Ejemplo n.º 1
0
 def setUpClass(cls):
     """Tests for discovery rules via Hammer CLI"""
     super(DiscoveryRuleRoleTestCase, cls).setUpClass()
     cls.org = make_org()
     cls.loc = make_location()
     cls.hostgroup = make_hostgroup({
         u'organization-ids': cls.org['id'],
         u'location-ids': cls.loc['id'],
     })
     cls.password = gen_alphanumeric()
     cls.user = make_user({
         'organization-ids': cls.org['id'],
         'password': cls.password,
     })
     cls.user['password'] = cls.password
     User.add_role({
         'login': cls.user['login'],
         'role': 'Discovery Manager',
     })
     cls.user_reader = make_user({
         'organization-ids': cls.org['id'],
         'password': cls.password,
     })
     cls.user_reader['password'] = cls.password
     User.add_role({
         'login': cls.user_reader['login'],
         'role': 'Discovery Reader',
     })
Ejemplo n.º 2
0
    def test_positive_remove_role(self):
        """Remove role from User for all variations of role names

        @Feature: User - Remove role

        @Assert: Role is removed

        @BZ: 1138553
        """
        user = make_user()
        include_list = [gen_string("alphanumeric", 100)]
        for role_name in valid_usernames_list() + include_list:
            with self.subTest(role_name):
                make_role({'name': role_name})
                User.add_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
                User.remove_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertNotIn(role_name, user['roles'])
Ejemplo n.º 3
0
    def test_positive_last_login_for_new_user(self):
        """Create new user with admin role and check last login updated for that user

        :id: 967282d3-92d0-42ce-9ef3-e542d2883408

        :customerscenario: true

        :expectedresults: last login should be updated for user after login using hammer

        :BZ: 1763816

        :CaseLevel: Integration
        """
        login = gen_string('alpha')
        password = gen_string('alpha')
        org_name = gen_string('alpha')

        make_user({'login': login, 'password': password})
        User.add_role({'login': login, 'role': 'System admin'})
        result_before_login = User.list({'search': f'login = {login}'})

        # this is because satellite uses the UTC timezone
        before_login_time = datetime.datetime.utcnow()
        assert result_before_login[0]['login'] == login
        assert result_before_login[0]['last-login'] == ""

        Org.with_user(username=login,
                      password=password).create({'name': org_name})
        result_after_login = User.list({'search': f'login = {login}'})

        # checking user last login should not be empty
        assert result_after_login[0]['last-login'] != ""
        after_login_time = datetime.datetime.strptime(
            result_after_login[0]['last-login'], "%Y/%m/%d %H:%M:%S")
        assert after_login_time > before_login_time
Ejemplo n.º 4
0
    def test_positive_remove_role(self):
        """Remove role from User for all variations of role names

        @Feature: User - Remove role

        @Assert: Role is removed

        @BZ: 1138553
        """
        user = make_user()
        include_list = [gen_string("alphanumeric", 100)]
        for role_name in valid_usernames_list() + include_list:
            with self.subTest(role_name):
                make_role({'name': role_name})
                User.add_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
                User.remove_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertNotIn(role_name, user['roles'])
Ejemplo n.º 5
0
    def test_positive_add_roles(self):
        """Add multiple roles to User

        For now add-role user sub command does not allow multiple role ids
        (https://github.com/SatelliteQE/robottelo/issues/3729)
        So if if it gets fixed this test can be updated:
        (http://projects.theforeman.org/issues/16206)

        :id: d769ac61-f158-4e4e-a176-1c87de8b00f6

        :expectedresults: Roles are added to user

        :CaseLevel: Integration
        """
        user = self.user
        original_role_names = set(user['roles'])
        expected_role_names = set(original_role_names)

        for role_id, role in self.stubbed_roles.items():
            User.add_role({'login': user['login'], 'role-id': role_id})
            expected_role_names.add(role['name'])

        self.assertItemsEqual(
            expected_role_names,
            User.info({'id': user['id']})['roles']
        )
Ejemplo n.º 6
0
 def class_rexinfra_user(self, module_org):
     """Creates a user with all Remote Execution related permissions"""
     password = gen_string('alpha')
     rexinfra = gen_string('alpha')
     make_user({
         'login': rexinfra,
         'password': password,
         'organization-ids': module_org.id
     })
     role = make_role({'organization-ids': module_org.id})
     invocation_permissions = [
         permission['name'] for permission in Filter.available_permissions(
             {'search': 'resource_type=JobInvocation'})
     ]
     template_permissions = [
         permission['name'] for permission in Filter.available_permissions(
             {'search': 'resource_type=JobTemplate'})
     ]
     permissions = ','.join(invocation_permissions)
     make_filter({'role-id': role['id'], 'permissions': permissions})
     permissions = ','.join(template_permissions)
     # needs execute_jobs_on_infrastructure_host permission
     make_filter({'role-id': role['id'], 'permissions': permissions})
     User.add_role({'login': rexinfra, 'role': role['name']})
     User.add_role({'login': rexinfra, 'role': 'Remote Execution Manager'})
     yield (rexinfra, password)
Ejemplo n.º 7
0
def test_positive_update_with_manager_role(module_location, module_org):
    """Create template providing the initial name, then update its name
    with manager user role.

    :id: 28c4357a-93cb-4b01-a445-5db50435bcc0

    :expectedresults: Provisioning Template is created, and its name can
        be updated.

    :CaseImportance: Medium

    :BZ: 1277308
    """
    new_name = gen_string('alpha')
    username = gen_string('alpha')
    password = gen_string('alpha')
    template = make_template(
        {'organization-ids': module_org.id, 'location-ids': module_location.id}
    )
    # Create user with Manager role
    user = entities.User(
        login=username,
        password=password,
        admin=False,
        organization=[module_org.id],
        location=[module_location.id],
    ).create()
    User.add_role({'id': user.id, 'role': "Manager"})
    # Update template name with that user
    Template.with_user(username=username, password=password).update(
        {'id': template['id'], 'name': new_name}
    )
    template = Template.info({'id': template['id']})
    assert new_name == template['name']
Ejemplo n.º 8
0
    def test_positive_list_with_non_admin_user(self, module_puppet):
        """List all the parameters for specific puppet class by id.

        :id: 00fbf150-34fb-45d0-80e9-d5798d24a24f

        :expectedresults: Parameters listed for specific Puppet class.

        :BZ: 1391556

        :CaseImportance: Medium
        """
        password = gen_string('alpha')
        required_user_permissions = {
            'Puppetclass': {'permissions': ['view_puppetclasses']},
            'PuppetclassLookupKey': {
                'permissions': [
                    'view_external_parameters',
                    'create_external_parameters',
                    'edit_external_parameters',
                    'destroy_external_parameters',
                ]
            },
        }
        user = make_user({'admin': '0', 'password': password})
        role = make_role()
        add_role_permissions(role['id'], required_user_permissions)
        # Add the created and initiated role with permissions to user
        User.add_role({'id': user['id'], 'role-id': role['id']})
        sc_params = SmartClassParameter.with_user(user['login'], password).list(
            {'puppet-class-id': module_puppet['class']['id']}
        )
        assert len(sc_params) > 0
        # Check that only unique results are returned
        assert len(sc_params) == len({scp['id'] for scp in sc_params})
Ejemplo n.º 9
0
    def test_user_remove_role_1(self, test_data):
        """@Test: Remove role to User for all variations of role names

        @Feature: User - Remove role

        @Steps:
        1. Create role and add it to the user . Try to remove the role

        @Assert: Role is removed

        @BZ: 1138553

        """
        user = make_user()
        role = make_role(test_data)
        self.__assert_exists(user)
        UserObj.add_role({
            'login': user['login'],
            'role': role['name'],
        })
        user = UserObj.info({'id': user['id']})
        self.assertIn(role['name'], user['roles'])
        UserObj.remove_role({
            'login': user['login'],
            'role': role['name'],
        })
        user = UserObj.info({'id': user['id']})
        self.assertNotIn(role['name'], user['roles'])
Ejemplo n.º 10
0
    def test_positive_add_and_delete_roles(self):
        """Add multiple roles to User, then delete them

        For now add-role user sub command does not allow multiple role ids
        (https://github.com/SatelliteQE/robottelo/issues/3729)
        So if if it gets fixed this test can be updated:
        (http://projects.theforeman.org/issues/16206)

        :BZ: 1138553

        :id: d769ac61-f158-4e4e-a176-1c87de8b00f6

        :expectedresults: Roles are added to user and deleted successfully

        :CaseLevel: Integration
        """
        user = make_user()
        original_role_names = set(user['roles'])
        expected_role_names = set(original_role_names)

        for role_id, role in self.stubbed_roles.items():
            User.add_role({'login': user['login'], 'role-id': role_id})
            expected_role_names.add(role['name'])

        self.assertItemsEqual(expected_role_names, User.info({'id': user['id']})['roles'])

        roles_to_remove = expected_role_names - original_role_names
        for role_name in roles_to_remove:
            user_credentials = {'login': user['login'], 'role': role_name}
            User.remove_role(user_credentials)
            user = User.info({'id': user['id']})
            self.assertNotIn(role_name, user['roles'])

        self.assertItemsEqual(original_role_names, User.info({'id': user['id']})['roles'])
Ejemplo n.º 11
0
    def test_positive_update_with_manager_role(self):
        """Create template providing the initial name, then update its name
        with manager user role.

        :id: 28c4357a-93cb-4b01-a445-5db50435bcc0

        :expectedresults: Provisioning Template is created, and its name can
            be updated.

        :CaseImportance: Critical

        :BZ: 1277308
        """
        new_name = gen_string('alpha')
        username = gen_string('alpha')
        password = gen_string('alpha')
        org = make_org()
        loc = make_location()
        template = make_template({
            'organization-ids': org['id'], 'location-ids': loc['id']})
        # Create user with Manager role
        user = make_user({
            'login': username,
            'password': password,
            'admin': False,
            'organization-ids': org['id'],
            'location-ids': loc['id'],
        })
        User.add_role({'id': user['id'], 'role': "Manager"})
        # Update template name with that user
        Template.with_user(username=username, password=password).update({
            'id': template['id'], 'name': new_name})
        template = Template.info({'id': template['id']})
        self.assertEqual(new_name, template['name'])
Ejemplo n.º 12
0
    def test_user_remove_role_1(self):
        """@Test: Remove role to User for all variations of role names

        @Feature: User - Remove role

        @Steps:
        1. Create role and add it to the user . Try to remove the role

        @Assert: Role is removed

        @BZ: 1138553
        """
        user = make_user()
        include_list = [gen_string("alphanumeric", 100)]
        for role_name in valid_usernames_list() + include_list:
            with self.subTest(role_name):
                make_role({'name': role_name})
                self.__assert_exists(user)
                UserObj.add_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = UserObj.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
                UserObj.remove_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = UserObj.info({'id': user['id']})
                self.assertNotIn(role_name, user['roles'])
Ejemplo n.º 13
0
    def test_positive_update_with_manager_role(self):
        """Create template providing the initial name, then update its name
        with manager user role.

        :id: 28c4357a-93cb-4b01-a445-5db50435bcc0

        :expectedresults: Provisioning Template is created, and its name can
            be updated.

        :CaseImportance: Critical

        :BZ: 1277308
        """
        new_name = gen_string('alpha')
        username = gen_string('alpha')
        password = gen_string('alpha')
        org = make_org()
        loc = make_location()
        template = make_template({
            'organization-ids': org['id'], 'location-ids': loc['id']})
        # Create user with Manager role
        user = make_user({
            'login': username,
            'password': password,
            'admin': False,
            'organization-ids': org['id'],
            'location-ids': loc['id'],
        })
        User.add_role({'id': user['id'], 'role': "Manager"})
        # Update template name with that user
        Template.with_user(username=username, password=password).update({
            'id': template['id'], 'name': new_name})
        template = Template.info({'id': template['id']})
        self.assertEqual(new_name, template['name'])
Ejemplo n.º 14
0
    def test_positive_add_roles(self):
        """Add multiple roles to User

        For now add-role user sub command does not allow multiple role ids
        (https://github.com/SatelliteQE/robottelo/issues/3729)
        So if if it gets fixed this test can be updated:
        (http://projects.theforeman.org/issues/16206)

        :id: d769ac61-f158-4e4e-a176-1c87de8b00f6

        :expectedresults: Roles are added to user

        :CaseLevel: Integration
        """
        user = self.user
        original_role_names = set(user['roles'])
        expected_role_names = set(original_role_names)

        for role_id, role in self.stubbed_roles.items():
            User.add_role({'login': user['login'], 'role-id': role_id})
            expected_role_names.add(role['name'])

        self.assertItemsEqual(
            expected_role_names,
            User.info({'id': user['id']})['roles']
        )
Ejemplo n.º 15
0
    def test_positive_remove_role(self):
        """Remove role from User for all variations of role names

        @id: 51b15516-da42-4149-8032-87baa93f9e56

        @Assert: Role is removed

        @BZ: 1138553

        @CaseLevel: Integration
        """
        user = make_user()
        include_list = [gen_string("alphanumeric", 100)]
        for role_name in valid_usernames_list() + include_list:
            with self.subTest(role_name):
                make_role({'name': role_name})
                User.add_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
                User.remove_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertNotIn(role_name, user['roles'])
Ejemplo n.º 16
0
 def setUpClass(cls):
     """Tests for discovery rules via Hammer CLI"""
     super(DiscoveryRuleRoleTestCase, cls).setUpClass()
     cls.org = make_org()
     cls.loc = make_location()
     cls.hostgroup = make_hostgroup({
         u'organization-ids': cls.org['id'],
         u'location-ids': cls.loc['id'],
     })
     cls.password = gen_alphanumeric()
     cls.user = make_user({
         'organization-ids': cls.org['id'],
         'location-ids': cls.loc['id'],
         'password': cls.password,
     })
     cls.user['password'] = cls.password
     User.add_role({
         'login': cls.user['login'],
         'role': 'Discovery Manager',
     })
     cls.user_reader = make_user({
         'organization-ids': cls.org['id'],
         'location-ids': cls.loc['id'],
         'password': cls.password,
     })
     cls.user_reader['password'] = cls.password
     User.add_role({
         'login': cls.user_reader['login'],
         'role': 'Discovery Reader',
     })
Ejemplo n.º 17
0
 def create_test_user_viewer_role(cls):
     """Create's a user with Viewer role"""
     cls.login = gen_string('alpha')
     cls.password = gen_string('alpha')
     user = make_user({'login': cls.login, 'password': cls.password, 'admin': False})
     role = Role.info({'name': 'Viewer'})
     User.add_role({'login': user['login'], 'role-id': role['id']})
     return cls.login, cls.password
Ejemplo n.º 18
0
    def test_positive_generate_ansible_template(self):
        """Report template named 'Ansible Inventory' (default name is specified in settings)
        must be present in Satellite 6.7 and later in order to provide enhanced functionality
        for Ansible Tower inventory synchronization with Satellite.

        :id: f1f7adfc-9601-4498-95c8-3e82e2b36583

        :setup:
            1. A user with minimal required permissions: 'Ansible Tower Inventory Reader' role
            2. A fake host to be checked in report output

        :steps:
            1. Check settings for default Ansible Inventory template name and ensure
               the template is present
            2. Try to render the template using the user with ATIR role
            3. Check the fake host is present in the output

        :expectedresults: Report template is present, renederable and provides output

        :CaseImportance: Medium
        """
        settings = Settings.list({'search': 'name=ansible_inventory_template'})
        assert 1 == len(settings)
        template_name = settings[0]['value']

        report_list = ReportTemplate.list()
        assert template_name in [rt['name'] for rt in report_list]

        login = gen_string('alpha').lower()
        password = gen_string('alpha').lower()
        loc = Location.info({'name': DEFAULT_LOC})
        org = Org.info({'name': DEFAULT_ORG})

        user = make_user(
            {
                'login': login,
                'password': password,
                'organization-ids': org['id'],
                'location-ids': loc['id'],
            }
        )

        User.add_role({'login': user['login'], 'role': 'Ansible Tower Inventory Reader'})

        host_name = gen_string('alpha').lower()
        host = make_fake_host({'name': host_name})

        schedule = ReportTemplate.with_user(username=user['login'], password=password).schedule(
            {'name': template_name}
        )

        report_data = ReportTemplate.with_user(
            username=user['login'], password=password
        ).report_data({'id': template_name, 'job-id': schedule[0].split("Job ID: ", 1)[1]})

        assert host['name'] in [item.split(',')[1] for item in report_data if len(item) > 0]
Ejemplo n.º 19
0
 def setUpClass(cls):
     """Creates users to be reused across tests"""
     super(HammerAuthTestCase, cls).setUpClass()
     cls.uname_admin = gen_string('alpha')
     cls.uname_viewer = gen_string('alpha')
     cls.password = gen_string('alpha')
     cls.mail = '*****@*****.**'
     make_user({'login': cls.uname_admin, 'password': cls.password, 'admin': '1'})
     make_user({'login': cls.uname_viewer, 'password': cls.password})
     User.add_role({'login': cls.uname_viewer, 'role': 'Viewer'})
Ejemplo n.º 20
0
 def assert_user_roles(self, roles_dct):
     """
     Check if roles present on roles_dct are added to user
     :param roles_dct: dictionary if roles
     """
     user = self.user
     expected_role_names = set(user['roles'])
     for role_id, role in roles_dct.items():
         User.add_role({'login': user['login'], 'role-id': role_id})
         expected_role_names.add(role['name'])
     self.assertItemsEqual(expected_role_names,
                           User.info({'id': user['id']})['roles'])
Ejemplo n.º 21
0
 def class_rexmanager_user(self, module_org):
     """Creates a user with Remote Execution Manager role"""
     password = gen_string('alpha')
     rexmanager = gen_string('alpha')
     make_user({
         'login': rexmanager,
         'password': password,
         'organization-ids': module_org.id
     })
     User.add_role({
         'login': rexmanager,
         'role': 'Remote Execution Manager'
     })
     yield (rexmanager, password)
Ejemplo n.º 22
0
 def assert_user_roles(self, roles_dct):
     """
     Check if roles present on roles_dct are added to user
     :param roles_dct: dictionary if roles
     """
     user = self.user
     expected_role_names = set(user['roles'])
     for role_id, role in roles_dct.items():
         User.add_role({'login': user['login'], 'role-id': role_id})
         expected_role_names.add(role['name'])
     self.assertItemsEqual(
         expected_role_names,
         User.info({'id': user['id']})['roles']
     )
Ejemplo n.º 23
0
    def test_custom_personal_access_token_role(self, default_sat):
        """Personal access token for non admin user with custom role

        :id: dcbd22df-2641-4d3e-a1ad-76f36642e31b

        :steps:
            1. Create role with PAT and View Users
            2. Create non admin user and assign the role
            3. Create PAT for the user and test with the end point
            4. Revoke the token and then test for end point.

        :expectedresults: Non admin user is able to view only the assigned entity

        :CaseLevel: System

        :CaseImportance: High

        :BZ: 1974685, 1996048
        """
        role = make_role()
        permissions = [
            permission['name'] for permission in Filter.available_permissions(
                {'search': 'resource_type=PersonalAccessToken'})
        ]
        permissions = ','.join(permissions)
        make_filter({'role-id': role['id'], 'permissions': permissions})
        make_filter({'role-id': role['id'], 'permissions': 'view_users'})
        user = make_user()
        User.add_role({'login': user['login'], 'role': role['name']})
        token_name = gen_alphanumeric()
        result = User.access_token(action="create",
                                   options={
                                       'name': token_name,
                                       'user-id': user['id']
                                   })
        token_value = result[0]['message'].split(':')[-1]
        command_output = default_sat.execute(
            f'curl -k -u {user["login"]}:{token_value} {default_sat.url}/api/v2/users'
        )
        assert user['login'] in command_output.stdout
        assert user['email'] in command_output.stdout
        User.access_token(action="revoke",
                          options={
                              'name': token_name,
                              'user-id': user['id']
                          })
        command_output = default_sat.execute(
            f'curl -k -u {user["login"]}:{token_value} {default_sat.url}/api/v2/users'
        )
        assert f'Unable to authenticate user {user["login"]}' in command_output.stdout
Ejemplo n.º 24
0
 def create_test_user_viewer_role(cls):
     """Create's a user with Viewer role"""
     cls.login = gen_string('alpha')
     cls.password = gen_string('alpha')
     user = make_user({
         'login': cls.login,
         'password': cls.password,
         'admin': False
     })
     role = Role.info({'name': 'Viewer'})
     User.add_role({
         'login': user['login'],
         'role-id': role['id'],
     })
     return cls.login, cls.password
Ejemplo n.º 25
0
 def setUpClass(cls):
     """Creates users to be reused across tests"""
     super(HammerAuthTestCase, cls).setUpClass()
     cls.uname_admin = gen_string('alpha')
     cls.uname_viewer = gen_string('alpha')
     cls.password = gen_string('alpha')
     cls.mail = '*****@*****.**'
     make_user({
             'login': cls.uname_admin,
             'password': cls.password,
             'admin': '1',
     })
     make_user({
             'login': cls.uname_viewer,
             'password': cls.password,
     })
     User.add_role({'login': cls.uname_viewer, 'role': 'Viewer'})
Ejemplo n.º 26
0
def test_positive_create_with_system_admin_user():
    """Create organization using user with system admin role

    :id: 1482ab6e-18c7-4a62-81a2-cc969ac373fe

    :expectedresults: organization is created

    :BZ: 1644586
    """
    login = gen_string('alpha')
    password = gen_string('alpha')
    org_name = gen_string('alpha')
    make_user({'login': login, 'password': password})
    User.add_role({'login': login, 'role': 'System admin'})
    make_org({'user': login, 'password': password, 'name': org_name})
    result = Org.info({'name': org_name})
    assert result['name'] == org_name
Ejemplo n.º 27
0
    def test_expired_personal_access_token(self, default_sat):
        """Personal access token expired for the user.

        :id: cb07b096-aba4-4a95-9a15-5413f32b597b

        :steps:
            1. Set the expired time to +x seconds from the current time.
            2. Wait +x seconds
            3. Try using the token with any end point.

        :expectedresults: Authentication error

        :CaseLevel: System

        :CaseImportance: Medium
        """
        user = make_user()
        User.add_role({'login': user['login'], 'role': 'View hosts'})
        token_name = gen_alphanumeric()
        datetime_now = datetime.datetime.utcnow()
        datetime_expire = datetime_now + datetime.timedelta(seconds=20)
        datetime_expire = datetime_expire.strftime("%Y-%m-%d %H:%M:%S")
        result = User.access_token(
            action="create",
            options={
                'name': token_name,
                'user-id': user['id'],
                'expires-at': datetime_expire
            },
        )

        token_value = result[0]['message'].split('\n')[-1]
        curl_command = (
            f'curl -k -u {user["login"]}:{token_value} https://{default_sat.hostname}/api/v2/hosts'
        )
        command_output = default_sat.execute(curl_command)
        assert default_sat.hostname in command_output.stdout
        sleep(20)
        curl_command = (
            f'curl -k -u {user["login"]}:{token_value} https://{default_sat.hostname}/api/v2/users'
        )
        command_output = default_sat.execute(curl_command)
        assert f'Unable to authenticate user {user["login"]}' in command_output.stdout
Ejemplo n.º 28
0
    def test_positive_add_role(self):
        """Add role to User for all variations of role names

        :id: 4df495b8-ed02-480e-a935-ffc0b6746e08

        :expectedresults: Role is added to user

        :BZ: 1138553

        :CaseLevel: Integration
        """
        user = self.user
        for role_id, role in self.stubbed_roles.items():
            with self.subTest(role['name']):
                User.add_role({
                    'login': user['login'],
                    'role-id': role_id,
                })
                user = User.info({'id': user['id']})
                self.assertIn(role['name'], user['roles'])
Ejemplo n.º 29
0
    def test_positive_add_role(self):
        """Add role to User for all variations of role names

        :id: 4df495b8-ed02-480e-a935-ffc0b6746e08

        :expectedresults: Role is added to user

        :BZ: 1138553

        :CaseLevel: Integration
        """
        user = self.user
        for role_id, role in self.stubbed_roles.items():
            with self.subTest(role['name']):
                User.add_role({
                    'login': user['login'],
                    'role-id': role_id,
                })
                user = User.info({'id': user['id']})
                self.assertIn(role['name'], user['roles'])
Ejemplo n.º 30
0
    def test_positive_personal_access_token_user_with_role(self, default_sat):
        """Personal access token for user with a role

        :id: b9fe7ddd-d1e4-4d76-9966-d223b02768ec

        :steps:
            1. Create a new user. Assign a role to it and create personal
               access token
            2. Use an api endpoint to that specific role and other roles.
            3. Revoke the access token

        :expectedresults:
            1. When used with the correct role and end point, corresponding
               output should be displayed.
            2. When an incorrect role and end point is used, missing
               permission should be displayed.

        :CaseLevel: System

        :CaseImportance: High
        """
        user = make_user()
        User.add_role({'login': user['login'], 'role': 'View hosts'})
        token_name = gen_alphanumeric()
        result = User.access_token(action="create",
                                   options={
                                       'name': token_name,
                                       'user-id': user['id']
                                   })
        token_value = result[0]['message'].split('\n')[-1]
        curl_command = (
            f'curl -k -u {user["login"]}:{token_value} https://{default_sat.hostname}/api/v2/hosts'
        )
        command_output = default_sat.execute(curl_command)
        assert default_sat.hostname in command_output.stdout
        curl_command = (
            f'curl -k -u {user["login"]}:{token_value} https://{default_sat.hostname}/api/v2/users'
        )
        command_output = default_sat.execute(curl_command)
        assert 'Access denied' in command_output.stdout
Ejemplo n.º 31
0
    def test_positive_remove_role(self):
        """Remove role from User for all variations of role names

        :id: 51b15516-da42-4149-8032-87baa93f9e56

        :expectedresults: Role is removed

        :BZ: 1138553

        :CaseLevel: Integration
        """
        user = self.user
        for role_id, role in self.stubbed_roles.items():
            role_name = role['name']
            with self.subTest(role_name):
                user_credentials = {'login': user['login'], 'role': role_name}
                User.add_role(user_credentials)
                user = User.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
                User.remove_role(user_credentials)
                user = User.info({'id': user['id']})
                self.assertNotIn(role_name, user['roles'])
Ejemplo n.º 32
0
    def test_positive_add_role(self):
        """Add role to User for all variations of role names

        @id: 4df495b8-ed02-480e-a935-ffc0b6746e08

        @Assert: Role is added to user

        @BZ: 1138553

        @CaseLevel: Integration
        """
        user = make_user()
        include_list = [gen_string("alphanumeric", 100)]
        for role_name in valid_usernames_list() + include_list:
            with self.subTest(role_name):
                make_role({'name': role_name})
                User.add_role({
                    'login': user['login'],
                    'role': role_name,
                })
                user = User.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
Ejemplo n.º 33
0
    def test_positive_remove_role(self):
        """Remove role from User for all variations of role names

        :id: 51b15516-da42-4149-8032-87baa93f9e56

        :expectedresults: Role is removed

        :BZ: 1138553

        :CaseLevel: Integration
        """
        user = self.user
        for role_id, role in self.stubbed_roles.items():
            role_name = role['name']
            with self.subTest(role_name):
                user_credentials = {'login': user['login'], 'role': role_name}
                User.add_role(user_credentials)
                user = User.info({'id': user['id']})
                self.assertIn(role_name, user['roles'])
                User.remove_role(user_credentials)
                user = User.info({'id': user['id']})
                self.assertNotIn(role_name, user['roles'])
Ejemplo n.º 34
0
def test_negative_nonauthor_of_report_cant_download_it():
    """The resulting report should only be downloadable by
       the user that generated it or admin. Check.

    :id: a4bc77db-146e-4871-a42e-e93887464986

    :setup: Installed Satellite, user that can list running tasks

    :steps:

        1. hammer -u u1 -p p1 report-template schedule
        2. hammer -u u2 -p p2 report-template report-data

    :expectedresults: Report can't be downloaded. Error.
    """
    uname_viewer = gen_alpha()
    uname_viewer2 = gen_alpha()
    password = gen_alpha()

    loc = Location.info({'name': DEFAULT_LOC})
    org = Org.info({'name': DEFAULT_ORG})

    user1 = make_user({
        'login': uname_viewer,
        'password': password,
        'organization-ids': org['id'],
        'location-ids': loc['id'],
    })

    user2 = make_user({
        'login': uname_viewer2,
        'password': password,
        'organization-ids': org['id'],
        'location-ids': loc['id'],
    })

    role = make_role()
    # Pick permissions by its resource type
    permissions_org = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=Organization'})
    ]
    permissions_loc = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=Location'})
    ]
    permissions_rt = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=ReportTemplate'})
    ]
    permissions_pt = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=ProvisioningTemplate'})
    ]
    permissions_jt = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=JobTemplate'})
    ]
    # Assign filters to created role
    for perm in [
            permissions_org, permissions_loc, permissions_rt, permissions_pt,
            permissions_jt
    ]:
        make_filter({'role-id': role['id'], 'permissions': perm})
    User.add_role({'login': user1['login'], 'role-id': role['id']})
    User.add_role({'login': user2['login'], 'role-id': role['id']})

    name = gen_alpha()
    content = gen_alpha()

    report_template = ReportTemplate.with_user(username=user1['login'],
                                               password=password).create({
                                                   'name':
                                                   name,
                                                   'organization-id':
                                                   org['id'],
                                                   'location-id':
                                                   loc['id'],
                                                   'file':
                                                   content
                                               })

    schedule = ReportTemplate.with_user(username=user1['login'],
                                        password=password).schedule(
                                            {'name': report_template['name']})
    job_id = schedule.split('Job ID: ', 1)[1].strip()

    report_data = ReportTemplate.with_user(username=user1['login'],
                                           password=password).report_data({
                                               'id':
                                               report_template['name'],
                                               'job-id':
                                               job_id
                                           })

    assert content in report_data
    with pytest.raises(CLIReturnCodeError):
        ReportTemplate.with_user(username=user2['login'],
                                 password=password).report_data({
                                     'id':
                                     report_template['name'],
                                     'job-id':
                                     job_id
                                 })
Ejemplo n.º 35
0
def test_positive_user_permission(products_with_repos):
    """Show errata only if the User has permissions to view them

    :id: f350c13b-8cf9-4aa5-8c3a-1c48397ea514

    :Setup:

        1. Create two products with one repo each. Sync them.
        2. Make sure that they both have errata.
        3. Create a user with view access on one product and not on the
           other.

    :Steps: erratum list --organization-id=<orgid>

    :expectedresults: Check that the new user is able to see errata for one
        product only.

    :BZ: 1403947
    """
    user_password = gen_string('alphanumeric')
    user_name = gen_string('alphanumeric')

    product = products_with_repos[3]
    org = product.organization

    # get the available permissions
    permissions = Filter.available_permissions()
    user_required_permissions_names = ['view_products']
    # get the user required permissions ids
    user_required_permissions_ids = [
        permission['id'] for permission in permissions
        if permission['name'] in user_required_permissions_names
    ]
    assert len(user_required_permissions_ids) > 0

    # create a role
    role = make_role({'organization-ids': org.id})

    # create a filter with the required permissions for role with product
    # one only
    make_filter({
        'permission-ids': user_required_permissions_ids,
        'role-id': role['id'],
        'search': f"name = {product.name}",
    })

    # create a new user and assign him the created role permissions
    user = make_user({
        'admin': False,
        'login': user_name,
        'password': user_password,
        'organization-ids': [org.id],
        'default-organization-id': org.id,
    })
    User.add_role({'id': user['id'], 'role-id': role['id']})

    # make sure the user is not admin and has only the permissions assigned
    user = User.info({'id': user['id']})
    assert user['admin'] == 'no'
    assert set(user['roles']) == {role['name']}

    # try to get organization info
    # get the info as admin user first
    org_info = Org.info({'id': org.id})
    assert str(org.id) == org_info['id']
    assert org.name == org_info['name']

    # get the organization info as the created user
    with pytest.raises(CLIReturnCodeError) as context:
        Org.with_user(user_name, user_password).info({'id': org.id})
    assert 'Missing one of the required permissions: view_organizations' in context.value.stderr

    # try to get the erratum products list by organization id only
    # ensure that all products erratum are accessible by admin user
    admin_org_errata_ids = [
        errata['errata-id']
        for errata in Erratum.list({'organization-id': org.id})
    ]
    assert REPOS_WITH_ERRATA[2]['errata_id'] in admin_org_errata_ids
    assert REPOS_WITH_ERRATA[3]['errata_id'] in admin_org_errata_ids

    assert len(admin_org_errata_ids) == (REPOS_WITH_ERRATA[2]['errata_count'] +
                                         REPOS_WITH_ERRATA[3]['errata_count'])

    # ensure that the created user see only the erratum product that was
    # assigned in permissions
    user_org_errata_ids = [
        errata['errata-id'] for errata in Erratum.with_user(
            user_name, user_password).list({'organization-id': org.id})
    ]
    assert len(user_org_errata_ids) == REPOS_WITH_ERRATA[3]['errata_count']
    assert REPOS_WITH_ERRATA[3]['errata_id'] in user_org_errata_ids
    assert REPOS_WITH_ERRATA[2]['errata_id'] not in user_org_errata_ids
Ejemplo n.º 36
0
def non_admin_user():
    """create the non-admin role user for tests"""
    uname_viewer = gen_string('alpha')
    user = make_user({'login': uname_viewer, 'password': password})
    User.add_role({'login': uname_viewer, 'role': 'Viewer'})
    return user
Ejemplo n.º 37
0
    def test_negative_nonauthor_of_report_cant_download_it(self):
        """The resulting report should only be downloadable by
           the user that generated it or admin. Check.

        :id: a4bc77db-146e-4871-a42e-e93887464986

        :setup: Installed Satellite, user that can list running tasks

        :steps:

            1. hammer -u u1 -p p1 report-template schedule
            2. hammer -u u2 -p p2 report-template report-data

        :expectedresults: Report can't be downloaded. Error.

        :CaseImportance: High
        """
        uname_viewer = gen_string('alpha')
        uname_viewer2 = gen_string('alpha')
        password = gen_string('alpha')

        loc = Location.info({'name': DEFAULT_LOC})
        org = Org.info({'name': DEFAULT_ORG})

        user1 = make_user({
            'login': uname_viewer,
            'password': password,
            'organization-ids': org['id'],
            'location-ids': loc['id'],
        })

        user2 = make_user({
            'login': uname_viewer2,
            'password': password,
            'organization-ids': org['id'],
            'location-ids': loc['id'],
        })

        role = make_role()
        # Pick permissions by its resource type
        permissions_org = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
        ]
        permissions_loc = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'Location'})
        ]
        permissions_rt = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'ReportTemplate'})
        ]
        permissions_pt = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'ProvisioningTemplate'})
        ]
        permissions_jt = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'JobTemplate'})
        ]
        # Assign filters to created role
        make_filter({'role-id': role['id'], 'permissions': permissions_org})
        make_filter({'role-id': role['id'], 'permissions': permissions_loc})
        make_filter({'role-id': role['id'], 'permissions': permissions_rt})
        make_filter({'role-id': role['id'], 'permissions': permissions_pt})
        make_filter({'role-id': role['id'], 'permissions': permissions_jt})
        User.add_role({'login': user1['login'], 'role-id': role['id']})
        User.add_role({'login': user2['login'], 'role-id': role['id']})

        name = gen_string('alpha')
        content = gen_string('alpha')

        report_template = ReportTemplate.with_user(username=user1['login'],
                                                   password=password).create({
                                                       'name':
                                                       name,
                                                       'organization-id':
                                                       org['id'],
                                                       'location-id':
                                                       loc['id'],
                                                       'file':
                                                       content
                                                   })

        schedule = ReportTemplate.with_user(username=user1['login'],
                                            password=password).schedule({
                                                'name':
                                                report_template['name']
                                            })

        report_data = ReportTemplate.with_user(username=user1['login'],
                                               password=password).report_data({
                                                   'id':
                                                   report_template['name'],
                                                   'job-id':
                                                   schedule[0].split(
                                                       "Job ID: ", 1)[1]
                                               })

        self.assertIn(content, report_data)
        with self.assertRaises(CLIReturnCodeError):
            ReportTemplate.with_user(username=user2['login'],
                                     password=password).report_data({
                                         'id':
                                         report_template['name'],
                                         'job-id':
                                         schedule[0].split("Job ID: ", 1)[1]
                                     })
Ejemplo n.º 38
0
    def test_system_admin_role_end_to_end(self):
        """Test System admin role with a end to end workflow

        :id: da6b3549-d1cf-44fc-869f-08d15d407fa2

        :steps:

            1. Create a System admin role user1
            2. Login with the user1 and change global settings
                "Out of sync interval" to 31
            3. Create user2 with system admin role
            4. Login with user2 to create a Organization
            5. Clone a Org-admin role
            6. Edit the Architecture Filter and search name  =  x86_64
            7. Create a User with Cloned Org admin
            8. Login with user.

        :expectedresults:

            1. User should be assigned with System Admin role.
            2. User with sys admin role should be able to update settings
            3. User with sys admin role should be able to create users and
                assign Organizations to them.
            4. System Admin role should be able to create Organization admins
            5. User with sys admin role should be able to edit filters on roles

        :CaseLevel: System
        """
        org = make_org()
        location = make_location()
        common_pass = gen_string('alpha')
        role = Role.info({'name': 'System admin'})
        system_admin_1 = make_user(
            {
                'password': common_pass,
                'organization-ids': org['id'],
                'location-ids': location['id'],
            }
        )
        User.add_role({'id': system_admin_1['id'], 'role-id': role['id']})
        Settings.with_user(username=system_admin_1['login'], password=common_pass).set(
            {'name': "outofsync_interval", 'value': "32"}
        )
        sync_time = Settings.list({'search': 'name=outofsync_interval'})[0]
        # Asserts if the setting was updated successfully
        assert '32' == sync_time['value']

        # Create another System Admin user using the first one
        system_admin = User.with_user(
            username=system_admin_1['login'], password=common_pass
        ).create(
            {
                'auth-source-id': 1,
                'firstname': gen_string('alpha'),
                'lastname': gen_string('alpha'),
                'login': gen_string('alpha'),
                'mail': '{}@example.com'.format(gen_string('alpha')),
                'password': common_pass,
                'organizations': org['name'],
                'role-ids': role['id'],
                'locations': location['name'],
            }
        )
        # Create the Org Admin user
        org_role = Role.with_user(username=system_admin['login'], password=common_pass).clone(
            {
                'name': 'Organization admin',
                'new-name': gen_string('alpha'),
                'organization-ids': org['id'],
                'location-ids': location['id'],
            }
        )
        org_admin = User.with_user(username=system_admin['login'], password=common_pass).create(
            {
                'auth-source-id': 1,
                'firstname': gen_string('alpha'),
                'lastname': gen_string('alpha'),
                'login': gen_string('alpha'),
                'mail': '{}@example.com'.format(gen_string('alpha')),
                'password': common_pass,
                'organizations': org['name'],
                'role-ids': org_role['id'],
                'location-ids': location['id'],
            }
        )
        # Assert if the cloning was successful
        assert org_role['id'] is not None
        org_role_filters = Role.filters({'id': org_role['id']})
        search_filter = None
        for arch_filter in org_role_filters:
            if arch_filter['resource-type'] == 'Architecture':
                search_filter = arch_filter
                break
        Filter.with_user(username=system_admin['login'], password=common_pass).update(
            {'role-id': org_role['id'], 'id': arch_filter['id'], 'search': 'name=x86_64'}
        )
        # Asserts if the filter is updated
        assert 'name=x86_64' in Filter.info({'id': search_filter['id']}).values()
        org_admin = User.with_user(username=system_admin['login'], password=common_pass).info(
            {'id': org_admin['id']}
        )
        # Asserts Created Org Admin
        assert org_role['name'] in org_admin['roles']
        assert org['name'] in org_admin['organizations']
Ejemplo n.º 39
0
    def test_system_admin_role_end_to_end(self):
        """Test System admin role with a end to end workflow

        :id: da6b3549-d1cf-44fc-869f-08d15d407fa2

        :steps:

            1. Create a System admin role user1
            2. Login with the user1 and change global settings
                "Out of sync interval" to 31
            3. Create user2 with system admin role
            4. Login with user2 to create a Organization
            5. Clone a Org-admin role
            6. Edit the Architecture Filter and search name  =  x86_64
            7. Create a User with Cloned Org admin
            8. Login with user.

        :expectedresults:

            1. User should be assigned with System Admin role.
            2. User with sys admin role should be able to update settings
            3. User with sys admin role should be able to create users and
                assign Organizations to them.
            4. System Admin role should be able to create Organization admins
            5. User with sys admin role should be able to edit filters on roles

        :CaseLevel: System
        """
        org = make_org()
        location = make_location()
        common_pass = gen_string('alpha')
        role = Role.info({'name': 'System admin'})
        system_admin_1 = make_user({
            'password': common_pass,
            'organization-ids': org['id'],
            'location-ids': location['id']
            })
        User.add_role({
            'id': system_admin_1['id'],
            'role-id': role['id']
            })
        Settings.with_user(
            username=system_admin_1['login'],
            password=common_pass).set({
                'name': "outofsync_interval",
                'value': "32"
                })
        sync_time = Settings.list({
            'search': 'name=outofsync_interval'
            })[0]
        # Asserts if the setting was updated successfully
        self.assertEqual('32', sync_time['value'])

        # Create another System Admin user using the first one
        system_admin = User.with_user(
                username=system_admin_1['login'],
                password=common_pass).create({
                    u'auth-source-id': 1,
                    u'firstname': gen_string('alpha'),
                    u'lastname': gen_string('alpha'),
                    u'login': gen_string('alpha'),
                    u'mail': '{0}@example.com'.format(gen_string('alpha')),
                    u'password': common_pass,
                    u'organizations': org['name'],
                    u'role-ids': role['id'],
                    u'locations': location['name']
                    })
        # Create the Org Admin user
        org_role = Role.with_user(
            username=system_admin['login'],
            password=common_pass).clone({
                'name': 'Organization admin',
                'new-name': gen_string('alpha'),
                'organization-ids': org['id'],
                'location-ids': location['id']
                })
        org_admin = User.with_user(
                username=system_admin['login'],
                password=common_pass).create({
                    u'auth-source-id': 1,
                    u'firstname': gen_string('alpha'),
                    u'lastname': gen_string('alpha'),
                    u'login': gen_string('alpha'),
                    u'mail': '{0}@example.com'.format(gen_string('alpha')),
                    u'password': common_pass,
                    u'organizations': org['name'],
                    u'role-ids': org_role['id'],
                    u'location-ids': location['id']
                    })
        # Assert if the cloning was successful
        self.assertIsNotNone(org_role['id'])
        org_role_filters = Role.filters({'id': org_role['id']})
        search_filter = None
        for arch_filter in org_role_filters:
            if arch_filter['resource-type'] == 'Architecture':
                search_filter = arch_filter
                break
        Filter.with_user(
            username=system_admin['login'],
            password=common_pass).update({
                'role-id': org_role['id'],
                'id': arch_filter['id'],
                'search': 'name=x86_64'
                })
        # Asserts if the filter is updated
        self.assertIn('name=x86_64',
                      Filter.info({
                          'id': search_filter['id']
                            }).values()
                      )
        org_admin = User.with_user(
            username=system_admin['login'],
            password=common_pass).info({'id': org_admin['id']})
        # Asserts Created Org Admin
        self.assertIn(org_role['name'], org_admin['roles'])
        self.assertIn(org['name'], org_admin['organizations'])