def test_search_service(session):
r = search.service(
session,
search.organizational_container(session, "organizations", test_org)[0],
search_filter="SAP NW",
)
assert len(r) > 0
assert r[0].name == "SAP NW"
def test_modificar_dejar_huerfana_cuenta(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session, parent,
search_filter=test_service_name)[0]
n = random.randint(0, 10000)
test_person_attrs = {
"cn": ".",
"givenname": "prueba",
"sn": n,
"employeenumber": n,
"manager": test_manager,
"description": test_description,
"departmentnumber": test_dep,
"title": test_title,
"mail": "*****@*****.**",
"mobile": "*****@*****.**",
}
# crea persona y la busca
p = Person(session, person_attrs=test_person_attrs)
p.add(session, parent, "test")
time.sleep(5)
owner = search.people(session, by="employeenumber", search_filter=n)[0]
justification = "ok"
# crear
attrs = get_account_defaults(session, service, owner)
cuenta = Account(session, account_attrs=attrs)
r = cuenta.add(session, owner, service, justification)
time.sleep(3)
# modificar
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
cuenta_test.title = "new title"
cuenta_test.sn = "nueva description"
changes = {
"title": "newer title",
"employeenumber": 347231
} # this should stay
cuenta_test.modify(session, justification, changes)
try:
cuenta_test.orphan(session)
time.sleep(5)
cuentas = owner.get_accounts(session)
cuenta_test = [
c for c in cuentas if c.service_name == test_service_name
]
assert len(cuenta_test) < 1
except Exception as e:
pass
def test_search_groups(session):
# TODO Search by account/access
# by service
parent = search.organizational_container(session, "organizations",
test_org)[0]
service_dn = search.service(session,
parent,
search_filter="Directorio Activo")[0].dn
r = search.groups(session,
by="service",
service_dn=service_dn,
group_info="Administrators")
print(r)
def test_crear_cuenta(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
owner = search.people(session,
by="employeenumber",
search_filter="55608311080")[0]
justification = "ok"
attrs = get_account_defaults(session, service, owner)
cuenta = Account(session, account_attrs=attrs)
cuenta.add(session, owner, service, justification)
def test_search_account(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
sfilter = "(eruid=cazamorad)"
# sin servicio
r = search.account(session, sfilter)
print(r)
# con servicio
r = search.account(session, sfilter, service)
print(r)
def test_get_account_defaults(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
person = search.people(session,
by="employeenumber",
search_filter="1015463230")[0]
try:
r = get_account_defaults(session, service)
print(r)
except Exception as e:
print(e)
r = get_account_defaults(session, service, person)
print(r)
def test_suspender_restaurar_eliminar_cuenta(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session, parent,
search_filter=test_service_name)[0]
n = random.randint(0, 10000)
test_person_attrs = {
"cn": ".",
"givenname": "prueba",
"sn": n,
"employeenumber": n,
"manager": test_manager,
"description": test_description,
"departmentnumber": test_dep,
"title": test_title,
"mail": "*****@*****.**",
"mobile": "*****@*****.**",
}
p = Person(session, person_attrs=test_person_attrs)
p.add(session, parent, "test")
time.sleep(5)
owner = search.people(session, by="employeenumber", search_filter=n)[0]
justification = "ok"
# crear
attrs = get_account_defaults(session, service, owner)
cuenta = Account(session, account_attrs=attrs)
r = cuenta.add(session, owner, service, justification)
time.sleep(3)
# suspender y probar
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
cuenta_test.suspend(session, justification)
time.sleep(3)
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
assert cuenta_test.eraccountstatus == "1"
# restaurar y probar
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
cuenta_test.restore(session, "NewPassw0rd", justification)
time.sleep(3)
cuentas = owner.get_accounts(session)
cuenta_test = [c for c in cuentas
if c.service_name == test_service_name][0]
assert cuenta_test.eraccountstatus == "0"
# eliminar
try:
r = cuenta_test.delete(session, "ok")
time.sleep(3)
cuentas = owner.get_accounts(session)
cuenta_test = [
c for c in cuentas if c.service_name == test_service_name
]
assert len(cuenta_test) < 1
except Exception as e:
assert ("CTGIMI019E" in e.message
) # CTGIMI019E = can't delete because policy (but tried)
def test_crear_modificar_eliminar_politica_dataclass(session):
# crear
name = f"test{random.randint(0,999999)}"
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
entitlements = {
service.dn: {
"automatic": False,
"workflow": None,
"parameters": {
"ercompany": [
{
"enforcement": "Default",
"type": "script",
"values": "return 'test';",
},
{
"enforcement": "Excluded",
"type": "null",
},
{
"enforcement": "Allowed",
"type": "constant",
"values": ["test1", "test2"],
},
{
"enforcement": "Allowed",
"type": "Constant",
"values": ["test3"],
},
{
"enforcement": "Allowed",
"type": "REGEX",
"values": r"^[\s\w]+$",
},
],
"eradfax": [{
"enforcement": "Allowed",
"type": "constant",
"values": ["1018117"],
}],
},
},
"*": {
"automatic": False,
"workflow": None,
"parameters": {}
},
}
policy = {
"description":
"test",
"name":
name,
"parent":
parent,
"priority":
10000,
"memberships":
[x.dn for x in search.roles(session, search_filter="Auditor")],
"enabled":
False,
"entitlements":
entitlements,
}
pp = ProvisioningPolicy(session, policy_attrs=policy)
pp.add(session)
# buscar pol creada
time.sleep(3)
pp_creada = search.provisioning_policy(session, name, parent)[0]
assert pp_creada.name == name
# modificar y validar modificacion
nueva_desc = "modificacion"
nuevos_ents = pp_creada.entitlements
nuevos_ents[service.dn]["automatic"] = True
changes = {
"description": nueva_desc,
# "entitlements":nuevos_ents,
}
# pp_creada.description = nueva_desc
pp_creada.entitlements[service.dn]["automatic"] = True
pp_creada.modify(session, changes)
time.sleep(3)
pp_mod = search.provisioning_policy(session, name, parent)[0]
assert pp_mod.description == nueva_desc
# eliminar y validar eliminación
time.sleep(120) # tiene que terminar de evaluar la creación/mod
pp_mod.delete(session)
time.sleep(10)
pp_elim = search.provisioning_policy(session, name, parent)
assert len(pp_elim) == 0
def test_inicializar_politicas(session):
parent = search.organizational_container(session, "organizations",
test_org)[0]
service = search.service(session,
parent,
search_filter="Directorio Activo")[0]
entitlements = {
service.dn: {
"automatic": False,
"workflow": None,
"parameters": {
"ergroup": [
{
"enforcement": "Default",
"type": "script",
"values": "return 'test';",
},
{
"enforcement": "Excluded",
"type": "null",
},
{
"enforcement": "Allowed",
"type": "constant",
"values": ["test1", "test2"],
},
{
"enforcement": "Default",
"type": "Constant",
"values": ["test3"],
},
{
"enforcement": "MANDATORY",
"type": "REGEX",
"values": r"^[\s\w]+$",
},
],
"eradfax": [{
"enforcement": "Allowed",
"type": "constant",
"values": ["1018117"],
}],
},
},
"*": {
"automatic": False,
"workflow": None,
"parameters": {}
},
}
policy = {
"description":
"test",
"name":
"test",
"parent":
parent,
"priority":
10000,
"memberships":
[x.dn for x in search.roles(session, search_filter="Auditor")],
"enabled":
False,
"entitlements":
entitlements,
}
pp = ProvisioningPolicy(session, policy_attrs=policy)
print(pp.entitlements)
print(pp)
# modificar política
policy = {
"description": "test",
"name": "test",
"parent": parent,
"priority": 100,
"memberships": "*",
"entitlements": {
"ADprofile": {
"automatic": False,
"workflow": None,
"parameters": {}
},
},
}
pp = ProvisioningPolicy(session, policy_attrs=policy)
pp.entitlements["ADprofile"]["automatic"] = True
print("")
# buscar y modificar política
pp = search.provisioning_policy(session, "Test TipoServicio", parent)[0]
print(pp)
pp.entitlements = entitlements
pp.entitlements["*"]["automatic"] = True
print("")