async def test_group_roles_operations(self, fs):
        # Instantiate Mock Client
        client = MockOktaClient(fs)

        # Create Group Object
        GROUP_NAME = "Group-Target-Test"
        group_profile = models.GroupProfile({
            "name": GROUP_NAME
        })
        group_obj = models.Group({
            "profile": group_profile
        })

        try:
            # Create Group
            group, _, err = await client.create_group(group_obj)
            assert err is None
            assert isinstance(group, models.Group)

            # Create roles
            assign_role_req_ua = models.AssignRoleRequest({
                "type": models.RoleType.USER_ADMIN
            })
            assign_role_req_aa = models.AssignRoleRequest({
                "type": models.RoleType.APP_ADMIN
            })

            ua_role, _, err = await client.assign_role_to_group(
                group.id, assign_role_req_ua)
            assert err is None
            aa_role, _, err = await client.assign_role_to_group(
                group.id, assign_role_req_aa)
            assert err is None

            group_roles, _, err = await client.list_group_assigned_roles(group.id)
            assert err is None
            assert len(group_roles) == 2
            assert next((rle for rle in group_roles if rle.id == ua_role.id))
            assert next((rle for rle in group_roles if rle.id == aa_role.id))

            _, err = await client.remove_role_from_group(group.id, ua_role.id)
            assert err is None

            group_roles, _, err = await client.list_group_assigned_roles(group.id)
            assert err is None
            assert len(group_roles) == 1
            assert next((rle for rle in group_roles if rle.id ==
                         ua_role.id), None) is None
            assert next((rle for rle in group_roles if rle.id == aa_role.id))

        finally:
            # Delete created group
            _, err = await client.delete_group(group.id)
            assert err is None
Example #2
0
    async def test_assign_user_to_role(self, fs):
        # Instantiate Mock Client
        test_client = MockOktaClient(fs)

        # Create Password
        password = models.PasswordCredential({"value": "Password150kta"})
        # Create User Credentials
        user_creds = models.UserCredentials({"password": password})

        # Create User Profile and CreateUser Request
        user_profile = models.UserProfile()
        user_profile.first_name = "John"
        user_profile.last_name = "Doe-Assign-User-Role"
        user_profile.email = "*****@*****.**"
        user_profile.login = "******"

        create_user_req = models.CreateUserRequest({
            "credentials": user_creds,
            "profile": user_profile
        })

        # Create Query Parameters and Create User
        query_params_create = {"activate": "True"}
        user, _, err = await test_client.create_user(create_user_req,
                                                     query_params_create)
        assert err is None

        # Create Assign Role Request with Roletype Enum
        USER_ADMIN = models.RoleType.USER_ADMIN
        assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})

        # Assign Role to User
        _, _, err = await test_client.assign_role_to_user(
            user.id, assign_role_req)
        assert err is None

        # Get Roles for user and ensure role assigned is found
        roles, _, err = await test_client.list_assigned_roles_for_user(user.id)
        found_role = next((role for role in roles if role.type == USER_ADMIN),
                          None)
        assert found_role is not None

        # Remove assigned role from user
        _, err = await test_client.remove_role_from_user(
            user.id, found_role.id)
        assert err is None

        # Get Roles for user and ensure role assigned is NOT found
        roles, _, err = await test_client.list_assigned_roles_for_user(user.id)
        found_role = next((role for role in roles if role.type == USER_ADMIN),
                          None)
        assert found_role is None

        # Deactivate, then delete created user
        _, err = await test_client.deactivate_or_delete_user(user.id)
        assert err is None

        _, err = await test_client.deactivate_or_delete_user(user.id)
        assert err is None
    async def test_group_target_add(self, fs):
        # Instantiate Mock Client
        client = MockOktaClient(fs)

        # Create Group Objects
        GROUP_1_NAME = "Group-Target-Test 1"
        group_1_profile = models.GroupProfile({"name": GROUP_1_NAME})
        group_1_obj = models.Group({"profile": group_1_profile})

        GROUP_2_NAME = "Group-Target-Test 2"
        group_2_profile = models.GroupProfile({"name": GROUP_2_NAME})
        group_2_obj = models.Group({"profile": group_2_profile})

        # Create Groups
        group_1, _, err = await client.create_group(group_1_obj)
        assert err is None
        assert isinstance(group_1, models.Group)

        group_2, _, err = await client.create_group(group_2_obj)
        assert err is None
        assert isinstance(group_2, models.Group)

        # Create role and add group targets
        assign_role_req_ua = models.AssignRoleRequest(
            {"type": models.RoleType.USER_ADMIN})

        ua_role, _, err = await client.assign_role_to_group(
            group_1.id, assign_role_req_ua)
        assert err is None

        _, err = await\
            client.add_group_target_to_group_administrator_role_for_group(
                group_1.id, ua_role.id, group_2.id)

        # Make sure targets are listed
        groups_list, _, err = await client.list_group_targets_for_group_role(
            group_1.id, ua_role.id)
        assert err is None
        assert next((grp for grp in groups_list if grp.id == group_2.id))

        # Delete created groups
        _, err = await client.delete_group(group_1.id)
        assert err is None
        _, err = await client.delete_group(group_2.id)
        assert err is None
Example #4
0
    async def test_user_group_target_to_role(self, fs):
        # Instantiate Mock Client
        test_client = MockOktaClient(fs)

        # Create Password
        password = models.PasswordCredential({"value": "Password150kta"})
        # Create User Credentials
        user_creds = models.UserCredentials({"password": password})

        # Create User Profile and CreateUser Request
        user_profile = models.UserProfile()
        user_profile.first_name = "John"
        user_profile.last_name = "Doe-Group-Target-Role-Assign"
        user_profile.email = "*****@*****.**"
        user_profile.login = "******"

        create_user_req = models.CreateUserRequest({
            "credentials": user_creds,
            "profile": user_profile
        })

        # Create Query Parameters and Create User
        query_params_create = {"activate": "True"}
        user, _, err = await test_client.create_user(create_user_req,
                                                     query_params_create)
        assert err is None

        # Create Group Object
        NEW_GROUP_NAME = "Group-Target-Test-Assign"
        new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
        new_group = models.Group({"profile": new_group_profile})

        # Create Group
        group, _, err = await test_client.create_group(new_group)
        assert err is None

        # Create request to assign role to user
        USER_ADMIN = models.RoleType.USER_ADMIN
        assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})

        # Assign Role to User
        user_role, _, err = await test_client.assign_role_to_user(
            user.id, assign_role_req)
        assert err is None

        # Add Group Target to the Role
        _, err = await test_client.add_group_target_to_role(
            user.id, user_role.id, group.id)
        assert err is None

        # Retrieve group targets for role and ensure added one is there
        groups, _, err = await test_client.list_group_targets_for_role(
            user.id, user_role.id)
        assert next((grp for grp in groups if grp.id == group.id),
                    None) is not None

        # Create another group to add
        NEW_GROUP_NAME = "Temp-Group-Target-Test-Assign"
        new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
        new_group = models.Group({"profile": new_group_profile})

        # Create 2nd group
        temp_group, _, err = await test_client.create_group(new_group)
        assert err is None

        # Add new group target to role and remove original
        _, err = await test_client.add_group_target_to_role(
            user.id, user_role.id, temp_group.id)
        assert err is None
        _, err = await test_client.remove_group_target_from_role(
            user.id, user_role.id, group.id)
        assert err is None

        # Deactivate, then delete created user
        _, err = await test_client.deactivate_or_delete_user(user.id)
        assert err is None

        _, err = await test_client.deactivate_or_delete_user(user.id)
        assert err is None

        # Delete groups created
        await test_client.delete_group(group.id)
        await test_client.delete_group(temp_group.id)
    async def test_group_target_remove(self, fs):
        # Instantiate Mock Client
        client = MockOktaClient(fs)

        # Create Group Objects
        GROUP_1_NAME = "Group-Target-Test 1"
        group_1_profile = models.GroupProfile({
            "name": GROUP_1_NAME
        })
        group_1_obj = models.Group({
            "profile": group_1_profile
        })

        GROUP_2_NAME = "Group-Target-Test 2"
        group_2_profile = models.GroupProfile({
            "name": GROUP_2_NAME
        })
        group_2_obj = models.Group({
            "profile": group_2_profile
        })

        GROUP_3_NAME = "Group-Target-Test 3"
        group_3_profile = models.GroupProfile({
            "name": GROUP_3_NAME
        })
        group_3_obj = models.Group({
            "profile": group_3_profile
        })

        try:
            # Create Groups
            group_1, _, err = await client.create_group(group_1_obj)
            assert err is None
            assert isinstance(group_1, models.Group)

            group_2, _, err = await client.create_group(group_2_obj)
            assert err is None
            assert isinstance(group_2, models.Group)

            group_3, _, err = await client.create_group(group_3_obj)
            assert err is None
            assert isinstance(group_3, models.Group)

            # Create role and add group targets
            assign_role_req_ua = models.AssignRoleRequest({
                "type": models.RoleType.USER_ADMIN
            })

            ua_role, _, err = await client.assign_role_to_group(
                group_1.id, assign_role_req_ua)
            assert err is None

            _, err = await\
                client.add_group_target_to_group_administrator_role_for_group(
                    group_1.id, ua_role.id, group_2.id)
            _, err = await\
                client.add_group_target_to_group_administrator_role_for_group(
                    group_1.id, ua_role.id, group_3.id)

            groups_list, _, err = await client.list_group_targets_for_group_role(
                group_1.id, ua_role.id)
            assert err is None
            assert next((grp for grp in groups_list if grp.id == group_2.id))
            assert next((grp for grp in groups_list if grp.id == group_3.id))

            # Remove from 2 and ensure 2 isn't listed
            _, err = await \
                client.remove_group_target_from_group_admin_role_given_to_group(
                    group_1.id, ua_role.id, group_2.id)

            groups_list, _, err = await client.list_group_targets_for_group_role(
                group_1.id, ua_role.id)
            assert err is None
            assert next((grp for grp in groups_list if grp.id ==
                         group_2.id), None) is None
            assert next((grp for grp in groups_list if grp.id == group_3.id))

        finally:
            errors = []
            # Delete created groups
            try:
                _, err = await client.delete_group(group_1.id)
                assert err is None
            except Exception as exc:
                errors.append(exc)
            try:
                _, err = await client.delete_group(group_2.id)
                assert err is None
            except Exception as exc:
                errors.append(exc)
            try:
                _, err = await client.delete_group(group_3.id)
                assert err is None
            except Exception as exc:
                errors.append(exc)
            assert len(errors) == 0