def test_new_rol(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
owners = [
p.dn for p in search.people(
session, by="employeenumber", search_filter="1015463230")
]
owners_roles = [
r.dn
for r in search.roles(session, search_filter="ITIM Administrators")
]
# creación
rolinfo = {
"name": "rol_prueba",
"description": "rol_prueba",
"parent": parent,
"classification": "role.classification.business",
"access_option": 2,
"access_category": "Role",
"owners": owners + owners_roles,
}
r = StaticRole(session, role_attrs=rolinfo)
print(r)
def test_search_service(session):
r = search.service(
session,
search.organizational_container(session, "organizations", test_org)[0],
search_filter="SAP NW",
)
assert len(r) > 0
assert r[0].name == "SAP NW"
def test_modificar_dejar_huerfana_cuenta(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session, parent,
search_filter=test_service_name)[0]
n = random.randint(0, 10000)
test_person_attrs = {
"cn": ".",
"givenname": "prueba",
"sn": n,
"employeenumber": n,
"manager": test_manager,
"description": test_description,
"departmentnumber": test_dep,
"title": test_title,
"mail": "*****@*****.**",
"mobile": "*****@*****.**",
}
# crea persona y la busca
p = Person(session, person_attrs=test_person_attrs)
p.add(session, parent, "test")
time.sleep(5)
owner = search.people(session, by="employeenumber", search_filter=n)[0]
justification = "ok"
# crear
attrs = get_account_defaults(session, service, owner)
cuenta = Account(session, account_attrs=attrs)
r = cuenta.add(session, owner, service, justification)
time.sleep(3)
# modificar
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
cuenta_test.title = "new title"
cuenta_test.sn = "nueva description"
changes = {
"title": "newer title",
"employeenumber": 347231
} # this should stay
cuenta_test.modify(session, justification, changes)
try:
cuenta_test.orphan(session)
time.sleep(5)
cuentas = owner.get_accounts(session)
cuenta_test = [
c for c in cuentas if c.service_name == test_service_name
]
assert len(cuenta_test) < 1
except Exception as e:
pass
def test_search_provisioning_policy(session):
r = search.provisioning_policy(
session,
"Test TipoServicio",
search.organizational_container(session, "organizations", test_org)[0],
)
print(r[0].entitlements)
assert len(r) > 0
def test_crear_modificar_eliminar_dynrol(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
owners = [
p.dn for p in search.people(
session, by="employeenumber", search_filter="1015463230")
]
owners_roles = [
r.dn
for r in search.roles(session, search_filter="ITIM Administrators")
]
# creación
name = "dynrol_prueba"
rolinfo = {
"name": name,
"description": "dynrol_prueba",
"parent": parent,
"classification": "role.classification.business",
"access_option": 2,
"access_category": "Role",
"owners": owners + owners_roles,
"rule": "(title=ROLETEST)",
}
rol = DynamicRole(session, role_attrs=rolinfo)
rol.add(session)
time.sleep(3)
rol_creado = search.roles(session, search_filter=name)
assert rol_creado[0].name == name
rol_creado = rol_creado[0]
# mod
changes = {
"name": "dynrol_prueba_mod",
"rule": "(departmentnumber=ROLETEST)"
}
rol_creado.description = "prueba_desc"
rol_creado.modify(session, changes)
time.sleep(3)
# esto hace lookup en SIM y compara con los atributos de acá
assert DynamicRole(session,
dn=rol_creado.dn).description == rol_creado.description
# del
rol_creado.delete(session)
time.sleep(3)
try:
DynamicRole(session, dn=rol_creado.dn)
except NotFoundError:
assert True
else:
assert False
def test_search_groups(session):
# TODO Search by account/access
# by service
parent = search.organizational_container(session, "organizations",
test_org)[0]
service_dn = search.service(session,
parent,
search_filter="Directorio Activo")[0].dn
r = search.groups(session,
by="service",
service_dn=service_dn,
group_info="Administrators")
print(r)
def test_search_ou(session):
name = test_org
search.organizational_container(session, "organizations", name)
name = "Cromasoft Ltda"
search.organizational_container(session, "bporganizations", name)
name = "Despacho del Presidente"
search.organizational_container(session, "organizationunits", name)
def test_get_pending_activities_abort(session):
# required attributes on the Person form (more can be included)
info_persona = {
"givenname": "te",
"sn": "st",
"cn": "test",
"initials": "CC",
"employeenumber": random.randint(1, 99999999),
"departmentnumber": test_dep,
"manager": test_manager,
"title": "test",
"description": test_description,
"businesscategory": "test",
"mobile": "*****@*****.**",
}
persona = Person(session, person_attrs=info_persona)
# crear y validar
parent = search.organizational_container(session, "organizations",
test_org)[0]
persona.add(session, parent, "ok")
time.sleep(5)
persona_creada = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
attributes="*",
limit=1,
)[0]
assert persona_creada.employeenumber == str(info_persona["employeenumber"])
accesses = search.access(session, search_filter="*",
limit=2) # get two accesses
r = persona_creada.request_access(session, accesses, "ok")
time.sleep(3)
request_id = r.request.id
request = Request(session, id=request_id)
from_request = request.get_pending_activities(session)
from_search = search.activities(session, "requestId", request_id)
assert len(from_request) == len(from_search)
request.abort(session, "ok")
time.sleep(3)
aborted = Request(session, id=request_id)
assert aborted.process_state == "A"
def test_crear_cuenta(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
owner = search.people(session,
by="employeenumber",
search_filter="55608311080")[0]
justification = "ok"
attrs = get_account_defaults(session, service, owner)
cuenta = Account(session, account_attrs=attrs)
cuenta.add(session, owner, service, justification)
def test_search_account(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
sfilter = "(eruid=cazamorad)"
# sin servicio
r = search.account(session, sfilter)
print(r)
# con servicio
r = search.account(session, sfilter, service)
print(r)
def test_request_access_approve(session):
# required attributes on the Person form (more can be included)
info_persona = {
"givenname": "te",
"sn": "st",
"cn": "test",
"initials": "CC",
"employeenumber": random.randint(1, 99999999),
"departmentnumber": test_dep,
"manager": test_manager,
"title": "test",
"description": test_description,
"businesscategory": "test",
"mobile": "*****@*****.**",
}
persona = Person(session, person_attrs=info_persona)
# crear y validar
parent = search.organizational_container(session, "organizations",
test_org)[0]
persona.add(session, parent, "ok")
time.sleep(5)
persona_creada = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
attributes="*",
limit=1,
)[0]
assert persona_creada.employeenumber == str(info_persona["employeenumber"])
accesses = search.access(session, search_filter="*",
limit=2) # get two accesses
r = persona_creada.request_access(session, accesses, "ok")
time.sleep(3)
request_id = r.request.id
print(r)
actividades = search.activities(session, "requestId", request_id)
# complete
r2 = actividades[0].complete(session, "approve", "ok")
print(r2)
# now try to complete it again
r3 = actividades[0].complete(session, "approve", "ok")
print(r3)
def test_get_account_defaults(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
person = search.people(session,
by="employeenumber",
search_filter="1015463230")[0]
try:
r = get_account_defaults(session, service)
print(r)
except Exception as e:
print(e)
r = get_account_defaults(session, service, person)
print(r)
def test_crear_modificar_eliminar_rol_dataclasss(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
owners = [
p.dn for p in search.people(
session, by="employeenumber", search_filter="1015463230")
]
owners_roles = [
r.dn
for r in search.roles(session, search_filter="ITIM Administrators")
]
# creación
rolinfo = {
"name": "rol_prueba",
"description": "rol_prueba",
"parent": parent,
"classification": "role.classification.business",
"access_option": 2,
"access_category": "Role",
"owners": owners + owners_roles,
}
role_atrrs = RoleAttributes(**rolinfo)
rol = StaticRole(session, role_attrs=role_atrrs)
rol.add(session)
assert hasattr(rol, "dn")
# mod
changes = {"name": "rol_prueba_mod"}
rol.description = "prueba_desc"
rol.modify(session, changes)
assert (StaticRole(session, dn=rol.dn).name == rol.name
) # busca el rol en sim y lo compara con el nuevo
# del
rol.delete(session)
try:
StaticRole(session, dn=rol.dn)
except NotFoundError:
assert True
else:
assert False
def test_suspender_restaurar_eliminar_cuenta(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session, parent,
search_filter=test_service_name)[0]
n = random.randint(0, 10000)
test_person_attrs = {
"cn": ".",
"givenname": "prueba",
"sn": n,
"employeenumber": n,
"manager": test_manager,
"description": test_description,
"departmentnumber": test_dep,
"title": test_title,
"mail": "*****@*****.**",
"mobile": "*****@*****.**",
}
p = Person(session, person_attrs=test_person_attrs)
p.add(session, parent, "test")
time.sleep(5)
owner = search.people(session, by="employeenumber", search_filter=n)[0]
justification = "ok"
# crear
attrs = get_account_defaults(session, service, owner)
cuenta = Account(session, account_attrs=attrs)
r = cuenta.add(session, owner, service, justification)
time.sleep(3)
# suspender y probar
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
cuenta_test.suspend(session, justification)
time.sleep(3)
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
assert cuenta_test.eraccountstatus == "1"
# restaurar y probar
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
cuenta_test.restore(session, "NewPassw0rd", justification)
time.sleep(3)
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
assert cuenta_test.eraccountstatus == "0"
# eliminar
try:
r = cuenta_test.delete(session, "ok")
time.sleep(3)
cuentas = owner.get_accounts(session)
cuenta_test = [
c for c in cuentas if c.service_name == test_service_name
]
assert len(cuenta_test) < 1
except Exception as e:
assert ("CTGIMI019E" in e.message
) # CTGIMI019E = can't delete because policy (but tried)
def test_crear_modificar_suspender_restaurar_eliminar_persona(session):
# required attributes on the Person form (more can be included)
info_persona = {
"givenname": "test",
"sn": f"n{random.randint(0,10000)}",
"cn": "test",
"initials": "CC",
"employeenumber": random.randint(1, 99999999),
"departmentnumber": test_dep,
"manager": test_manager,
"title": test_title,
"description": test_description,
"businesscategory": "test",
"mobile": "*****@*****.**",
}
persona = Person(session, person_attrs=info_persona)
# crear y validar
parent = search.organizational_container(session, "organizations",
test_org)[0]
persona.add(session, parent, "ok")
time.sleep(5)
persona_creada = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
attributes="*",
limit=1,
)[0]
assert persona_creada.employeenumber == str(info_persona["employeenumber"])
# modificar
persona_creada.title = "este no va" # se sobreescribe con changes
persona_creada.mobile = "*****@*****.**"
nuevo_cargo_real = "nuevo cargo si va"
changes = {"title": nuevo_cargo_real, "mail": "*****@*****.**"}
persona_creada.modify(session, "ok", changes)
time.sleep(3)
persona_mod = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
attributes="*",
limit=1,
)[0]
assert persona_mod.title == nuevo_cargo_real
# suspender
persona_mod.suspend(session, "ok")
time.sleep(3)
persona_sus = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
attributes="*",
limit=1,
)[0]
assert persona_sus.erpersonstatus == "INACTIVE"
# restaurar
persona_sus.restore(session, "ok")
time.sleep(3)
persona_res = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
attributes="*",
limit=1,
)[0]
assert persona_res.erpersonstatus == "ACTIVE"
# eliminar
persona_res.delete(session, "ok")
time.sleep(5)
persona_elim = search.people(
session,
by="employeenumber",
search_filter=info_persona["employeenumber"],
limit=1,
)
assert len(persona_elim) == 0
def test_crear_modificar_eliminar_politica_dataclass(session):
# crear
name = f"test{random.randint(0,999999)}"
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
entitlements = {
service.dn: {
"automatic": False,
"workflow": None,
"parameters": {
"ercompany": [
{
"enforcement": "Default",
"type": "script",
"values": "return 'test';",
},
{
"enforcement": "Excluded",
"type": "null",
},
{
"enforcement": "Allowed",
"type": "constant",
"values": ["test1", "test2"],
},
{
"enforcement": "Allowed",
"type": "Constant",
"values": ["test3"],
},
{
"enforcement": "Allowed",
"type": "REGEX",
"values": r"^[\s\w]+$",
},
],
"eradfax": [{
"enforcement": "Allowed",
"type": "constant",
"values": ["1018117"],
}],
},
},
"*": {
"automatic": False,
"workflow": None,
"parameters": {}
},
}
policy = {
"description":
"test",
"name":
name,
"parent":
parent,
"priority":
10000,
"memberships":
[x.dn for x in search.roles(session, search_filter="Auditor")],
"enabled":
False,
"entitlements":
entitlements,
}
pp = ProvisioningPolicy(session, policy_attrs=policy)
pp.add(session)
# buscar pol creada
time.sleep(3)
pp_creada = search.provisioning_policy(session, name, parent)[0]
assert pp_creada.name == name
# modificar y validar modificacion
nueva_desc = "modificacion"
nuevos_ents = pp_creada.entitlements
nuevos_ents[service.dn]["automatic"] = True
changes = {
"description": nueva_desc,
# "entitlements":nuevos_ents,
}
# pp_creada.description = nueva_desc
pp_creada.entitlements[service.dn]["automatic"] = True
pp_creada.modify(session, changes)
time.sleep(3)
pp_mod = search.provisioning_policy(session, name, parent)[0]
assert pp_mod.description == nueva_desc
# eliminar y validar eliminación
time.sleep(120) # tiene que terminar de evaluar la creación/mod
pp_mod.delete(session)
time.sleep(10)
pp_elim = search.provisioning_policy(session, name, parent)
assert len(pp_elim) == 0
def test_inicializar_politicas(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
entitlements = {
service.dn: {
"automatic": False,
"workflow": None,
"parameters": {
"ergroup": [
{
"enforcement": "Default",
"type": "script",
"values": "return 'test';",
},
{
"enforcement": "Excluded",
"type": "null",
},
{
"enforcement": "Allowed",
"type": "constant",
"values": ["test1", "test2"],
},
{
"enforcement": "Default",
"type": "Constant",
"values": ["test3"],
},
{
"enforcement": "MANDATORY",
"type": "REGEX",
"values": r"^[\s\w]+$",
},
],
"eradfax": [{
"enforcement": "Allowed",
"type": "constant",
"values": ["1018117"],
}],
},
},
"*": {
"automatic": False,
"workflow": None,
"parameters": {}
},
}
policy = {
"description":
"test",
"name":
"test",
"parent":
parent,
"priority":
10000,
"memberships":
[x.dn for x in search.roles(session, search_filter="Auditor")],
"enabled":
False,
"entitlements":
entitlements,
}
pp = ProvisioningPolicy(session, policy_attrs=policy)
print(pp.entitlements)
print(pp)
# modificar política
policy = {
"description": "test",
"name": "test",
"parent": parent,
"priority": 100,
"memberships": "*",
"entitlements": {
"ADprofile": {
"automatic": False,
"workflow": None,
"parameters": {}
},
},
}
pp = ProvisioningPolicy(session, policy_attrs=policy)
pp.entitlements["ADprofile"]["automatic"] = True
print("")
# buscar y modificar política
pp = search.provisioning_policy(session, "Test TipoServicio", parent)[0]
print(pp)
pp.entitlements = entitlements
pp.entitlements["*"]["automatic"] = True
print("")