def login_admin(self, **kwargs):
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
from cfme.configure.access_control import User
user = User(credential=cred, name='Administrator')
return self.log_in(user, **kwargs)
def vm_ownership(enable_candu, clean_setup_provider, provider, appliance):
# In these tests, Metering report is filtered on VM owner.So,VMs have to be
# assigned ownership.
vm_name = provider.data['cap_and_util']['chargeback_vm']
if not provider.mgmt.does_vm_exist(vm_name):
pytest.skip("Skipping test, {} VM does not exist".format(vm_name))
provider.mgmt.start_vm(vm_name)
provider.mgmt.wait_vm_running(vm_name)
group_collection = appliance.collections.groups
cb_group = group_collection.instantiate(description='EvmGroup-user')
user = appliance.collections.users.create(
name=fauxfactory.gen_alphanumeric(),
credential=Credential(principal='uid' +
'{}'.format(fauxfactory.gen_alphanumeric()),
secret='secret'),
email='*****@*****.**',
groups=cb_group,
cost_center='Workload',
value_assign='Database')
vm = VM.factory(vm_name, provider)
try:
vm.set_ownership(user=user.name)
logger.info('Assigned VM OWNERSHIP for {} running on {}'.format(
vm_name, provider.name))
yield user.name
finally:
vm.unset_ownership()
user.delete()
def vm_ownership(enable_candu, provider, appliance):
"""In these tests, chargeback reports are filtered on VM owner.So,VMs have to be
assigned ownership.
"""
collection = appliance.provider_based_collection(provider)
vm_name = provider.data['cap_and_util']['chargeback_vm']
vm = collection.instantiate(vm_name, provider)
if not vm.exists_on_provider:
pytest.skip("Skipping test, cu-24x7 VM does not exist")
vm.mgmt.ensure_state(VmState.RUNNING)
group_collection = appliance.collections.groups
cb_group = group_collection.instantiate(description='EvmGroup-user')
# don't assume collection is infra, in case test collected against other provider types
# No vm creation or cleanup
user = appliance.collections.users.create(
name='{}_{}'.format(provider.name, fauxfactory.gen_alphanumeric()),
credential=Credential(principal='uid{}'.format(
fauxfactory.gen_alphanumeric()),
secret='secret'),
email='*****@*****.**',
groups=cb_group,
cost_center='Workload',
value_assign='Database')
vm.set_ownership(user=user.name)
logger.info('Assigned VM OWNERSHIP for {} running on {}'.format(
vm_name, provider.name))
yield user.name
vm.unset_ownership()
if user:
user.delete()
def test_multiple_host_good_creds(setup_provider, provider, creds):
if len(provider.data.get('hosts', {})) < 2:
pytest.skip('not enough hosts to run test')
""" Tests multiple host credentialing with good credentials """
host = random.choice(provider.data["hosts"])
host_creds = credentials[host['credentials'][creds]]
cred = Credential(principal=host_creds.username,
secret=host_creds.password)
edit_view = navigate_and_select_quads(provider=provider)
# Fill form with valid credentials for default endpoint and validate
edit_view.endpoints.default.fill_with(cred.view_value_mapping)
edit_view.validation_host.fill(host.name)
edit_view.endpoints.default.validate_button.click()
edit_view.flash.assert_no_error()
edit_view.flash.assert_success_message(
'Credential validation was successful')
# Save changes
edit_view.save_button.click()
view = provider.create_view(ProviderNodesView)
view.flash.assert_no_error()
view.flash.assert_success_message(
'Credentials/Settings saved successfully')
def user(appliance):
"""Creates new user with role which does not have permission of modifying automate domains"""
product_features = [
(['Everything', 'Automation', 'Automate', 'Explorer', 'Automate Domains', 'Modify'], False)
]
role = appliance.collections.roles.create(name=fauxfactory.gen_alphanumeric(),
product_features=product_features)
group = appliance.collections.groups.create(
description=fauxfactory.gen_alphanumeric(),
role=role.name,
tenant=appliance.collections.tenants.get_root_tenant().name
)
user = appliance.collections.users.create(
name=fauxfactory.gen_alphanumeric().lower(),
credential=Credential(
principal=fauxfactory.gen_alphanumeric(4),
secret=fauxfactory.gen_alphanumeric(4),
),
email=fauxfactory.gen_email(),
groups=group,
cost_center="Workload",
value_assign="Database",
)
yield user
user.delete_if_exists()
group.delete_if_exists()
role.delete_if_exists()
def new_user(appliance, permission):
# Tenant created
collection = appliance.collections.tenants
tenant = collection.create(
name=fauxfactory.gen_alphanumeric(),
description=fauxfactory.gen_alphanumeric(),
parent=collection.get_root_tenant(),
)
# Role created
role = appliance.collections.roles.create(
name=f'role_{fauxfactory.gen_alphanumeric()}',
vm_restriction="Only User or Group Owned",
product_features=permission)
# Group creates
group = appliance.collections.groups.create(
description=fauxfactory.gen_alphanumeric(),
role=role.name,
tenant=f"My Company/{tenant.name}")
creds = Credential(principal=fauxfactory.gen_alphanumeric(4),
secret=fauxfactory.gen_alphanumeric(4))
# User created
user = appliance.collections.users.create(
name=fauxfactory.gen_alphanumeric(),
credential=creds,
email=fauxfactory.gen_email(),
groups=group,
cost_center='Workload',
value_assign='Database')
yield user
user.delete_if_exists()
group.delete_if_exists()
role.delete_if_exists()
tenant.delete_if_exists()
def test_multiple_host_bad_creds(setup_provider, provider):
""" Tests multiple host credentialing with bad credentials
Polarion:
assignee: nachandr
caseimportance: medium
casecomponent: Infra
initialEstimate: 1/15h
"""
if len(provider.data.get('hosts', {})) < 2:
pytest.skip('not enough hosts to run test')
host = random.choice(provider.data["hosts"])
cred = Credential(principal='wrong', secret='bad_password')
edit_view = navigate_and_select_quads(provider=provider)
edit_view.endpoints.default.fill_with(cred.view_value_mapping)
edit_view.validation_host.fill(host.name)
edit_view.endpoints.default.validate_button.click()
if provider.one_of(RHEVMProvider):
msg = 'Login failed due to a bad username or password.'
elif provider.one_of(SCVMMProvider):
msg = 'Check credentials. Remote error message: WinRM::WinRMAuthorizationError'
else:
msg = 'Cannot complete login due to an incorrect user name or password.'
edit_view.flash.assert_message(msg)
edit_view.cancel_button.click()
def user_self_service_role(appliance):
"""This is fixture with create user with user_self_service_role"""
with appliance.context.use(ViaUI):
# copy role with no restrictions
role = appliance.collections.roles.instantiate(
name="EvmRole-user_self_service")
user_self_service_role = role.copy(name=fauxfactory.gen_alphanumeric(
25, "self_service_role_"),
vm_restriction="None")
# Group with user self service role
user_self_service_gp = appliance.collections.groups.create(
description=fauxfactory.gen_alphanumeric(22, "self_service_gp_"),
role=user_self_service_role.name)
# credentials for user
creds = Credential(
principal=fauxfactory.gen_alphanumeric(start="user_"),
secret=fauxfactory.gen_alphanumeric(),
)
# user with above group
user = appliance.collections.users.create(
name=fauxfactory.gen_alphanumeric(start="user_"),
credential=creds,
email=fauxfactory.gen_email(),
groups=user_self_service_gp,
)
yield user, user_self_service_role
user.delete_if_exists()
user_self_service_gp.delete_if_exists()
user_self_service_role.delete_if_exists()
def update_password(self, new_password, verify_password=None, user=None, method=LOGIN_METHODS[1]):
if not user:
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = self.appliance.collections.users.instantiate(credential=cred, name='Administrator')
logged_in_view = self.appliance.browser.create_view(BaseLoggedInPage)
if not logged_in_view.logged_in_as_user(user):
if logged_in_view.logged_in:
logged_in_view.logout()
from cfme.utils.appliance.implementations.ui import navigate_to
login_view = navigate_to(self.appliance.server, 'LoginScreen')
logger.debug('Changing password for user %s', user.credential.principal)
login_view.update_password(user=user,
new_password=new_password,
verify_password=verify_password,
method=method)
try:
assert logged_in_view.is_displayed
except AssertionError:
login_view.flash.assert_no_error()
return logged_in_view
def test_password_max_character_validation(appliance):
password = fauxfactory.gen_alphanumeric(51)
cred = Credential(principal=fauxfactory.gen_alphanumeric(5),
secret=password,
verify_secret=password)
collection = appliance.collections.cloud_providers
collection.discover(cred, EC2Provider)
def retrieve_group(temp_appliance_preconfig_long, auth_mode, username, groupname, auth_provider,
tenant=None):
"""Retrieve group from ext/ldap auth provider through UI
Args:
temp_appliance_preconfig_long: temp_appliance_preconfig_long object
auth_mode: key from cfme.configure.configuration.server_settings.AUTH_MODES, parametrization
user_data: user_data AttrDict from yaml, with username, groupname, password fields
"""
group = temp_appliance_preconfig_long.collections.groups.instantiate(
description=groupname,
role='EvmRole-user',
tenant=tenant,
user_to_lookup=username,
ldap_credentials=Credential(principal=auth_provider.bind_dn,
secret=auth_provider.bind_password))
add_method = ('add_group_from_ext_auth_lookup'
if auth_mode == 'external' else
'add_group_from_ldap_lookup')
if not group.exists:
getattr(group, add_method)() # call method to add
wait_for(lambda: group.exists)
else:
logger.info('User Group exists, skipping create: %r', group)
return group
def test_db_user_pwd(appliance, user, pwd, soft_assert):
"""
Polarion:
assignee: dgaikwad
casecomponent: Appliance
initialEstimate: 1/6h
"""
new_credential = Credential(principal=user.credential.principal,
secret=pwd)
if pwd:
with update(user):
user.credential = new_credential
with user:
# now make sure the user can login
view = navigate_to(appliance.server, "LoggedIn")
soft_assert(
view.current_fullname == user.name,
'user full name "{}" did not match UI display name "{}"'.
format(user.name, view.current_fullname))
soft_assert(
user.groups[0].description in view.group_names,
'local group "{}" not displayed in UI groups list "{}"'.format(
user.groups[0].description, view.group_names))
else:
# blank pwd doesn't allow you to click save
view = navigate_to(user, 'Edit')
user.change_stored_password()
view.fill({
'password_txt': new_credential.secret,
'password_verify_txt': new_credential.verify_secret
})
assert view.save_button.disabled
view.cancel_button.click()
def group(request, data, auth_mode, add_group, appliance):
if not data:
pytest.skip("No data spcified for user group")
credentials = Credential(
principal=data["username"],
secret=data["password"],
)
group_collection = appliance.collections.rbac_groups
user_group = None
if add_group == RETRIEVE_GROUP:
user_group = group_collection.instantiate(
description=data['group_name'],
role="EvmRole-user",
user_to_lookup=data["username"],
ldap_credentials=credentials)
if 'ext' in auth_mode:
user_group.add_group_from_ext_auth_lookup()
elif 'miq' in auth_mode:
user_group.add_group_from_ldap_lookup()
request.addfinalizer(user_group.delete)
elif add_group == CREATE_GROUP:
user_group = group_collection.create(description=data['group_name'],
role="EvmRole-user",
user_to_lookup=data["username"],
ldap_credentials=credentials)
request.addfinalizer(user_group.delete)
def get_credentials(cls, credential_dict, cred_type=None):
"""Processes a credential dictionary into a credential object.
Args:
credential_dict: A credential dictionary.
cred_type: Type of credential (None, token, ssh, amqp, ...)
Returns:
A :py:class:`cfme.base.credential.Credential` instance.
"""
domain = credential_dict.get('domain')
token = credential_dict.get('token')
if not cred_type:
return Credential(principal=credential_dict['username'],
secret=credential_dict['password'],
domain=domain)
elif cred_type == 'amqp':
return EventsCredential(principal=credential_dict['username'],
secret=credential_dict['password'])
elif cred_type == 'ssh':
return SSHCredential(principal=credential_dict['username'],
secret=credential_dict['password'])
elif cred_type == 'candu':
return CANDUCredential(principal=credential_dict['username'],
secret=credential_dict['password'])
elif cred_type == 'token':
return TokenCredential(token=token)
def vm_ownership(enable_candu, clean_setup_provider, provider, appliance):
# In these tests, Metering report is filtered on VM owner.So,VMs have to be
# assigned ownership.
vm_name = provider.data['cap_and_util']['chargeback_vm']
collection = provider.appliance.provider_based_collection(provider)
vm = collection.instantiate(vm_name, provider)
if not vm.exists_on_provider:
pytest.skip(f"Skipping test, {vm_name} VM does not exist")
vm.mgmt.ensure_state(VmState.RUNNING)
group_collection = appliance.collections.groups
cb_group = group_collection.instantiate(description='EvmGroup-user')
user = appliance.collections.users.create(
name=fauxfactory.gen_alphanumeric(),
credential=Credential(
principal=fauxfactory.gen_alphanumeric(start="uid"),
secret='secret'),
email='*****@*****.**',
groups=cb_group,
cost_center='Workload',
value_assign='Database')
try:
vm.set_ownership(user=user)
logger.info(
f'Assigned VM OWNERSHIP for {vm_name} running on {provider.name}')
yield user.name
finally:
vm.unset_ownership()
user.delete()
def test_userid_required_error_validation():
user = User(name='user' + fauxfactory.gen_alphanumeric(),
credential=Credential(principal='', secret='redhat'),
email='*****@*****.**',
group=group_user)
with error.expected("Userid can't be blank"):
user.create()
def test_update_password(context, request, appliance):
""" Test updating password from the login screen.
Polarion:
assignee: jdupuy
casecomponent: Infra
initialEstimate: 1/6h
"""
# First, create a temporary new user
username = '******'.format(fauxfactory.gen_alphanumeric(4).lower())
new_creds = Credential(principal=username, secret='redhat')
user_group = appliance.collections.groups.instantiate(description="EvmGroup-vm_user")
user = appliance.collections.users.create(
name=username,
credential=new_creds,
groups=user_group
)
error_message = "Login failed: Unauthorized"
# Try to login as the new user to verify it has been created
logged_in_page = appliance.server.login(user)
assert logged_in_page.is_displayed
logged_in_page.logout()
# Now try to login while changing the password for the user
changed_pass_page = appliance.server.update_password(new_password='******', user=user)
assert changed_pass_page.is_displayed
changed_pass_page.logout()
# Try to login with the user with old password
with pytest.raises(Exception, match=error_message):
appliance.server.login(user)
# Now try changing password with invalid default password
new_cred = Credential(principal=username, secret="made_up_invalid_pass")
user2 = appliance.collections.users.instantiate(credential=new_cred, name=username)
with pytest.raises(Exception, match=error_message):
appliance.server.update_password(new_password='******', user=user2)
# Workaround for emptying the password fields.
# If this wasn't here, we would change the password for admin user while
# deleting our user. Which is bad.
appliance.server.browser.refresh()
# Delete the user we created
user.delete()
def test_provider_add_with_bad_credentials(provider):
""" Tests provider add with bad credentials"""
provider.credentials['default'] = Credential(principal='bad',
secret='reallybad')
with error.expected(
'Credential validation was not successful: Invalid credentials'):
provider.create(validate_credentials=True)
assert (not provider.add_provider_button.can_be_clicked)
def test_discovery_password_mismatch_validation_cloud(appliance):
cred = Credential(principal=fauxfactory.gen_alphanumeric(5),
secret=fauxfactory.gen_alphanumeric(5),
verify_secret=fauxfactory.gen_alphanumeric(7))
collection = appliance.collections.cloud_providers
collection.discover(cred, EC2Provider)
view = appliance.browser.create_view(CloudProvidersView)
view.flash.assert_message('Password/Verify Password do not match')
def new_credential():
"""
Returns credentials object used for new user in test module
"""
# Todo remove .lower() for principal after 1486041 fix
return Credential(principal='uid{}'.format(
fauxfactory.gen_alphanumeric().lower()),
secret='redhat')
def login_admin(self, **kwargs):
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = self.extra.appliance.collections.users.instantiate(
credential=cred, name='Administrator'
)
return self.log_in(user, **kwargs)
def rbac_user(appliance, request, group):
user, user_data = _users(request, appliance, group=group)
return appliance.collections.users.instantiate(
name=user[0].name,
credential=Credential(principal=user_data[0]["userid"],
secret=user_data[0]["password"]),
groups=[group],
)
def new_user(request, appliance):
user, user_data = _users(request, appliance, group="EvmGroup-vm_user")
yield appliance.collections.users.instantiate(
name=user[0].name,
credential=Credential(principal=user_data[0]["userid"], secret=user_data[0]["password"]),
)
if user[0].exists:
user[0].action.delete()
def test_provider_add_with_bad_credentials(provider):
""" Tests provider add with bad credentials"""
provider.endpoints['default'].credentials = Credential(principal='bad',
secret='reallybad')
with error.expected(
'Credential validation was not successful: Invalid credentials'):
provider.create(validate_credentials=True)
view = provider.create_view(MiddlewareProviderAddView)
assert not view.add.active
def test_user_id_max_character_validation(appliance):
"""
Polarion:
assignee: None
initialEstimate: None
"""
cred = Credential(principal=fauxfactory.gen_alphanumeric(51), secret='')
collection = appliance.collections.cloud_providers
collection.discover(cred, EC2Provider)
def new_user(request, appliance):
"""This fixture creates custom user with tenant attached"""
tenant = _tenants(request, appliance)
role = appliance.rest_api.collections.roles.get(name="EvmRole-super_administrator")
group = _groups(request, appliance, role, tenant=tenant)
user, user_data = _users(request, appliance, group=group.description)
yield appliance.collections.users.instantiate(
name=user[0].name,
credential=Credential(principal=user_data[0]["userid"], secret=user_data[0]["password"]),
), tenant
def test_infra_provider_add_with_bad_credentials(provider):
"""Tests provider add with bad credentials
Metadata:
test_flag: crud
"""
provider.default_endpoint.credentials = Credential(
principal='bad', secret='reallybad', verify_secret='reallybad')
with pytest.raises(Exception, match=provider.bad_credentials_error_msg):
provider.create(validate_credentials=True)
def test_provider_add_with_bad_credentials(provider):
"""Tests provider add with bad credentials
Metadata:
test_flag: crud
"""
provider.default_endpoint.credentials = Credential(
principal='bad', secret='reallybad', verify_secret='reallybad')
with error.expected(provider.bad_credentials_error_msg):
provider.create(validate_credentials=True)
def db_user(appliance):
name = fauxfactory.gen_alpha(15, start="test-user-")
creds = Credential(principal=name, secret=fauxfactory.gen_alpha())
user_group = appliance.collections.groups.instantiate(description="EvmGroup-vm_user")
user = appliance.collections.users.create(
name=name,
credential=creds,
groups=user_group,
)
yield user
user.delete_if_exists()
def test_userid_required_error_validation():
user = User(name='user' + fauxfactory.gen_alphanumeric(),
credential=Credential(principal='', secret='redhat'),
email='*****@*****.**',
group=group_user)
with error.expected("Userid can't be blank"):
user.create()
# Navigating away from this page will create an "Abandon Changes" alert
# Since group creation failed we need to reset the state of the page
navigate_to(user.appliance.server, 'Dashboard')
