def test_positive_session_survives_unauthenticated_call( admin_user, target_sat): """Check if session stays up after unauthenticated call :id: 8bc304a0-70ea-489c-9c3f-ea8343c5284c :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run `hammer ping` :CaseImportance: Medium :expectedresults: The session is unchanged """ result = configure_sessions(target_sat) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({'username': admin_user['login'], 'password': password}) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] # list organizations without supplying credentials Org.with_user().list() result = target_sat.execute('hammer ping') assert result.status == 0, 'Failed to run hammer ping' result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] Org.with_user().list()
def test_positive_log_out_from_session(self): """Check if session is terminated when user logs out :id: 0ba05f2d-7b83-4b0c-a04c-80e62b7c4cf2 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run `hammer auth logout` :expectedresults: The session is terminated """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') AuthLogin.basic({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message']) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() Auth.logout() result = Auth.with_user().status() self.assertIn(LOGEDOFF_MSG.format(self.uname_admin), result[0]['message']) with self.assertRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_disable_session(admin_user, target_sat): """Check if user logs out when session is disabled :id: 38ee0d85-c2fe-4cac-a992-c5dbcec11031 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Disable use_sessions :expectedresults: The session is terminated """ result = configure_sessions(target_sat) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({'username': admin_user['login'], 'password': password}) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] # list organizations without supplying credentials assert Org.with_user().list() # disabling sessions result = configure_sessions(satellite=target_sat, enable=False) assert result == 0, 'Failed to configure hammer sessions' result = Auth.with_user().status() assert NOTCONF_MSG.format(admin_user['login']) in result[0]['message'] with pytest.raises(CLIReturnCodeError): Org.with_user().list()
def test_positive_session_survives_failed_login(admin_user, non_admin_user, target_sat): """Check if session stays up after failed login attempt :id: 6c4d5c4c-eff0-411b-829f-0c2f2ec26132 :BZ: 1465552 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run login with invalid credentials :expectedresults: The session is unchanged """ result = configure_sessions(target_sat) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({'username': admin_user['login'], 'password': password}) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] Org.with_user().list() # using invalid password with pytest.raises(CLIReturnCodeError): AuthLogin.basic({ 'username': non_admin_user['login'], 'password': gen_string('alpha') }) # checking the session status again result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] Org.with_user().list()
def test_positive_change_session(self): """Change from existing session to a different session :id: b6ea6f3c-fcbd-4e7b-97bd-f3e0e6b9da8f :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Login as a different user :expectedresults: The session is altered """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') AuthLogin.basic({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message']) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() AuthLogin.basic({'username': self.uname_viewer, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_viewer), result[0]['message']) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_session_survives_failed_login(self): """Check if session stays up after failed login attempt :id: 6c4d5c4c-eff0-411b-829f-0c2f2ec26132 :BZ: 1465552 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run login with invalid credentials :expectedresults: The session is unchanged """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') AuthLogin.basic({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message']) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # using invalid password with self.assertRaises(CLIReturnCodeError): AuthLogin.basic({'username': self.uname_viewer, 'password': gen_string('alpha')}) # checking the session status again result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message']) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_session_survives_unauthenticated_call(self): """Check if session stays up after unauthenticated call :id: 8bc304a0-70ea-489c-9c3f-ea8343c5284c :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run `hammer ping` :expectedresults: The session is unchanged """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() result = ssh.command('hammer ping') self.assertEqual(result.return_code, 0, 'Failed to run hammer ping') result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_disable_session(self): """Check if user logs out when session is disabled :id: 38ee0d85-c2fe-4cac-a992-c5dbcec11031 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Disable use_sessions :expectedresults: The session is terminated """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0][u'message']) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # disabling sessions result = configure_sessions(False) self.assertEqual(result, 0, 'Failed to configure hammer sessions') result = Auth.with_user().status() self.assertIn(NOTCONF_MSG.format(self.uname_admin), result[0][u'message']) with self.assertRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_session_survives_unauthenticated_call(self): """Check if session stays up after unauthenticated call :id: 8bc304a0-70ea-489c-9c3f-ea8343c5284c :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run `hammer ping` :expectedresults: The session is unchanged """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0][u'message']) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() result = ssh.command('hammer ping') self.assertEqual(result.return_code, 0, 'Failed to run hammer ping') result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0][u'message']) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_change_session(admin_user, non_admin_user, target_sat): """Change from existing session to a different session :id: b6ea6f3c-fcbd-4e7b-97bd-f3e0e6b9da8f :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Login as a different user :CaseImportance: High :expectedresults: The session is altered """ result = configure_sessions(target_sat) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({'username': admin_user['login'], 'password': password}) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] # list organizations without supplying credentials assert User.with_user().list() AuthLogin.basic({ 'username': non_admin_user['login'], 'password': password }) result = Auth.with_user().status() assert LOGEDIN_MSG.format(non_admin_user['login']) in result[0]['message'] assert User.with_user().list()
def test_positive_log_out_from_session(admin_user, target_sat): """Check if session is terminated when user logs out :id: 0ba05f2d-7b83-4b0c-a04c-80e62b7c4cf2 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run `hammer auth logout` :expectedresults: The session is terminated """ result = configure_sessions(target_sat) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({'username': admin_user['login'], 'password': password}) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] # list organizations without supplying credentials assert Org.with_user().list() Auth.logout() result = Auth.with_user().status() assert LOGEDOFF_MSG.format(admin_user['login']) in result[0]['message'] with pytest.raises(CLIReturnCodeError): Org.with_user().list()
def test_positive_session_preceeds_saved_credentials(self): """Check if enabled session is mutually exclusive with saved credentials in hammer config :id: e4277298-1c24-494b-84a6-22f45f96e144 :BZ: 1471099 :Steps: 1. Set use_sessions, set usernam and password, set short expiration time 2. Authenticate, assert credentials are not demanded on next command run 3. Wait until session expires :expectedresults: Session expires after specified time and saved credentials are not applied """ try: idle_timeout = Settings.list({ 'search': 'name=idle_timeout'})[0][u'value'] Settings.set({'name': 'idle_timeout', 'value': 1}) result = configure_sessions(add_default_creds=True) self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({ 'username': self.uname_admin, 'password': self.password }) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # wait until session expires sleep(70) with self.assertRaises(CLIReturnCodeError): Org.with_user().list() result = Auth.with_user().status() self.assertIn( LOGEDOFF_MSG.format(self.uname_admin), result[0][u'message'] ) finally: # reset timeout to default Settings.set({'name': 'idle_timeout', 'value': '{}'.format( idle_timeout)})
def test_positive_session_preceeds_saved_credentials(self): """Check if enabled session is mutually exclusive with saved credentials in hammer config :id: e4277298-1c24-494b-84a6-22f45f96e144 :BZ: 1471099 :Steps: 1. Set use_sessions, set usernam and password, set short expiration time 2. Authenticate, assert credentials are not demanded on next command run 3. Wait until session expires :expectedresults: Session expires after specified time and saved credentials are not applied """ try: idle_timeout = Settings.list({'search': 'name=idle_timeout'})[0][u'value'] Settings.set({'name': 'idle_timeout', 'value': 1}) result = configure_sessions(add_default_creds=True) self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({ 'username': self.uname_admin, 'password': self.password }) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0][u'message']) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # wait until session expires sleep(70) with self.assertRaises(CLIReturnCodeError): Org.with_user().list() result = Auth.with_user().status() self.assertIn(LOGEDOFF_MSG.format(self.uname_admin), result[0][u'message']) finally: # reset timeout to default Settings.set({ 'name': 'idle_timeout', 'value': '{}'.format(idle_timeout) })
def test_rhsso_login_using_hammer(self, enable_external_auth_rhsso, rhsso_setting_setup, rh_sso_hammer_auth_setup): """verify the hammer auth login using RHSSO auth source :id: 56c09a1a-d0e5-11ea-9024-d46d6dd3b5b2 :expectedresults: hammer auth login should be suceessful for a rhsso user :CaseImportance: High """ result = AuthLogin.oauth({ 'oidc-token-endpoint': get_oidc_token_endpoint(), 'oidc-client-id': get_oidc_client_id(), 'username': settings.rhsso.rhsso_user, 'password': settings.rhsso.password, }) assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." == result[ 0]['message'] result = Auth.with_user(username=settings.rhsso.rhsso_user, password=settings.rhsso.password).status() assert ( f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'." == result[0]['message']) task_list = Task.with_user(username=settings.rhsso.rhsso_user, password=settings.rhsso.password).list() assert len(task_list) >= 0 with pytest.raises(CLIReturnCodeError) as error: Role.with_user(username=settings.rhsso.rhsso_user, password=settings.rhsso.password).list() assert 'Missing one of the required permissions' in error.value.message
def test_positive_create_session(self): """Check if user stays authenticated with session enabled :id: fcee7f5f-1040-41a9-bf17-6d0c24a93e22 :Steps: 1. Set use_sessions, set short expiration time 2. Authenticate, assert credentials are not demanded on next command run 3. Wait until session expires, assert credentials are required :expectedresults: The session is successfully created and expires after specified time """ try: idle_timeout = Settings.list({ 'search': 'name=idle_timeout'})[0][u'value'] Settings.set({'name': 'idle_timeout', 'value': 1}) result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({ 'username': self.uname_admin, 'password': self.password }) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # wait until session expires sleep(70) with self.assertRaises(CLIReturnCodeError): Org.with_user().list() result = Auth.with_user().status() self.assertIn( LOGEDOFF_MSG.format(self.uname_admin), result[0][u'message'] ) finally: # reset timeout to default Settings.set({'name': 'idle_timeout', 'value': '{}'.format( idle_timeout)})
def test_positive_session_preceeds_saved_credentials(admin_user, target_sat): """Check if enabled session is mutually exclusive with saved credentials in hammer config :id: e4277298-1c24-494b-84a6-22f45f96e144 :BZ: 1471099, 1903693 :CaseImportance: High :Steps: 1. Set use_sessions, set username and password, set short expiration time 2. Authenticate, assert credentials are not demanded on next command run 3. Wait until session expires :expectedresults: Session expires after specified time and saved credentials are not applied """ try: idle_timeout = Settings.list({'search': 'name=idle_timeout'})[0]['value'] Settings.set({'name': 'idle_timeout', 'value': 1}) result = configure_sessions(satellite=target_sat, add_default_creds=True) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({ 'username': admin_user['login'], 'password': password }) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] # list organizations without supplying credentials sleep(70) if not is_open('BZ:1903693'): result = Auth.with_user().status() assert LOGEDOFF_MSG.format( admin_user['login']) in result[0]['message'] with pytest.raises(CLIReturnCodeError): Org.with_user().list() finally: # reset timeout to default Settings.set({'name': 'idle_timeout', 'value': f'{idle_timeout}'})
def test_positive_create_session(self): """Check if user stays authenticated with session enabled :id: fcee7f5f-1040-41a9-bf17-6d0c24a93e22 :Steps: 1. Set use_sessions, set short expiration time 2. Authenticate, assert credentials are not demanded on next command run 3. Wait until session expires, assert credentials are required :expectedresults: The session is successfully created and expires after specified time """ try: idle_timeout = Settings.list({'search': 'name=idle_timeout'})[0][u'value'] Settings.set({'name': 'idle_timeout', 'value': 1}) result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({ 'username': self.uname_admin, 'password': self.password }) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0][u'message']) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # wait until session expires sleep(70) with self.assertRaises(CLIReturnCodeError): Org.with_user().list() result = Auth.with_user().status() self.assertIn(LOGEDOFF_MSG.format(self.uname_admin), result[0][u'message']) finally: # reset timeout to default Settings.set({ 'name': 'idle_timeout', 'value': '{}'.format(idle_timeout) })
def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data, ldap_tear_down): """Verify the usergroup-sync functionality in AD Auth Source :id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2 :customerscenario: true :CaseImportance: Medium :bz: 1901392 :parametrized: yes :expectedresults: external user-group sync works as expected automatically based on user-sync """ ad_data = ad_data() group_base_dn = ','.join(ad_data['group_base_dn'].split(',')[1:]) LOGEDIN_MSG = "Using configured credentials for user '{0}'." auth_source = make_ldap_auth_source( { 'name': gen_string('alpha'), 'onthefly-register': 'true', 'host': ad_data['ldap_hostname'], 'server-type': LDAP_SERVER_TYPE['CLI']['ad'], 'attr-login': LDAP_ATTR['login_ad'], 'attr-firstname': LDAP_ATTR['firstname'], 'attr-lastname': LDAP_ATTR['surname'], 'attr-mail': LDAP_ATTR['mail'], 'account': ad_data['ldap_user_name'], 'account-password': ad_data['ldap_user_passwd'], 'base-dn': ad_data['base_dn'], 'groups-base': group_base_dn, } ) # assert auth_source['account']['groups-base'] == group_base_dn viewer_role = Role.info({'name': 'Viewer'}) user_group = make_usergroup() make_usergroup_external( { 'auth-source-id': auth_source['server']['id'], 'user-group-id': user_group['id'], 'name': member_group, } ) UserGroup.add_role({'id': user_group['id'], 'role-id': viewer_role['id']}) user_group = UserGroup.info({'id': user_group['id']}) result = Auth.with_user( username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd'] ).status() assert LOGEDIN_MSG.format(ad_data['ldap_user_name']) in result[0]['message'] UserGroupExternal.refresh({'user-group-id': user_group['id'], 'name': member_group}) user_group = UserGroup.info({'id': user_group['id']}) list = Role.with_user( username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd'] ).list() assert len(list) > 1
def test_negative_no_permissions(self): """Attempt to execute command out of user's permissions :id: 756f666f-270a-4b02-b587-a2ab09b7d46c :expectedresults: Command is not executed """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_viewer, 'password': self.password}) result = Auth.with_user().status() self.assertIn(LOGEDIN_MSG.format(self.uname_viewer), result[0][u'message']) # try to update user from viewer's session with self.assertRaises(CLIReturnCodeError): User.with_user().update({ 'login': self.uname_admin, 'new-login': gen_string('alpha'), })
def test_positive_log_out_from_session(self): """Check if session is terminated when user logs out :id: 0ba05f2d-7b83-4b0c-a04c-80e62b7c4cf2 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run `hammer auth logout` :expectedresults: The session is terminated """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() Auth.logout() result = Auth.with_user().status() self.assertIn( LOGEDOFF_MSG.format(self.uname_admin), result[0][u'message'] ) with self.assertRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_change_session(self): """Change from existing session to a different session :id: b6ea6f3c-fcbd-4e7b-97bd-f3e0e6b9da8f :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Login as a different user :expectedresults: The session is altered """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() Auth.login({'username': self.uname_viewer, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_viewer), result[0][u'message'] ) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list()
def test_negative_no_credentials(): """Attempt to execute command without authentication :id: 8a3b5c68-1027-450f-997c-c5630218f49f :expectedresults: Command is not executed """ result = configure_sessions(False) assert result == 0, 'Failed to configure hammer sessions' result = Auth.with_user().status() assert NOTCONF_MSG in result[0]['message'] with pytest.raises(CLIReturnCodeError): Org.with_user().list()
def test_negative_no_credentials(self): """Attempt to execute command without authentication :id: 8a3b5c68-1027-450f-997c-c5630218f49f :expectedresults: Command is not executed """ result = configure_sessions(False) self.assertEqual(result, 0, 'Failed to configure hammer sessions') result = Auth.with_user().status() self.assertIn(NOTCONF_MSG.format(self.uname_admin), result[0]['message']) with self.assertRaises(CLIReturnCodeError): Org.with_user().list()
def test_positive_create_session(admin_user, target_sat): """Check if user stays authenticated with session enabled :id: fcee7f5f-1040-41a9-bf17-6d0c24a93e22 :Steps: 1. Set use_sessions, set short expiration time 2. Authenticate, assert credentials are not demanded on next command run 3. Wait until session expires, assert credentials are required :expectedresults: The session is successfully created and expires after specified time """ try: idle_timeout = Settings.list({'search': 'name=idle_timeout'})[0]['value'] Settings.set({'name': 'idle_timeout', 'value': 1}) result = configure_sessions(target_sat) assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({ 'username': admin_user['login'], 'password': password }) result = Auth.with_user().status() assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message'] # list organizations without supplying credentials assert Org.with_user().list() # wait until session expires sleep(70) with pytest.raises(CLIReturnCodeError): Org.with_user().list() result = Auth.with_user().status() assert LOGEDOFF_MSG.format(admin_user['login']) in result[0]['message'] finally: # reset timeout to default Settings.set({'name': 'idle_timeout', 'value': f'{idle_timeout}'})
def test_negative_no_permissions(self): """Attempt to execute command out of user's permissions :id: 756f666f-270a-4b02-b587-a2ab09b7d46c :expectedresults: Command is not executed """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_viewer, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_viewer), result[0][u'message'] ) # try to update user from viewer's session with self.assertRaises(CLIReturnCodeError): User.with_user().update({ 'login': self.uname_admin, 'new-login': gen_string('alpha'), })
def test_positive_disable_session(self): """Check if user logs out when session is disabled :id: 38ee0d85-c2fe-4cac-a992-c5dbcec11031 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Disable use_sessions :expectedresults: The session is terminated """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) # list organizations without supplying credentials with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # disabling sessions result = configure_sessions(False) self.assertEqual(result, 0, 'Failed to configure hammer sessions') result = Auth.with_user().status() self.assertIn( NOTCONF_MSG.format(self.uname_admin), result[0][u'message'] ) with self.assertRaises(CLIReturnCodeError): Org.with_user().list()
def test_negative_no_credentials(self): """Attempt to execute command without authentication :id: 8a3b5c68-1027-450f-997c-c5630218f49f :expectedresults: Command is not executed """ result = configure_sessions(False) self.assertEqual(result, 0, 'Failed to configure hammer sessions') result = Auth.with_user().status() self.assertIn( NOTCONF_MSG.format(self.uname_admin), result[0][u'message'] ) with self.assertRaises(CLIReturnCodeError): Org.with_user().list()
def test_negative_no_permissions(admin_user, non_admin_user): """Attempt to execute command out of user's permissions :id: 756f666f-270a-4b02-b587-a2ab09b7d46c :expectedresults: Command is not executed """ result = configure_sessions() assert result == 0, 'Failed to configure hammer sessions' AuthLogin.basic({ 'username': non_admin_user['login'], 'password': password }) result = Auth.with_user().status() assert LOGEDIN_MSG.format(non_admin_user['login']) in result[0]['message'] # try to update user from viewer's session with pytest.raises(CLIReturnCodeError): User.with_user().update({ 'login': admin_user['login'], 'new-login': gen_string('alpha') })
def test_positive_session_survives_failed_login(self): """Check if session stays up after failed login attempt :id: 6c4d5c4c-eff0-411b-829f-0c2f2ec26132 :BZ: 1465552 :Steps: 1. Set use_sessions 2. Authenticate, assert credentials are not demanded on next command run 3. Run login with invalid credentials :expectedresults: The session is unchanged """ result = configure_sessions() self.assertEqual(result, 0, 'Failed to configure hammer sessions') Auth.login({'username': self.uname_admin, 'password': self.password}) result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list() # using invalid password with self.assertRaises(CLIReturnCodeError): Auth.login({ 'username': self.uname_viewer, 'password': gen_string('alpha')}) # checking the session status again result = Auth.with_user().status() self.assertIn( LOGEDIN_MSG.format(self.uname_admin), result[0][u'message'] ) with self.assertNotRaises(CLIReturnCodeError): Org.with_user().list()
def test_usergroup_with_usergroup_sync(self, ipa_data): """Verify the usergroup-sync functionality in Ldap Auth Source :id: 2b63e886-2c53-11ea-9da5-db3ae0527554 :expectedresults: external user-group sync works as expected automatically based on user-sync :CaseImportance: Medium """ self._clean_up_previous_ldap() self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname'] self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd'] ldap_ipa_user_name = ipa_data['ldap_ipa_user_name'] ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace( 'foobargroup', 'foreman_group') member_username = '******' member_group = 'foreman_group' LOGEDIN_MSG = "Using configured credentials for user '{0}'." auth_source_name = gen_string('alpha') auth_source = make_ldap_auth_source({ 'name': auth_source_name, 'onthefly-register': 'true', 'usergroup-sync': 'true', 'host': ipa_data['ldap_ipa_hostname'], 'server-type': LDAP_SERVER_TYPE['CLI']['ipa'], 'attr-login': LDAP_ATTR['login'], 'attr-firstname': LDAP_ATTR['firstname'], 'attr-lastname': LDAP_ATTR['surname'], 'attr-mail': LDAP_ATTR['mail'], 'account': ldap_ipa_user_name, 'account-password': ipa_data['ldap_ipa_user_passwd'], 'base-dn': ipa_data['ipa_base_dn'], 'groups-base': ipa_group_base_dn, }) auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']}) # Adding User in IPA UserGroup self._add_user_in_IPA_usergroup(member_username, member_group) viewer_role = Role.info({'name': 'Viewer'}) user_group = make_usergroup() ext_user_group = make_usergroup_external({ 'auth-source-id': auth_source['server']['id'], 'user-group-id': user_group['id'], 'name': member_group, }) UserGroup.add_role({ 'id': user_group['id'], 'role-id': viewer_role['id'] }) assert ext_user_group['auth-source'] == auth_source['server']['name'] user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0 result = Auth.with_user(username=member_username, password=self.ldap_ipa_user_passwd).status() assert LOGEDIN_MSG.format(member_username) in result[0]['message'] list = Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert len(list) > 1 user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 1 assert user_group['users'][0] == member_username # Removing User in IPA UserGroup self._remove_user_in_IPA_usergroup(member_username, member_group) with pytest.raises(CLIReturnCodeError) as error: Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert 'Missing one of the required permissions' in error.value.message user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0
def test_usergroup_sync_with_refresh(self): """Verify the refresh functionality in Ldap Auth Source :id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930 :expectedresults: external user-group sync works as expected as on-demand sync based on refresh works :CaseImportance: Medium """ self._clean_up_previous_ldap() ldap_ipa_user_name = self.ldap_ipa_user_name ipa_group_base_dn = self.ipa_group_base_dn.replace( 'foobargroup', 'foreman_group') member_username = '******' member_group = 'foreman_group' LOGEDIN_MSG = "Using configured credentials for user '{0}'." auth_source_name = gen_string('alpha') auth_source = make_ldap_auth_source({ 'name': auth_source_name, 'onthefly-register': 'true', 'usergroup-sync': 'false', 'host': self.ldap_ipa_hostname, 'server-type': LDAP_SERVER_TYPE['CLI']['ipa'], 'attr-login': LDAP_ATTR['login'], 'attr-firstname': LDAP_ATTR['firstname'], 'attr-lastname': LDAP_ATTR['surname'], 'attr-mail': LDAP_ATTR['mail'], 'account': ldap_ipa_user_name, 'account-password': self.ldap_ipa_user_passwd, 'base-dn': self.ipa_base_dn, 'groups-base': ipa_group_base_dn, }) auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']}) # Adding User in IPA UserGroup self._add_user_in_IPA_usergroup(member_username, member_group) viewer_role = Role.info({'name': 'Viewer'}) user_group = make_usergroup() ext_user_group = make_usergroup_external({ 'auth-source-id': auth_source['server']['id'], 'user-group-id': user_group['id'], 'name': member_group, }) UserGroup.add_role({ 'id': user_group['id'], 'role-id': viewer_role['id'] }) assert ext_user_group['auth-source'] == auth_source['server']['name'] user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0 result = Auth.with_user(username=member_username, password=self.ldap_ipa_user_passwd).status() assert LOGEDIN_MSG.format(member_username) in result[0]['message'] with self.assertRaises(CLIReturnCodeError) as error: Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert 'Missing one of the required permissions' in error.exception.message with self.assertNotRaises(CLIReturnCodeError): UserGroupExternal.refresh({ 'user-group-id': user_group['id'], 'name': member_group }) list = Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert len(list) > 1 user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 1 assert user_group['users'][0] == member_username # Removing User in IPA UserGroup self._remove_user_in_IPA_usergroup(member_username, member_group) with self.assertNotRaises(CLIReturnCodeError): UserGroupExternal.refresh({ 'user-group-id': user_group['id'], 'name': member_group }) user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0 with self.assertRaises(CLIReturnCodeError) as error: Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert 'Missing one of the required permissions' in error.exception.message