def test_remove_systems_from_pool(self):
pool_name = data_setup.unique_name(u'mypool%s')
with session.begin():
s1 = data_setup.create_system()
s2 = data_setup.create_system()
s3 = data_setup.create_system()
s4 = data_setup.create_system()
pool = data_setup.create_system_pool(name=pool_name,
systems=[s1, s2, s3])
run_client([
'bkr', 'pool-remove', '--pool', pool_name, '--system', s1.fqdn,
'--system', s2.fqdn
])
with session.begin():
session.refresh(pool)
self.assertIn(s3, pool.systems)
# remove system from a pool of which it is not a member of
try:
run_client([
'bkr', 'pool-remove', '--pool', pool_name, '--system', s4.fqdn
])
self.fail('Must fail')
except ClientError as e:
self.assertIn('System %s is not in pool %s' % (s4.fqdn, pool_name),
e.stderr_output)
def test_group_remove_should_not_remove_system_pool(self):
with session.begin():
user = data_setup.create_user(password='******')
group = data_setup.create_group(owner=user)
pool = data_setup.create_system_pool(owning_group=group)
b = self.browser
login(b, user=user.user_name, password='******')
b.get(get_server_base() + 'groups/')
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(group.group_name)
b.find_element_by_id('Search').submit()
delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
group.group_name, delete_text='Delete Group')
self.assertEqual(
b.find_element_by_class_name('flash').text,
'%s deleted' % group.display_name)
with session.begin():
session.refresh(pool)
self.assertFalse(pool.owning_group)
self.assertEquals(pool.owning_user, user)
self.assertEquals(pool.activity[-1].action, u'Changed')
self.assertEquals(pool.activity[-1].field_name, u'Owner')
self.assertEquals(pool.activity[-1].old_value, 'Group %s' % group.group_name)
self.assertEquals(pool.activity[-1].new_value, user.user_name)
self.assertEquals(pool.activity[-1].service, u'WEBUI')
def test_removing_group_removes_admin(self):
with session.begin():
self.system.group_assocs.append(
SystemGroup(group=self.group, admin=True))
self.assert_(self.system.can_admin(self.user_in_group))
b = self.browser
self.delete_group_from_system(b)
with session.begin():
session.refresh(self.system)
self.assert_(not self.system.can_admin(self.user_in_group))
def test_can_release_system(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.manual)
user = data_setup.create_user()
system.reserve_manually("TESTING", user=user)
self.assertEqual(system.user, user)
run_client(["bkr", "system-release", system.fqdn])
with session.begin():
session.refresh(system)
self.assertEqual(system.user, None)
def test_can_release_system(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.manual)
user = data_setup.create_user()
system.reserve_manually(u'TESTING', user=user)
self.assertEqual(system.user, user)
run_client(['bkr', 'system-release', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEqual(system.user, None)
def test_add_systems_to_pool(self):
pool_name = data_setup.unique_name(u'mypool%s')
with session.begin():
pool = data_setup.create_system_pool(name=pool_name)
s1 = data_setup.create_system()
s2 = data_setup.create_system()
run_client(['bkr', 'pool-add', '--pool', pool_name,
'--system', s1.fqdn,
'--system', s2.fqdn])
with session.begin():
session.refresh(pool)
self.assertItemsEqual([s1, s2], pool.systems)
def test_change_hypervisor(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to KVM
run_client(['bkr', 'system-modify', '--host-hypervisor=KVM', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.hypervisor, Hypervisor.by_name(u'KVM'))
# set back to none (bare metal)
run_client(['bkr', 'system-modify', '--host-hypervisor=', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.hypervisor, None)
def test_change_hypervisor(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to KVM
run_client(
['bkr', 'system-modify', '--host-hypervisor=KVM', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.hypervisor, Hypervisor.by_name(u'KVM'))
# set back to none (bare metal)
run_client(['bkr', 'system-modify', '--host-hypervisor=', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.hypervisor, None)
def test_clearing_alias_stores_null(self):
with session.begin():
data_setup.create_distro_tree(osmajor=u'YellowSpaceshipLinux2')
osmajor = OSMajor.by_name(u'YellowSpaceshipLinux2')
osmajor.alias = u'YSL2'
b = self.browser
go_to_edit_osmajor(b, 'YellowSpaceshipLinux2')
b.find_element_by_xpath('//input[@id="form_alias"]').clear()
b.find_element_by_xpath('//button[text()="Edit OSMajor"]').submit()
self.assertEquals(b.find_element_by_class_name('flash').text,
'Changes saved for YellowSpaceshipLinux2')
with session.begin():
session.refresh(osmajor)
self.assertEquals(osmajor.alias, None) # not ''
def test_cannot_update_system_pool_with_empty_name(self):
"""Verify that updating a system pool with an empty name returns an error."""
self.assertTrue(self.pool.name, "Cannot run test with empty pool name in fixture")
s = requests.Session()
send_login(s, self.owner, 'theowner')
response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name,
session=s,
data={'name': ''})
self.assertEqual(400, response.status_code)
self.assertEqual('Pool name cannot be empty', response.text)
with session.begin():
session.refresh(self.pool)
self.assertTrue(self.pool.name)
def test_change_power_id(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'dummyvm'
run_client(['bkr', 'system-modify', '--power-id=dummyvm', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_id, u'dummyvm')
# set to 'vm-dummy'
run_client(
['bkr', 'system-modify', '--power-id=vm-dummy', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_id, u'vm-dummy')
def test_change_release_action(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'LeaveOn'
run_client(
['bkr', 'system-modify', '--release-action=LeaveOn', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.release_action, ReleaseAction.leave_on)
# set to 'PowerOff'
run_client(
['bkr', 'system-modify', '--release-action=PowerOff', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.release_action, ReleaseAction.power_off)
def test_clearing_alias_stores_null(self):
with session.begin():
data_setup.create_distro_tree(osmajor=u'YellowSpaceshipLinux2')
osmajor = OSMajor.by_name(u'YellowSpaceshipLinux2')
osmajor.alias = u'YSL2'
b = self.browser
go_to_edit_osmajor(b, 'YellowSpaceshipLinux2')
b.find_element_by_xpath('//input[@id="form_alias"]').clear()
b.find_element_by_xpath('//button[text()="Edit OSMajor"]').submit()
self.assertEquals(
b.find_element_by_class_name('flash').text,
'Changes saved for YellowSpaceshipLinux2')
with session.begin():
session.refresh(osmajor)
self.assertEquals(osmajor.alias, None) # not ''
def test_add_system(self):
with session.begin():
system = data_setup.create_system()
pool = data_setup.create_system_pool()
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=pool, tab='Systems')
b.find_element_by_name('system').send_keys(system.fqdn)
b.find_element_by_class_name('pool-add-system-form').submit()
self.assertEquals(b.find_element_by_xpath('//div[@id="systems"]'
'/div/ul[@class="list-group pool-systems-list"]'
'/li/a').text, system.fqdn)
with session.begin():
session.refresh(pool)
self.assertIn(system, pool.systems)
def test_cannot_update_system_pool_with_empty_name(self):
"""Verify that updating a system pool with an empty name returns an error."""
self.assertTrue(self.pool.name,
"Cannot run test with empty pool name in fixture")
s = requests.Session()
send_login(s, self.owner, 'theowner')
response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name,
session=s,
data={'name': ''})
self.assertEqual(400, response.status_code)
self.assertEqual('Pool name cannot be empty', response.text)
with session.begin():
session.refresh(self.pool)
self.assertTrue(self.pool.name)
def test_remove_system(self):
with session.begin():
system = data_setup.create_system()
pool = data_setup.create_system_pool()
pool.systems.append(system)
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=pool, tab='Systems')
b.find_element_by_link_text(system.fqdn)
# remove
b.find_element_by_xpath('//li[contains(a/text(), "%s")]/button' %
system.fqdn).click()
b.find_element_by_xpath('//div[@id="systems" and ' 'not(./div/ul/li)]')
with session.begin():
session.refresh(pool)
self.assertNotIn(system, pool.systems)
def test_remove_system(self):
with session.begin():
system = data_setup.create_system()
pool = data_setup.create_system_pool()
pool.systems.append(system)
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=pool, tab='Systems')
b.find_element_by_link_text(system.fqdn)
# remove
b.find_element_by_xpath('//li[contains(a/text(), "%s")]/button' % system.fqdn).click()
b.find_element_by_xpath('//div[@id="systems" and '
'not(./div/ul/li)]')
with session.begin():
session.refresh(pool)
self.assertNotIn(system, pool.systems)
def test_change_power_user(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'dummyuser'
run_client(
['bkr', 'system-modify', '--power-user=dummyuser', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_user, u'dummyuser')
# set back to default value
user = u'%s_power_user' % system.fqdn
run_client(
['bkr', 'system-modify',
'--power-user=%s' % user, system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_user, user)
def test_change_power_quiescent(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 10
run_client([
'bkr', 'system-modify', '--power-quiescent-period=10', system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_quiescent_period, 10)
# set to 5
run_client([
'bkr', 'system-modify', '--power-quiescent-period=5', system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_quiescent_period, 5)
def test_add_system(self):
with session.begin():
system = data_setup.create_system()
pool = data_setup.create_system_pool()
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=pool, tab='Systems')
b.find_element_by_name('system').send_keys(system.fqdn)
b.find_element_by_class_name('pool-add-system-form').submit()
self.assertEquals(
b.find_element_by_xpath(
'//div[@id="systems"]'
'/div/ul[@class="list-group pool-systems-list"]'
'/li/a').text, system.fqdn)
with session.begin():
session.refresh(pool)
self.assertIn(system, pool.systems)
def test_change_power_type(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'apc_snmp_then_etherwake'
run_client([
'bkr', 'system-modify', '--power-type=apc_snmp_then_etherwake',
system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_type,
PowerType.by_name(u'apc_snmp_then_etherwake'))
# set back to ilo
run_client(['bkr', 'system-modify', '--power-type=ilo', system.fqdn])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_type,
PowerType.by_name(u'ilo'))
def test_cannot_update_with_empty_name(self):
"""Verifies that the pool cannot be updated with an empty name."""
self.assertTrue(self.pool.name, "Cannot run test with empty pool name in fixture")
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=self.pool)
b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click()
modal = b.find_element_by_class_name('modal')
modal.find_element_by_name('name').clear()
modal.find_element_by_xpath('.//button[text()="Save changes"]').click()
self.assertTrue(modal.find_element_by_css_selector('input[name="name"]:required:invalid'))
# verify that the pool's name is not modified and the name not empty due
# to the validation error
with session.begin():
session.refresh(self.pool)
self.assertTrue(self.pool.name)
def test_register_recipe_log(self):
self.server.auth.login_password(self.lc.user.user_name, 'logmein')
self.server.recipes.register_file('http://myserver/log.txt',
self.recipe.id, '/', 'log.txt', '')
with session.begin():
session.refresh(self.recipe)
self.assertEquals(len(self.recipe.logs), 1, self.recipe.logs)
self.assertEquals(self.recipe.logs[0].path, u'/')
self.assertEquals(self.recipe.logs[0].filename, u'log.txt')
self.assertEquals(self.recipe.logs[0].server, u'http://myserver/log.txt')
# Register it again with a different URL
self.server.recipes.register_file('http://elsewhere/log.txt',
self.recipe.id, '/', 'log.txt', '')
with session.begin():
session.refresh(self.recipe)
self.assertEquals(len(self.recipe.logs), 1, self.recipe.logs)
self.assertEquals(self.recipe.logs[0].path, u'/')
self.assertEquals(self.recipe.logs[0].filename, u'log.txt')
self.assertEquals(self.recipe.logs[0].server, u'http://elsewhere/log.txt')
def test_register_recipe_log(self):
self.server.auth.login_password(self.lc.user.user_name, 'logmein')
self.server.recipes.register_file('http://myserver/log.txt',
self.recipe.id, '/', 'log.txt', '')
with session.begin():
session.refresh(self.recipe)
self.assertEquals(len(self.recipe.logs), 1, self.recipe.logs)
self.assertEquals(self.recipe.logs[0].path, u'/')
self.assertEquals(self.recipe.logs[0].filename, u'log.txt')
self.assertEquals(self.recipe.logs[0].server, u'http://myserver/log.txt')
# Register it again with a different URL
self.server.recipes.register_file('http://elsewhere/log.txt',
self.recipe.id, '/', 'log.txt', '')
with session.begin():
session.refresh(self.recipe)
self.assertEquals(len(self.recipe.logs), 1, self.recipe.logs)
self.assertEquals(self.recipe.logs[0].path, u'/')
self.assertEquals(self.recipe.logs[0].filename, u'log.txt')
self.assertEquals(self.recipe.logs[0].server, u'http://elsewhere/log.txt')
def test_change_power_address(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'dummyaddress'
run_client([
'bkr', 'system-modify', '--power-address=dummyaddress', system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_address, u'dummyaddress')
# set back to default value
address = u'%s_power_address' % system.fqdn
run_client([
'bkr', 'system-modify',
'--power-address=%s' % address, system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_address, address)
def test_remove_systems_pool_privileges(self):
pool_name = data_setup.unique_name('mypool%s')
with session.begin():
system_owner = data_setup.create_user(password='******')
pool_owner = data_setup.create_user(password='******')
random_user = data_setup.create_user(password='******')
s1 = data_setup.create_system(owner=system_owner)
s2 = data_setup.create_system(owner=system_owner)
s3 = data_setup.create_system(owner=system_owner)
pool = data_setup.create_system_pool(name=pool_name,
owning_user=pool_owner,
systems=[s1, s2, s3]
)
run_client(['bkr', 'pool-remove', '--pool', pool_name,
'--system', s1.fqdn],
config=create_client_config(
username=system_owner.user_name,
password='******'))
with session.begin():
session.refresh(pool)
self.assertNotIn(s1, pool.systems)
run_client(['bkr', 'pool-remove', '--pool', pool_name,
'--system', s2.fqdn],
config=create_client_config(
username=pool_owner.user_name,
password='******'))
with session.begin():
session.refresh(pool)
self.assertNotIn(s2, pool.systems)
try:
run_client(['bkr', 'pool-remove', '--pool', pool_name,
'--system', s3.fqdn],
config=create_client_config(
username=random_user.user_name,
password='******'))
self.fail('Must fail')
except ClientError as e:
self.assertIn('You do not have permission to modify system %s'
'or remove systems from pool %s' % (s3.fqdn, pool_name),
e.stderr_output)
def test_start_and_complete_task(self):
# This simulates the traditional beah style where the task comes from
# the task library, and its name and version are already known. We just
# set it to Running and then to Completed.
task_url = '%srecipes/%s/tasks/%s/' % (
self.get_proxy_url(), self.recipe.id, self.recipe.tasks[1].id)
response = requests.patch(task_url, data=dict(status='Running'))
self.assertEquals(response.status_code, 200)
self.assertEquals(response.json()['status'], 'Running')
with session.begin():
task = self.recipe.tasks[1]
session.refresh(task)
self.assertEquals(task.status, TaskStatus.running)
response = requests.patch(task_url, data=dict(status='Completed'))
self.assertEquals(response.status_code, 200)
self.assertEquals(response.json()['status'], 'Completed')
with session.begin():
session.expire_all()
task = self.recipe.tasks[1]
self.assertEquals(task.status, TaskStatus.completed)
def test_start_and_complete_task(self):
# This simulates the traditional beah style where the task comes from
# the task library, and its name and version are already known. We just
# set it to Running and then to Completed.
task_url = '%srecipes/%s/tasks/%s/' % (self.get_proxy_url(),
self.recipe.id, self.recipe.tasks[1].id)
response = requests.patch(task_url, data=dict(status='Running'))
self.assertEquals(response.status_code, 200)
self.assertEquals(response.json()['status'], 'Running')
with session.begin():
task = self.recipe.tasks[1]
session.refresh(task)
self.assertEquals(task.status, TaskStatus.running)
response = requests.patch(task_url, data=dict(status='Completed'))
self.assertEquals(response.status_code, 200)
self.assertEquals(response.json()['status'], 'Completed')
with session.begin():
session.expire_all()
task = self.recipe.tasks[1]
self.assertEquals(task.status, TaskStatus.completed)
def test_change_power_password(self):
with session.begin():
system = data_setup.create_system(hypervisor=None)
# set to 'dummypassword'
run_client([
'bkr', 'system-modify', '--power-password=dummypassword',
system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_passwd, u'dummypassword')
# set back to default value
password = u'%s_power_password' % system.fqdn
run_client([
'bkr', 'system-modify',
'--power-password=%s' % password, system.fqdn
])
with session.begin():
session.refresh(system)
self.assertEquals(system.power.power_passwd, password)
def test_remove_systems_pool_privileges(self):
pool_name = data_setup.unique_name(u'mypool%s')
with session.begin():
system_owner = data_setup.create_user(password=u'password')
pool_owner = data_setup.create_user(password=u'password')
random_user = data_setup.create_user(password=u'password')
s1 = data_setup.create_system(owner=system_owner)
s2 = data_setup.create_system(owner=system_owner)
s3 = data_setup.create_system(owner=system_owner)
pool = data_setup.create_system_pool(name=pool_name,
owning_user=pool_owner,
systems=[s1, s2, s3])
run_client(
['bkr', 'pool-remove', '--pool', pool_name, '--system', s1.fqdn],
config=create_client_config(username=system_owner.user_name,
password='******'))
with session.begin():
session.refresh(pool)
self.assertNotIn(s1, pool.systems)
run_client(
['bkr', 'pool-remove', '--pool', pool_name, '--system', s2.fqdn],
config=create_client_config(username=pool_owner.user_name,
password='******'))
with session.begin():
session.refresh(pool)
self.assertNotIn(s2, pool.systems)
try:
run_client([
'bkr', 'pool-remove', '--pool', pool_name, '--system', s3.fqdn
],
config=create_client_config(
username=random_user.user_name,
password='******'))
self.fail('Must fail')
except ClientError as e:
self.assertIn(
'You do not have permission to modify system %s'
'or remove systems from pool %s' % (s3.fqdn, pool_name),
e.stderr_output)
def test_update_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
group = data_setup.create_group()
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=pool)
b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click()
modal = b.find_element_by_class_name('modal')
modal.find_element_by_name('description').clear()
modal.find_element_by_name('description').send_keys('newdescription')
BootstrapSelect(modal.find_element_by_name('owner_type'))\
.select_by_visible_text('Group')
modal.find_element_by_name('group_name').clear()
modal.find_element_by_name('group_name').send_keys(group.group_name)
modal.find_element_by_xpath('.//button[text()="Save changes"]').click()
b.find_element_by_xpath('//body[not(.//div[@id="modal"])]')
with session.begin():
session.refresh(pool)
self.assertEqual(pool.description, 'newdescription')
self.assertEqual(pool.owner, group)
def test_update_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
group = data_setup.create_group()
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=pool)
b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click()
modal = b.find_element_by_class_name('modal')
modal.find_element_by_name('description').clear()
modal.find_element_by_name('description').send_keys('newdescription')
BootstrapSelect(modal.find_element_by_name('owner_type'))\
.select_by_visible_text('Group')
modal.find_element_by_name('group_name').clear()
modal.find_element_by_name('group_name').send_keys(group.group_name)
modal.find_element_by_xpath('.//button[text()="Save changes"]').click()
b.find_element_by_xpath(
'//body[not(.//div[contains(@class, "modal")])]')
with session.begin():
session.refresh(pool)
self.assertEqual(pool.description, 'newdescription')
self.assertEqual(pool.owner, group)
def test_cannot_update_with_empty_name(self):
"""Verifies that the pool cannot be updated with an empty name."""
self.assertTrue(self.pool.name,
"Cannot run test with empty pool name in fixture")
b = self.browser
login(b)
self.go_to_pool_edit(system_pool=self.pool)
b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click()
modal = b.find_element_by_class_name('modal')
modal.find_element_by_name('name').clear()
modal.find_element_by_xpath('.//button[text()="Save changes"]').click()
self.assertTrue(
modal.find_element_by_css_selector(
'input[name="name"]:required:invalid'))
# verify that the pool's name is not modified and the name not empty due
# to the validation error
with session.begin():
session.refresh(self.pool)
self.assertTrue(self.pool.name)
def test_grant_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
group = data_setup.create_group()
group.add_member(user)
user1 = data_setup.create_user()
# group
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.edit_system))
# non-existent group
try:
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--group', 'idontexist'])
self.fail('Must fail or die')
except ClientError as e:
self.assertIn("Group 'idontexist' does not exist", e.stderr_output)
# Everybody edit_system
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--everybody'])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
user1 = data_setup.create_user()
group.add_member(user1)
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.view_power))
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.reserve))
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.view_power))
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.reserve))
# non-existent pool
try:
run_client(['bkr', 'policy-grant', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_remove_systems_from_pool(self):
pool_name = data_setup.unique_name('mypool%s')
with session.begin():
s1 = data_setup.create_system()
s2 = data_setup.create_system()
s3 = data_setup.create_system()
s4 = data_setup.create_system()
pool = data_setup.create_system_pool(name=pool_name,
systems=[s1, s2, s3])
run_client(['bkr', 'pool-remove', '--pool', pool_name,
'--system', s1.fqdn,
'--system', s2.fqdn])
with session.begin():
session.refresh(pool)
self.assertIn(s3, pool.systems)
# remove system from a pool of which it is not a member of
try:
run_client(['bkr', 'pool-remove', '--pool', pool_name,
'--system', s4.fqdn])
self.fail('Must fail')
except ClientError as e:
self.assertIn('System %s is not in pool %s' % (s4.fqdn, pool_name),
e.stderr_output)
def test_revoke_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
user1 = data_setup.create_user()
group = data_setup.create_group()
group.users.append(user1)
pol = pool.access_policy
pol.add_rule(SystemPermission.reserve, user=user)
pol.add_rule(SystemPermission.view_power, user=user)
pol.add_rule(SystemPermission.reserve, group=group)
pol.add_rule(SystemPermission.view_power, group=group)
# revoke edit_system from group
run_client([
'bkr', 'policy-revoke', '--pool', pool.name, '--permission',
'view_power', '--group', group.group_name
])
with session.begin():
session.refresh(pool)
self.assertFalse(
pool.access_policy.grants(user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
run_client(['bkr', 'policy-revoke', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertFalse(
pool.access_policy.grants(user, SystemPermission.view_power))
self.assertFalse(
pool.access_policy.grants(user, SystemPermission.reserve))
self.assertFalse(
pool.access_policy.grants(user1, SystemPermission.view_power))
self.assertFalse(
pool.access_policy.grants(user1, SystemPermission.reserve))
# this should still exist
with session.begin():
session.refresh(pool)
self.assertTrue(
pool.access_policy.grants(user, SystemPermission.view))
# non-existent pool
try:
run_client(['bkr', 'policy-revoke', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist",
e.stderr_output)
def test_revoke_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
user1 = data_setup.create_user()
group = data_setup.create_group()
group.users.append(user1)
pol = pool.access_policy
pol.add_rule(SystemPermission.reserve, user=user)
pol.add_rule(SystemPermission.view_power, user=user)
pol.add_rule(SystemPermission.reserve, group=group)
pol.add_rule(SystemPermission.view_power, group=group)
# revoke edit_system from group
run_client(['bkr', 'policy-revoke', '--pool', pool.name,
'--permission', 'view_power', '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertFalse(pool.access_policy.grants(
user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
run_client(['bkr', 'policy-revoke', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertFalse(pool.access_policy.grants(
user, SystemPermission.view_power))
self.assertFalse(pool.access_policy.grants(
user, SystemPermission.reserve))
self.assertFalse(pool.access_policy.grants(
user1, SystemPermission.view_power))
self.assertFalse(pool.access_policy.grants(
user1, SystemPermission.reserve))
# this should still exist
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.view))
# non-existent pool
try:
run_client(['bkr', 'policy-revoke', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_group_has_access_policy_rule_remove(self):
with session.begin():
user = data_setup.create_user(password='******')
system = data_setup.create_system(owner=user, shared=False)
system.custom_access_policy = SystemAccessPolicy()
group = data_setup.create_group(owner=user)
p = system.custom_access_policy
p.add_rule(permission=SystemPermission.edit_system, group=group)
p.add_rule(permission=SystemPermission.edit_policy, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
# check current rules
self.assertEquals(len(p.rules), 2)
self.assert_(p.rules[0].user is None)
self.assertEquals(p.rules[0].group, group)
self.assert_(p.rules[1].user is None)
self.assertEquals(p.rules[1].group, group)
# save current rules for later use
access_policy_rule_1 = repr(p.rules[0])
access_policy_rule_2 = repr(p.rules[1])
# delete the group
b.get(get_server_base() + 'groups/mine')
delete_and_confirm(b,
"//tr[td/a[normalize-space(text())='%s']]" %
group.group_name,
delete_text='Delete Group')
self.assertEqual(
b.find_element_by_class_name('flash').text,
'%s deleted' % group.display_name)
# check if the access policy rule has been removed
session.refresh(p)
self.assertEquals(len(p.rules), 0)
# Check whether the rules deleted have been recorded in the
# Activity table
b.get(get_server_base() + 'activity/')
b.find_element_by_link_text('Show Search Options').click()
b.find_element_by_xpath(
"//select[@id='activitysearch_0_table']/option[@value='Action']"
).click()
b.find_element_by_xpath(
"//select[@id='activitysearch_0_operation']/option[@value='is']"
).click()
b.find_element_by_xpath(
"//input[@id='activitysearch_0_value']").send_keys('Removed')
b.find_element_by_link_text('Add').click()
b.find_element_by_xpath(
"//select[@id='activitysearch_1_table']/option[@value='Property']"
).click()
b.find_element_by_xpath(
"//select[@id='activitysearch_1_operation']/option[@value='is']"
).click()
b.find_element_by_xpath("//input[@id='activitysearch_1_value']"
).send_keys('Access Policy Rule')
b.find_element_by_id('searchform').submit()
self.assert_(
is_activity_row_present(b,
via='WEBUI',
action='Removed',
object_='System: %s' % system.fqdn,
property_='Access Policy Rule',
old_value=access_policy_rule_1,
new_value=''))
self.assert_(
is_activity_row_present(b,
via='WEBUI',
action='Removed',
object_='System: %s' % system.fqdn,
property_='Access Policy Rule',
old_value=access_policy_rule_2,
new_value=''))
def test_group_has_access_policy_rule_remove(self):
with session.begin():
user = data_setup.create_user(password='******')
system = data_setup.create_system(owner=user,
shared=False)
system.custom_access_policy = SystemAccessPolicy()
group = data_setup.create_group(owner=user)
p = system.custom_access_policy
p.add_rule(permission=SystemPermission.edit_system,
group=group)
p.add_rule(permission=SystemPermission.edit_policy,
group=group)
b = self.browser
login(b, user=user.user_name, password='******')
# check current rules
self.assertEquals(len(p.rules), 2)
self.assert_(p.rules[0].user is None)
self.assertEquals(p.rules[0].group, group)
self.assert_(p.rules[1].user is None)
self.assertEquals(p.rules[1].group, group)
# save current rules for later use
access_policy_rule_1 = repr(p.rules[0])
access_policy_rule_2 = repr(p.rules[1])
# delete the group
b.get(get_server_base() + 'groups/mine')
delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
group.group_name, delete_text='Delete Group')
self.assertEqual(
b.find_element_by_class_name('flash').text,
'%s deleted' % group.display_name)
# check if the access policy rule has been removed
session.refresh(p)
self.assertEquals(len(p.rules), 0)
# Check whether the rules deleted have been recorded in the
# Activity table
b.get(get_server_base() + 'activity/')
b.find_element_by_link_text('Show Search Options').click()
b.find_element_by_xpath("//select[@id='activitysearch_0_table']/option[@value='Action']").click()
b.find_element_by_xpath("//select[@id='activitysearch_0_operation']/option[@value='is']").click()
b.find_element_by_xpath("//input[@id='activitysearch_0_value']").send_keys('Removed')
b.find_element_by_link_text('Add').click()
b.find_element_by_xpath("//select[@id='activitysearch_1_table']/option[@value='Property']").click()
b.find_element_by_xpath("//select[@id='activitysearch_1_operation']/option[@value='is']").click()
b.find_element_by_xpath("//input[@id='activitysearch_1_value']").send_keys('Access Policy Rule')
b.find_element_by_id('searchform').submit()
self.assert_(is_activity_row_present(b,via='WEBUI', action='Removed',
object_ = 'System: %s' % system.fqdn,
property_='Access Policy Rule',
old_value=access_policy_rule_1, new_value=''))
self.assert_(is_activity_row_present(b,via='WEBUI', action='Removed',
object_ = 'System: %s' % system.fqdn,
property_='Access Policy Rule',
old_value=access_policy_rule_2, new_value=''))
def test_grant_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
group = data_setup.create_group()
group.add_member(user)
user1 = data_setup.create_user()
# group
run_client([
'bkr', 'policy-grant', '--pool', pool.name, '--permission',
'edit_system', '--group', group.group_name
])
with session.begin():
session.refresh(pool)
self.assertTrue(
pool.access_policy.grants(user, SystemPermission.edit_system))
# non-existent group
try:
run_client([
'bkr', 'policy-grant', '--pool', pool.name, '--permission',
'edit_system', '--group', 'idontexist'
])
self.fail('Must fail or die')
except ClientError as e:
self.assertIn("Group 'idontexist' does not exist", e.stderr_output)
# Everybody edit_system
run_client([
'bkr', 'policy-grant', '--pool', pool.name, '--permission',
'edit_system', '--everybody'
])
with session.begin():
session.refresh(pool)
self.assertTrue(
pool.access_policy.grants(user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
user1 = data_setup.create_user()
group.add_member(user1)
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(
pool.access_policy.grants(user, SystemPermission.view_power))
self.assertTrue(
pool.access_policy.grants(user, SystemPermission.reserve))
self.assertTrue(
pool.access_policy.grants(user1, SystemPermission.view_power))
self.assertTrue(
pool.access_policy.grants(user1, SystemPermission.reserve))
# non-existent pool
try:
run_client(['bkr', 'policy-grant', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist",
e.stderr_output)
