def test_positive_override_cloned_role_filter(self):
"""Cloned role filter overrides
:id: 8a32ed5f-b93f-4f31-aff4-16602fbe7fab
:steps:
1. Create a role with overridden filter
2. Clone above role
3. Attempt to override the filter in cloned role
:expectedresults: Filter in cloned role should be overridden
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name).create()
dom_perm = entities.Permission(resource_type='Domain').search()
entities.Filter(permission=dom_perm, role=role.id).create()
cloned_role_name = gen_string('alpha')
cloned_role = entities.Role(id=role.id).clone(
data={'name': cloned_role_name})
self.assertEqual(cloned_role_name, cloned_role['name'])
filter_cloned_id = entities.Role(
id=cloned_role['id']).read().filters[0].id
filter_cloned = entities.Filter(id=filter_cloned_id).read()
filter_cloned.override = True
filter_cloned.organization = [self.role_org]
filter_cloned.location = [self.role_loc]
filter_cloned.update(['override', 'organization', 'location'])
# Updated Filter
filter_cloned = entities.Filter(id=filter_cloned_id).read()
self.assertTrue(filter_cloned.override)
self.assertEqual(self.role_org.id, filter_cloned.organization[0].id)
self.assertEqual(self.role_loc.id, filter_cloned.location[0].id)
def test_positive_update_role_taxonomies(self):
"""Update role taxonomies which applies to its non-overrided filters
:id: 902dcb32-2126-4ff4-b733-3e86749ccd1e
:steps: Update existing role with different taxonomies
:expectedresults: The taxonomies are applied only to non-overrided role
filters
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role.name, role_name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(
permission=dom_perm,
role=role.id,
).create()
self.assertEqual(role.id, filtr.role.id)
role.organization = [self.filter_org]
role.location = [self.filter_loc]
role = role.update(['organization', 'location'])
# Updated Role
role = entities.Role(id=role.id).read()
self.assertEqual(self.filter_org.id, role.organization[0].id)
self.assertEqual(self.filter_loc.id, role.location[0].id)
# Updated Filter
filtr = entities.Filter(id=filtr.id).read()
self.assertEqual(self.filter_org.id, filtr.organization[0].id)
self.assertEqual(self.filter_loc.id, filtr.location[0].id)
def test_positive_user_access_with_host_filter(self):
"""Check if user with necessary host permissions can access dashboard
and required widgets are rendered
:id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d
:Steps:
1. Specify proper filter with permission for your role
2. Create new user and assign role to it
3. Login into application using this new user
4. Check dashboard and widgets on it
:expectedresults: Dashboard and Errata Widget rendered without errors
:BZ: 1417114
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
org = entities.Organization().create()
# create a role with necessary permissions
role = entities.Role().create()
entities.Filter(
permission=entities.Permission(
resource_type='Organization',
name='view_organizations').search(),
role=role,
search=None
).create()
entities.Filter(
organization=[org],
permission=entities.Permission(name='view_hosts').search(),
role=role,
search='compute_resource = RHEV'
).create()
entities.Filter(
permission=entities.Permission(
resource_type=None, name='access_dashboard').search(),
role=role,
search=None
).create()
# create a user and assign the above created role
entities.User(
default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password
).create()
with Session(self.browser, user_login, user_password):
self.assertEqual(
self.dashboard.get_total_hosts_count(), 0)
self.assertIsNotNone(self.dashboard.get_widget('Latest Errata'))
self.assertIsNotNone(self.dashboard.wait_until_element(
locators['dashboard.latest_errata.empty']))
def test_verify_bugzilla_1103157(self):
"""Create organization and add two compute resources one by one
using different transactions and different users to see that they
actually added, but not overwrite each other
:id: 5f4fd2b7-d998-4980-b5e7-9822bd54156b
:Steps:
1. Use the admin user to create an organization and two compute
resources. Make one compute resource point at / belong to the
organization.
2. Create a user and give them the ability to update compute
resources and organizations. Have this user make the second
compute resource point at / belong to the organization.
3. Use the admin user to read information about the organization.
Verify that both compute resources are pointing at / belong to
the organization.
:expectedresults: Organization contains both compute resources
:CaseLevel: Integration
"""
# setUpClass() creates an organization w/admin user. Here, we use admin
# to make two compute resources and make first belong to organization.
compute_resources = [
entities.LibvirtComputeResource(
name=gen_string('alpha'),
url='qemu://host.example.com/system').create()
for _ in range(2)
]
self.organization.compute_resource = compute_resources[:1] # list
self.organization = self.organization.update(['compute_resource'])
self.assertEqual(len(self.organization.compute_resource), 1)
# Create a new user and give them minimal permissions.
login = gen_alphanumeric()
password = gen_alphanumeric()
user = entities.User(login=login, password=password).create()
role = entities.Role().create()
for perm in ['edit_compute_resources', 'edit_organizations']:
permissions = [
entities.Permission(id=permission['id'])
for permission in entities.Permission(name=perm).search()
]
entities.Filter(permission=permissions, role=role).create()
user.role = [role]
user = user.update(['role'])
# Make new user assign second compute resource to org.
cfg = get_nailgun_config()
cfg.auth = (login, password)
entities.Organization(
cfg,
id=self.organization.id,
compute_resource=compute_resources[1:], # slice returns list
).update(['compute_resource'])
# Use admin to verify both compute resources belong to organization.
self.assertEqual(len(self.organization.read().compute_resource), 2)
def test_positive_create_filter_without_override(self):
"""Create filter in role w/o overriding it
:id: 1aadb7ea-ff76-4171-850f-188ba6f87021
:steps:
1. Create a role with taxonomies assigned
2. Create filter in role without overriding it
:expectedresults:
1. Filter w/o override is created in role
2. The taxonomies of role are inherited to filter
3. Override check is not marked by default in filters table
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role.name, role_name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(permission=dom_perm, role=role.id).create()
self.assertEqual(role.id, filtr.role.id)
self.assertEqual(self.role_org.id, filtr.organization[0].id)
self.assertEqual(self.role_loc.id, filtr.location[0].id)
self.assertFalse(filtr.override)
def test_positive_delete_filter(session):
resource_name = 'Architecture'
role = entities.Role().create()
permission = entities.Permission(resource_type=resource_name).search()
entities.Filter(permission=permission, role=role.id).create()
with session:
assert session.filter.search(
role.name, resource_name)[0]['Resource'] == resource_name
session.filter.delete(role.name, resource_name)
assert not session.filter.search(role.name, resource_name)
def test_positive_delete(self):
"""Create a filter and delete it afterwards.
@Assert: The deleted filter cannot be fetched.
@Feature: Filter
"""
filter_ = entities.Filter(permission=self.ct_perms).create()
filter_.delete()
with self.assertRaises(HTTPError):
filter_.read()
def test_positive_delete(self):
"""Create a filter and delete it afterwards.
@id: f0c56fd8-c91d-48c3-ad21-f538313b17eb
@Assert: The deleted filter cannot be fetched.
"""
filter_ = entities.Filter(permission=self.ct_perms).create()
filter_.delete()
with self.assertRaises(HTTPError):
filter_.read()
def test_negative_update_role_taxonomies(self):
"""Update role taxonomies which doesnt applies to its overrided filters
:id: 9f3bf95a-f71a-4063-b51c-12610bc655f2
:steps:
1. Update existing role with different taxonomies
:expectedresults: The overridden role filters are not updated
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role.name, role_name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(permission=dom_perm,
role=role.id,
override=True,
organization=[self.filter_org],
location=[self.filter_loc]).create()
self.assertEqual(role.id, filtr.role.id)
# Creating new Taxonomies
org_new = entities.Organization().create()
loc_new = entities.Location().create()
# Updating Taxonomies
role.organization = [org_new]
role.location = [loc_new]
role = role.update(['organization', 'location'])
# Updated Role
role = entities.Role(id=role.id).read()
self.assertEqual(org_new.id, role.organization[0].id)
self.assertEqual(loc_new.id, role.location[0].id)
# Updated Filter
filtr = entities.Filter(id=filtr.id).read()
self.assertNotEqual(org_new.id, filtr.organization[0].id)
self.assertNotEqual(loc_new.id, filtr.location[0].id)
def test_positive_create_with_permission(self):
"""Create a filter and assign it some permissions.
@Assert: The created filter has the assigned permissions.
@Feature: Filter
"""
# Create a filter and assign all ProvisioningTemplate permissions to it
filter_ = entities.Filter(permission=self.ct_perms).create()
self.assertListEqual(
[perm.id for perm in filter_.permission],
[perm.id for perm in self.ct_perms],
)
def test_positive_create_with_permission(self):
"""Create a filter and assign it some permissions.
:id: b8631d0a-a71a-41aa-9f9a-d12d62adc496
:expectedresults: The created filter has the assigned permissions.
:CaseImportance: Critical
"""
# Create a filter and assign all ProvisioningTemplate permissions to it
filter_ = entities.Filter(permission=self.ct_perms).create()
self.assertListEqual([perm.id for perm in filter_.permission],
[perm.id for perm in self.ct_perms])
def test_post_default_role_added_permission(self):
"""The new permission in 'Default role' is intact post upgrade
:expectedresults: The added permission in existing 'Default role' is
intact post upgrade
"""
defaultrole = entities.Role().search(query={'search': 'name="Default role"'})[0]
subnetfilt = entities.Filter().search(
query={'search': f'role_id={defaultrole.id} and permission="view_subnets"'}
)
assert subnetfilt
# Teardown
subnetfilt[0].delete()
def test_positive_delete(module_perms):
"""Create a filter and delete it afterwards.
:id: f0c56fd8-c91d-48c3-ad21-f538313b17eb
:expectedresults: The deleted filter cannot be fetched.
:CaseImportance: Critical
"""
filter_ = entities.Filter(permission=module_perms).create()
filter_.delete()
with pytest.raises(HTTPError):
filter_.read()
def test_positive_update_filter(session):
resource_name = 'Architecture'
permission_name = 'edit_architectures'
role = entities.Role().create()
permission = entities.Permission(resource_type=resource_name).search()
entities.Filter(permission=permission, role=role.id).create()
with session:
filter_values = session.filter.read(role.name, resource_name)
assert permission_name in filter_values['permission']['assigned']
session.filter.update(
role.name, resource_name,
{'permission.unassigned': ['edit_architectures']})
filter_values = session.filter.read(role.name, resource_name)
assert permission_name in filter_values['permission']['unassigned']
def test_positive_create_with_permission(module_perms):
"""Create a filter and assign it some permissions.
:id: b8631d0a-a71a-41aa-9f9a-d12d62adc496
:expectedresults: The created filter has the assigned permissions.
:CaseImportance: Critical
"""
# Create a filter and assign all ProvisioningTemplate permissions to it
filter_ = entities.Filter(permission=module_perms).create()
filter_perms = [perm.id for perm in filter_.permission]
perms = [perm.id for perm in module_perms]
assert filter_perms == perms
def test_positive_force_unlimited(self):
"""Unlimited flag forced sets to filter when no taxonomies are set to role
and filter
:id: b94d35f3-be63-4b05-b42e-a77a1c48a4f3
:steps:
1. Create a role with organization A and Location A
2. Create a role filter without override and unlimited check
3. Remove taxonomies assigned earlier to role and ensure
no taxonomies are assigned to role
4. GET Role filter
:expectedresults: Unlimited flag should be forcefully set on filter
when no taxonomies are set to role and filter
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role_name, role.name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(permission=dom_perm, role=role.id).create()
self.assertEqual(role.id, filtr.role.id)
self.assertFalse(filtr.override)
self.assertFalse(filtr.unlimited)
role.organization = []
role.location = []
role = role.update(['organization', 'location'])
self.assertEqual(role.organization, [])
self.assertEqual(role.location, [])
# Get updated filter
filtr = entities.Filter(id=filtr.id).read()
self.assertTrue(filtr.unlimited)
def test_pre_default_role_added_permission(self):
"""New permission is added to Default Role
:steps: New permission is added to existing 'Default role'
:expectedresults: Permission is added to existing 'Default role'.
"""
defaultrole = entities.Role().search(
query={'search': 'name="Default role"'})[0]
subnetfilter = entities.Filter(permission=entities.Permission(
resource_type='Subnet').search(filters={'name': 'view_subnets'}),
role=defaultrole).create()
self.assertIn(subnetfilter.id,
[filt.id for filt in defaultrole.read().filters])
def test_post_default_role_added_permission_with_filter(self):
"""The new permission with filter in 'Default role' is intact post
upgrade
:expectedresults: The added permission with filter in existing
'Default role' is intact post upgrade
"""
defaultrole = entities.Role().search(query={'search': 'name="Default role"'})[0]
domainfilt = entities.Filter().search(
query={'search': f'role_id={defaultrole.id} and permission="view_domains"'}
)
assert domainfilt
assert domainfilt[0].search == 'name ~ a'
# Teardown
domainfilt[0].delete()
def test_positive_list_permission(test_name, module_org, module_repos_col,
module_rhva_repos_col):
"""Show errata only if the User has permissions to view them
:id: cdb28f6a-23df-47a2-88ab-cd3b492126b2
:Setup:
1. Create two products with one repo each. Sync them.
2. Make sure that they both have errata.
3. Create a user with view access on one product and not on the other.
:Steps: Go to Content -> Errata.
:expectedresults: Check that the new user is able to see errata for one
product only.
:CaseLevel: Integration
"""
role = entities.Role().create()
entities.Filter(
organization=[module_org],
permission=entities.Permission(
resource_type='Katello::Product').search(),
role=role,
search='name = "{0}"'.format(PRDS['rhel']),
).create()
user_password = gen_string('alphanumeric')
user = entities.User(
default_organization=module_org,
organization=[module_org],
role=[role],
password=user_password,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
if bz_bug_is_open(1652938):
# The bug has a persistent effect when user has no access to dashboard and foreman
# access denied page is shown directly after login.
try:
session.errata.search('')
except NoSuchElementException:
session.errata.browser.refresh()
assert (session.errata.search(
RHVA_ERRATA_ID,
applicable=False)[0]['Errata ID'] == RHVA_ERRATA_ID)
assert not session.errata.search(CUSTOM_REPO_ERRATA_ID,
applicable=False)
def test_positive_delete_role(self):
"""Create a filter and delete the role it points at.
@Assert: The filter cannot be fetched.
@Feature: Filter
"""
role = entities.Role().create()
filter_ = entities.Filter(permission=self.ct_perms, role=role).create()
# A filter depends on a role. Deleting a role implicitly deletes the
# filter pointing at it.
role.delete()
with self.assertRaises(HTTPError):
role.read()
with self.assertRaises(HTTPError):
filter_.read()
def test_pre_default_role_added_permission_with_filter(self):
"""New permission with filter is added to Default Role
:steps: New permission is added to existing 'Default role' with filter
:expectedresults: Permission with filter is added to existing
'Default role'
"""
defaultrole = entities.Role().search(
query={'search': 'name="Default role"'})[0]
domainfilter = entities.Filter(permission=entities.Permission(
resource_type='Domain').search(filters={'name': 'view_domains'}),
unlimited=False,
role=defaultrole,
search='name ~ a').create()
self.assertIn(domainfilter.id,
[filt.id for filt in defaultrole.read().filters])
def test_positive_delete_role(module_perms):
"""Create a filter and delete the role it points at.
:id: b129642d-926d-486a-84d9-5952b44ac446
:expectedresults: The filter cannot be fetched.
:CaseImportance: Critical
"""
role = entities.Role().create()
filter_ = entities.Filter(permission=module_perms, role=role).create()
# A filter depends on a role. Deleting a role implicitly deletes the
# filter pointing at it.
role.delete()
with pytest.raises(HTTPError):
role.read()
with pytest.raises(HTTPError):
filter_.read()
def test_positive_list_permission(test_name, module_org, module_repos_col,
module_rhva_repos_col):
"""Show errata only if the User has permissions to view them
:id: cdb28f6a-23df-47a2-88ab-cd3b492126b2
:Setup:
1. Create two products with one repo each. Sync them.
2. Make sure that they both have errata.
3. Create a user with view access on one product and not on the other.
:Steps: Go to Content -> Errata.
:expectedresults: Check that the new user is able to see errata for one
product only.
:CaseLevel: Integration
"""
role = entities.Role().create()
entities.Filter(
organization=[module_org],
permission=entities.Permission().search(
query={'search': 'resource_type="Katello::Product"'}),
role=role,
search='name = "{}"'.format(PRDS['rhel']),
).create()
user_password = gen_string('alphanumeric')
user = entities.User(
default_organization=module_org,
organization=[module_org],
role=[role],
password=user_password,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
assert (session.errata.search(
RHVA_ERRATA_ID,
applicable=False)[0]['Errata ID'] == RHVA_ERRATA_ID)
assert not session.errata.search(CUSTOM_REPO_ERRATA_ID,
applicable=False)
def test_pre_default_role_added_permission(self):
"""New permission is added to Default Role
:id: preupgrade-3a350e4a-96b3-4033-b562-3130fc43a4bc
:steps: New permission is added to existing 'Default role'
:expectedresults: Permission is added to existing 'Default role'.
"""
defaultrole = entities.Role().search(
query={'search': 'name="Default role"'})[0]
subnetfilter = entities.Filter(
permission=entities.Permission().search(
filters={'name': 'view_subnets'},
query={'search': 'resource_type="Subnet"'}),
role=defaultrole,
).create()
assert subnetfilter.id in [
filt.id for filt in defaultrole.read().filters
]
def test_positive_list_permission(self):
"""Show errata only if the User has permissions to view them
@id: cdb28f6a-23df-47a2-88ab-cd3b492126b2
@Setup:
1. Create two products with one repo each. Sync them.
2. Make sure that they both have errata.
3. Create a user with view access on one product and not on the other.
@Steps:
1. Go to Content -> Errata.
@Assert: Check that the new user is able to see errata for one product
only.
@CaseLevel: Integration
"""
role = entities.Role().create()
entities.Filter(
organization=[self.session_org],
permission=entities.Permission(
resource_type='Katello::Product').search(),
role=role,
search='name = "{0}"'.format(PRDS['rhel']),
).create()
user_password = gen_string('alphanumeric')
user = entities.User(
default_organization=self.session_org,
organization=[self.session_org],
role=[role],
password=user_password,
).create()
with Session(self.browser, user.login, user_password) as session:
session.nav.go_to_errata()
self.errata.show_only_applicable(False)
self.assertIsNotNone(self.errata.search(REAL_0_ERRATA_ID))
self.assertIsNone(self.errata.search(CUSTOM_REPO_ERRATA_ID))
def get_role_by_bz(bz_id):
"""Create and configure custom role entity for the testing of specific bugs
This function will read the dictionary of permissions and their associated
bugzilla id's from robottelo.constants "PERMISSIONS_WITH_BZ",
these permissions will create filter and a single role will be created
from all the filters.
:param bz_id: This is the bugzilla id that is specified in the
PERMISSIONS_WITH_BZ list, all the permissions associated with the bz_id
will be fetched and filters will be created
:return: A single role entity will be created from all the created filters
"""
role = entities.Role().create()
for perms in PERMISSIONS_WITH_BZ.values():
perms_with_bz = [x for x in perms if bz_id in x.get('bz', [])]
if perms_with_bz:
permissions = [
entities.Permission(name=perm['name']).search()[0]
for perm in perms_with_bz
]
entities.Filter(permission=permissions, role=role).create()
return role.read()
def give_user_permission(self, perm_name):
"""Give ``self.user`` the ``perm_name`` permission.
This method creates a role and filter to accomplish the above goal.
When complete, the relevant relationhips look like this:
user → role ← filter → permission
:param str perm_name: The name of a permission. For example:
'create_architectures'.
:raises: ``AssertionError`` if more than one permission is found when
searching for the permission with name ``perm_name``.
:raises: ``requests.exceptions.HTTPError`` if an error occurs when
updating ``self.user``'s roles.
:returns: Nothing.
"""
role = entities.Role().create()
permissions = entities.Permission(name=perm_name).search()
self.assertEqual(len(permissions), 1)
entities.Filter(permission=permissions, role=role).create()
self.user.role += [role]
self.user = self.user.update(['role'])
def test_positive_create_non_overridable_filter(self):
"""Create non overridable filter in role
:id: f891e2e1-76f8-4edf-8c96-b41d05483298
:steps: Create a filter to which taxonomies cannot be associated.
e.g Architecture filter
:expectedresults:
1. Filter is created without taxonomies
2. Override check is set to false
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name).create()
self.assertEqual(role.name, role_name)
arch_perm = entities.Permission(resource_type='Architecture').search()
filtr = entities.Filter(permission=arch_perm, role=role.id).create()
self.assertEqual(role.id, filtr.role.id)
self.assertFalse(filtr.override)
def test_positive_search_errata_non_admin(self):
"""Search for host's errata by non-admin user with enough permissions
:id: 5b8887d2-987f-4bce-86a1-8f65ca7e1195
:customerscenario: true
:BZ: 1255515
:expectedresults: User can access errata page and proper errata is
listed
:CaseLevel: System
"""
self.client.run('yum install -y {0}'.format(FAKE_1_CUSTOM_PACKAGE))
user_login = gen_string('alpha')
user_password = gen_string('alpha')
default_loc = entities.Location().search(
query={'search': 'name="{0}"'.format(DEFAULT_LOC)})[0]
role = entities.Role().create()
for permission_name in ('view_hosts', 'view_lifecycle_environments',
'view_content_views', 'view_organizations'):
entities.Filter(
permission=entities.Permission(name=permission_name).search(),
role=role,
).create()
entities.User(
role=[role],
admin=False,
login=user_login,
password=user_password,
organization=[self.session_org],
location=[default_loc],
default_organization=self.session_org,
).create()
with Session(self, user=user_login, password=user_password):
result = self.contenthost.errata_search(self.client.hostname,
FAKE_2_ERRATA_ID)
self.assertIsNotNone(result)
def test_negative_override_non_overridable_filter(self):
"""Override non overridable filter
:id: 7793be96-e8eb-451b-a986-51a46a1ab4f9
:steps: Attempt to override a filter to which taxonomies cannot be
associated. e.g Architecture filter
:expectedresults: Filter is not overrided as taxonomies cannot be
applied to that filter
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name).create()
self.assertEqual(role.name, role_name)
arch_perm = entities.Permission(resource_type='Architecture').search()
with self.assertRaises(HTTPError):
entities.Filter(permission=arch_perm,
role=[role.id],
override=True,
organization=[self.filter_org],
location=[self.filter_loc]).create()
