async def test_update_group(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({"name": GROUP_NAME})
group_obj = models.Group({"profile": group_profile})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Create Updated Group Object
# Create Group Object
NEW_GROUP_NAME = "Group-Target-Test NEW"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group_obj = models.Group({"profile": new_group_profile})
_, _, err = await client.update_group(group.id, new_group_obj)
assert err is None
# Verify update worked
found_group, _, err = await client.get_group(group.id)
assert err is None
assert found_group.id == group.id
assert found_group.profile.name == NEW_GROUP_NAME
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
async def test_create_get_sign_on_policy_with_group_conditions(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group
GROUP_NAME = "Group-Target-Test"
group_obj = models.Group(
{"profile": models.GroupProfile({"name": GROUP_NAME})})
created_group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(created_group, models.Group)
# Create Policy & Conditions
policy_model = models.OktaSignOnPolicy({
"name":
f"{TestPoliciesResource.SDK_PREFIX} Test-Sign-On",
"status":
"ACTIVE",
"description":
"Test policy applies for tests only"
})
policy_conditions = models.OktaSignOnPolicyConditions({
"people":
models.PolicyPeopleCondition({
"groups":
models.GroupCondition({"include": [created_group.id]})
})
})
policy_model.conditions = policy_conditions
created_policy, _, err = await client.create_policy(policy_model)
assert err is None
assert isinstance(created_policy, models.OktaSignOnPolicy)
assert created_policy.name == policy_model.name
assert created_policy.description == policy_model.description
assert created_policy.status == "ACTIVE"
assert created_policy.type == models.PolicyType.OKTA_SIGN_ON
assert len(created_policy.conditions.people.groups.include) == 1
assert created_group.id in \
created_policy.conditions.people.groups.include
# Retrieve
retrieved_policy, _, err = await client.get_policy(created_policy.id)
assert err is None
assert retrieved_policy.id == created_policy.id
assert retrieved_policy.name == created_policy.name
assert retrieved_policy.description == created_policy.description
assert retrieved_policy.status == created_policy.status
assert retrieved_policy.type == created_policy.type
assert len(retrieved_policy.conditions.people.groups.include) == 1
assert created_group.id in \
retrieved_policy.conditions.people.groups.include
# Delete Policy + Group
_, err = await client.delete_policy(created_policy.id)
assert err is None
_, err = await client.delete_group(created_group.id)
assert err is None
async def test_search_group(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
try:
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
query_params_query = {"q": GROUP_NAME}
groups_list, _, err = await client.list_groups(query_params_query)
assert err is None
assert groups_list
assert len(groups_list) == 1
assert next((grp for grp in groups_list if grp.id == group.id))
finally:
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
async def test_list_groups(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
try:
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
groups_list, resp, err = await client.list_groups()
assert err is None
assert not resp.has_next()
assert next((grp for grp in groups_list if grp.id == group.id))
finally:
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
async def test_create_get_group(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({"name": GROUP_NAME})
group_obj = models.Group({"profile": group_profile})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Get group using ID
found_group, _, err = await client.get_group(group.id)
assert err is None
assert found_group.id == group.id
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
# Ensure group cannot be found again
found_group, resp, err = await client.get_group(group.id)
assert err is not None
assert resp.get_status() == HTTPStatus.NOT_FOUND
assert found_group is None
async def test_group_target_add(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Objects
GROUP_1_NAME = "Group-Target-Test 1"
group_1_profile = models.GroupProfile({"name": GROUP_1_NAME})
group_1_obj = models.Group({"profile": group_1_profile})
GROUP_2_NAME = "Group-Target-Test 2"
group_2_profile = models.GroupProfile({"name": GROUP_2_NAME})
group_2_obj = models.Group({"profile": group_2_profile})
# Create Groups
group_1, _, err = await client.create_group(group_1_obj)
assert err is None
assert isinstance(group_1, models.Group)
group_2, _, err = await client.create_group(group_2_obj)
assert err is None
assert isinstance(group_2, models.Group)
# Create role and add group targets
assign_role_req_ua = models.AssignRoleRequest(
{"type": models.RoleType.USER_ADMIN})
ua_role, _, err = await client.assign_role_to_group(
group_1.id, assign_role_req_ua)
assert err is None
_, err = await\
client.add_group_target_to_group_administrator_role_for_group(
group_1.id, ua_role.id, group_2.id)
# Make sure targets are listed
groups_list, _, err = await client.list_group_targets_for_group_role(
group_1.id, ua_role.id)
assert err is None
assert next((grp for grp in groups_list if grp.id == group_2.id))
# Delete created groups
_, err = await client.delete_group(group_1.id)
assert err is None
_, err = await client.delete_group(group_2.id)
assert err is None
async def test_group_roles_operations(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
try:
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Create roles
assign_role_req_ua = models.AssignRoleRequest({
"type": models.RoleType.USER_ADMIN
})
assign_role_req_aa = models.AssignRoleRequest({
"type": models.RoleType.APP_ADMIN
})
ua_role, _, err = await client.assign_role_to_group(
group.id, assign_role_req_ua)
assert err is None
aa_role, _, err = await client.assign_role_to_group(
group.id, assign_role_req_aa)
assert err is None
group_roles, _, err = await client.list_group_assigned_roles(group.id)
assert err is None
assert len(group_roles) == 2
assert next((rle for rle in group_roles if rle.id == ua_role.id))
assert next((rle for rle in group_roles if rle.id == aa_role.id))
_, err = await client.remove_role_from_group(group.id, ua_role.id)
assert err is None
group_roles, _, err = await client.list_group_assigned_roles(group.id)
assert err is None
assert len(group_roles) == 1
assert next((rle for rle in group_roles if rle.id ==
ua_role.id), None) is None
assert next((rle for rle in group_roles if rle.id == aa_role.id))
finally:
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
async def test_user_group_target_to_role(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Group-Target-Role-Assign"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Create Group Object
NEW_GROUP_NAME = "Group-Target-Test-Assign"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group = models.Group({"profile": new_group_profile})
# Create Group
group, _, err = await test_client.create_group(new_group)
assert err is None
# Create request to assign role to user
USER_ADMIN = models.RoleType.USER_ADMIN
assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})
# Assign Role to User
user_role, _, err = await test_client.assign_role_to_user(
user.id, assign_role_req)
assert err is None
# Add Group Target to the Role
_, err = await test_client.add_group_target_to_role(
user.id, user_role.id, group.id)
assert err is None
# Retrieve group targets for role and ensure added one is there
groups, _, err = await test_client.list_group_targets_for_role(
user.id, user_role.id)
assert next((grp for grp in groups if grp.id == group.id),
None) is not None
# Create another group to add
NEW_GROUP_NAME = "Temp-Group-Target-Test-Assign"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group = models.Group({"profile": new_group_profile})
# Create 2nd group
temp_group, _, err = await test_client.create_group(new_group)
assert err is None
# Add new group target to role and remove original
_, err = await test_client.add_group_target_to_role(
user.id, user_role.id, temp_group.id)
assert err is None
_, err = await test_client.remove_group_target_from_role(
user.id, user_role.id, group.id)
assert err is None
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
# Delete groups created
await test_client.delete_group(group.id)
await test_client.delete_group(temp_group.id)
@pytest.mark.vcr()
@pytest.mark.asyncio
@pytest.mark.parametrize(
"group_obj",
[
{ # No Okta Model included
'profile': {
'name': 'GroupName',
'description': 'Group Description'
}
},
models.Group({ # Parent Okta model included
"profile": {
'name': 'GroupName',
'description': 'Group Description'
}
}),
models.Group({ # Parent + Nested models included
"profile":
models.GroupProfile({
"name": "GroupName",
"description": "Group Description"
})
})
])
async def test_create_group_different_inputs(fs, group_obj):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group
async def test_group_assigned_applications(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Objects
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
try:
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Create Application object and Application in Org
APP_LABEL = "Test Assigned-Applications"
BUTTON_FIELD = "btn-login"
PASSWORD_FIELD = "txt-box-password"
USERNAME_FIELD = "txt-box-username"
URL = "https://example.com/login.html"
LOGIN_URL_REGEX = f"^{URL}$"
swa_app_settings_app = models.SwaApplicationSettingsApplication({
"buttonField": BUTTON_FIELD,
"passwordField": PASSWORD_FIELD,
"usernameField": USERNAME_FIELD,
"url": URL,
"loginUrlRegex": LOGIN_URL_REGEX
})
swa_app_settings = models.SwaApplicationSettings({
"app": swa_app_settings_app
})
swa_app_obj = models.SwaApplication({
"label": APP_LABEL,
"settings": swa_app_settings,
"signOnMode": models.ApplicationSignOnMode.BROWSER_PLUGIN
})
swa_app, _, err = await client.create_application(swa_app_obj)
assert err is None
assert isinstance(swa_app, models.SwaApplication)
# Assign app and group
assign_ag_req = models.ApplicationGroupAssignment({
"priority": 0,
"applicationId": swa_app.id,
"groupId": group.id
})
assign_app_group, _, err = await \
client.create_application_group_assignment(
swa_app.id, group.id, assign_ag_req)
assert err is None
# 3 second sleep for backend to update
mock_pause_function(3)
# Check assigned apps and ensure created app is found
assigned_apps, _, err = await \
client.list_assigned_applications_for_group(group.id)
assert err is None
assert assigned_apps is not None
assert len(assigned_apps) > 0
assert next((app for app in assigned_apps if app.id == swa_app.id))
finally:
errors = []
# Cleanup app and group created
try:
_, err = await client.deactivate_application(swa_app.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.delete_application(swa_app.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.delete_group(group.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_group_target_remove(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Objects
GROUP_1_NAME = "Group-Target-Test 1"
group_1_profile = models.GroupProfile({
"name": GROUP_1_NAME
})
group_1_obj = models.Group({
"profile": group_1_profile
})
GROUP_2_NAME = "Group-Target-Test 2"
group_2_profile = models.GroupProfile({
"name": GROUP_2_NAME
})
group_2_obj = models.Group({
"profile": group_2_profile
})
GROUP_3_NAME = "Group-Target-Test 3"
group_3_profile = models.GroupProfile({
"name": GROUP_3_NAME
})
group_3_obj = models.Group({
"profile": group_3_profile
})
try:
# Create Groups
group_1, _, err = await client.create_group(group_1_obj)
assert err is None
assert isinstance(group_1, models.Group)
group_2, _, err = await client.create_group(group_2_obj)
assert err is None
assert isinstance(group_2, models.Group)
group_3, _, err = await client.create_group(group_3_obj)
assert err is None
assert isinstance(group_3, models.Group)
# Create role and add group targets
assign_role_req_ua = models.AssignRoleRequest({
"type": models.RoleType.USER_ADMIN
})
ua_role, _, err = await client.assign_role_to_group(
group_1.id, assign_role_req_ua)
assert err is None
_, err = await\
client.add_group_target_to_group_administrator_role_for_group(
group_1.id, ua_role.id, group_2.id)
_, err = await\
client.add_group_target_to_group_administrator_role_for_group(
group_1.id, ua_role.id, group_3.id)
groups_list, _, err = await client.list_group_targets_for_group_role(
group_1.id, ua_role.id)
assert err is None
assert next((grp for grp in groups_list if grp.id == group_2.id))
assert next((grp for grp in groups_list if grp.id == group_3.id))
# Remove from 2 and ensure 2 isn't listed
_, err = await \
client.remove_group_target_from_group_admin_role_given_to_group(
group_1.id, ua_role.id, group_2.id)
groups_list, _, err = await client.list_group_targets_for_group_role(
group_1.id, ua_role.id)
assert err is None
assert next((grp for grp in groups_list if grp.id ==
group_2.id), None) is None
assert next((grp for grp in groups_list if grp.id == group_3.id))
finally:
errors = []
# Delete created groups
try:
_, err = await client.delete_group(group_1.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.delete_group(group_2.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.delete_group(group_3.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_group_rule_operations(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({
"value": "Password150kta"
})
# Create User Credentials
user_creds = models.UserCredentials({
"password": password
})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Group-Rule-Ops"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await client.create_user(
create_user_req, query_params_create)
assert err is None
assert isinstance(user, models.User)
# Create Group Object
GROUP_NAME = "Group-Target-Test-Group-Rule-Ops"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Create Group Rule
last_name = user.profile.last_name
GROUP_RULE_NAME = "Test-Group-Rule-Group-Rule-Ops"
GROUP_RULE_TYPE = "group_rule"
GROUP_RULE_EXP_TYPE = "urn:okta:expression:1.0"
GROUP_RULE_EXP_VALUE = f"user.lastName==\"{last_name}\""
group_rule_exp = models.GroupRuleExpression({
"type": GROUP_RULE_EXP_TYPE,
"value": GROUP_RULE_EXP_VALUE
})
group_rule_cond = models.GroupRuleConditions({
"expression": group_rule_exp
})
group_rule_group_assignment = models.GroupRuleGroupAssignment({
"groupIds": [group.id]
})
group_rule_action = models.GroupRuleAction({
"assignUserToGroups": group_rule_group_assignment
})
group_rule_object = models.GroupRule({
"actions": group_rule_action,
"conditions": group_rule_cond,
"name": GROUP_RULE_NAME,
"type": GROUP_RULE_TYPE
})
group_rule, _, err = await client.create_group_rule(group_rule_object)
assert err is None
assert isinstance(group_rule, models.GroupRule)
# Activate Group Rule
_, err = await client.activate_group_rule(group_rule.id)
assert err is None
# 15 second sleep for backend to update
mock_pause_function(15)
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next((usr for usr in users_in_group if usr.id ==
user.id), None) is not None
# Ensure activated rule is in group rules
group_rules, _, err = await client.list_group_rules()
assert err is None
assert next((rule for rule in group_rules if rule.id ==
group_rule.id), None) is not None
# Deactivate rule (to update)
_, err = await client.deactivate_group_rule(group_rule.id)
assert err is None
# Update rule
# Create new rule
NEW_GROUP_RULE_NAME = "Test-Group-Rule Updated"
NEW_GROUP_RULE_EXP_VALUE = "user.lastName==\"BLAHBLAHBLAH\""
new_group_rule_exp = models.GroupRuleExpression({
"type": GROUP_RULE_EXP_TYPE,
"value": NEW_GROUP_RULE_EXP_VALUE
})
new_group_rule_cond = models.GroupRuleConditions({
"expression": new_group_rule_exp
})
new_group_rule_group_assignment = models.GroupRuleGroupAssignment({
"groupIds": [group.id]
})
new_group_rule_action = models.GroupRuleAction({
"assignUserToGroups": new_group_rule_group_assignment
})
new_group_rule_object = models.GroupRule({
"actions": new_group_rule_action,
"conditions": new_group_rule_cond,
"name": NEW_GROUP_RULE_NAME,
"type": GROUP_RULE_TYPE
})
new_group_rule, _, err = await client.update_group_rule(
group_rule.id,
new_group_rule_object)
assert err is None
# Activate updated rule and verify user isn't in group
_, err = await client.activate_group_rule(new_group_rule.id)
assert err is None
# 15 second sleep for backend to update
mock_pause_function(15)
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next(
(usr for usr in users_in_group if usr.id == user.id), None) is None
finally:
errors = []
# Deactivate rule
try:
_, err = await client.deactivate_group_rule(new_group_rule.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Deactivate, then delete created user
try:
_, err = await client.deactivate_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Delete created group
try:
_, err = await client.delete_group(group.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Delete group rules
try:
_, err = await client.delete_group_rule(group_rule.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_group_users_operations(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({
"value": "Password150kta"
})
# Create User Credentials
user_creds = models.UserCredentials({
"password": password
})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Activate"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await client.create_user(
create_user_req, query_params_create)
assert err is None
assert isinstance(user, models.User)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Add user to group
_, err = await client.add_user_to_group(group.id, user.id)
assert err is None
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next((usr for usr in users_in_group if usr.id == user.id))
# Remove user from group
_, err = await client.remove_user_from_group(group.id, user.id)
assert err is None
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert len(users_in_group) == 0
assert next(
(usr for usr in users_in_group if usr.id == user.id), None) is None
finally:
errors = []
# Deactivate, then delete created user
try:
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Delete created group
try:
_, err = await client.delete_group(group.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_remove_group(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Remove-Group"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await client.create_user(create_user_req,
query_params_create)
assert err is None
assert isinstance(user, models.User)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({"name": GROUP_NAME})
group_obj = models.Group({"profile": group_profile})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Add user to group
_, err = await client.add_user_to_group(group.id, user.id)
assert err is None
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next((usr for usr in users_in_group if usr.id == user.id))
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
# Retrieve group list again to ensure deleted
groups_list, _, err = await client.list_groups()
assert err is None
assert next(
(grp for grp in groups_list if grp.id == group.id), None) is None
# Deactivate, then delete created user
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
