def test_positive_user_access_with_host_filter(test_name, module_loc, rhel7_contenthost): """Check if user with necessary host permissions can access dashboard and required widgets are rendered with proper values :id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d :Steps: 1. Specify proper filter with permission for your role 2. Create new user and assign role to it 3. Login into application using this new user 4. Check dashboard and widgets on it 5. Register new content host to populate some values into dashboard widgets :expectedresults: Dashboard and Errata Widget rendered without errors and contain proper values :BZ: 1417114 :CaseLevel: System """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') org = entities.Organization().create() lce = entities.LifecycleEnvironment(organization=org).create() # create a role with necessary permissions role = entities.Role().create() user_permissions = { 'Organization': ['view_organizations'], 'Location': ['view_locations'], None: ['access_dashboard'], 'Host': ['view_hosts'], } create_role_permissions(role, user_permissions) # create a user and assign the above created role entities.User( default_organization=org, organization=[org], default_location=module_loc, location=[module_loc], role=[role], login=user_login, password=user_password, ).create() with Session(test_name, user=user_login, password=user_password) as session: assert session.dashboard.read( 'HostConfigurationStatus')['total_count'] == 0 assert len(session.dashboard.read('LatestErrata')) == 0 repos_collection = RepositoryCollection( distro=DISTRO_RHEL7, repositories=[ SatelliteToolsRepository(), YumRepository(url=FAKE_6_YUM_REPO) ], ) repos_collection.setup_content(org.id, lce.id, upload_manifest=True) repos_collection.setup_virtual_machine(rhel7_contenthost) result = rhel7_contenthost.run( f'yum install -y {FAKE_1_CUSTOM_PACKAGE}') assert result.status == 0 hostname = rhel7_contenthost.hostname # Check UI for values assert session.host.search(hostname)[0]['Name'] == hostname hosts_values = session.dashboard.read('HostConfigurationStatus') assert hosts_values['total_count'] == 1 errata_values = session.dashboard.read('LatestErrata')['erratas'] assert len(errata_values) == 1 assert errata_values[0]['Type'] == 'security' assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_create_by_type(): """Create entities of different types and check audit logs for these events using entity type as search criteria :id: 6c7ea7fc-6728-447f-9655-26fe0a2881bc :customerscenario: true :expectedresults: Audit logs contain corresponding entries per each create event :BZ: 1426742, 1492668, 1492696 :CaseImportance: Medium :CaseComponent: AuditLog :Assignee: rplevka """ for entity_item in [ { 'entity': entities.Architecture() }, { 'entity': entities.AuthSourceLDAP(), 'entity_type': 'auth_source', 'value_template': 'LDAP-{entity.name}', }, { 'entity': entities.ComputeProfile(), 'entity_type': 'compute_profile' }, { 'entity': entities.LibvirtComputeResource(), 'entity_type': 'compute_resource', 'value_template': '{entity.name} (Libvirt)', }, { 'entity': entities.ConfigGroup(), 'entity_type': 'config_group' }, { 'entity': entities.Domain() }, { 'entity': entities.Host() }, { 'entity': entities.HostGroup() }, { 'entity': entities.Image( compute_resource=entities.LibvirtComputeResource().create()) }, { 'entity': entities.Location() }, { 'entity': entities.Media(), 'entity_type': 'medium' }, { 'entity': entities.Organization() }, { 'entity': entities.OperatingSystem(), 'entity_type': 'os', 'value_template': '{entity.name} {entity.major}', }, { 'entity': entities.PartitionTable(), 'entity_type': 'ptable' }, { 'entity': entities.PuppetClass() }, { 'entity': entities.Role() }, { 'entity': entities.Subnet(), 'value_template': '{entity.name} ({entity.network}/{entity.cidr})', }, { 'entity': entities.ProvisioningTemplate(), 'entity_type': 'provisioning_template' }, { 'entity': entities.User(), 'value_template': '{entity.login}' }, { 'entity': entities.UserGroup() }, { 'entity': entities.ContentView(), 'entity_type': 'katello/content_view' }, { 'entity': entities.LifecycleEnvironment(), 'entity_type': 'katello/kt_environment' }, { 'entity': entities.ActivationKey(), 'entity_type': 'katello/activation_key' }, { 'entity': entities.HostCollection(), 'entity_type': 'katello/host_collection' }, { 'entity': entities.Product(), 'entity_type': 'katello/product' }, { 'entity': entities.GPGKey(), 'entity_type': 'katello/gpg_key', 'value_template': 'content credential (gpg_key - {entity.name})', }, { 'entity': entities.SyncPlan(organization=entities.Organization(id=1)), 'entity_type': 'katello/sync_plan', }, ]: created_entity = entity_item['entity'].create() entity_type = entity_item.get( 'entity_type', created_entity.__class__.__name__.lower()) value_template = entity_item.get('value_template', '{entity.name}') entity_value = value_template.format(entity=created_entity) audits = entities.Audit().search( query={'search': f'type={entity_type}'}) entity_audits = [ entry for entry in audits if entry.auditable_name == entity_value ] assert entity_audits, ( f'audit not found by name "{entity_value}" for entity: ' f'{created_entity.__class__.__name__.lower()}') audit = entity_audits[0] assert audit.auditable_id == created_entity.id assert audit.action == 'create' assert audit.version == 1
def function_role(): return entities.Role().create()
def test_positive_end_to_end(session, test_name, module_org, module_loc): """Perform end to end testing for user component :id: 2794fdd0-cfe3-4f1a-aa5f-25b2d211ae12 :expectedresults: All expected CRUD actions finished successfully :CaseLevel: Integration :CaseImportance: High """ name = gen_string('alpha') new_name = gen_string('alpha') ak_name = gen_string('alpha') firstname = gen_string('alpha') lastname = gen_string('alpha') password = gen_string('alpha') email = gen_email() description = gen_string('alphanumeric') language = 'English (United States)' timezone = '(GMT+00:00) UTC' role = entities.Role().create().name with session: # Create new user and validate its values session.user.create({ 'user.login': name, 'user.firstname': firstname, 'user.lastname': lastname, 'user.mail': email, 'user.description': description, 'user.language': language, 'user.timezone': timezone, 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, 'locations.resources.assigned': [module_loc.name], 'organizations.resources.assigned': [module_org.name], 'roles.admin': True, 'roles.resources.assigned': [role], }) assert session.user.search(name)[0]['Username'] == name user_values = session.user.read(name) assert user_values['user']['login'] == name assert user_values['user']['firstname'] == firstname assert user_values['user']['lastname'] == lastname assert user_values['user']['mail'] == email assert user_values['user']['description'] == description assert user_values['user']['language'] == language assert user_values['user']['timezone'] == timezone assert user_values['user']['auth'] == 'INTERNAL' assert user_values['locations']['resources']['assigned'] == [ module_loc.name ] assert user_values['organizations']['resources']['assigned'] == [ module_org.name ] assert user_values['roles']['admin'] is True assert user_values['roles']['resources']['assigned'] == [role] # Update user with new name session.user.update(name, {'user.login': new_name}) assert session.user.search(new_name)[0]['Username'] == new_name assert not session.user.search(name) # Login into application using new user with Session(test_name, new_name, password) as newsession: newsession.organization.select(module_org.name) newsession.location.select(module_loc.name) newsession.activationkey.create({'name': ak_name}) assert newsession.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = newsession.activationkey.read( ak_name, 'current_user')['current_user'] assert current_user == f'{firstname} {lastname}' # Delete user session.user.delete(new_name) assert not session.user.search(new_name)
def test_positive_create_as_non_admin_user_with_cv_published( module_org, test_name): """Create a repository as a non admin user in a product that already contain a repository that is used in a published content view. :id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f :expectedresults: New repository successfully created by non admin user :BZ: 1447829 :CaseLevel: Integration """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') repo_name = gen_string('alpha') user_permissions = { None: ['access_dashboard'], 'Katello::Product': [ 'view_products', 'create_products', 'edit_products', 'destroy_products', 'sync_products', 'export_products', ], } role = entities.Role().create() create_role_permissions(role, user_permissions) entities.User( login=user_login, password=user_password, role=[role], admin=False, default_organization=module_org, organization=[module_org], ).create() prod = entities.Product(organization=module_org).create() repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create() repo.sync() content_view = entities.ContentView(organization=module_org).create() content_view.repository = [repo] content_view = content_view.update(['repository']) content_view.publish() with Session(test_name, user_login, user_password) as session: # ensure that the created user is not a global admin user # check administer->users page with pytest.raises(NavigationTriesExceeded): pswd = gen_string('alphanumeric') session.user.create({ 'user.login': gen_string('alphanumeric'), 'user.auth': 'INTERNAL', 'user.password': pswd, 'user.confirm': pswd, }) # ensure that the created user has only the assigned permissions # check that host collections menu tab does not exist with pytest.raises(NavigationTriesExceeded): session.hostcollection.create({'name': gen_string('alphanumeric')}) session.repository.create( prod.name, { 'name': repo_name, 'repo_type': REPO_TYPE['yum'], 'repo_content.upstream_url': FAKE_1_YUM_REPO, }, ) assert session.repository.search(prod.name, repo.name)[0]['Name'] == repo.name
def test_positive_update_external_user_roles( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Assure that user has roles/can access feature areas for additional roles assigned outside any roles assigned by his group :id: a487f7d6-22f2-4e42-b34f-8d984f721c83 :setup: Assign roles to UserGroup and configure external UserGroup subsequently assign specified roles to the user(s). roles that are not part of the larger UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Assign some more roles to a User(which is part of external AD UserGroup) at the User level. 5. Login to sat6 with the above AD user and attempt to access areas assigned specifically to user. :expectedresults: User can access not only those feature areas in his UserGroup but those additional feature areas / roles assigned specifically to user """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() katello_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} create_role_permissions(foreman_role, foreman_permissions) create_role_permissions(katello_role, katello_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: ldapsession.location.create({'name': location_name}) assert ldapsession.location.search(location_name)[0]['Name'] == location_name current_user = ldapsession.location.read(location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.user.update( ldap_data['ldap_user_name'], {'roles.resources.assigned': [katello_role.name]}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_add_foreman_role_with_org_loc(session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name, module_org, module_loc): """Associate foreman roles to User Group with org and loc set. [belonging to external AD User Group.] :id: b39d7b2a-6d78-4c35-969a-37c8317ce64f :setup: LDAP Auth Source should be created with Org and Location Associated. :Steps: 1. Create an UserGroup. 2. Assign some foreman roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access foreman entities as per roles, with the associated org and loc in LDAP Auth source page as the context set. """ auth_source_name = 'LDAP-' + auth_source.name name = gen_string('alpha') user_permissions = { 'Hostgroup': PERMISSIONS['Hostgroup'], 'Location': ['assign_locations'], 'Organization': ['assign_organizations'], } foreman_role = entities.Role().create() create_role_permissions(foreman_role, user_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search( ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.hostgroup.create({'host_group.name': name}) hostgroup = session.hostgroup.read(name, ['organizations', 'locations']) assert len(hostgroup['organizations']['resources']['assigned']) == 1 assert module_org.name in hostgroup['organizations']['resources'][ 'assigned'] assert len(hostgroup['locations']['resources']['assigned']) == 1 assert module_loc.name in hostgroup['locations']['resources'][ 'assigned']
def test_positive_create_by_type(self): """Create entities of different types and check audit logs for these events using entity type as search criteria :id: 6c7ea7fc-6728-447f-9655-26fe0a2881bc :customerscenario: true :expectedresults: Audit logs contain corresponding entries per each create event :BZ: 1426742, 1492668, 1492696 :CaseImportance: Critical """ for entity_item in [ {'entity': entities.Architecture()}, { 'entity': entities.AuthSourceLDAP(), 'entity_type': 'auth_source', 'value_template': 'LDAP-{entity.name}' }, { 'entity': entities.ComputeProfile(), 'entity_type': 'compute_profile' }, { 'entity': entities.LibvirtComputeResource(), 'entity_type': 'compute_resource', 'value_template': '{entity.name} (Libvirt)' }, {'entity': entities.ConfigGroup(), 'entity_type': 'config_group'}, {'entity': entities.Domain()}, {'entity': entities.Host()}, {'entity': entities.HostGroup()}, {'entity': entities.Image( compute_resource=entities.LibvirtComputeResource().create())}, {'entity': entities.Location()}, {'entity': entities.Media(), 'entity_type': 'medium'}, {'entity': entities.Organization()}, { 'entity': entities.OperatingSystem(), 'entity_type': 'os', 'value_template': '{entity.name} {entity.major}' }, { 'entity': entities.PartitionTable(), 'entity_type': 'ptable', }, {'entity': entities.PuppetClass()}, {'entity': entities.Role()}, { 'entity': entities.Subnet(), 'value_template': '{entity.name} ' '({entity.network}/{entity.cidr})' }, { 'entity': entities.ProvisioningTemplate(), 'entity_type': 'template', }, {'entity': entities.User(), 'value_template': '{entity.login}'}, {'entity': entities.UserGroup()}, ]: created_entity = entity_item['entity'].create() entity_type = entity_item.get( 'entity_type', created_entity.__class__.__name__.lower()) value_template = entity_item.get('value_template', '{entity.name}') entity_value = value_template.format(entity=created_entity) audit = entities.Audit().search( query={'search': 'type={0}'.format(entity_type)})[0] self.assertEqual(audit.auditable_name, entity_value) self.assertEqual(audit.auditable_id, created_entity.id) self.assertEqual(audit.action, 'create') self.assertEqual(audit.version, 1)
def test_positive_custom_user_view_lce(self): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') env_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments' ] } create_role_permissions(role, permissions_types_names) entities.User(default_organization=org, organization=[org], role=[role], login=user_login, password=user_password).create() # create a life cycle environment as admin user and ensure it's visible with Session(self) as session: make_lifecycle_environment(session, org=org.name, name=env_name) self.assertIsNotNone(self.lifecycleenvironment.search(env_name)) # ensure the created user also can find the created life cycle # environment link with Session(self, user=user_login, password=user_password) as session: # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist self.assertIsNone( self.content_views.wait_until_element( menu_locators['menu.hosts'], timeout=1)) # assert that the created user is not a global admin user # check administer->users page with self.assertRaises(UINoSuchElementError): session.nav.go_to_users() # assert that the user can view the lvce created by admin user self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
def setUpClass(cls): """Create two roles and fetch the 'Anonymous' role.""" super(UserRoleTestCase, cls).setUpClass() cls.roles = [entities.Role().create() for _ in range(2)] roles = entities.Role().search(query={'search': 'name="Default role"'}) cls.anon_role = roles[0]
def setUpClass(cls): """Create two roles.""" super(UserRoleTestCase, cls).setUpClass() cls.roles = [entities.Role().create() for _ in range(2)]
def test_positive_create_by_type(self): """Create entities of different types and check audit logs for these events using entity type and performed action as search criteria :id: 26197b39-4d56-4aab-8df8-f0fcedbffdb7 :expectedresults: Audit logs contain corresponding entries per each create event :CaseImportance: Critical """ with Session(self): for entity_item in [ { 'entity': entities.Architecture(), 'entity_type': 'architecture' }, { 'entity': entities.AuthSourceLDAP(), 'entity_type': 'auth_source', 'value_template': 'LDAP-{entity.name}' }, { 'entity': entities.ComputeProfile(), 'entity_type': 'compute_profile' }, { 'entity': entities.LibvirtComputeResource(), 'entity_type': 'compute_resource', 'value_template': '{entity.name} (Libvirt)' }, { 'entity': entities.ConfigGroup(), 'entity_type': 'config_group' }, { 'entity': entities.Domain(), 'entity_type': 'domain' }, { 'entity': entities.Host(), 'entity_type': 'host' }, { 'entity': entities.HostGroup(), 'entity_type': 'hostgroup' }, { 'entity': entities.Image(compute_resource=entities. LibvirtComputeResource().create()), 'entity_type': 'image' }, { 'entity': entities.Location(), 'entity_type': 'location' }, { 'entity': entities.Media(), 'entity_type': 'medium', 'custom_operation': 'added', }, { 'entity': entities.Organization(), 'entity_type': 'organization' }, { 'entity': entities.OperatingSystem(), 'entity_type': 'os', 'value_template': '{entity.name} {entity.major}' }, { 'entity': entities.PartitionTable(), 'entity_type': 'ptable', }, { 'entity': entities.PuppetClass(), 'entity_type': 'puppetclass' }, { 'entity': entities.Role(), 'entity_type': 'role' }, { 'entity': entities.Subnet(), 'entity_type': 'subnet', 'value_template': '{entity.name} ' '({entity.network}/{entity.cidr})' }, { 'entity': entities.ProvisioningTemplate(), 'entity_type': 'template', }, { 'entity': entities.User(), 'value_template': '{entity.login}', 'entity_type': 'user', }, { 'entity': entities.UserGroup(), 'entity_type': 'usergroup' }, ]: created_entity = entity_item['entity'].create() value_template = entity_item.get('value_template', '{entity.name}') operation_type = entity_item.get('custom_operation', 'created') entity_value = value_template.format(entity=created_entity) self.audit.filter('type={} and action=create'.format( entity_item['entity_type'])) result = self.audit.get_last_entry() self.assertIn(operation_type, result['full_statement']) self.assertEqual(entity_value, result['entity_name'])
def test_positive_update_by_type(self): """Update entities of different types and check audit logs for these events using entity type and performed action as search criteria :id: fef54686-4c13-4f36-a616-51dc9b58be19 :expectedresults: Audit logs contain corresponding entries per each update event """ with Session(self): for entity_item in [ { 'entity': entities.Architecture(), 'entity_type': 'architecture' }, { 'entity': entities.ConfigGroup(), 'entity_type': 'config_group' }, { 'entity': entities.Domain(), 'entity_type': 'domain' }, { 'entity': entities.HostGroup(), 'entity_type': 'hostgroup' }, { 'entity': entities.Location(), 'entity_type': 'location' }, { 'entity': entities.PartitionTable(), 'entity_type': 'ptable', }, { 'entity': entities.Role(), 'entity_type': 'role' }, { 'entity': entities.ProvisioningTemplate(), 'entity_type': 'template', }, { 'entity': entities.UserGroup(), 'entity_type': 'usergroup' }, ]: entity = entity_item['entity'].create() name = entity.name new_name = gen_string('alpha') entity.name = new_name entity.update(['name']) self.audit.filter('type={} and action=update'.format( entity_item['entity_type'])) result = self.audit.get_last_entry() self.assertIn('updated', result['full_statement']) self.assertEqual(result['entity_name'], name) self.assertEqual( result['update_list'][0], 'Name changed from {} to {}'.format(name, new_name), )
def test_positive_check_permissions_affect_create_procedure( test_name, module_loc): """Verify whether user permissions affect what entities can be selected when host is created :id: 4502f99d-86fb-4655-a9dc-b2612cf849c6 :customerscenario: true :expectedresults: user with specific permissions can choose only entities for create host procedure that he has access to :BZ: 1293716 :CaseLevel: System """ # Create new organization org = entities.Organization().create() # Create two lifecycle environments lc_env = entities.LifecycleEnvironment(organization=org).create() filter_lc_env = entities.LifecycleEnvironment(organization=org).create() # Create two content views and promote them to one lifecycle # environment which will be used in filter cv = entities.ContentView(organization=org).create() filter_cv = entities.ContentView(organization=org).create() for content_view in [cv, filter_cv]: content_view.publish() content_view = content_view.read() promote(content_view.version[0], filter_lc_env.id) # Create two host groups hg = entities.HostGroup(organization=[org]).create() filter_hg = entities.HostGroup(organization=[org]).create() # Create new role role = entities.Role().create() # Create lifecycle environment permissions and select one specific # environment user will have access to create_role_permissions( role, { 'Katello::KTEnvironment': [ 'promote_or_remove_content_views_to_environments', 'view_lifecycle_environments' ] }, # allow access only to the mentioned here environment search='name = {0}'.format(filter_lc_env.name)) # Add necessary permissions for content view as we did for lce create_role_permissions( role, { 'Katello::ContentView': [ 'promote_or_remove_content_views', 'view_content_views', 'publish_content_views', ] }, # allow access only to the mentioned here cv search='name = {0}'.format(filter_cv.name)) # Add necessary permissions for hosts as we did for lce create_role_permissions( role, {'Host': ['create_hosts', 'view_hosts']}, # allow access only to the mentioned here host group search='hostgroup_fullname = {0}'.format(filter_hg.name)) # Add necessary permissions for host groups as we did for lce create_role_permissions( role, {'Hostgroup': ['view_hostgroups']}, # allow access only to the mentioned here host group search='name = {0}'.format(filter_hg.name)) # Add permissions for Organization and Location create_role_permissions( role, { 'Organization': PERMISSIONS['Organization'], 'Location': PERMISSIONS['Location'], }, ) # Create new user with a configured role user_password = gen_string('alpha') user = entities.User( role=[role], admin=False, password=user_password, organization=[org], location=[module_loc], default_organization=org, default_location=module_loc, ).create() host_fields = [ { 'name': 'host.hostgroup', 'unexpected_value': hg.name, 'expected_value': filter_hg.name, }, { 'name': 'host.lce', 'unexpected_value': lc_env.name, 'expected_value': filter_lc_env.name, }, { 'name': 'host.content_view', 'unexpected_value': cv.name, 'expected_value': filter_cv.name, # content view selection needs the right lce to be selected 'other_fields_values': { 'host.lce': filter_lc_env.name } }, ] with Session(test_name, user=user.login, password=user_password) as session: for host_field in host_fields: with pytest.raises(NoSuchElementException) as context: values = {host_field['name']: host_field['unexpected_value']} values.update(host_field.get('other_fields_values', {})) session.host.helper.read_create_view(values) error_message = str(context.value) assert host_field['unexpected_value'] in error_message # After the NoSuchElementException from FilteredDropdown, airgun is not able to # navigate to other locations, Note in normal situation we should send Escape key to # browser. session.browser.refresh() values = {host_field['name']: host_field['expected_value']} values.update(host_field.get('other_fields_values', {})) create_values = session.host.helper.read_create_view( values, host_field['name']) tab_name, field_name = host_field['name'].split('.') assert create_values[tab_name][field_name] == host_field[ 'expected_value']
def test_positive_access_non_admin_user(session, test_name): """Access activation key that has specific name and assigned environment by user that has filter configured for that specific activation key :id: 358a22d1-d576-475a-b90c-98e90a2ed1a9 :customerscenario: true :expectedresults: Only expected activation key can be accessed by new non admin user :BZ: 1463813 :CaseLevel: Integration """ ak_name = gen_string('alpha') non_searchable_ak_name = gen_string('alpha') org = entities.Organization().create() envs_list = ['STAGING', 'DEV', 'IT', 'UAT', 'PROD'] for name in envs_list: entities.LifecycleEnvironment(name=name, organization=org).create() env_name = random.choice(envs_list) cv = entities.ContentView(organization=org).create() cv.publish() promote(cv.read().version[0], entities.LifecycleEnvironment(name=env_name).search()[0].id) # Create new role role = entities.Role().create() # Create filter with predefined activation keys search criteria envs_condition = ' or '.join(['environment = ' + s for s in envs_list]) entities.Filter( organization=[org], permission=entities.Permission(name='view_activation_keys').search(), role=role, search='name ~ {} and ({})'.format(ak_name, envs_condition)).create() # Add permissions for Organization and Location entities.Filter( permission=entities.Permission(resource_type='Organization').search(), role=role, ).create() entities.Filter( permission=entities.Permission(resource_type='Location').search(), role=role, ).create() # Create new user with a configured role default_loc = entities.Location().search( query={'search': 'name="{0}"'.format(DEFAULT_LOC)})[0] user_login = gen_string('alpha') user_password = gen_string('alpha') entities.User( role=[role], admin=False, login=user_login, password=user_password, organization=[org], location=[default_loc], default_organization=org, ).create() with session: session.organization.select(org_name=org.name) session.location.select(DEFAULT_LOC) for name in [ak_name, non_searchable_ak_name]: session.activationkey.create({ 'name': name, 'lce': { env_name: True }, 'content_view': cv.name }) assert session.activationkey.read( name)['details']['lce'][env_name][env_name] with Session(test_name, user=user_login, password=user_password) as session: session.organization.select(org.name) session.location.select(DEFAULT_LOC) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name assert not session.activationkey.search(non_searchable_ak_name)
def test_positive_add_katello_role_with_org( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name, module_org): """Associate katello roles to User Group with org set. [belonging to external AD User Group.] :id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6 :setup: LDAP Auth Source should be created with Organization associated. :Steps: 1. Create an UserGroup. 2. Assign some katello roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access katello entities as per roles, with the associated org in LDAP Auth source page as the context set. :CaseLevel: Integration """ auth_source_name = 'LDAP-' + auth_source.name ak_name = gen_string('alpha') user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Location': ['assign_locations'], 'Organization': ['assign_organizations'], } katello_role = entities.Role().create() create_role_permissions(katello_role, user_permissions) different_org = entities.Organization().create() with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [katello_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') if bz_bug_is_open(1652938): try: ldapsession.activationkey.search('') except NoSuchElementException: ldapsession.browser.refresh() ldapsession.activationkey.create({'name': ak_name}) # Since it's not possible to fetch assigned organization via UI directly, # verify AK can be found in right org, can't be found in wrong one and # double check via API if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() results = session.activationkey.search(ak_name) assert results[0]['Name'] == ak_name session.organization.select(different_org.name) assert not session.activationkey.search(ak_name) ak = entities.ActivationKey(organization=module_org).search( query={'search': 'name={}'.format(ak_name)})[0].read() assert ak.organization.id == module_org.id
def test_positive_update_external_roles( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Added AD UserGroup roles get pushed down to user :id: f3ca1aae-5461-4af3-a508-82679bb6afed :setup: assign additional roles to the UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Login to sat6 with the AD user. 5. Assign additional roles to the UserGroup. 6. Login to sat6 with LDAP user that is part of aforementioned UserGroup. :expectedresults: User has access to all NEW functional areas that are assigned to aforementioned UserGroup. """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() katello_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} create_role_permissions(foreman_role, foreman_permissions) create_role_permissions(katello_role, katello_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.location.create({'name': location_name}) assert ldapsession.location.search(location_name)[0]['Name'] == location_name current_user = ldapsession.location.read(location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.usergroup.update( ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def make_roles(self): """Create two roles.""" return [entities.Role().create() for _ in range(2)]
def test_positive_custom_user_view_lce(session, test_name): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') lce_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments', ], } create_role_permissions(role, permissions_types_names) entities.User( default_organization=org, organization=[org], role=[role], login=user_login, password=user_password, ).create() # create a life cycle environment as admin user and ensure it's visible with session: session.organization.select(org.name) session.lifecycleenvironment.create(values={'name': lce_name}) lce_values = session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce'] # ensure the created user also can find the created lifecycle environment link with Session(test_name, user_login, user_password) as non_admin_session: # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist with raises(NavigationTriesExceeded): assert not non_admin_session.host.read_all() # assert that the user can view the lvce created by admin user lce_values = non_admin_session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce']
def test_positive_delete_external_roles(session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Deleted AD UserGroup roles get pushed down to user :id: 479bc8fe-f6a3-4c89-8c7e-3d997315383f :setup: delete roles from an AD UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Login to sat6 with the AD user. 5. Unassign some of the existing roles of the UserGroup. 6. Login to sat6 with LDAP user that is part of aforementioned UserGroup. :expectedresults: User no longer has access to all deleted functional areas that were assigned to aforementioned UserGroup. """ auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} create_role_permissions(foreman_role, foreman_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search( ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.location.create({'name': location_name}) assert ldapsession.location.search( location_name)[0]['Name'] == location_name current_user = ldapsession.location.read( location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.usergroup.update( ldap_usergroup_name, {'roles.resources.unassigned': [foreman_role.name]}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.location.create({'name': gen_string('alpha')})