Beispiel #1
0
    def test_positive_automate_bz1426957(self):
        """Verify role is properly reflected on AD user.

        :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc

        :expectedresults: Roles from usergroup is applied on AD user successfully.

        :CaseLevel: Integration

        :BZ: 1426957, 1667704
        """
        ext_user_group = make_usergroup_external(
            {
                'auth-source-id': self.auth['server']['id'],
                'user-group-id': self.user_group['id'],
                'name': 'foobargroup',
            }
        )
        self.assertEqual(ext_user_group['auth-source'], self.auth['server']['name'])
        role = make_role()
        UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']})
        with self.assertNotRaises(CLIReturnCodeError):
            Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list()
            UserGroupExternal.refresh(
                {'user-group-id': self.user_group['id'], 'name': 'foobargroup'}
            )
        self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1], role['name'])
        User.delete({'login': self.ldap_user_name})
Beispiel #2
0
def test_positive_automate_bz1426957(ldap_auth_source, function_user_group):
    """Verify role is properly reflected on AD user.

    :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc

    :expectedresults: Roles from usergroup is applied on AD user successfully.

    :CaseLevel: Integration

    :BZ: 1426957, 1667704
    """
    ext_user_group = make_usergroup_external({
        'auth-source-id':
        ldap_auth_source['id'],
        'user-group-id':
        function_user_group['id'],
        'name':
        'foobargroup',
    })
    assert ext_user_group['auth-source'] == ldap_auth_source['ldap_hostname']
    role = make_role()
    UserGroup.add_role({
        'id': function_user_group['id'],
        'role-id': role['id']
    })
    Task.with_user(username=ldap_auth_source['user_name'],
                   password=ldap_auth_source['user_password']).list()
    UserGroupExternal.refresh({
        'user-group-id': function_user_group['id'],
        'name': 'foobargroup'
    })
    assert role['name'] in User.info({'login': ldap_auth_source['user_name']
                                      })['user-groups']
    User.delete({'login': ldap_auth_source['user_name']})
Beispiel #3
0
    def test_positive_automate_bz1426957(self):
        """Verify role is properly reflected on AD user.

        :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc

        :expectedresults: Roles from usergroup is applied on AD user successfully.

        :CaseLevel: Integration

        :BZ: 1426957
        """
        ext_user_group = make_usergroup_external({
            'auth-source-id': self.auth['server']['id'],
            'user-group-id': self.user_group['id'],
            'name': 'foobargroup'
        })
        self.assertEqual(
            ext_user_group['auth-source'], self.auth['server']['name']
        )
        role = make_role()
        UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']})
        with self.assertNotRaises(CLIReturnCodeError):
            Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list()
            UserGroupExternal.refresh({
                'user-group-id': self.user_group['id'],
                'name': 'foobargroup'
            })
        self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1],
                         role['name'])
        User.delete({'login': self.ldap_user_name})
    def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data, ldap_tear_down):
        """Verify the usergroup-sync functionality in AD Auth Source

        :id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2

        :customerscenario: true

        :CaseImportance: Medium

        :bz: 1901392

        :parametrized: yes

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync
        """
        ad_data = ad_data()
        group_base_dn = ','.join(ad_data['group_base_dn'].split(',')[1:])
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source = make_ldap_auth_source(
            {
                'name': gen_string('alpha'),
                'onthefly-register': 'true',
                'host': ad_data['ldap_hostname'],
                'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
                'attr-login': LDAP_ATTR['login_ad'],
                'attr-firstname': LDAP_ATTR['firstname'],
                'attr-lastname': LDAP_ATTR['surname'],
                'attr-mail': LDAP_ATTR['mail'],
                'account': ad_data['ldap_user_name'],
                'account-password': ad_data['ldap_user_passwd'],
                'base-dn': ad_data['base_dn'],
                'groups-base': group_base_dn,
            }
        )
        # assert auth_source['account']['groups-base'] == group_base_dn
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        make_usergroup_external(
            {
                'auth-source-id': auth_source['server']['id'],
                'user-group-id': user_group['id'],
                'name': member_group,
            }
        )
        UserGroup.add_role({'id': user_group['id'], 'role-id': viewer_role['id']})
        user_group = UserGroup.info({'id': user_group['id']})
        result = Auth.with_user(
            username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
        ).status()
        assert LOGEDIN_MSG.format(ad_data['ldap_user_name']) in result[0]['message']
        UserGroupExternal.refresh({'user-group-id': user_group['id'], 'name': member_group})
        user_group = UserGroup.info({'id': user_group['id']})
        list = Role.with_user(
            username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
        ).list()
        assert len(list) > 1
Beispiel #5
0
    def test_positive_add_role_by_name(self):
        """Create new user group and new role. Then add created role to user
        group by name

        @Feature: Usergroup

        @Assert: Role is added to user group successfully.
        """
        role = make_role()
        user_group = make_usergroup()
        UserGroup.add_role({
            'id': user_group['id'],
            'role': role['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
    def test_positive_add_role_by_name(self):
        """Create new user group and new role. Then add created role to user
        group by name

        @Feature: Usergroup

        @Assert: Role is added to user group successfully.
        """
        role = make_role()
        user_group = make_usergroup()
        UserGroup.add_role({
            'id': user_group['id'],
            'role': role['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
Beispiel #7
0
    def test_positive_add_and_remove_elements(self):
        """Create new user group. Add and remove several element from the group.

        :id: a4ce8724-d3c8-4c00-9421-aaa40394134d

        :BZ: 1395229

        :expectedresults: Elements are added to user group and then removed
                          successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup()
        user = make_user()
        sub_user_group = make_usergroup()

        # Add elements by id
        UserGroup.add_role({'id': user_group['id'], 'role-id': role['id']})
        UserGroup.add_user({'id': user_group['id'], 'user-id': user['id']})
        UserGroup.add_user_group({
            'id': user_group['id'],
            'user-group-id': sub_user_group['id']
        })

        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['roles']), 1)
        self.assertEqual(user_group['roles'][0], role['name'])
        self.assertEqual(len(user_group['users']), 1)
        self.assertEqual(user_group['users'][0], user['login'])
        self.assertEqual(len(user_group['user-groups']), 1)
        self.assertEqual(user_group['user-groups'][0]['usergroup'],
                         sub_user_group['name'])

        # Remove elements by name
        UserGroup.remove_role({'id': user_group['id'], 'role': role['name']})
        UserGroup.remove_user({'id': user_group['id'], 'user': user['login']})
        UserGroup.remove_user_group({
            'id': user_group['id'],
            'user-group': sub_user_group['name']
        })

        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['roles']), 0)
        self.assertEqual(len(user_group['users']), 0)
        self.assertEqual(len(user_group['user-groups']), 0)
Beispiel #8
0
    def test_positive_add_role_by_name(self):
        """Create new user group and new role. Then add created role to user
        group by name

        :id: 181bf2d5-0650-4fb0-890c-475eac3306a2

        :expectedresults: Role is added to user group successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup()
        UserGroup.add_role({
            'id': user_group['id'],
            'role': role['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
Beispiel #9
0
    def test_positive_add_role_by_id(self):
        """Create new user group and new role. Then add created role to user
        group by id

        :id: a4ce8724-d3c8-4c00-9421-aaa40394134d

        :expectedresults: Role is added to user group successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup()
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': role['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
Beispiel #10
0
    def test_positive_add_role_by_name(self):
        """Create new user group and new role. Then add created role to user
        group by name

        :id: 181bf2d5-0650-4fb0-890c-475eac3306a2

        :expectedresults: Role is added to user group successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup()
        UserGroup.add_role({
            'id': user_group['id'],
            'role': role['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
Beispiel #11
0
    def test_positive_add_role_by_id(self):
        """Create new user group and new role. Then add created role to user
        group by id

        :id: a4ce8724-d3c8-4c00-9421-aaa40394134d

        :expectedresults: Role is added to user group successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup()
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': role['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
Beispiel #12
0
    def test_usergroup_with_usergroup_sync(self, ipa_data):
        """Verify the usergroup-sync functionality in Ldap Auth Source

        :id: 2b63e886-2c53-11ea-9da5-db3ae0527554

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
        self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
        ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
        ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'true',
            'host':
            ipa_data['ldap_ipa_hostname'],
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            ipa_data['ldap_ipa_user_passwd'],
            'base-dn':
            ipa_data['ipa_base_dn'],
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with pytest.raises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.value.message
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
    def test_usergroup_sync_with_refresh(self):
        """Verify the refresh functionality in Ldap Auth Source

        :id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930

        :expectedresults: external user-group sync works as expected as on-demand
            sync based on refresh works

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        ldap_ipa_user_name = self.ldap_ipa_user_name
        ipa_group_base_dn = self.ipa_group_base_dn.replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'false',
            'host':
            self.ldap_ipa_hostname,
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            self.ldap_ipa_user_passwd,
            'base-dn':
            self.ipa_base_dn,
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message