.login': username, 'user.mail': valid_emails_list()[0], 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, }) # Create a virt-who config plugin form_data['name'] = config_name session.virtwho_configure.create(form_data) values = session.virtwho_configure.read(config_name) command = values['deploy']['command'] deploy_configure_by_command(command, form_data['hypervisor_type'], org=default_org.label) assert session.virtwho_configure.search( config_name)[0]['Status'] == 'ok' # Check the permissioin of Virt-who Manager session.user.update( username, {'roles.resources.assigned': ['Virt-who Manager']}) user = session.user.read(username) assert user['roles']['resources']['assigned'] == [ 'Virt-who Manager' ] with Session(test_name, username, password) as newsession: # create_virt_who_config new_virt_who_name = gen_string('alpha') form_data['name'] = new_virt_who_name newsession.virtwho_configure.create(form_data) # view_virt_who_config values = newsession.virtwho_configure.read(new_virt_who_name) command = values['deploy']['command'] deploy_configure_by_command(command, form_data['hypervisor_type'], org=default_org.label) assert newsession.virtwho_configure.search( new_virt_who_name)[0]['Status'] == 'ok' # edit_virt_who_config modify_name = gen_string('alpha') newsession.virtwho_configure.edit(new_virt_who_name, {'name': modify_name}) newsession.virtwho_configure.search(modify_name) # destroy_virt_who_config newsession.virtwho_configure.delete(modify_name) assert not newsession.virtwho_configure.search(modify_name) # Delete the created user session.user.delete(username) assert not session.user.search(username)
def test_positive_virtwho_viewer_role(self, default_org, session, test_name, form_data): """Verify the virt-who viewer role can TRULY work. :id: bf3be2e4-3853-41cc-9b3e-c8677f0b8c5f :expectedresults: Virt-who Viewer Role granting permissions to see all configurations including their configuration scripts, which means viewers could still deploy the virt-who instances for existing virt-who configurations. """ username = gen_string('alpha') password = gen_string('alpha') config_name = gen_string('alpha') with session: # Create an user session.user.create({ 'user.login': username, 'user.mail': valid_emails_list()[0], 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, }) # Create a virt-who config plugin form_data['name'] = config_name session.virtwho_configure.create(form_data) values = session.virtwho_configure.read(config_name) command = values['deploy']['command'] deploy_configure_by_command(command, form_data['hypervisor_type'], org=default_org.label) assert session.virtwho_configure.search( config_name)[0]['Status'] == 'ok' # Check the permissioin of Virt-who Viewer session.user.update( username, {'roles.resources.assigned': ['Virt-who Viewer']}) user = session.user.read(username) assert user['roles']['resources']['assigned'] == [ 'Virt-who Viewer' ] # Update the virt-who config file config_id = get_configure_id(config_name) config_file = get_configure_file(config_id) update_configure_option('rhsm_username', username, config_file) delete_configure_option('rhsm_encrypted_password', config_file) add_configure_option('rhsm_password', password, config_file) restart_virtwho_service() assert get_virtwho_status() == 'logerror' with Session(test_name, username, password) as newsession: create_permission = newsession.virtwho_configure.check_create_permission( ) update_permission = newsession.virtwho_configure.check_update_permission( config_name) assert create_permission['can_view'] assert not create_permission['can_create'] assert not update_permission['can_delete'] assert not update_permission['can_edit'] newsession.virtwho_configure.read(config_name) # Delete the created user session.user.delete(username) assert not session.user.search(username)
def test_positive_end_to_end(session, test_name, module_org, module_loc): """Perform end to end testing for user component :id: 2794fdd0-cfe3-4f1a-aa5f-25b2d211ae12 :expectedresults: All expected CRUD actions finished successfully :CaseLevel: Integration :CaseImportance: High """ name = gen_string('alpha') new_name = gen_string('alpha') ak_name = gen_string('alpha') firstname = gen_string('alpha') lastname = gen_string('alpha') password = gen_string('alpha') email = gen_email() description = gen_string('alphanumeric') language = 'English (United States)' timezone = '(GMT+00:00) UTC' role = entities.Role().create().name with session: # Create new user and validate its values session.user.create({ 'user.login': name, 'user.firstname': firstname, 'user.lastname': lastname, 'user.mail': email, 'user.description': description, 'user.language': language, 'user.timezone': timezone, 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, 'locations.resources.assigned': [module_loc.name], 'organizations.resources.assigned': [module_org.name], 'roles.admin': True, 'roles.resources.assigned': [role], }) assert session.user.search(name)[0]['Username'] == name user_values = session.user.read(name) assert user_values['user']['login'] == name assert user_values['user']['firstname'] == firstname assert user_values['user']['lastname'] == lastname assert user_values['user']['mail'] == email assert user_values['user']['description'] == description assert user_values['user']['language'] == language assert user_values['user']['timezone'] == timezone assert user_values['user']['auth'] == 'INTERNAL' assert user_values['locations']['resources']['assigned'] == [ module_loc.name ] assert user_values['organizations']['resources']['assigned'] == [ module_org.name ] assert user_values['roles']['admin'] is True assert user_values['roles']['resources']['assigned'] == [role] # Update user with new name session.user.update(name, {'user.login': new_name}) assert session.user.search(new_name)[0]['Username'] == new_name assert not session.user.search(name) # Login into application using new user with Session(test_name, new_name, password) as newsession: newsession.organization.select(module_org.name) newsession.location.select(module_loc.name) newsession.activationkey.create({'name': ak_name}) assert newsession.activationkey.search( ak_name)[0]['Name'] == ak_name current_user = newsession.activationkey.read( ak_name, 'current_user')['current_user'] assert current_user == '{} {}'.format(firstname, lastname) # Delete user session.user.delete(new_name) assert not session.user.search(new_name)
def test_rhcloud_inventory_e2e(inventory_settings, organization_ak_setup, rhcloud_registered_hosts, rhcloud_sat_host): """Generate report and verify its basic properties :id: 833bd61d-d6e7-4575-887a-9e0729d0fa76 :customerscenario: true :expectedresults: 1. Report can be generated 2. Report can be downloaded 3. Report has non-zero size 4. Report can be extracted 5. JSON files inside report can be parsed 6. metadata.json lists all and only slice JSON files in tar 7. Host counts in metadata matches host counts in slices 8. Assert Hostnames, IP addresses, and installed packages are present in report. :CaseImportance: Critical :BZ: 1807829, 1926100 """ org, ak = organization_ak_setup virtual_host, baremetal_host = rhcloud_registered_hosts with Session(hostname=rhcloud_sat_host.hostname) as session: session.organization.select(org_name=org.name) session.location.select(loc_name=DEFAULT_LOC) timestamp = (datetime.utcnow() - timedelta(minutes=2)).strftime('%Y-%m-%d %H:%M') session.cloudinventory.generate_report(org.name) wait_for( lambda: rhcloud_sat_host.api.ForemanTask().search( query={ 'search': f'label = ForemanInventoryUpload::Async::GenerateReportJob ' f'and started_at >= "{timestamp}"' })[0].result == 'success', timeout=400, delay=15, silent_failure=True, handle_exception=True, ) report_path = session.cloudinventory.download_report(org.name) inventory_data = session.cloudinventory.read(org.name) common_assertion(report_path, inventory_data, org, rhcloud_sat_host) json_data = get_report_data(report_path) hostnames = [host['fqdn'] for host in json_data['hosts']] assert virtual_host.hostname in hostnames assert baremetal_host.hostname in hostnames ip_addresses = [ host['system_profile']['network_interfaces'][0]['ipv4_addresses'][0] for host in json_data['hosts'] ] ipv4_addresses = [host['ip_addresses'][0] for host in json_data['hosts']] assert virtual_host.ip_addr in ip_addresses assert baremetal_host.ip_addr in ip_addresses assert virtual_host.ip_addr in ipv4_addresses assert baremetal_host.ip_addr in ipv4_addresses all_host_profiles = [host['system_profile'] for host in json_data['hosts']] for host_profiles in all_host_profiles: assert 'installed_packages' in host_profiles assert len(host_profiles['installed_packages']) > 1
def test_exclude_packages_setting(rhcloud_sat_host, inventory_settings, organization_ak_setup, rhcloud_registered_hosts): """Test whether `Exclude Packages` setting works as expected. :id: 646093fa-fdd6-4f70-82aa-725e31fa3f12 :customerscenario: true :Steps: 1. Prepare machine and upload its data to Insights 2. Add Cloud API key in Satellite 3. Go to Configure > Inventory upload > enable “Exclude Packages” setting. 4. Generate report after enabling the setting. 5. Check if packages are excluded from generated reports. 6. Disable previous setting. 7. Go to Administer > Settings > RH Cloud and enable "Don't upload installed packages" setting. 8. Generate report after enabling the setting. 9. Check if packages are excluded from generated reports. :expectedresults: 1. Packages are excluded from reports generated. :BZ: 1852594 :CaseAutomation: Automated """ org, ak = organization_ak_setup virtual_host, baremetal_host = rhcloud_registered_hosts with Session(hostname=rhcloud_sat_host.hostname) as session: session.organization.select(org_name=org.name) session.location.select(loc_name=DEFAULT_LOC) # Enable exclude_packages setting on inventory page. session.cloudinventory.update({'exclude_packages': True}) timestamp = (datetime.utcnow() - timedelta(minutes=2)).strftime('%Y-%m-%d %H:%M') session.cloudinventory.generate_report(org.name) wait_for( lambda: rhcloud_sat_host.api.ForemanTask().search( query={ 'search': f'label = ForemanInventoryUpload::Async::GenerateReportJob ' f'and started_at >= "{timestamp}"' })[0].result == 'success', timeout=400, delay=15, silent_failure=True, handle_exception=True, ) report_path = session.cloudinventory.download_report(org.name) inventory_data = session.cloudinventory.read(org.name) assert inventory_data['exclude_packages'] is True # Disable exclude_packages setting on inventory page. session.cloudinventory.update({'exclude_packages': False}) # Assert that generated archive is valid. common_assertion(report_path, inventory_data, org, rhcloud_sat_host) # Get report data for assertion json_data = get_report_data(report_path) # Assert that right hosts are present in report. hostnames = [host['fqdn'] for host in json_data['hosts']] assert virtual_host.hostname in hostnames assert baremetal_host.hostname in hostnames # Assert that packages are excluded from report all_host_profiles = [ host['system_profile'] for host in json_data['hosts'] ] for host_profiles in all_host_profiles: assert 'installed_packages' not in host_profiles # Enable exclude_installed_packages setting. rhcloud_sat_host.update_setting('exclude_installed_packages', True) timestamp = (datetime.utcnow() - timedelta(minutes=2)).strftime('%Y-%m-%d %H:%M') session.cloudinventory.generate_report(org.name) wait_for( lambda: rhcloud_sat_host.api.ForemanTask().search( query={ 'search': f'label = ForemanInventoryUpload::Async::GenerateReportJob ' f'and started_at >= "{timestamp}"' })[0].result == 'success', timeout=400, delay=15, silent_failure=True, handle_exception=True, ) report_path = session.cloudinventory.download_report(org.name) inventory_data = session.cloudinventory.read(org.name) assert inventory_data['exclude_packages'] is True json_data = get_report_data(report_path) hostnames = [host['fqdn'] for host in json_data['hosts']] assert virtual_host.hostname in hostnames assert baremetal_host.hostname in hostnames all_host_profiles = [ host['system_profile'] for host in json_data['hosts'] ] for host_profiles in all_host_profiles: assert 'installed_packages' not in host_profiles
def test_positive_create_filter_without_override(session, module_org, module_loc, test_name): """Create filter in role w/o overriding it :id: a7f76f6e-6c13-4b34-b38c-19501b65786f :steps: 1. Create a role with taxonomies (location and organization) assigned 2. Create filter in role without overriding it 3. Create user and assign new role to it 4. Re-login into application using new user with a role :expectedresults: 1. Filter w/o override is created in role 2. The taxonomies of role are inherited to filter 3. User can access application sections specified in a filter """ role_name = gen_string('alpha') username = gen_string('alpha') password = gen_string('alpha') subnet = entities.Subnet() subnet.create_missing() subnet_name = subnet.name with session: session.role.create( { 'name': role_name, 'organizations.assigned': [module_org.name], 'locations.assigned': [module_loc.name], } ) assert session.role.search(role_name)[0]['Name'] == role_name session.filter.create( role_name, {'resource_type': 'Subnet', 'permission.assigned': ['view_subnets', 'create_subnets']}, ) filter_values = session.filter.read(role_name, 'Subnet') assert filter_values['override'] is False session.filter.create( role_name, { 'resource_type': 'Organization', 'permission.assigned': ['assign_organizations', 'view_organizations'], }, ) session.filter.create( role_name, { 'resource_type': 'Location', 'permission.assigned': ['assign_locations', 'view_locations'], }, ) session.user.create( { 'user.login': username, 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, 'user.mail': '*****@*****.**', 'roles.resources.assigned': [role_name], 'organizations.resources.assigned': [module_org.name], 'locations.resources.assigned': [module_loc.name], } ) with Session(test_name, user=username, password=password) as session: session.subnet.create( { 'subnet.name': subnet_name, 'subnet.protocol': 'IPv4', 'subnet.network_address': subnet.network, 'subnet.network_mask': subnet.mask, 'subnet.boot_mode': 'Static', } ) assert session.subnet.search(subnet_name)[0]['Name'] == subnet_name with pytest.raises(NavigationTriesExceeded): session.architecture.create({'name': gen_string('alpha')})
def test_positive_update_bookmark_public(session, random_entity, module_viewer_user, module_user, test_name): """Update and save a bookmark public state :id: 63646c41-5441-4547-a4d0-744286122405 :Setup: 1. Create 2 bookmarks of a random name with random query, one public and one private 2. Create a non-admin user with 'viewer' role :Steps: 1. Login to Satellite server (establish a UI session) as the pre-created user 2. Navigate to the entity 3. List the bookmarks by clicking the drop down menu 4. Verify that only the public bookmark is listed 5. Log out 6. Login to Satellite server (establish a UI session) as the admin user 7. List the bookmarks (Navigate to Administer -> Bookmarks) 8. Click the public pre-created bookmark 9. Uncheck 'public' 10. Submit 11. Click the private pre-created bookmark 12. Check 'public' 13. Submit 14. Logout 15. Login to Satellite server (establish a UI session) as the pre-created user 16. Navigate to the entity 17. List the bookmarks by clicking the drop down menu :expectedresults: New public bookmark is listed, and the private one is hidden :CaseLevel: Integration """ public_name = gen_string('alphanumeric') nonpublic_name = gen_string('alphanumeric') cfg = get_nailgun_config() cfg.auth = (module_user.login, module_user.password) for name in (public_name, nonpublic_name): entities.Bookmark( cfg, name=name, controller=random_entity['controller'], public=name == public_name, ).create() with Session(test_name, module_viewer_user.login, module_viewer_user.password) as non_admin_session: assert non_admin_session.bookmark.search( public_name)[0]['Name'] == public_name assert not non_admin_session.bookmark.search(nonpublic_name) with session: session.bookmark.update(public_name, {'public': False}) session.bookmark.update(nonpublic_name, {'public': True}) with Session(test_name, module_viewer_user.login, module_viewer_user.password) as non_admin_session: assert non_admin_session.bookmark.search( nonpublic_name)[0]['Name'] == nonpublic_name assert not non_admin_session.bookmark.search(public_name)
def test_positive_user_access_with_host_filter(test_name, module_loc, rhel7_contenthost): """Check if user with necessary host permissions can access dashboard and required widgets are rendered with proper values :id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d :Steps: 1. Specify proper filter with permission for your role 2. Create new user and assign role to it 3. Login into application using this new user 4. Check dashboard and widgets on it 5. Register new content host to populate some values into dashboard widgets :expectedresults: Dashboard and Errata Widget rendered without errors and contain proper values :BZ: 1417114 :CaseLevel: System """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') org = entities.Organization().create() lce = entities.LifecycleEnvironment(organization=org).create() # create a role with necessary permissions role = entities.Role().create() user_permissions = { 'Organization': ['view_organizations'], 'Location': ['view_locations'], None: ['access_dashboard'], 'Host': ['view_hosts'], } create_role_permissions(role, user_permissions) # create a user and assign the above created role entities.User( default_organization=org, organization=[org], default_location=module_loc, location=[module_loc], role=[role], login=user_login, password=user_password, ).create() with Session(test_name, user=user_login, password=user_password) as session: assert session.dashboard.read( 'HostConfigurationStatus')['total_count'] == 0 assert len(session.dashboard.read('LatestErrata')) == 0 repos_collection = RepositoryCollection( distro=DISTRO_RHEL7, repositories=[ SatelliteToolsRepository(), YumRepository(url=FAKE_6_YUM_REPO) ], ) repos_collection.setup_content(org.id, lce.id, upload_manifest=True) repos_collection.setup_virtual_machine(rhel7_contenthost) result = rhel7_contenthost.run( f'yum install -y {FAKE_1_CUSTOM_PACKAGE}') assert result.status == 0 hostname = rhel7_contenthost.hostname # Check UI for values assert session.host.search(hostname)[0]['Name'] == hostname hosts_values = session.dashboard.read('HostConfigurationStatus') assert hosts_values['total_count'] == 1 errata_values = session.dashboard.read('LatestErrata')['erratas'] assert len(errata_values) == 1 assert errata_values[0]['Type'] == 'security' assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_create_overridable_filter(session, module_org, module_loc, test_name): """Create overridden filter in role :id: 325e7e3e-60fc-4182-9585-0449d9660e8d :steps: 1. Create a role with some taxonomies (organizations and locations) 2. Create a filter in role to which taxonomies can be associated e.g Subnet filter 3. Override a filter with some taxonomies which doesnt match the taxonomies of role 4. Create user with taxonomies including filter taxonomies and assign role to it 5. Login with user and attempt to access the resources :expectedresults: 1. Filter is created with taxonomies 2. User can access resources, permissions specified in filter 3. User have access only in taxonomies specified in filter """ role_name = gen_string('alpha') username = gen_string('alpha') password = gen_string('alpha') role_org = entities.Organization().create() role_loc = entities.Location().create() subnet = entities.Subnet() subnet.create_missing() subnet_name = subnet.name new_subnet_name = gen_string('alpha') with session: session.role.create( { 'name': role_name, 'organizations.assigned': [role_org.name, module_org.name], 'locations.assigned': [role_loc.name, module_loc.name], } ) assert session.role.search(role_name)[0]['Name'] == role_name session.filter.create( role_name, { 'resource_type': 'Subnet', 'permission.assigned': ['view_subnets', 'create_subnets'], 'override': True, 'taxonomies_tabs.locations.resources.assigned': [module_loc.name], 'taxonomies_tabs.organizations.resources.assigned': [module_org.name], }, ) session.filter.create( role_name, { 'resource_type': 'Organization', 'permission.assigned': ['assign_organizations', 'view_organizations'], }, ) session.filter.create( role_name, { 'resource_type': 'Location', 'permission.assigned': ['assign_locations', 'view_locations'], }, ) session.user.create( { 'user.login': username, 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, 'user.mail': '*****@*****.**', 'roles.resources.assigned': [role_name], 'organizations.resources.assigned': [role_org.name, module_org.name], 'locations.resources.assigned': [role_loc.name, module_loc.name], } ) with Session(test_name, user=username, password=password) as session: session.organization.select(org_name=module_org.name) session.location.select(loc_name=module_loc.name) session.subnet.create( { 'subnet.name': subnet_name, 'subnet.protocol': 'IPv4', 'subnet.network_address': subnet.network, 'subnet.network_mask': subnet.mask, 'subnet.boot_mode': 'Static', } ) assert session.subnet.search(subnet_name)[0]['Name'] == subnet_name session.organization.select(org_name=role_org.name) session.location.select(loc_name=role_loc.name) with pytest.raises(AssertionError) as context: session.subnet.create( { 'subnet.name': new_subnet_name, 'subnet.protocol': 'IPv4', 'subnet.network_address': subnet.network, 'subnet.network_mask': subnet.mask, 'subnet.boot_mode': 'Static', } ) assert ( "You don't have permission create_subnets with attributes" " that you have specified or you don't have access to" " specified organizations or locations" in str(context.value) )
def test_obfuscate_host_ipv4_addresses(rhcloud_sat_host, inventory_settings, organization_ak_setup, rhcloud_registered_hosts): """Test whether `Obfuscate host ipv4 addresses` setting works as expected. :id: c0fc4ee9-a6a1-42c0-83f0-0f131ca9ab41 :customerscenario: true :Steps: 1. Prepare machine and upload its data to Insights 2. Add Cloud API key in Satellite 3. Go to Configure > Inventory upload > enable “Obfuscate host ipv4 addresses” setting. 4. Generate report after enabling the setting. 5. Check if hosts ipv4 addresses are obfuscated in generated reports. 6. Disable previous setting. 7. Go to Administer > Settings > RH Cloud and enable "Obfuscate IPs" setting. 8. Generate report after enabling the setting. 9. Check if hosts ipv4 addresses are obfuscated in generated reports. :expectedresults: 1. Obfuscated host ipv4 addresses in generated reports. :BZ: 1852594, 1889690 :CaseAutomation: Automated """ org, ak = organization_ak_setup virtual_host, baremetal_host = rhcloud_registered_hosts with Session(hostname=rhcloud_sat_host.hostname) as session: session.organization.select(org_name=org.name) session.location.select(loc_name=DEFAULT_LOC) # Enable obfuscate_ips setting on inventory page. session.cloudinventory.update({'obfuscate_ips': True}) timestamp = (datetime.utcnow() - timedelta(minutes=2)).strftime('%Y-%m-%d %H:%M') session.cloudinventory.generate_report(org.name) # wait_for_tasks report generation task to finish. wait_for( lambda: rhcloud_sat_host.api.ForemanTask().search( query={ 'search': f'label = ForemanInventoryUpload::Async::GenerateReportJob ' f'and started_at >= "{timestamp}"' })[0].result == 'success', timeout=400, delay=15, silent_failure=True, handle_exception=True, ) report_path = session.cloudinventory.download_report(org.name) inventory_data = session.cloudinventory.read(org.name) # Assert that obfuscate_ips is enabled. assert inventory_data['obfuscate_ips'] is True # Assert that generated archive is valid. common_assertion(report_path, inventory_data, org, rhcloud_sat_host) # Get report data for assertion json_data = get_report_data(report_path) hostnames = [host['fqdn'] for host in json_data['hosts']] assert virtual_host.hostname in hostnames assert baremetal_host.hostname in hostnames # Assert that ip_addresses are obfuscated from report. ip_addresses = [ host['system_profile']['network_interfaces'][0]['ipv4_addresses'] [0] for host in json_data['hosts'] ] ipv4_addresses = [ host['ip_addresses'][0] for host in json_data['hosts'] ] assert virtual_host.ip_addr not in ip_addresses assert baremetal_host.ip_addr not in ip_addresses assert virtual_host.ip_addr not in ipv4_addresses assert baremetal_host.ip_addr not in ipv4_addresses # Disable obfuscate_ips setting on inventory page. session.cloudinventory.update({'obfuscate_ips': False}) # Enable obfuscate_inventory_ips setting. rhcloud_sat_host.update_setting('obfuscate_inventory_ips', True) timestamp = (datetime.utcnow() - timedelta(minutes=2)).strftime('%Y-%m-%d %H:%M') session.cloudinventory.generate_report(org.name) # wait_for_tasks report generation task to finish. wait_for( lambda: rhcloud_sat_host.api.ForemanTask().search( query={ 'search': f'label = ForemanInventoryUpload::Async::GenerateReportJob ' f'and started_at >= "{timestamp}"' })[0].result == 'success', timeout=400, delay=15, silent_failure=True, handle_exception=True, ) report_path = session.cloudinventory.download_report(org.name) inventory_data = session.cloudinventory.read(org.name) assert inventory_data['obfuscate_ips'] is True # Get report data for assertion json_data = get_report_data(report_path) hostnames = [host['fqdn'] for host in json_data['hosts']] assert virtual_host.hostname in hostnames assert baremetal_host.hostname in hostnames ip_addresses = [ host['system_profile']['network_interfaces'][0]['ipv4_addresses'] [0] for host in json_data['hosts'] ] ipv4_addresses = [ host['ip_addresses'][0] for host in json_data['hosts'] ] assert virtual_host.ip_addr not in ip_addresses assert baremetal_host.ip_addr not in ip_addresses assert virtual_host.ip_addr not in ipv4_addresses assert baremetal_host.ip_addr not in ipv4_addresses