def test_positive_login_ad_user_basic_roles(
test_name, session, auth_source, ldap_tear_down, ldap_data
):
"""Login with LDAP - AD for user with roles/rights
:id: ef202e94-8e5d-4333-a4bc-e573b03ebfc8
:setup: assure properly functioning AD server for authentication
:steps: Login to server with an AD user.
:expectedresults: Log in to foreman UI successfully and can access
appropriate functional areas in UI
"""
name = gen_string('alpha')
role = entities.Role().create()
permissions = {'Architecture': PERMISSIONS['Architecture']}
create_role_permissions(role, permissions)
with Session(
test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.usergroup.search('')
with session:
session.user.update(ldap_data['ldap_user_name'], {'roles.resources.assigned': [role.name]})
with Session(
test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']
) as ldapsession:
ldapsession.architecture.create({'name': name})
assert ldapsession.architecture.search(name)[0]['Name'] == name
def test_positive_update_external_roles(
test_name, session, auth_source, ldap_usergroup_name, ldap_tear_down, ldap_data
):
"""Added AD UserGroup roles get pushed down to user
:id: f3ca1aae-5461-4af3-a508-82679bb6afed
:setup: assign additional roles to the UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Assign additional roles to the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User has access to all NEW functional areas that are
assigned to aforementioned UserGroup.
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create(
{
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
}
)
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
with Session(
test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]}
)
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']) as session:
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_delete_external_roles(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Deleted AD UserGroup roles get pushed down to user
:id: 479bc8fe-f6a3-4c89-8c7e-3d997315383f
:setup: delete roles from an AD UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Unassign some of the existing roles of the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User no longer has access to all deleted functional
areas that were assigned to aforementioned UserGroup.
:CaseLevel: Integration
"""
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
create_role_permissions(foreman_role, foreman_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name, {'roles.resources.unassigned': [foreman_role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.location.create({'name': gen_string('alpha')})
def test_positive_add_host_collection_non_admin(module_org, test_name):
"""Test that host collection can be associated to Activation Keys by
non-admin user.
:id: 417f0b36-fd49-4414-87ab-6f72a09696f2
:expectedresults: Activation key is created, added host collection is
listed
:BZ: 1473212
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
hc = entities.HostCollection(organization=module_org).create()
# Create non-admin user with specified permissions
roles = [entities.Role().create()]
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'],
}
viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0]
roles.append(viewer_role)
create_role_permissions(roles[0], user_permissions)
password = gen_string('alphanumeric')
user = entities.User(
admin=False, role=roles, password=password, organization=[module_org]
).create()
with Session(test_name, user=user.login, password=password) as session:
session.activationkey.create({'name': ak_name, 'lce': {ENVIRONMENT: True}})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
session.activationkey.add_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name, widget_names='host_collections')
assert ak['host_collections']['resources']['assigned'][0]['Name'] == hc.name
def test_positive_search_errata_non_admin(session, vm, module_org, test_name,
module_viewer_user):
"""Search for host's errata by non-admin user with enough permissions
:id: 5b8887d2-987f-4bce-86a1-8f65ca7e1195
:customerscenario: true
:BZ: 1255515
:expectedresults: User can access errata page and proper errata is
listed
:CaseLevel: System
"""
vm.run('yum install -y {0}'.format(FAKE_1_CUSTOM_PACKAGE))
with Session(test_name,
user=module_viewer_user.login,
password=module_viewer_user.password) as session:
if bz_bug_is_open(1652938):
try:
session.contenthost.search('')
except NoSuchElementException:
session.browser.refresh()
chost = session.contenthost.read(vm.hostname)
assert FAKE_2_ERRATA_ID in {
errata['Id']
for errata in chost['errata']['table']
}
def test_negative_settings_access_to_non_admin():
"""Check non admin users can't access Administer -> Settings tab
:id: 34bb9376-c5fe-431a-ac0d-ef030c0ab50e
:steps:
1. Login with non admin user
2. Check "Administer" tab is not present
3. Navigate to /settings
4. Check message permission denied is present
:expectedresults: Administer -> Settings tab should not be available to non admin users
:CaseImportance: Medium
:CaseLevel: Acceptance
"""
login = gen_string('alpha')
password = gen_string('alpha')
entities.User(admin=False, login=login, password=password).create()
try:
with Session(user=login, password=password) as session:
result = session.settings.permission_denied()
assert (
result == 'Permission denied You are not authorized to perform this action. '
'Please request one of the required permissions listed below '
'from a Satellite administrator: view_settings Back'
)
finally:
User.delete({'login': login})
def test_negative_template_search_using_url():
"""Satellite should not show full trace on web_browser after invalid search in url
:id: aeb365dc-49de-11eb-bf99-d46d6dd3b5b2
:customerscenario: true
:expectedresults: Satellite should not show full trace and show correct error message
:CaseLevel: Integration
:CaseImportance: High
:BZ: 1767040
"""
with Session(
url='/templates/provisioning_templates?search=&page=1"sadfasf',
login=False) as session:
login_details = {
'username': settings.server.admin_username,
'password': settings.server.admin_password,
}
session.login.login(login_details)
error_page = session.browser.selenium.page_source
error_helper_message = (
"Please include in your report the full error log that can be acquired by running"
)
trace_link_word = "Full trace"
assert error_helper_message in error_page
assert trace_link_word not in error_page
assert "foreman-rake errors:fetch_log request_id=" in error_page
def test_positive_create_filter_admin_user_with_locs(test_name):
"""Attempt to create a role filter by admin user, who has 6+ locations assigned.
:id: 688ecb7d-1d49-494c-97cc-0d5e715f3bb1
:customerscenario: true
:expectedresults: filter was successfully created.
:BZ: 1315580
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
resource_type = 'Architecture'
permissions = ['view_architectures', 'edit_architectures']
org = entities.Organization().create()
locations = [entities.Location(organization=[org]).create() for _ in range(6)]
password = gen_string('alphanumeric')
user = entities.User(
admin=True,
organization=[org],
location=locations,
default_organization=org,
default_location=locations[0],
password=password,
).create()
with Session(test_name, user=user.login, password=password) as session:
session.role.create({'name': role_name})
assert session.role.search(role_name)[0]['Name'] == role_name
session.filter.create(
role_name, {'resource_type': resource_type, 'permission.assigned': permissions}
)
assigned_permissions = session.filter.read_permissions(role_name)
assert set(assigned_permissions[resource_type]) == set(permissions)
def test_positive_access_with_non_admin_user_with_manifest(test_name):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has a manifest uploaded.
:id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4
:expectedresults: Subscription page is rendered properly without errors
and the default subscription is visible
:BZ: 1417082, 1651981
:customerscenario: true
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
manifests.upload_manifest_locked(org.id)
role = entities.Role(organization=[org]).create()
create_role_permissions(role,
{'Katello::Subscription': ['view_subscriptions']})
user_password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=user_password,
organization=[org],
default_organization=org,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
assert (session.subscription.search(
f'name = "{DEFAULT_SUBSCRIPTION_NAME}"')[0]['Name'] ==
DEFAULT_SUBSCRIPTION_NAME)
def test_negative_delete_rule_with_non_admin_user(module_loc, module_org,
reader_user, test_name):
"""Delete rule with non-admin user by associating discovery_reader role
:id: 23a7627c-6a9b-493b-871f-698543adf1d2
:expectedresults: User should validation error and rule should not be
deleted successfully.
:CaseLevel: Integration
"""
hg = entities.HostGroup(organization=[module_org]).create()
dr = entities.DiscoveryRule(
hostgroup=hg,
organization=[module_org],
location=[module_loc]
).create()
with Session(
test_name,
user=reader_user.login,
password=reader_user.password
) as session:
with raises(ValueError):
session.discoveryrule.delete(dr.name)
dr_val = session.discoveryrule.read_all()
assert dr.name in [rule['Name'] for rule in dr_val]
def test_positive_access_with_non_admin_user_without_manifest(test_name):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has no manifest uploaded.
:id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6
:expectedresults: Subscription page is rendered properly without errors
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
role = entities.Role(organization=[org]).create()
create_role_permissions(role,
{'Katello::Subscription': ['view_subscriptions']})
user_password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=user_password,
organization=[org],
default_organization=org,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
assert not session.subscription.search('')
assert not session.subscription.has_manifest
def test_positive_delete_rule_with_non_admin_user(manager_loc, manager_user,
module_org, test_name):
"""Delete rule with non-admin user by associating discovery_manager role
:id: 7fa56bab-82d7-46c9-a4fa-c44ef173c703
:expectedresults: Rule should be deleted successfully.
:CaseLevel: Integration
"""
hg = entities.HostGroup(organization=[module_org]).create()
dr = entities.DiscoveryRule(
hostgroup=hg,
organization=[module_org],
location=[manager_loc]
).create()
with Session(
test_name,
user=manager_user.login,
password=manager_user.password
) as session:
dr_val = session.discoveryrule.read_all()
assert dr.name in [rule['Name'] for rule in dr_val]
session.discoveryrule.delete(dr.name)
dr_val = session.discoveryrule.read_all()
assert dr.name not in [rule['Name'] for rule in dr_val]
def test_positive_view_existing_rule_with_non_admin_user(module_loc,
module_org,
reader_user,
test_name):
"""Existing rule should be viewed to non-admin user by associating
discovery_reader role.
:id: 0f5b0221-43be-47bc-8619-749824c4e54f
:Steps:
1. create a rule with admin user
2. create a non-admin user and assign 'Discovery Reader' role
3. Login with non-admin user
:expectedresults: Rule should be visible to non-admin user.
:CaseLevel: Integration
"""
hg = entities.HostGroup(organization=[module_org]).create()
dr = entities.DiscoveryRule(
hostgroup=hg,
organization=[module_org],
location=[module_loc]
).create()
with Session(
test_name,
user=reader_user.login,
password=reader_user.password
) as session:
dr_val = session.discoveryrule.read_all()
assert dr.name in [rule['Name'] for rule in dr_val]
def test_positive_add_foreman_role_with_org_loc(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name,
module_org, module_loc):
"""Associate foreman roles to User Group with org and loc set.
[belonging to external AD User Group.]
:id: b39d7b2a-6d78-4c35-969a-37c8317ce64f
:setup: LDAP Auth Source should be created with Org and Location
Associated.
:Steps:
1. Create an UserGroup.
2. Assign some foreman roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access foreman entities as per roles, with the associated org and
loc in LDAP Auth source page as the context set.
:CaseLevel: Integration
"""
auth_source_name = 'LDAP-' + auth_source.name
name = gen_string('alpha')
user_permissions = {
'Hostgroup': PERMISSIONS['Hostgroup'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
foreman_role = entities.Role().create()
create_role_permissions(foreman_role, user_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
if bz_bug_is_open(1652938):
try:
ldapsession.hostgroup.search('')
except NoSuchElementException:
ldapsession.browser.refresh()
ldapsession.hostgroup.create({'host_group.name': name})
hostgroup = session.hostgroup.read(name, ['organizations', 'locations'])
assert len(hostgroup['organizations']['resources']['assigned']) == 1
assert module_org.name in hostgroup['organizations']['resources']['assigned']
assert len(hostgroup['locations']['resources']['assigned']) == 1
assert module_loc.name in hostgroup['locations']['resources']['assigned']
def test_positive_create_rule_with_non_admin_user(manager_loc, manager_user,
module_org, test_name):
"""Create rule with non-admin user by associating discovery_manager role
:id: 6a03983b-363d-4646-b277-34af5f5abc55
:expectedresults: Rule should be created successfully.
:CaseLevel: Integration
"""
name = gen_string('alpha')
search = gen_string('alpha')
hg = entities.HostGroup(organization=[module_org]).create()
with Session(
test_name,
user=manager_user.login,
password=manager_user.password
) as session:
session.location.select(loc_name=manager_loc.name)
session.discoveryrule.create({
'primary.name': name,
'primary.search': search,
'primary.host_group': hg.name,
})
dr_val = session.discoveryrule.read(name)
assert dr_val['primary']['name'] == name
assert dr_val['primary']['host_group'] == hg.name
def test_positive_add_katello_role_with_org(session, ldap_data, ldap_user_name,
test_name, auth_source,
ldap_usergroup_name, module_org):
"""Associate katello roles to User Group with org set.
[belonging to external AD User Group.]
:id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6
:setup: LDAP Auth Source should be created with Organization associated.
:Steps:
1. Create an UserGroup.
2. Assign some katello roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles, with the associated org
in LDAP Auth source page as the context set.
"""
auth_source_name = 'LDAP-' + auth_source.name
ak_name = gen_string('alpha')
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
different_org = entities.Organization().create()
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name,
EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.activationkey.create({'name': ak_name})
results = session.activationkey.search(ak_name)
assert results[0]['Name'] == ak_name
session.organization.select(different_org.name)
assert not session.activationkey.search(ak_name)[0]['Name'] == ak_name
ak = entities.ActivationKey(organization=module_org).search(
query={'search': 'name={}'.format(ak_name)})[0].read()
assert ak.organization.id == module_org.id
def test_negative_settings_access_to_non_admin():
"""Check non admin users can't access Administer -> Settings tab
:id: 34bb9376-c5fe-431a-ac0d-ef030c0ab50e
:steps:
1. Login with non admin user
2. Check "Administer" tab is not present
3. Navigate to /settings
4. Check message permission denied is present
:expectedresults: Administer -> Settings tab should not be available to non admin users
:CaseImportance: Medium
:CaseLevel: Acceptance
"""
login = gen_string('alpha')
password = gen_string('alpha')
entities.User(admin=False, login=login, password=password).create()
try:
with Session(user=login, password=password) as session:
assert session.settings.browser.title == 'Permission denied'
finally:
User.delete({'login': login})
def test_positive_create_filter_admin_user_with_orgs(test_name):
"""Attempt to create a role filter by admin user, who has 10 organizations assigned.
:id: 04208e17-34b5-46b1-84dd-b8a973521d30
:customerscenario: true
:expectedresults: filter was successfully created.
:BZ: 1389795
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
resource_type = 'Architecture'
permissions = ['view_architectures', 'edit_architectures']
password = gen_string('alphanumeric')
organizations = [entities.Organization().create() for _ in range(10)]
loc = entities.Location(organization=[organizations[0]]).create()
user = entities.User(
admin=True,
organization=organizations,
location=[loc],
default_organization=organizations[0],
default_location=loc,
password=password,
).create()
with Session(test_name, user=user.login, password=password) as session:
session.role.create({'name': role_name})
assert session.role.search(role_name)[0]['Name'] == role_name
session.filter.create(
role_name, {'resource_type': resource_type, 'permission.assigned': permissions}
)
assigned_permissions = session.filter.read_permissions(role_name)
assert set(assigned_permissions[resource_type]) == set(permissions)
def test_rhsso_two_factor_login_using_hammer(self, rhsso_setting_setup,
rh_sso_hammer_auth_setup):
"""verify the hammer auth login using RHSSO auth source
:id: 4018c646-cb64-4eae-a422-7d5257ed2756
:expectedresults: hammer auth login should be suceessful for a rhsso user
:CaseImportance: Medium
"""
with Session(login=False) as rhsso_session:
two_factor_code = rhsso_session.rhsso_login.get_two_factor_login_code(
{
'username': settings.rhsso.rhsso_user,
'password': settings.rhsso.password
},
get_two_factor_token_rh_sso_url(),
)
with open_pxssh_session() as ssh_session:
ssh_session.sendline(
f"echo '{two_factor_code['code']}' | hammer auth login oauth "
f"--oidc-token-endpoint {get_oidc_token_endpoint()} "
f"--oidc-authorization-endpoint {get_oidc_authorization_endpoint()} "
f"--oidc-client-id {get_oidc_client_id()} "
f"--oidc-redirect-uri 'urn:ietf:wg:oauth:2.0:oob' "
f"--two-factor ")
ssh_session.prompt() # match the prompt
result = ssh_session.before.decode()
assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." in result
def test_positive_remove_user(session, module_org, test_name):
"""Delete any user who has previously created an activation key
and check that activation key still exists
:id: f0504bd8-52d2-40cd-91c6-64d71b14c876
:expectedresults: Activation Key can be read
:BZ: 1291271
"""
ak_name = gen_string('alpha')
# Create user
password = gen_string('alpha')
user = entities.User(
admin=True,
default_organization=module_org,
password=password,
).create()
# Create Activation Key using new user credentials
with Session(test_name, user.login, password) as non_admin_session:
non_admin_session.activationkey.create({
'name': ak_name,
'lce': {
ENVIRONMENT: True
},
})
assert non_admin_session.activationkey.search(
ak_name)[0]['Name'] == ak_name
# Remove user and check that AK still exists
user.delete()
with session:
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
def test_negative_delete_bookmark(random_entity, module_viewer_user,
test_name):
"""Simple removal of a bookmark query without permissions
:id: 1a94bf2b-bcc6-4663-b70d-e13244a0783b
:Setup:
1. Create a bookmark of a random name with random query
2. Create a non-admin user without destroy_bookmark role (e.g.
viewer)
:Steps:
1. Login to Satellite server (establish a UI session) as a
non-admin user
2. List the bookmarks (Navigate to Administer -> Bookmarks)
:expectedresults: The delete buttons are not displayed
:CaseLevel: Integration
"""
bookmark = entities.Bookmark(
controller=random_entity['controller'],
public=True,
).create()
with Session(test_name, module_viewer_user.login,
module_viewer_user.password) as non_admin_session:
assert non_admin_session.bookmark.search(
bookmark.name)[0]['Name'] == bookmark.name
with raises(NoSuchElementException):
non_admin_session.bookmark.delete(bookmark.name)
assert non_admin_session.bookmark.search(
bookmark.name)[0]['Name'] == bookmark.name
def test_positive_virtwho_manager_role(self, session, test_name,
form_data):
"""Verify the virt-who manager role can TRULY work.
:id: a72023fb-7b23-4582-9adc-c5227dc7859c
:expectedresults:
Virt-who Manager Role granting all permissions to manage virt-who configurations,
user needs this role to create, delete or update configurations.
"""
username = gen_string('alpha')
password = gen_string('alpha')
config_name = gen_string('alpha')
with session:
# Create an user
session.user.create({
'user.login': username,
'user.mail': valid_emails_list()[0],
'user.auth': 'INTERNAL',
'user.password': password,
'user.confirm': password,
})
# Create a virt-who config plugin
form_data['name'] = config_name
session.virtwho_configure.create(form_data)
values = session.virtwho_configure.read(config_name)
command = values['deploy']['command']
deploy_configure_by_command(command, form_data['hypervisor_type'])
assert session.virtwho_configure.search(
config_name)[0]['Status'] == 'ok'
# Check the permissioin of Virt-who Manager
session.user.update(
username, {'roles.resources.assigned': ['Virt-who Manager']})
user = session.user.read(username)
assert user['roles']['resources']['assigned'] == [
'Virt-who Manager'
]
with Session(test_name, username, password) as newsession:
# create_virt_who_config
new_virt_who_name = gen_string('alpha')
form_data['name'] = new_virt_who_name
newsession.virtwho_configure.create(form_data)
# view_virt_who_config
values = newsession.virtwho_configure.read(new_virt_who_name)
command = values['deploy']['command']
deploy_configure_by_command(command,
form_data['hypervisor_type'])
assert newsession.virtwho_configure.search(
new_virt_who_name)[0]['Status'] == 'ok'
# edit_virt_who_config
modify_name = gen_string('alpha')
newsession.virtwho_configure.edit(new_virt_who_name,
{'name': modify_name})
newsession.virtwho_configure.search(modify_name)
# destroy_virt_who_config
newsession.virtwho_configure.delete(modify_name)
assert not newsession.virtwho_configure.search(modify_name)
# Delete the created user
session.user.delete(username)
assert not session.user.search(username)
def test_positive_add_katello_role(session, ldap_data, ldap_user_name,
test_name, auth_source,
ldap_usergroup_name):
"""Associate katello roles to User Group.
[belonging to external AD User Group.]
:id: aa5e3bf4-cb42-43a4-93ea-a2eea54b847a
:Steps:
1. Create an UserGroup.
2. Assign some foreman roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles.
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']
}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name,
EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
with raises(NavigationTriesExceeded):
session.architecture.search('')
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(
ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_create_non_overridable_filter(session, module_org, module_loc, test_name):
"""Create non overridden filter in role
:id: 5ee281cf-28fa-439d-888d-b1f9aacc6d57
:steps:
1. Create a filter in a role to which taxonomies (location and
organization) cannot be associated. e.g Architecture filter
2. Create an user with taxonomies different than role and assign
role to it
3. Login as new user and attempt to access the resources
:expectedresults:
1. Filter is created without taxonomies
2. User can access resources, permissions specified in a filter
3. User have access in all taxonomies available to user
"""
role_name = gen_string('alpha')
username = gen_string('alpha')
password = gen_string('alpha')
new_name = gen_string('alpha')
user_org = entities.Organization().create()
user_loc = entities.Location().create()
arch = entities.Architecture().create()
with session:
session.role.create(
{
'name': role_name,
'organizations.assigned': [module_org.name],
'locations.assigned': [module_loc.name],
}
)
assert session.role.search(role_name)[0]['Name'] == role_name
session.filter.create(
role_name,
{
'resource_type': 'Architecture',
'permission.assigned': ['view_architectures', 'edit_architectures'],
},
)
session.user.create(
{
'user.login': username,
'user.auth': 'INTERNAL',
'user.password': password,
'user.confirm': password,
'user.mail': '*****@*****.**',
'roles.resources.assigned': [role_name],
'organizations.resources.assigned': [user_org.name],
'locations.resources.assigned': [user_loc.name],
}
)
with Session(test_name, user=username, password=password) as session:
session.architecture.update(arch.name, {'name': new_name})
assert session.architecture.search(new_name)[0]['Name'] == new_name
with pytest.raises(NavigationTriesExceeded):
session.organization.create({'name': gen_string('alpha'), 'label': gen_string('alpha')})
def test_positive_virtwho_viewer_role(self, session, test_name, form_data):
"""Verify the virt-who viewer role can TRULY work.
:id: bf3be2e4-3853-41cc-9b3e-c8677f0b8c5f
:expectedresults:
Virt-who Viewer Role granting permissions to see all configurations
including their configuration scripts, which means viewers could still
deploy the virt-who instances for existing virt-who configurations.
"""
username = gen_string('alpha')
password = gen_string('alpha')
config_name = gen_string('alpha')
with session:
# Create an user
session.user.create({
'user.login': username,
'user.mail': valid_emails_list()[0],
'user.auth': 'INTERNAL',
'user.password': password,
'user.confirm': password,
})
# Create a virt-who config plugin
form_data['name'] = config_name
session.virtwho_configure.create(form_data)
values = session.virtwho_configure.read(config_name)
command = values['deploy']['command']
deploy_configure_by_command(command, form_data['hypervisor_type'])
assert session.virtwho_configure.search(
config_name)[0]['Status'] == 'ok'
# Check the permissioin of Virt-who Viewer
session.user.update(
username, {'roles.resources.assigned': ['Virt-who Viewer']})
user = session.user.read(username)
assert user['roles']['resources']['assigned'] == [
'Virt-who Viewer'
]
# Update the virt-who config file
config_id = get_configure_id(config_name)
config_file = get_configure_file(config_id)
update_configure_option('rhsm_username', username, config_file)
delete_configure_option('rhsm_encrypted_password', config_file)
add_configure_option('rhsm_password', password, config_file)
restart_virtwho_service()
assert get_virtwho_status() == 'logerror'
with Session(test_name, username, password) as newsession:
create_permission = newsession.virtwho_configure.check_create_permission(
)
update_permission = newsession.virtwho_configure.check_update_permission(
config_name)
assert create_permission['can_view']
assert not create_permission['can_create']
assert not update_permission['can_delete']
assert not update_permission['can_edit']
newsession.virtwho_configure.read(config_name)
# Delete the created user
session.user.delete(username)
assert not session.user.search(username)
def test_rh_cloud_insights_clean_statuses(
rhel7_contenthost,
rhel8_insights_vm,
organization_ak_setup,
rhcloud_sat_host,
):
"""Test rh_cloud_insights:clean_statuses rake command.
:id: 6416ed31-cafb-4278-b205-bf3da9ab2ee4
:Steps:
1. Prepare misconfigured machine and upload its data to Insights
2. Go to Hosts -> All Hosts
3. Assert that host properties shows reporting status for insights.
4. Run rh_cloud_insights:clean_statuses rake command
5. Assert that host properties doesn't contain insights status.
:expectedresults:
1. rake command deletes insights reporting status of host.
:BZ: 1962930
:parametrized: yes
:CaseAutomation: Automated
"""
org, ak = organization_ak_setup
rhel7_contenthost.configure_rhai_client(satellite=rhcloud_sat_host,
activation_key=ak.name,
org=org.label,
rhel_distro=DISTRO_RHEL7)
with Session(hostname=rhcloud_sat_host.hostname) as session:
session.organization.select(org_name=org.name)
session.location.select(loc_name=DEFAULT_LOC)
values = session.host.get_details(rhel7_contenthost.hostname)
assert values['properties']['properties_table'][
'Insights'] == 'Reporting clear'
values = session.host.get_details(rhel8_insights_vm.hostname)
assert values['properties']['properties_table'][
'Insights'] == 'Reporting clear'
# Clean insights status
result = rhcloud_sat_host.run(
f'foreman-rake rh_cloud_insights:clean_statuses SEARCH="{rhel7_contenthost.hostname}"'
)
assert 'Deleted 1 insights statuses' in result.stdout
assert result.status == 0
values = session.host.get_details(rhel7_contenthost.hostname)
with pytest.raises(KeyError):
values['properties']['properties_table']['Insights']
values = session.host.get_details(rhel8_insights_vm.hostname)
assert values['properties']['properties_table'][
'Insights'] == 'Reporting clear'
result = rhel7_contenthost.run('insights-client')
assert result.status == 0
values = session.host.get_details(rhel7_contenthost.hostname)
assert values['properties']['properties_table'][
'Insights'] == 'Reporting clear'
def test_positive_virtwho_reporter_role(self, default_org, session,
test_name, form_data):
"""Verify the virt-who reporter role can TRULY work.
:id: cd235ab0-d89c-464b-98d6-9d090ac40d8f
:expectedresults:
Virt-who Reporter Role granting minimal set of permissions for virt-who
to upload the report, it can be used if you configure virt-who manually
and want to use user that has locked down account.
"""
username = gen_string('alpha')
password = gen_string('alpha')
config_name = gen_string('alpha')
with session:
# Create an user
session.user.create({
'user.login': username,
'user.mail': valid_emails_list()[0],
'user.auth': 'INTERNAL',
'user.password': password,
'user.confirm': password,
})
# Create a virt-who config plugin
form_data['name'] = config_name
session.virtwho_configure.create(form_data)
values = session.virtwho_configure.read(config_name)
command = values['deploy']['command']
deploy_configure_by_command(command,
form_data['hypervisor_type'],
org=default_org.label)
assert session.virtwho_configure.search(
config_name)[0]['Status'] == 'ok'
# Update the virt-who config file
config_id = get_configure_id(config_name)
config_file = get_configure_file(config_id)
update_configure_option('rhsm_username', username, config_file)
delete_configure_option('rhsm_encrypted_password', config_file)
add_configure_option('rhsm_password', password, config_file)
restart_virtwho_service()
assert get_virtwho_status() == 'logerror'
# Check the permissioin of Virt-who Reporter
session.user.update(
username, {'roles.resources.assigned': ['Virt-who Reporter']})
assert session.user.search(username)[0]['Username'] == username
user = session.user.read(username)
assert user['roles']['resources']['assigned'] == [
'Virt-who Reporter'
]
restart_virtwho_service()
assert get_virtwho_status() == 'running'
with Session(test_name, username, password) as newsession:
assert not newsession.virtwho_configure.check_create_permission(
)['can_view']
session.user.delete(username)
assert not session.user.search(username)
def test_positive_add_admin_role_with_org_loc(session, ldap_data,
ldap_user_name, test_name,
auth_source, ldap_usergroup_name,
module_org):
"""Associate Admin role to User Group with org and loc set.
[belonging to external AD User Group.]
:id: 00841778-f89e-4445-a6c6-f1470b6da32e
:setup: LDAP Auth Source should be created with Org and Location
Associated.
:Steps:
1. Create an UserGroup.
2. Assign admin role to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access some of the pages, with the associated org and loc
in LDAP Auth source page as the context set.
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.admin':
True,
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
session.location.create({'name': location_name})
assert session.location.search(
location_name)[0]['Name'] == location_name
location = session.location.read(location_name,
['current_user', 'primary'])
assert location['current_user'] == ldap_data['ldap_user_name']
assert location['primary']['name'] == location_name
session.organization.select(module_org.name)
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
ak = session.activationkey.read(ak_name, 'details.name')
assert ak['details']['name'] == ak_name
def test_positive_access_manifest_as_another_admin_user(test_name):
"""Other admin users should be able to access and manage a manifest
uploaded by a different admin.
:id: 02e319da-3b7a-4694-9164-475c2c71b9a8
:expectedresults: Other admin user should see/manage the manifest
:BZ: 1669241
:customerscenario: true
:CaseLevel: Integration
:CaseImportance: High
"""
org = entities.Organization().create()
user1_password = gen_string('alphanumeric')
user1 = entities.User(
admin=True,
password=user1_password,
organization=[org],
default_organization=org,
).create()
user2_password = gen_string('alphanumeric')
user2 = entities.User(
admin=True,
password=user2_password,
organization=[org],
default_organization=org,
).create()
# use the first admin to upload a manifest
with Session(test_name, user=user1.login, password=user1_password) as session:
manifests.upload_manifest_locked(org.id)
assert session.subscription.has_manifest
# store subscriptions that have "Red Hat" in the name for later
rh_subs = session.subscription.search("Red Hat")
# try to view and delete the manifest with another admin
with Session(test_name, user=user2.login, password=user2_password) as session:
assert session.subscription.has_manifest
assert rh_subs == session.subscription.search("Red Hat")
session.subscription.delete_manifest(ignore_error_messages=['404 Not Found'])
assert not session.subscription.has_manifest
def test_positive_create_as_non_admin_user(module_org, test_name):
"""Create a repository as a non admin user
:id: 582949c4-b95f-4d64-b7f0-fb80b3d2bd7e
:expectedresults: Repository successfully created
:BZ: 1426393
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
repo_name = gen_string('alpha')
user_permissions = {
None: ['access_dashboard'],
'Katello::Product': [
'view_products',
'create_products',
'edit_products',
'destroy_products',
'sync_products',
'export_products',
],
}
role = entities.Role().create()
create_role_permissions(role, user_permissions)
entities.User(
login=user_login,
password=user_password,
role=[role],
admin=False,
default_organization=module_org,
organization=[module_org],
).create()
product = entities.Product(organization=module_org).create()
with Session(test_name, user=user_login,
password=user_password) as session:
# ensure that the created user is not a global admin user
# check administer->organizations page
with raises(NavigationTriesExceeded):
session.organization.create({
'name': gen_string('alpha'),
'label': gen_string('alpha')
})
session.repository.create(
product.name,
{
'name': repo_name,
'repo_type': REPO_TYPE['yum'],
'repo_content.upstream_url': FAKE_1_YUM_REPO,
},
)
assert session.repository.search(product.name,
repo_name)[0]['Name'] == repo_name
