def test_user_change_password(request): user = User( name="user {}".format(fauxfactory.gen_alphanumeric()), credential=Credential( principal="user_principal_{}".format(fauxfactory.gen_alphanumeric()), secret="very_secret", verify_secret="very_secret" ), email="*****@*****.**", group=usergrp, ) user.create() request.addfinalizer(user.delete) request.addfinalizer(login.login_admin) with user: assert not login.logged_in() login.login(user) assert login.current_full_name() == user.name login.login_admin() with update(user): user.credential = Credential( principal=user.credential.principal, secret="another_very_secret", verify_secret="another_very_secret", ) with user: assert not login.logged_in() login.login(user) assert login.current_full_name() == user.name
def test_providers_discovery(request, appliance, provider): """Tests provider discovery Metadata: test_flag: crud """ if provider.one_of(AzureProvider): cred = Credential( principal=provider.default_endpoint.credentials.principal, secret=provider.default_endpoint.credentials.secret, tenant_id=provider.data['tenant_id'], subscription_id=provider.data['subscription_id']) elif provider.one_of(EC2Provider): cred = Credential( principal=provider.default_endpoint.credentials.principal, secret=provider.default_endpoint.credentials.secret, verify_secret=provider.default_endpoint.credentials.secret) collection = appliance.collections.cloud_providers collection.discover(cred, provider) view = provider.create_view(CloudProvidersView) view.flash.assert_success_message( 'Cloud Providers: Discovery successfully initiated') request.addfinalizer(CloudProvider.clear_providers) collection.wait_for_new_provider()
def new_credential(): if BZ(1487199, forced_streams=['5.8']).blocks: return Credential(principal='uid{}'.format(fauxfactory.gen_alphanumeric().lower()), secret='redhat') else: return Credential(principal='uid{}'.format(fauxfactory.gen_alphanumeric()), secret='redhat')
def new_credential(): if BZ.bugzilla.get_bug(1401912).is_opened: return Credential(principal='uid' + fauxfactory.gen_alphanumeric().lower(), secret='redhat') else: return Credential(principal='uid' + fauxfactory.gen_alphanumeric(), secret='redhat')
def new_credential(): # BZ1487199 - CFME allows usernames with uppercase chars which blocks logins if BZ.bugzilla.get_bug(1487199).is_opened: return Credential(principal='uid' + fauxfactory.gen_alphanumeric().lower(), secret='redhat') else: return Credential(principal='uid' + fauxfactory.gen_alphanumeric(), secret='redhat')
def test_update_password(context, request, appliance): """ Test updating password from the login screen. Polarion: assignee: apagac casecomponent: Infra initialEstimate: 1/6h """ # First, create a temporary new user username = '******'.format(fauxfactory.gen_alphanumeric(4).lower()) new_creds = Credential(principal=username, secret='redhat') user_group = appliance.collections.groups.instantiate( description="EvmGroup-vm_user") user = appliance.collections.users.create(name=username, credential=new_creds, groups=user_group) error_message = VersionPicker({ LOWEST: "Incorrect username or password", '5.10': "Login failed: Unauthorized" }).pick(appliance.version) # Try to login as the new user to verify it has been created logged_in_page = appliance.server.login(user) assert logged_in_page.is_displayed logged_in_page.logout() # Now try to login while changing the password for the user changed_pass_page = appliance.server.update_password( new_password='******', user=user) assert changed_pass_page.is_displayed changed_pass_page.logout() # Try to login with the user with old password with pytest.raises(Exception, match=error_message): appliance.server.login(user) # Now try changing password with invalid default password new_cred = Credential(principal=username, secret="made_up_invalid_pass") user2 = appliance.collections.users.instantiate(credential=new_cred, name=username) with pytest.raises(Exception, match=error_message): appliance.server.update_password(new_password='******', user=user2) # Workaround for emptying the password fields. # If this wasn't here, we would change the password for admin user while # deleting our user. Which is bad. appliance.server.browser.refresh() # Delete the user we created user.delete()
def test_bad_password(context, request, appliance): """ Tests logging in with a bad password. Polarion: assignee: apagac casecomponent: WebUI initialEstimate: 1/8h tags: rbac """ username = conf.credentials['default']['username'] password = "******" cred = Credential(principal=username, secret=password) user = appliance.collections.users.instantiate(credential=cred, name='Administrator') error_message = VersionPicker({ LOWEST: "Incorrect username or password", '5.10': "Login failed: Unauthorized" }).pick(appliance.version) with appliance.context.use(context): with pytest.raises(Exception, match=error_message): appliance.server.login(user) if appliance.version >= '5.9': view = appliance.browser.create_view(LoginPage) assert view.password.read() == '' and view.username.read() == ''
def test_provider_add_with_bad_credentials(provider): """ Tests provider add with bad credentials Metadata: test_flag: crud """ cred_args = dict() cred_args['secret'] = 'notyourday' if provider.type == "azure": flash = ( "Credential validation was not successful: Incorrect credentials - " "check your Azure Client ID and Client Key") cred_args['principal'] = str(uuid.uuid4()) elif provider.type == "gce": flash = 'Credential validation was not successful: Invalid Google JSON key' cred_args['cred_type'] = 'service_account' cred_args['service_account'] = '{"test": "bad"}' else: flash = 'Login failed due to a bad username or password.' cred_args['principal'] = "bad" provider.credentials['default'] = Credential(**cred_args) with error.expected(flash): provider.create(validate_credentials=True)
def login_admin(self, **kwargs): username = conf.credentials['default']['username'] password = conf.credentials['default']['password'] cred = Credential(principal=username, secret=password) user = self.extra.appliance.collections.users.instantiate( credential=cred, name='Administrator') return self.log_in(user, **kwargs)
def vm_ownership(enable_candu, provider, appliance): # In these tests, chargeback reports are filtered on VM owner.So,VMs have to be # assigned ownership. vm_name = provider.data['cap_and_util']['chargeback_vm'] if not provider.mgmt.does_vm_exist(vm_name): pytest.skip("Skipping test, cu-24x7 VM does not exist") if not provider.mgmt.is_vm_running(vm_name): provider.mgmt.start_vm(vm_name) provider.mgmt.wait_vm_running(vm_name) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') vm = VM.factory(vm_name, provider) user = None try: user = appliance.collections.users.create( name=provider.name + fauxfactory.gen_alphanumeric(), credential=Credential(principal='uid' + '{}'.format(fauxfactory.gen_alphanumeric()), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm.set_ownership(user=user.name) logger.info('Assigned VM OWNERSHIP for {} running on {}'.format( vm_name, provider.name)) yield user.name finally: vm.unset_ownership() if user: user.delete()
def user(appliance): """Creates new user, role, group with tag""" product_features = [ (['Everything'], True), (['Everything'], False), (['Everything', 'Services'], True) ] role = appliance.collections.roles.create(name=fauxfactory.gen_alphanumeric(), product_features=product_features) group = appliance.collections.groups.create( description=fauxfactory.gen_alphanumeric(), role=role.name, tag=(["Environment", "Production"], True) ) user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric().lower(), credential=Credential( principal=fauxfactory.gen_alphanumeric(4), secret=fauxfactory.gen_alphanumeric(4), ), email=fauxfactory.gen_email(), groups=group, cost_center="Workload", value_assign="Database", ) yield user user.delete_if_exists() group.delete_if_exists() role.delete_if_exists()
def group(request, data, auth_mode, add_group, appliance): if not data: pytest.skip("No data spcified for user group") credentials = Credential( principal=data["username"], secret=data["password"], ) group_collection = appliance.collections.groups user_group = None if add_group == RETRIEVE_GROUP: user_group = group_collection.instantiate( description=data['group_name'], role="EvmRole-user", user_to_lookup=data["username"], ldap_credentials=credentials) if 'ext' in auth_mode: user_group.add_group_from_ext_auth_lookup() elif 'miq' in auth_mode: user_group.add_group_from_ldap_lookup() request.addfinalizer(user_group.delete) elif add_group == CREATE_GROUP: user_group = group_collection.create(description=data['group_name'], role="EvmRole-user", user_to_lookup=data["username"], ldap_credentials=credentials) request.addfinalizer(user_group.delete)
def test_password_max_character_validation(appliance): password = fauxfactory.gen_alphanumeric(51) cred = Credential(principal=fauxfactory.gen_alphanumeric(5), secret=password, verify_secret=password) collection = appliance.collections.cloud_providers collection.discover(cred, EC2Provider)
def vm_ownership(enable_candu, clean_setup_provider, provider, appliance): # In these tests, Metering report is filtered on VM owner.So,VMs have to be # assigned ownership. vm_name = provider.data['cap_and_util']['chargeback_vm'] collection = provider.appliance.provider_based_collection(provider) vm = collection.instantiate(vm_name, provider) if not vm.exists_on_provider: pytest.skip(f"Skipping test, {vm_name} VM does not exist") vm.mgmt.ensure_state(VmState.RUNNING) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(), credential=Credential( principal=fauxfactory.gen_alphanumeric(start="uid"), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') try: vm.set_ownership(user=user) logger.info( f'Assigned VM OWNERSHIP for {vm_name} running on {provider.name}') yield user.name finally: vm.unset_ownership() user.delete()
def test_multiple_host_bad_creds(setup_provider, provider): """ Tests multiple host credentialing with bad credentials Polarion: assignee: nachandr caseimportance: medium initialEstimate: 1/15h """ if len(provider.data.get('hosts', {})) < 2: pytest.skip('not enough hosts to run test') host = random.choice(provider.data["hosts"]) cred = Credential(principal='wrong', secret='bad_password') edit_view = navigate_and_select_quads(provider=provider) edit_view.endpoints.default.fill_with(cred.view_value_mapping) edit_view.validation_host.fill(host.name) edit_view.endpoints.default.validate_button.click() if provider.one_of(RHEVMProvider): msg = 'Login failed due to a bad username or password.' elif provider.one_of(SCVMMProvider): msg = 'Check credentials. Remote error message: WinRM::WinRMAuthorizationError' else: msg = 'Cannot complete login due to an incorrect user name or password.' edit_view.flash.assert_message(msg) edit_view.cancel_button.click()
def setup_user(appliance, feature): uid = fauxfactory.gen_alpha(length=4) role = appliance.rest_api.collections.roles.action.create( { "name": f"test_role_{uid}", "settings": {"restrictions": {"vms": "user"}}, "features": [{"identifier": feature}, {"identifier": "my_settings"}], } )[0] group = appliance.rest_api.collections.groups.action.create( { "description": f"test_group_{uid}", "role": {"id": role.id}, "tenant": {"href": appliance.rest_api.collections.tenants.all[0].href}, } )[0] user = appliance.rest_api.collections.users.action.create( { "userid": f"test_user_{uid}", "password": "******", "name": f"{group.description} User", "group": {"id": group.id}, } )[0] yield appliance.collections.users.instantiate( name=user.name, credential=Credential(user.userid, "smartvm") ) user.action.delete() group.action.delete() role.action.delete()
def retrieve_group(temp_appliance_preconfig_long, auth_mode, username, groupname, auth_provider, tenant=None): """Retrieve group from ext/ldap auth provider through UI Args: temp_appliance_preconfig_long: temp_appliance_preconfig_long object auth_mode: key from cfme.configure.configuration.server_settings.AUTH_MODES, parametrization user_data: user_data AttrDict from yaml, with username, groupname, password fields """ group = temp_appliance_preconfig_long.collections.groups.instantiate( description=groupname, role='EvmRole-user', tenant=tenant, user_to_lookup=username, ldap_credentials=Credential(principal=auth_provider.bind_dn, secret=auth_provider.bind_password)) add_method = ('add_group_from_ext_auth_lookup' if auth_mode == 'external' else 'add_group_from_ldap_lookup') if not group.exists: getattr(group, add_method)() # call method to add wait_for(lambda: group.exists) else: logger.info('User Group exists, skipping create: %r', group) return group
def user_self_service_role(appliance): """This is fixture with create user with user_self_service_role""" with appliance.context.use(ViaUI): # copy role with no restrictions role = appliance.collections.roles.instantiate( name="EvmRole-user_self_service") user_self_service_role = role.copy(name=fauxfactory.gen_alphanumeric( 25, "self_service_role_"), vm_restriction="None") # Group with user self service role user_self_service_gp = appliance.collections.groups.create( description=fauxfactory.gen_alphanumeric(22, "self_service_gp_"), role=user_self_service_role.name) # credentials for user creds = Credential( principal=fauxfactory.gen_alphanumeric(start="user_"), secret=fauxfactory.gen_alphanumeric(), ) # user with above group user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(start="user_"), credential=creds, email=fauxfactory.gen_email(), groups=user_self_service_gp, ) yield user, user_self_service_role user.delete_if_exists() user_self_service_gp.delete_if_exists() user_self_service_role.delete_if_exists()
def connect(self, provider, instance): static_mode_payload = self.payload wait_for(lambda: static_mode_payload['ip_address'] in instance.all_ips, timeout='5m') # Any host that works can be used. To keep things simple, just pick the first one with # fingers crossed. jump_host_config = provider.data['hosts'][0] jump_host_creds = Credential.from_config( jump_host_config['credentials']['default']) jump_host_session = SSHClient(hostname=jump_host_config['name'], username=jump_host_creds.principal, password=jump_host_creds.secret) def _connection_factory(ip): return jump_host_session.tunnel_to( hostname=ip, username='******', password=static_mode_payload['root_password'], timeout=ssh.CONNECT_TIMEOUT) # Cleanup this explicitly because we can get to problems with ordering the cleanups of # tunneled connections and the tunnels at the session end. # Note that the SSHClient.__exit__ does NOT close the connection. with closing( retry_connect(lambda: instance.all_ips, _connection_factory, num_sec=ssh.CONNECT_RETRIES_TIMEOUT, delay=ssh.CONNECT_SSH_DELAY)) as ssh_client: yield ssh_client
def vm_ownership(enable_candu, provider, appliance): """In these tests, chargeback reports are filtered on VM owner.So,VMs have to be assigned ownership. """ collection = appliance.provider_based_collection(provider) vm_name = provider.data['cap_and_util']['chargeback_vm'] vm = collection.instantiate(vm_name, provider) if not vm.exists_on_provider: pytest.skip("Skipping test, cu-24x7 VM does not exist") vm.mgmt.ensure_state(VmState.RUNNING) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') # don't assume collection is infra, in case test collected against other provider types # No vm creation or cleanup user = appliance.collections.users.create( name=f'{provider.name}_{fauxfactory.gen_alphanumeric()}', credential=Credential( principal=fauxfactory.gen_alphanumeric(start="uid"), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm.set_ownership(user=user) logger.info( f'Assigned VM OWNERSHIP for {vm_name} running on {provider.name}') yield user.name vm.unset_ownership() if user: user.delete()
def test_discovery_error_azure_cloud(appliance): """ Test Azure discovery with fake data prerequisites: * appliance supporting discovery Steps: * Navigate Cloud provider discovery and select Azure * Fill all fields with fake data * Start Discovery * Even with wrong data discovery will start with the proper flash message assert it * Check for provider should not discover """ cred = Credential(principal=fauxfactory.gen_alphanumeric(5), secret=fauxfactory.gen_alphanumeric(8), tenant_id=fauxfactory.gen_alphanumeric(10), subscription_id=fauxfactory.gen_alphanumeric(10)) collection = appliance.collections.cloud_providers view = navigate_to(collection, 'All') initial_count = len(view.entities.entity_names) collection.discover(cred, AzureProvider) view = appliance.browser.create_view(CloudProvidersView) view.flash.assert_success_message( 'Cloud Providers: Discovery successfully initiated') # While waiting for new provider, TimeOutError will come (Negative Test) with pytest.raises(TimedOutError): collection.wait_for_new_provider(timeout=120) assert len(view.entities.entity_names) <= initial_count
def test_multiple_host_good_creds(setup_provider, provider): if len(provider.data.get('hosts', {})) < 2: pytest.skip('not enough hosts to run test') """ Tests multiple host credentialing with good credentials """ host = random.choice(provider.data["hosts"]) creds = credentials[host['credentials']] cred = Credential(principal=creds.username, secret=creds.password) edit_view = navigate_and_select_quads(provider=provider) # Fill form with valid credentials for default endpoint and validate edit_view.endpoints.default.fill_with(cred.view_value_mapping) edit_view.validation_host.fill(host.name) edit_view.endpoints.default.validate_button.click() edit_view.flash.assert_no_error() edit_view.flash.assert_success_message( 'Credential validation was successful') # Save changes edit_view.save_button.click() view = provider.create_view(ProviderNodesView) view.flash.assert_no_error() view.flash.assert_success_message( 'Credentials/Settings saved successfully')
def login_admin(self, **kwargs): username = conf.credentials['default']['username'] password = conf.credentials['default']['password'] cred = Credential(principal=username, secret=password) from cfme.configure.access_control import User user = User(credential=cred, name='Administrator') return self.log_in(user, **kwargs)
def vm_owner(enable_candu, provider, appliance, chargeback_vm): """Create and assign owner to VM, for use in chargeback report filter.""" vm_name = chargeback_vm vm = appliance.provider_based_collection(provider, coll_type='vms').instantiate( vm_name, provider) if not vm.exists_on_provider: pytest.skip(f'Skipping test, {vm_name} VM does not exist') vm.mgmt.ensure_state(VmState.RUNNING) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(25, start=provider.name), credential=Credential( principal=fauxfactory.gen_alphanumeric(start="uid"), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm.set_ownership(user=user) logger.info( f'Assigned VM OWNERSHIP for {vm_name} running on {provider.name}') yield user.name vm.unset_ownership() if user: user.delete()
def test_update_password(context, request, appliance): """ Test updating password from the login screen. """ # First, create a temporary new user username = '******'.format(fauxfactory.gen_alphanumeric(4).lower()) new_creds = Credential(principal=username, secret='redhat') user_group = appliance.collections.groups.instantiate( description="EvmGroup-vm_user") user = appliance.collections.users.create(name=username, credential=new_creds, groups=user_group) # Try to login as the new user to verify it has been created logged_in_page = appliance.server.login(user) assert logged_in_page.is_displayed logged_in_page.logout() # Now try to login while changing the password for the user changed_pass_page = appliance.server.update_password( new_password='******', user=user) assert changed_pass_page.is_displayed changed_pass_page.logout() # Try to login with the user with old password error_message = "Incorrect username or password" with pytest.raises(Exception, match=error_message): appliance.server.login(user) user.delete()
def vm_ownership(enable_candu, provider, appliance): """In these tests, chargeback reports are filtered on VM owner.So,VMs have to be assigned ownership. """ vm_name = provider.data['cap_and_util']['chargeback_vm'] if not provider.mgmt.does_vm_exist(vm_name): pytest.skip("Skipping test, cu-24x7 VM does not exist") if not provider.mgmt.is_vm_running(vm_name): provider.mgmt.start_vm(vm_name) provider.mgmt.wait_vm_running(vm_name) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') # don't assume collection is infra, in case test collected against other provider types # No vm creation or cleanup collection = appliance.provider_based_collection(provider) vm = collection.instantiate(vm_name, provider) user = appliance.collections.users.create( name='{}_{}'.format(provider.name, fauxfactory.gen_alphanumeric()), credential=Credential(principal='uid{}'.format(fauxfactory.gen_alphanumeric()), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm.set_ownership(user=user.name) logger.info('Assigned VM OWNERSHIP for {} running on {}'.format(vm_name, provider.name)) yield user.name vm.unset_ownership() if user: user.delete()
def get_credentials(cls, credential_dict, cred_type=None): """Processes a credential dictionary into a credential object. Args: credential_dict: A credential dictionary. cred_type: Type of credential (None, token, ssh, amqp, ...) Returns: A :py:class:`cfme.base.credential.Credential` instance. """ domain = credential_dict.get('domain') token = credential_dict.get('token') if not cred_type: return Credential(principal=credential_dict['username'], secret=credential_dict['password'], domain=domain) elif cred_type == 'amqp': return EventsCredential(principal=credential_dict['username'], secret=credential_dict['password']) elif cred_type == 'ssh': return SSHCredential(principal=credential_dict['username'], secret=credential_dict['password']) elif cred_type == 'candu': return CANDUCredential(principal=credential_dict['username'], secret=credential_dict['password']) elif cred_type == 'token': return TokenCredential(token=token)
def update_password(self, new_password, verify_password=None, user=None, method=LOGIN_METHODS[1]): if not user: username = conf.credentials['default']['username'] password = conf.credentials['default']['password'] cred = Credential(principal=username, secret=password) user = self.appliance.collections.users.instantiate(credential=cred, name='Administrator') logged_in_view = self.appliance.browser.create_view(BaseLoggedInPage) if not logged_in_view.logged_in_as_user(user): if logged_in_view.logged_in: logged_in_view.logout() from cfme.utils.appliance.implementations.ui import navigate_to login_view = navigate_to(self.appliance.server, 'LoginScreen') logger.debug('Changing password for user %s', user.credential.principal) login_view.update_password(user=user, new_password=new_password, verify_password=verify_password, method=method) try: assert logged_in_view.is_displayed except AssertionError: login_view.flash.assert_no_error() return logged_in_view
def vm_ownership(enable_candu, provider, appliance): """In these tests, chargeback reports are filtered on VM owner.So,VMs have to be assigned ownership. """ vm_name = provider.data['cap_and_util']['chargeback_vm'] vm = appliance.provider_based_collection(provider, coll_type='vms').instantiate( vm_name, provider) if not vm.exists_on_provider: pytest.skip('Skipping test, {} VM does not exist'.format(vm_name)) vm.mgmt.ensure_state(VmState.RUNNING) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') user = appliance.collections.users.create( name="{}_{}".format(provider.name, fauxfactory.gen_alphanumeric()), credential=Credential(principal='uid{}'.format( fauxfactory.gen_alphanumeric()), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm.set_ownership(user=user) logger.info('Assigned VM OWNERSHIP for {} running on {}'.format( vm_name, provider.name)) yield user.name vm.unset_ownership() if user: user.delete()
def test_password_mismatch_validation(): cred = Credential(principal=fauxfactory.gen_alphanumeric(5), secret=fauxfactory.gen_alphanumeric(5), verify_secret=fauxfactory.gen_alphanumeric(7)) discover(cred, d_type="Amazon") flash.assert_message_match('Password/Verify Password do not match')