def test_down_lock(self, complete_cluster: Cluster, sdk_client_fs: ADCMClient, lock_action):
"""
Test that cluster lock also locks:
- all cluster services
- all service components
- all hosts with components
"""
task = _lock_obj(complete_cluster, lock_action)
for service in complete_cluster.service_list():
is_locked(service)
for component in service.component_list():
is_locked(component)
for hc_map in complete_cluster.hostcomponent():
is_locked(sdk_client_fs.host(id=hc_map["host_id"]))
task.wait()
for service in complete_cluster.service_list():
is_free(service)
for component in service.component_list():
is_free(component)
for hc_map in complete_cluster.hostcomponent():
is_free(sdk_client_fs.host(id=hc_map["host_id"]))
def test_forbidden_state_set_actions(sdk_client_fs: ADCMClient):
"""
Check that forbidden caller-context combinations fail as actions
and don't affect any ADCM objects
"""
name = "first"
first_first_fqdn = "first-first"
first_second_fqdn = "first-second"
with allure.step(f'Check forbidden from cluster "{name}" context actions'):
cluster = sdk_client_fs.cluster(name=name)
for forbidden_action in ('set_service', 'set_component'):
with check_objects_state_changed(sdk_client_fs):
run_cluster_action_and_assert_result(cluster,
forbidden_action,
status='failed')
with allure.step(f'Check forbidden from service "{name}" context actions'):
service = cluster.service(name=name)
with check_objects_state_changed(sdk_client_fs):
run_service_action_and_assert_result(service,
'set_component',
status='failed')
with allure.step(
f'Check forbidden from provider "{name}" context actions'):
provider = sdk_client_fs.provider(name=name)
with check_objects_state_changed(sdk_client_fs):
run_provider_action_and_assert_result(provider,
'set_host',
status='failed')
with allure.step(
f'Check forbidden from host "{first_first_fqdn}" context actions'):
host_first = sdk_client_fs.host(fqdn=first_first_fqdn)
host_second = sdk_client_fs.host(fqdn=first_second_fqdn)
with check_objects_state_changed(sdk_client_fs):
run_host_action_and_assert_result(
host_first,
'set_host_from_provider',
config={'host_id': host_second.id},
status='failed')
def test_view_infrastructure_configurations(user_policy: Policy,
user_sdk: ADCMClient,
prepare_objects, second_objects):
"""Test that View infrastructure configuration role is ok"""
cluster, service, component, provider, host = as_user_objects(
user_sdk, *prepare_objects)
*_, provider_via_admin, _ = prepare_objects
user_second_objects = as_user_objects(user_sdk, *second_objects)
second_host_on_first_provider = user_sdk.host(
id=provider_via_admin.host_create(fqdn="new_host").id)
# second host on first provider will be allowed to view because of provider's permission
is_allowed_to_view(provider, host, second_host_on_first_provider)
is_denied_to_edit(provider, host, second_host_on_first_provider)
is_denied_to_view(cluster, service, component, *user_second_objects)
delete_policy(user_policy)
is_denied_to_view(provider, host)
