def test_group_remove_should_not_remove_system_pool(self):
with session.begin():
user = data_setup.create_user(password='******')
group = data_setup.create_group(owner=user)
pool = data_setup.create_system_pool(owning_group=group)
b = self.browser
login(b, user=user.user_name, password='******')
b.get(get_server_base() + 'groups/')
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(group.group_name)
b.find_element_by_id('Search').submit()
delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
group.group_name, delete_text='Delete Group')
self.assertEqual(
b.find_element_by_class_name('flash').text,
'%s deleted' % group.display_name)
with session.begin():
session.refresh(pool)
self.assertFalse(pool.owning_group)
self.assertEquals(pool.owning_user, user)
self.assertEquals(pool.activity[-1].action, u'Changed')
self.assertEquals(pool.activity[-1].field_name, u'Owner')
self.assertEquals(pool.activity[-1].old_value, 'Group %s' % group.group_name)
self.assertEquals(pool.activity[-1].new_value, user.user_name)
self.assertEquals(pool.activity[-1].service, u'WEBUI')
def test_modify_active_access_policy(self):
with session.begin():
user1 = data_setup.create_user()
perm = SystemPermission.reserve
system1 = data_setup.create_system(shared=False)
system2 = data_setup.create_system(shared=False)
system1.custom_access_policy.add_rule(perm, user=user1)
system2.custom_access_policy.add_rule(perm, user=user1)
pool = data_setup.create_system_pool(systems=[system1, system2])
user2 = data_setup.create_user()
pool.access_policy.add_rule(perm, user=user2)
# use pool policy
run_client(['bkr', 'system-modify',
'--pool-policy', pool.name,
system1.fqdn, system2.fqdn])
with session.begin():
session.expire_all()
for s in [system1, system2]:
self.assertFalse(s.active_access_policy.grants(user1, perm))
self.assertTrue(s.active_access_policy.grants(user2, perm))
self.assertEquals(s.activity[-1].field_name, u'Active Access Policy')
self.assertEquals(s.activity[-1].action, u'Changed')
self.assertEquals(s.activity[-1].old_value, 'Custom Access Policy')
self.assertEquals(s.activity[-1].new_value,'Pool policy: %s' % pool.name)
# system not in a pool
try:
run_client(['bkr', 'system-modify',
'--pool-policy', data_setup.create_system_pool().name,
system1.fqdn])
except ClientError as e:
self.assertIn('To use a pool policy, the system must be in the pool first',
e.stderr_output)
# Revert to custom policy
run_client(['bkr', 'system-modify',
'--use-custom-policy',
system1.fqdn, system2.fqdn])
with session.begin():
session.expire_all()
for s in [system1, system2]:
self.assertTrue(s.active_access_policy.grants(user1, perm))
self.assertFalse(s.active_access_policy.grants(user2, perm))
# insufficient permission to change active policy
with session.begin():
user1 = data_setup.create_user(password='******')
try:
run_client(['bkr', 'system-modify',
'--use-custom-policy',
'--user', user1.user_name,
'--password', 'abc',
system1.fqdn])
self.fail('Must raise')
except ClientError as e:
self.assertIn('Cannot edit system access policy',
e.stderr_output)
def test_PUT_result_log(self):
with session.begin():
task = self.recipe.tasks[0]
task.pass_(u'', 0, u'Pass')
result = self.recipe.tasks[0].results[0]
upload_url = '%srecipes/%s/tasks/%s/results/%s/logs/PUT-result-log' % (
self.get_proxy_url(), self.recipe.id, task.id, result.id)
response = requests.put(upload_url, data='a' * 10)
self.assertEquals(response.status_code, 204)
local_log_dir = '%s/results/%s+/%s/' % (get_conf().get('CACHEPATH'),
result.id // 1000, result.id)
with session.begin():
self.assertEquals(result.logs[0].path, '/')
self.assertEquals(result.logs[0].filename, 'PUT-result-log')
self.assertEquals(result.logs[0].server,
'%s/beaker/logs/results/%s+/%s/'
% (self.get_log_base_url(), result.id // 1000, result.id))
self.assertEquals(result.logs[0].basepath, local_log_dir)
self.assertEquals(
open(os.path.join(local_log_dir, 'PUT-result-log'), 'r').read(),
'aaaaaaaaaa')
response = requests.put(upload_url, data='b' * 10,
headers={'Content-Range': 'bytes 10-19/20'})
self.assertEquals(response.status_code, 204)
with session.begin():
self.assertEquals(
open(os.path.join(local_log_dir, 'PUT-result-log'), 'r').read(),
'aaaaaaaaaabbbbbbbbbb')
response = requests.get(upload_url)
response.raise_for_status()
self.assertEquals(response.content, 'aaaaaaaaaabbbbbbbbbb')
def test_clear_netboot_GET(self):
with session.begin():
system = data_setup.create_system()
response = requests.get(self.get_proxy_url() + 'nopxe/%s' % system.fqdn)
response.raise_for_status()
with session.begin():
self.assertEqual(system.command_queue[0].action, 'clear_netboot')
def test_start_and_complete_external_task(self):
# Alternative harnesses which support external tasks can report back
# the name and version of the task after they fetch it.
task_url = '%srecipes/%s/tasks/%s/' % (self.get_proxy_url(),
self.recipe.id, self.recipe.tasks[2].id)
name = '/external/example'
version = '3.14-1'
response = requests.patch(task_url, data=dict(status='Running',
name=name, version=version))
self.assertEquals(response.status_code, 200)
json = response.json()
self.assertEquals(json['status'], 'Running')
self.assertEquals(json['name'], name)
self.assertEquals(json['version'], version)
with session.begin():
session.expire_all()
task = self.recipe.tasks[2]
self.assertEquals(task.status, TaskStatus.running)
self.assertEquals(task.name, name)
self.assertEquals(task.version, version)
response = requests.patch(task_url, data=dict(status='Completed'))
self.assertEquals(response.status_code, 200)
self.assertEquals(response.json()['status'], 'Completed')
with session.begin():
session.expire_all()
task = self.recipe.tasks[2]
self.assertEquals(task.status, TaskStatus.completed)
def test_modify_attributes_policy(self):
with session.begin():
system1 = data_setup.create_system(shared=False)
system2 = data_setup.create_system(shared=False)
new_owner = data_setup.create_user()
perm = SystemPermission.reserve
user1 = data_setup.create_user()
system1.custom_access_policy.add_rule(perm, user=user1)
system2.custom_access_policy.add_rule(perm, user=user1)
pool = data_setup.create_system_pool(systems=[system1, system2])
user2 = data_setup.create_user()
pool.access_policy.add_rule(perm, user=user2)
run_client(['bkr', 'system-modify',
'--owner', new_owner.user_name,
'--condition', 'Manual',
'--pool-policy', pool.name,
system1.fqdn, system2.fqdn])
with session.begin():
session.expire_all()
for s in [system1, system2]:
self.assertEquals(s.owner.user_name, new_owner.user_name)
self.assertEquals(s.status, SystemStatus.manual)
self.assertFalse(s.active_access_policy.grants(user1, perm))
self.assertTrue(s.active_access_policy.grants(user2, perm))
def test_xmlrpc_result_log(self):
with session.begin():
self.recipe.tasks[0].pass_(u'', 0, u'Pass')
result = self.recipe.tasks[0].results[0]
s = xmlrpclib.ServerProxy(self.get_proxy_url(), allow_none=True)
s.result_upload_file(result.id, '/', 'result-log', 10, None, 0,
b64encode('a' * 10))
local_log_dir = '%s/results/%s+/%s/' % (get_conf().get('CACHEPATH'),
result.id // 1000, result.id)
with session.begin():
self.assertEquals(result.logs[0].path, '/')
self.assertEquals(result.logs[0].filename, 'result-log')
self.assertEquals(result.logs[0].server,
'%s/beaker/logs/results/%s+/%s/'
% (self.get_log_base_url(), result.id // 1000, result.id))
self.assertEquals(result.logs[0].basepath, local_log_dir)
self.assertEquals(
open(os.path.join(local_log_dir, 'result-log'), 'r').read(),
'aaaaaaaaaa')
s.result_upload_file(result.id, '/', 'result-log', 10, None, 10,
b64encode('b' * 10))
with session.begin():
self.assertEquals(
open(os.path.join(local_log_dir, 'result-log'), 'r').read(),
'aaaaaaaaaabbbbbbbbbb')
def test_add_system_to_pool(self):
with session.begin():
other_system = data_setup.create_system(owner=self.owner)
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
'password': '******'}).raise_for_status()
response = post_json(get_server_base() + 'pools/%s/systems/' % self.pool.name,
session=s, data={'fqdn': other_system.fqdn})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertItemsEqual(self.pool.systems, [self.system, other_system])
self.assertEquals(self.pool.activity[-1].field_name, 'System')
self.assertEquals(self.pool.activity[-1].action, 'Added')
self.assertEquals(self.pool.activity[-1].new_value, unicode(other_system))
self.assertEquals(other_system.activity[-1].field_name, 'Pool')
self.assertEquals(other_system.activity[-1].action, 'Added')
self.assertEquals(other_system.activity[-1].new_value, unicode(self.pool))
# adding to a pool that doesn't exist is a 404
response = post_json(get_server_base() + 'pools/nosuchpool/systems/',
session=s, data={'fqdn': other_system.fqdn})
self.assertEquals(response.status_code, 404)
self.assertEquals(response.text, 'System pool nosuchpool does not exist')
# adding a system that doesn't exist is a 400
response = post_json(get_server_base() + 'pools/%s/systems/' % self.pool.name,
session=s, data={'fqdn': 'nosuchsystem'})
self.assertEquals(response.status_code, 400)
self.assertEquals(response.text, "System 'nosuchsystem' does not exist")
def test_update_system_pool(self):
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
'password': '******'}).raise_for_status()
response = patch_json(get_server_base() +
'pools/%s/' % self.pool.name, session=s,
data={'name': 'newname',
'description': 'newdescription',
'owner': {'user_name': self.user.user_name}})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(self.pool.name, 'newname')
self.assertEquals(self.pool.description, 'newdescription')
self.assertEquals(self.pool.owner.user_name, self.user.user_name)
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.user.user_name,
'password': '******'}).raise_for_status()
response = patch_json(get_server_base() +
'pools/%s/' % self.pool.name, session=s,
data={'name': 'newname',
'description': 'newdescription',
'owner': {'group_name': self.group.group_name}})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(self.pool.owner, self.group)
self.assertFalse(self.pool.owning_user)
def test_create_pool_set_owner(self):
pool_name = data_setup.unique_name(u'mypool%s')
owner = data_setup.create_user()
run_client(['bkr', 'pool-create',
'--owner', owner.user_name,
pool_name])
with session.begin():
p = SystemPool.by_name(pool_name)
self.assertFalse(p.owning_group)
self.assertTrue(p.owning_user.user_name,
owner.user_name)
pool_name = data_setup.unique_name(u'mypool%s')
owning_group = data_setup.create_group()
run_client(['bkr', 'pool-create',
'--owning-group', owning_group.group_name,
pool_name])
with session.begin():
p = SystemPool.by_name(pool_name)
self.assertTrue(p.owning_group, owning_group)
self.assertFalse(p.owning_user)
# specifying both should error out
try:
run_client(['bkr', 'pool-create',
'--owner', owner.user_name,
'--owning-group', owning_group.group_name,
pool_name])
self.fail('Must error out')
except ClientError as e:
self.assertIn('Only one of owner or owning-group must be specified',
e.stderr_output)
def test_clear_netboot(self):
with session.begin():
system = data_setup.create_system()
s = xmlrpclib.ServerProxy(self.get_proxy_url())
s.clear_netboot(system.fqdn)
with session.begin():
self.assertEqual(system.command_queue[0].action, 'clear_netboot')
def test_no_requested_tasks(self):
# If you don't request any tasks (by passing the --task option)
# each recipe should contain only the install checking task
# and nothing more.
with session.begin():
# This one will use /distribution/check-install
data_setup.create_distro_tree(osmajor=u'Fedorarawhide')
# This one will use /distribution/install
data_setup.create_distro_tree(osmajor=u'RedHatEnterpriseLinux7')
out = run_client(['bkr', 'harness-test'])
self.assertIn("Submitted:", out)
with session.begin():
new_job = Job.query.order_by(Job.id.desc()).first()
# There will be one recipe per OS major that exists in the database,
# which is potentially a large number left from earlier tests.
# What we care about is that every recipe must have one task,
# either /distribution/check-install (default)
# or /distribution/install (on known, older distros).
self.assertGreater(len(new_job.recipesets), 1)
for recipe in new_job.all_recipes:
self.assertEqual(len(recipe.tasks), 1)
if recipe.installation.osmajor == 'Fedorarawhide':
self.assertEqual(recipe.tasks[0].name, '/distribution/check-install')
if recipe.installation.osmajor == 'RedHatEnterpriseLinux7':
self.assertEqual(recipe.tasks[0].name, '/distribution/install')
def test_remove_account(self):
with session.begin():
user = data_setup.create_user()
job = data_setup.create_job(owner=user)
data_setup.mark_job_running(job)
owned_system = data_setup.create_system(owner=user)
loaned_system = data_setup.create_system()
loaned_system.loaned = user
reserved_system = data_setup.create_system(status=SystemStatus.manual)
reserved_system.reserve_manually(service=u'testdata', user=user)
reserved_system.custom_access_policy.add_rule(
SystemPermission.reserve, user=user)
owned_pool = data_setup.create_system_pool(owning_user=user)
group = data_setup.create_group(owner=user)
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': 'now'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNotNone(user.removed)
# running jobs should be cancelled
job.update_status()
self.assertEquals(job.status, TaskStatus.cancelled)
self.assertIn('User %s removed' % user.user_name,
job.recipesets[0].recipes[0].tasks[0].results[0].log)
# reservations should be released
self.assertIsNone(reserved_system.user)
# loans should be returned
self.assertIsNone(loaned_system.loaned)
# access policy rules should be removed
self.assertEqual([],
[rule for rule in reserved_system.custom_access_policy.rules
if rule.user == user])
self.assertEqual(reserved_system.activity[0].field_name, u'Access Policy Rule')
self.assertEqual(reserved_system.activity[0].action, u'Removed')
self.assertEqual(reserved_system.activity[0].old_value,
u'User:%s:reserve' % user.user_name)
# systems owned by the user should be transferred to the caller
self.assertEqual(owned_system.owner.user_name, data_setup.ADMIN_USER)
self.assertEqual(owned_system.activity[0].field_name, u'Owner')
self.assertEqual(owned_system.activity[0].action, u'Changed')
self.assertEqual(owned_system.activity[0].old_value, user.user_name)
self.assertEqual(owned_system.activity[0].new_value, data_setup.ADMIN_USER)
# pools owned by the user should be transferred to the caller
self.assertEqual(owned_pool.owner.user_name, data_setup.ADMIN_USER)
self.assertEqual(owned_pool.activity[0].field_name, u'Owner')
self.assertEqual(owned_pool.activity[0].action, u'Changed')
self.assertEqual(owned_pool.activity[0].old_value, user.user_name)
self.assertEqual(owned_pool.activity[0].new_value, data_setup.ADMIN_USER)
# group membership/ownership should be removed
self.assertNotIn(group, user.groups)
self.assertNotIn(user, group.users)
self.assertFalse(group.has_owner(user))
self.assertEqual(group.activity[-1].field_name, u'User')
self.assertEqual(group.activity[-1].action, u'Removed')
self.assertEqual(group.activity[-1].old_value, user.user_name)
def test_change_condition(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.automated)
run_client(['bkr', 'system-modify', '--condition=Manual', system.fqdn])
with session.begin():
session.expire_all()
self.assertEquals(system.status, SystemStatus.manual)
self.assertEquals(system.activity[0].field_name, u'Status')
self.assertEquals(system.activity[0].new_value, u'Manual')
def test_active_access_policy_selection(self):
with session.begin():
user = data_setup.create_user()
owner = data_setup.create_user(password='******')
system = data_setup.create_system(owner=owner)
data_setup.create_system_pool(systems=[system])
pool2 = data_setup.create_system_pool(systems=[system])
pool2.access_policy.add_rule(user=user,
permission=SystemPermission.edit_system)
b = self.browser
login(b, owner.user_name, password='******')
b.get(get_server_base() + 'view/%s/' % system.fqdn)
b.find_element_by_link_text('Access Policy').click()
pane = b.find_element_by_id('access-policy')
# Currently the system is using its custom access policy
self.assertTrue(pane.find_element_by_xpath(
'//label[contains(string(.), "Use custom access policy")]'
'/input[@type="radio"]').is_selected())
# change to pool policy
pane.find_element_by_xpath(
'//label[contains(string(.), "Use policy from pool:")]'
'/input[@type="radio"]').click()
Select(pane.find_element_by_name('pool_name')).select_by_visible_text(pool2.name)
pane.find_element_by_xpath('.//button[text()="Save changes"]').click()
# wait for the request to complete
pane.find_element_by_xpath('.//span[@class="sync-status" and not(node())]')
# check if the policy change has persisted
b.get(get_server_base() + 'view/%s/' % system.fqdn)
b.find_element_by_link_text('Access Policy').click()
self.assertTrue(b.find_element_by_xpath(
'//label[contains(string(.), "Use policy from pool:")]'
'/input[@type="radio"]').is_selected())
selected_options = Select(b.find_element_by_name('pool_name')).\
all_selected_options
self.assertTrue(len(selected_options), 1)
self.assertEquals(selected_options[0].text, pool2.name)
self.assertFalse(b.find_element_by_xpath(
'//label[contains(string(.), "Use custom access policy")]'
'/input[@type="radio"]').is_selected())
with session.begin():
session.expire_all()
self.assertTrue(system.active_access_policy.grants(user,
SystemPermission.edit_system))
logout(b)
# no change allowed when not logged in/no right privileges
b.get(get_server_base() + 'view/%s/' % system.fqdn)
b.find_element_by_link_text('Access Policy').click()
self.assertFalse(b.find_element_by_xpath(
'//label[contains(string(.), "Use policy from pool:")]'
'/input[@type="radio"]').is_enabled())
selected_options = Select(b.find_element_by_name('pool_name')). \
all_selected_options
self.assertEquals(selected_options[0].text, pool2.name)
self.assertFalse(b.find_element_by_xpath(
'//label[contains(string(.), "Use custom access policy")]'
'/input[@type="radio"]').is_enabled())
def test_grant_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
group = data_setup.create_group()
group.add_member(user)
user1 = data_setup.create_user()
# group
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.edit_system))
# non-existent group
try:
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--group', 'idontexist'])
self.fail('Must fail or die')
except ClientError as e:
self.assertIn("Group 'idontexist' does not exist", e.stderr_output)
# Everybody edit_system
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--everybody'])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
user1 = data_setup.create_user()
group.add_member(user1)
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.view_power))
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.reserve))
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.view_power))
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.reserve))
# non-existent pool
try:
run_client(['bkr', 'policy-grant', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_removing_group_removes_admin(self):
with session.begin():
self.system.group_assocs.append(
SystemGroup(group=self.group, admin=True))
self.assert_(self.system.can_admin(self.user_in_group))
b = self.browser
self.delete_group_from_system(b)
with session.begin():
session.refresh(self.system)
self.assert_(not self.system.can_admin(self.user_in_group))
def test_can_release_system(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.manual)
user = data_setup.create_user()
system.reserve_manually("TESTING", user=user)
self.assertEqual(system.user, user)
run_client(["bkr", "system-release", system.fqdn])
with session.begin():
session.refresh(system)
self.assertEqual(system.user, None)
def test_create_system_set_condition(self):
fqdn = data_setup.unique_name(u'mysystem%s')
with session.begin():
lc = data_setup.create_labcontroller()
run_client(['bkr', 'system-create', fqdn,
'--lab-controller', str(lc.fqdn),
'--condition=Automated'])
with session.begin():
system = System.by_fqdn(fqdn, User.by_user_name(u'admin'))
self.assertTrue(system.lab_controller, lc)
self.assertEquals(str(system.status), u'Automated')
def test_404(self):
with session.begin():
distro_tree = data_setup.create_distro_tree(
lab_controllers=[self.lc],
urls=['http://localhost:19998/error/404'])
check_all_trees(ignore_errors=True)
with session.begin():
session.expire_all()
# The distro tree should be expired.
self.assertFalse(any(dla.lab_controller == self.lc
for dla in distro_tree.lab_controller_assocs))
def test_grant_everybody(self):
with session.begin():
user = data_setup.create_user()
self.assertFalse(self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
run_client(['bkr', 'policy-grant', '--system', self.system.fqdn,
'--permission', 'edit_system', '--everybody'])
with session.begin():
session.expire_all()
self.assertTrue(self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
def test_update_email_address(self):
with session.begin():
user = data_setup.create_user(email_address=u'*****@*****.**')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'email_address': u'*****@*****.**'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.email_address, u'*****@*****.**')
def test_update_display_name(self):
with session.begin():
user = data_setup.create_user(display_name=u'Frodo Baggins')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'display_name': u'Frodo Gamgee'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.display_name, u'Frodo Gamgee')
def test_error_when_deleting_referenced_power_type(self):
with session.begin():
system = data_setup.create_system()
power_type = system.power.power_type
response = self.s.delete(get_server_base() + 'powertypes/%s' % power_type.id)
self.assertEqual(400, response.status_code)
with session.begin():
session.expire_all()
self.assertTrue(session.query(PowerType).filter_by(
name=power_type.name).count())
def test_disable_user(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'disabled': True}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(user.disabled)
def test_set_root_password(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'root_password': u'D6BeK7Cq9a4M'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNotNone(user._root_password)
def test_404(self):
with session.begin():
distro_tree = data_setup.create_distro_tree(
lab_controllers=[self.lc],
urls=['http://localhost:19998/error/404'])
check_all_trees(ignore_errors=True)
with session.begin():
session.expire_all()
# The distro tree should be expired.
self.assertFalse(
any(dla.lab_controller == self.lc
for dla in distro_tree.lab_controller_assocs))
def test_revoke_everybody(self):
with session.begin():
self.system.custom_access_policy.add_rule(
permission=SystemPermission.edit_system, everybody=True)
self.assertTrue(self.system.custom_access_policy.grants_everybody(
SystemPermission.edit_system))
run_client(['bkr', 'policy-revoke', '--system', self.system.fqdn,
'--permission', 'edit_system', '--everybody'])
with session.begin():
session.expire_all()
self.assertFalse(self.system.custom_access_policy.grants_everybody(
SystemPermission.edit_system))
def test_revoke_everybody(self):
with session.begin():
self.system.custom_access_policy.add_rule(
permission=SystemPermission.edit_system, everybody=True)
self.assertTrue(self.system.custom_access_policy.grants_everybody(
SystemPermission.edit_system))
run_client(['bkr', 'policy-revoke', '--system', self.system.fqdn,
'--permission', 'edit_system', '--everybody'])
with session.begin():
session.expire_all()
self.assertFalse(self.system.custom_access_policy.grants_everybody(
SystemPermission.edit_system))
def test_update_display_name(self):
with session.begin():
user = data_setup.create_user(display_name=u'Frodo Baggins')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'display_name': u'Frodo Gamgee'},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.display_name, u'Frodo Gamgee')
def test_modify_active_access_policy(self):
with session.begin():
user1 = data_setup.create_user()
perm = SystemPermission.reserve
system1 = data_setup.create_system(shared=False)
system2 = data_setup.create_system(shared=False)
system1.custom_access_policy.add_rule(perm, user=user1)
system2.custom_access_policy.add_rule(perm, user=user1)
pool = data_setup.create_system_pool(systems=[system1, system2])
user2 = data_setup.create_user()
pool.access_policy.add_rule(perm, user=user2)
# use pool policy
run_client([
'bkr', 'system-modify', '--pool-policy', pool.name, system1.fqdn,
system2.fqdn
])
with session.begin():
session.expire_all()
for s in [system1, system2]:
self.assertFalse(s.active_access_policy.grants(user1, perm))
self.assertTrue(s.active_access_policy.grants(user2, perm))
self.assertEquals(s.activity[-1].field_name,
u'Active Access Policy')
self.assertEquals(s.activity[-1].action, u'Changed')
self.assertEquals(s.activity[-1].old_value,
'Custom access policy')
self.assertEquals(s.activity[-1].new_value,
'Pool policy: %s' % pool.name)
# system not in a pool
try:
run_client([
'bkr', 'system-modify', '--pool-policy',
data_setup.create_system_pool().name, system1.fqdn
])
except ClientError as e:
self.assertIn(
'To use a pool policy, the system must be in the pool first',
e.stderr_output)
# Revert to custom policy
run_client([
'bkr', 'system-modify', '--use-custom-policy', system1.fqdn,
system2.fqdn
])
with session.begin():
session.expire_all()
for s in [system1, system2]:
self.assertTrue(s.active_access_policy.grants(user1, perm))
self.assertFalse(s.active_access_policy.grants(user2, perm))
def test_add_systems_to_pool(self):
pool_name = data_setup.unique_name(u'mypool%s')
with session.begin():
pool = data_setup.create_system_pool(name=pool_name)
s1 = data_setup.create_system()
s2 = data_setup.create_system()
run_client(['bkr', 'pool-add', '--pool', pool_name,
'--system', s1.fqdn,
'--system', s2.fqdn])
with session.begin():
session.refresh(pool)
self.assertItemsEqual([s1, s2], pool.systems)
def test_set_password(self):
with session.begin():
user = data_setup.create_user()
user.password = u'frodo'
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'password': u'bilbo'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(user.check_password(u'bilbo'))
def test_clear_root_password(self):
with session.begin():
user = data_setup.create_user()
user.root_password = u'D6BeK7Cq9a4M'
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'root_password': u''}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNone(user._root_password)
def test_set_use_old_job_page(self):
with session.begin():
user = data_setup.create_user(password=u'password')
user.use_old_job_page = True
s = requests.Session()
requests_login(s, user=user.user_name, password='******')
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'use_old_job_page': False}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.use_old_job_page, False)
def test_reenable_user(self):
with session.begin():
user = data_setup.create_user()
user.disabled = True
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'disabled': False}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertFalse(user.disabled)
def test_add_submission_delegate(self):
with session.begin():
user = data_setup.create_user()
other_user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = post_json(get_server_base() + 'users/%s/submission-delegates/' % user.user_name,
session=s, data={'user_name': other_user.user_name})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertItemsEqual(user.submission_delegates, [other_user])
def test_create_system_set_condition(self):
fqdn = data_setup.unique_name(u'mysystem%s')
with session.begin():
lc = data_setup.create_labcontroller()
run_client([
'bkr', 'system-create', fqdn, '--lab-controller',
str(lc.fqdn), '--condition=Automated'
])
with session.begin():
system = System.by_fqdn(fqdn, User.by_user_name(u'admin'))
self.assertTrue(system.lab_controller, lc)
self.assertEquals(str(system.status), u'Automated')
def test_multiple_permissions_and_targets(self):
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
# there is always the rule granting everybody view
self.assertEquals(len(self.system.custom_access_policy.rules), 1)
run_client(['bkr', 'policy-grant', '--system', self.system.fqdn,
'--permission=reserve', '--permission=view_power',
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.expire_all()
self.assertEquals(len(self.system.custom_access_policy.rules), 5)
def test_update_email_address(self):
with session.begin():
user = data_setup.create_user(
email_address=u'*****@*****.**')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'email_address': u'*****@*****.**'},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.email_address, u'*****@*****.**')
def test_delete_ssh_public_key(self):
with session.begin():
user = data_setup.create_user()
user.sshpubkeys.append(SSHPubKey(keytype=u'ssh-rsa',
pubkey=u'abc', ident=u'*****@*****.**'))
s = requests.Session()
requests_login(s)
response = s.delete(get_server_base() + 'users/%s/ssh-public-keys/%s'
% (user.user_name, user.sshpubkeys[0].id))
self.assertEqual(response.status_code, 204)
with session.begin():
session.expire_all()
self.assertEqual(len(user.sshpubkeys), 0)
def test_remove_submission_delegate(self):
with session.begin():
user = data_setup.create_user()
other_user = data_setup.create_user()
user.add_submission_delegate(other_user, service=u'testdata')
s = requests.Session()
requests_login(s)
response = s.delete(get_server_base() + 'users/%s/submission-delegates/' % user.user_name,
params={'user_name': other_user.user_name})
self.assertEqual(response.status_code, 204)
with session.begin():
session.expire_all()
self.assertEqual(len(user.submission_delegates), 0)
def test_rename_user(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
session=s, data={'user_name': 'sgamgee'})
response.raise_for_status()
self.assertEqual(response.headers['Location'], get_server_base() + 'users/sgamgee')
self.assertEqual(response.json()['user_name'], 'sgamgee')
with session.begin():
session.expire_all()
self.assertEqual(user.user_name, u'sgamgee')
def test_revoke_user(self):
with session.begin():
user = data_setup.create_user()
self.system.custom_access_policy.add_rule(
permission=SystemPermission.edit_system, user=user)
self.assertTrue(self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
run_client(['bkr', 'policy-revoke', '--system', self.system.fqdn,
'--permission', 'edit_system', '--user', user.user_name])
with session.begin():
session.expire_all()
self.assertFalse(self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
def test_500(self):
with session.begin():
lc = self.get_lc()
distro_tree = data_setup.create_distro_tree(
lab_controllers=[lc],
urls=[u'http://localhost:19998/error/500'])
check_all_trees(ignore_errors=True)
with session.begin():
session.expire_all()
# The distro tree should not be expired.
self.assertTrue(
any(dla.lab_controller == self.lc
for dla in distro_tree.lab_controller_assocs))
def test_error_when_deleting_referenced_power_type(self):
with session.begin():
system = data_setup.create_system()
power_type = system.power.power_type
response = self.s.delete(get_server_base() +
'powertypes/%s' % power_type.id)
self.assertEqual(400, response.status_code)
with session.begin():
session.expire_all()
self.assertTrue(
session.query(PowerType).filter_by(
name=power_type.name).count())
def test_unremove_account(self):
with session.begin():
user = data_setup.create_user()
user.removed = datetime.datetime.utcnow()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': None}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNone(user.removed)
self.assertFalse(user.disabled)
def test_change_hypervisor(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to KVM
run_client(
['bkr', 'system-modify', '--host-hypervisor=KVM', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.hypervisor, Hypervisor.by_name(u'KVM'))
# set back to none (bare metal)
run_client(['bkr', 'system-modify', '--host-hypervisor=', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.hypervisor, None)
def test_change_power_id(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'dummyvm'
run_client(['bkr', 'system-modify', '--power-id=dummyvm', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_id, u'dummyvm')
# set to 'vm-dummy'
run_client(
['bkr', 'system-modify', '--power-id=vm-dummy', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_id, u'vm-dummy')
def test_multiple_permissions_and_targets(self):
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
# there is always the rule granting everybody view
self.assertEquals(len(self.system.custom_access_policy.rules), 1)
run_client([
'bkr', 'policy-grant', '--system', self.system.fqdn,
'--permission=reserve', '--permission=view_power', '--user',
user.user_name, '--group', group.group_name
])
with session.begin():
session.expire_all()
self.assertEquals(len(self.system.custom_access_policy.rules), 5)
def test_revoke_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
user1 = data_setup.create_user()
group = data_setup.create_group()
group.add_member(user1)
pol = pool.access_policy
pol.add_rule(SystemPermission.reserve, user=user)
pol.add_rule(SystemPermission.view_power, user=user)
pol.add_rule(SystemPermission.reserve, group=group)
pol.add_rule(SystemPermission.view_power, group=group)
# revoke edit_system from group
run_client(['bkr', 'policy-revoke', '--pool', pool.name,
'--permission', 'view_power', '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertFalse(pool.access_policy.grants(
user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
run_client(['bkr', 'policy-revoke', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertFalse(pool.access_policy.grants(
user, SystemPermission.view_power))
self.assertFalse(pool.access_policy.grants(
user, SystemPermission.reserve))
self.assertFalse(pool.access_policy.grants(
user1, SystemPermission.view_power))
self.assertFalse(pool.access_policy.grants(
user1, SystemPermission.reserve))
# this should still exist
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.view))
# non-existent pool
try:
run_client(['bkr', 'policy-revoke', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_group_has_access_policy_rule_remove(self):
with session.begin():
user = data_setup.create_user(password='******')
system = data_setup.create_system(owner=user,
shared=False)
system.custom_access_policy = SystemAccessPolicy()
group = data_setup.create_group(owner=user)
p = system.custom_access_policy
p.add_rule(permission=SystemPermission.edit_system,
group=group)
p.add_rule(permission=SystemPermission.edit_policy,
group=group)
b = self.browser
login(b, user=user.user_name, password='******')
# check current rules
self.assertEquals(len(p.rules), 2)
self.assert_(p.rules[0].user is None)
self.assertEquals(p.rules[0].group, group)
self.assert_(p.rules[1].user is None)
self.assertEquals(p.rules[1].group, group)
# save current rules for later use
access_policy_rule_1 = repr(p.rules[0])
access_policy_rule_2 = repr(p.rules[1])
# delete the group
b.get(get_server_base() + 'groups/mine')
delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
group.group_name, delete_text='Delete Group')
self.assertEqual(
b.find_element_by_class_name('flash').text,
'%s deleted' % group.display_name)
with session.begin():
session.expire_all()
# check if the access policy rule has been removed
self.assertEquals(len(p.rules), 0)
# Check whether the rules deleted have been recorded in the
# Activity table
self.assertEquals(system.activity[0].field_name, u'Access Policy Rule')
self.assertEquals(system.activity[0].action, u'Removed')
self.assertEquals(system.activity[0].old_value, access_policy_rule_2)
self.assertEquals(system.activity[1].field_name, u'Access Policy Rule')
self.assertEquals(system.activity[1].action, u'Removed')
self.assertEquals(system.activity[1].old_value, access_policy_rule_1)
def test_add_ssh_public_key(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = s.post(get_server_base() + 'users/%s/ssh-public-keys/' % user.user_name,
headers={'Content-Type': 'text/plain'},
data='ssh-rsa abc [email protected]')
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(len(user.sshpubkeys), 1)
self.assertEqual(user.sshpubkeys[0].keytype, u'ssh-rsa')
self.assertEqual(user.sshpubkeys[0].pubkey, u'abc')
self.assertEqual(user.sshpubkeys[0].ident, u'*****@*****.**')
def test_grant_everybody(self):
with session.begin():
user = data_setup.create_user()
self.assertFalse(
self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
run_client([
'bkr', 'policy-grant', '--system', self.system.fqdn,
'--permission', 'edit_system', '--everybody'
])
with session.begin():
session.expire_all()
self.assertTrue(
self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
def test_change_release_action(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'LeaveOn'
run_client(
['bkr', 'system-modify', '--release-action=LeaveOn', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.release_action, ReleaseAction.leave_on)
# set to 'PowerOff'
run_client(
['bkr', 'system-modify', '--release-action=PowerOff', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.release_action, ReleaseAction.power_off)
def test_clearing_alias_stores_null(self):
with session.begin():
data_setup.create_distro_tree(osmajor=u'YellowSpaceshipLinux2')
osmajor = OSMajor.by_name(u'YellowSpaceshipLinux2')
osmajor.alias = u'YSL2'
b = self.browser
go_to_edit_osmajor(b, 'YellowSpaceshipLinux2')
b.find_element_by_xpath('//input[@id="form_alias"]').clear()
b.find_element_by_xpath('//button[text()="Edit OSMajor"]').submit()
self.assertEquals(
b.find_element_by_class_name('flash').text,
'Changes saved for YellowSpaceshipLinux2')
with session.begin():
session.refresh(osmajor)
self.assertEquals(osmajor.alias, None) # not ''
def test_disable_enable(self):
b = self.browser
login(b)
b.get(get_server_base() + 'users/%s' % self.user.user_name)
b.find_element_by_xpath('//button[contains(text(), "Disable")]').click()
b.find_element_by_xpath('//div[@class="alert" and text()="Account is currently disabled."]')
with session.begin():
session.expire_all()
self.assertTrue(self.user.disabled)
b.find_element_by_xpath('//button[contains(text(), "Enable")]').click()
# Wait for the button to change back to "Disable"
b.find_element_by_xpath('//button[contains(text(), "Disable")]')
with session.begin():
session.expire_all()
self.assertFalse(self.user.disabled)
def test_POST_task_status(self):
status_url = '%srecipes/%s/tasks/%s/status' % (
self.get_proxy_url(), self.recipe.id, self.recipe.tasks[0].id)
response = requests.post(status_url, data=dict(status='Running'))
self.assertEquals(response.status_code, 204)
with session.begin():
session.expire_all()
task = self.recipe.tasks[0]
self.assertEquals(task.status, TaskStatus.running)
response = requests.post(status_url, data=dict(status='Completed'))
self.assertEquals(response.status_code, 204)
with session.begin():
session.expire_all()
task = self.recipe.tasks[0]
self.assertEquals(task.status, TaskStatus.completed)
