def adcm_client(adcm_repo, adcm_credentials, adcm_tag, volumes, init=False):
"""
Run ADCM container from image {adcm_repo}:{adcm_tag}.
If init=True new initialised image will be generated.
If we use 'image' fixture we don't need to initialize it one more time.
"""
if init:
with allure.step(
f"Create isolated image copy from {adcm_repo}:{adcm_tag}"):
new_image = get_initialized_adcm_image(adcm_repo=adcm_repo,
adcm_tag=adcm_tag,
pull=True)
repo, tag = new_image["repo"], new_image["tag"]
else:
repo, tag = adcm_repo, adcm_tag
with allure.step(f"Run ADCM from image {repo}:{tag}"):
dw = DockerWrapper()
adcm = dw.run_adcm(image=repo, tag=tag, volumes=volumes, pull=False)
adcm.api.auth(**adcm_credentials)
yield ADCMClient(api=adcm.api)
with allure.step(f"Stop ADCM from image {repo}:{tag}"):
adcm.container.kill()
try:
adcm.container.wait(condition="removed", timeout=30)
except (ConnectionError, NotFound):
# https://github.com/docker/docker-py/issues/1966 workaround
pass
if init:
with allure.step(f"Remove ADCM image {repo}:{tag}"):
dw.client.images.remove(f'{repo}:{tag}', force=True)
def _check_login_failed(url: str, username: str, password: str) -> None:
"""Check that login to ADCM client fails with wrong credentials"""
failed_auth_error_args = ('AUTH_ERROR', 'Wrong user or password')
with pytest.raises(ADCMApiError) as e:
ADCMClient(url=url, user=username, password=password)
assert (
e.value.args == failed_auth_error_args
), f'Expected error message is {e.value}, but {failed_auth_error_args} was expected'
def test_service_in_cluster_hierarchy(user, prepare_objects, sdk_client_fs,
second_objects):
"""
Test that service related role can be parametrized by cluster
"""
cluster_via_admin, *_ = prepare_objects
cluster_via_admin.service_add(name="new_service")
service_role = {
"id":
sdk_client_fs.role(name=BusinessRoles.RemoveService.value.role_name).id
}
cluster_role = {
"id":
sdk_client_fs.role(name=BusinessRoles.AddService.value.role_name).id
}
common_role = sdk_client_fs.role_create("Common role",
display_name="Common role",
child=[service_role, cluster_role])
sdk_client_fs.policy_create(name="Common policy",
role=common_role,
objects=[cluster_via_admin],
user=[user],
group=[])
username, password = TEST_USER_CREDENTIALS
user_sdk = ADCMClient(url=sdk_client_fs.url,
user=username,
password=password)
cluster, service, *_ = as_user_objects(user_sdk, *prepare_objects)
second_cluster, *_ = as_user_objects(user_sdk, *second_objects)
for service in cluster.service_list():
is_allowed(cluster, BusinessRoles.RemoveService, service)
for service in second_cluster.service_list():
is_denied(second_cluster, BusinessRoles.RemoveService, service)
def new_client_instance(user: str, password: str, url: str) -> Generator[ADCMClient, None, None]:
"""
Creates new ADCM client instance.
Use it to "refresh" permissions.
"""
yield ADCMClient(user=user, password=password, url=url)
def new_user_client(new_user: User, sdk_client_fs: ADCMClient) -> ADCMClient:
"""Create client for user"""
return ADCMClient(url=sdk_client_fs.url,
user=new_user.username,
password=PASSWORD)
def login_as_user(url: str, username: str, password: str) -> ADCMClient:
"""Login as given user into ADCM instance"""
try:
return ADCMClient(url=url, user=username, password=password)
except ADCMApiError as e:
raise AssertionError('Login failed') from e
def user_sdk(user, adcm_fs) -> ADCMClient:
"""Returns ADCMClient object from adcm_client with testing user"""
username, password = TEST_USER_CREDENTIALS
return ADCMClient(url=adcm_fs.url, user=username, password=password)
def _init_adcm_cli(self):
if not self._adcm_cli:
self._adcm_cli = ADCMClient(url=self._adcm.url,
**self.adcm_api_credentials)
def superuser_sdk(superuser, adcm_fs) -> ADCMClient: # pylint: disable=unused-argument
"""Returns ADCMClient for superuser"""
creds = SUPERUSER_CREDENTIALS
return ADCMClient(url=adcm_fs.url,
user=creds['username'],
password=creds['password'])
def sdk_client_ss(adcm_ss: ADCM, adcm_api_credentials) -> ADCMClient:
"""Returns ADCMClient object from adcm_client"""
return ADCMClient(url=adcm_ss.url, **adcm_api_credentials)
