def test_user_change_password(request):
user = User(
name="user {}".format(fauxfactory.gen_alphanumeric()),
credential=Credential(
principal="user_principal_{}".format(fauxfactory.gen_alphanumeric()),
secret="very_secret",
verify_secret="very_secret"
),
email="*****@*****.**",
group=usergrp,
)
user.create()
request.addfinalizer(user.delete)
request.addfinalizer(login.login_admin)
with user:
assert not login.logged_in()
login.login(user)
assert login.current_full_name() == user.name
login.login_admin()
with update(user):
user.credential = Credential(
principal=user.credential.principal,
secret="another_very_secret",
verify_secret="another_very_secret",
)
with user:
assert not login.logged_in()
login.login(user)
assert login.current_full_name() == user.name
def test_current_user_login_delete(request):
"""Test for deleting current user login.
Steps:
* Login as Admin user
* Create a new user
* Login with the new user
* Try deleting the user
"""
group_user = Group("EvmGroup-super_administrator")
user = User(
name='user' + fauxfactory.gen_alphanumeric(),
credential=new_credential(),
email='*****@*****.**',
group=group_user)
user.create()
request.addfinalizer(user.delete)
request.addfinalizer(login.login_admin)
with user:
if version.current_version() >= '5.7':
navigate_to(user, 'Details')
menu_item = ('Configuration', 'Delete this User')
assert tb.exists(*menu_item) and tb.is_greyed(*menu_item), "Delete User is not dimmed"
else:
with error.expected("Current EVM User \"{}\" cannot be deleted".format(user.name)):
user.delete()
def test_userid_required_error_validation():
user = User(
name='user' + fauxfactory.gen_alphanumeric(),
credential=Credential(principal='', secret='redhat'),
email='*****@*****.**',
group=group_user)
with error.expected("Userid can't be blank"):
user.create()
def user():
user = User(
credential=Credential(principal=fauxfactory.gen_alphanumeric(), secret=fauxfactory.gen_alphanumeric()),
name=fauxfactory.gen_alphanumeric(),
group=Group(description="EvmGroup-super_administrator"),
)
user.create()
return user
def test_user_email_error_validation():
user = User(
name='user' + fauxfactory.gen_alphanumeric(),
credential=new_credential(),
email='xyzdhat.com',
group=group_user)
with error.expected("Email must be a valid email address"):
user.create()
def test_user_group_error_validation():
user = User(
name='user{}'.format(fauxfactory.gen_alphanumeric()),
credential=new_credential(),
email='*****@*****.**',
group='')
with error.expected("A User must be assigned to a Group"):
user.create()
def test_username_required_error_validation():
user = User(
name="",
credential=new_credential(),
email='*****@*****.**',
group=group_user)
with error.expected("Name can't be blank"):
user.create()
def test_userid_required_error_validation():
user = User(
name="user" + fauxfactory.gen_alphanumeric(),
credential=Credential(principal="", secret="redhat"),
email="*****@*****.**",
group=group_user,
)
with error.expected("Userid can't be blank"):
user.create()
def test_delete_default_user():
"""Test for deleting default user Administrator.
Steps:
* Login as Administrator user
* Try deleting the user
"""
user = User(name='Administrator')
with pytest.raises(RBACOperationBlocked):
user.delete()
def test_username_required_error_validation(group_collection):
group_name = 'EvmGroup-user'
group = group_collection.instantiate(description=group_name)
user = User(
name="",
credential=new_credential(),
email='*****@*****.**',
group=group)
with error.expected("Name can't be blank"):
user.create()
def test_user_email_error_validation(group_collection):
group_name = 'EvmGroup-user'
group = group_collection.instantiate(description=group_name)
user = User(
name='user{}'.format(fauxfactory.gen_alphanumeric()),
credential=new_credential(),
email='xyzdhat.com',
group=group)
with error.expected("Email must be a valid email address"):
user.create()
def login(user, submit_method=_js_auth_fn):
"""
Login to CFME with the given username and password.
Optionally, submit_method can be press_enter_after_password
to use the enter key to login, rather than clicking the button.
Args:
user: The username to fill in the username field.
password: The password to fill in the password field.
submit_method: A function to call after the username and password have been input.
Raises:
RuntimeError: If the login fails, ie. if a flash message appears
"""
if not user:
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
if not logged_in() or user.credential.principal is not current_username():
if logged_in():
logout()
# workaround for strange bug where we are logged out
# as soon as we click something on the dashboard
sel.sleep(1.0)
logger.debug('Logging in as user %s', user.credential.principal)
try:
fill(form, {'username': user.credential.principal, 'password': user.credential.secret})
except sel.InvalidElementStateException as e:
logger.warning("Got an error. Details follow.")
msg = str(e).lower()
if "element is read-only" in msg:
logger.warning("Got a read-only login form, will reload the browser.")
# Reload browser
quit()
ensure_browser_open()
sel.sleep(1.0)
sel.wait_for_ajax()
# And try filling the form again
fill(form, {'username': user.credential.principal,
'password': user.credential.secret})
else:
logger.warning("Unknown error, reraising.")
logger.exception(e)
raise
with sel.ajax_timeout(90):
submit_method()
flash.assert_no_errors()
user.full_name = _full_name()
store.user = user
def test_user_password_required_error_validation():
user = User(
name='user' + fauxfactory.gen_alphanumeric(),
credential=Credential(principal='uid' + fauxfactory.gen_alphanumeric(), secret=None),
email='*****@*****.**',
group=group_user)
if version.current_version() < "5.5":
check = "Password_digest can't be blank"
else:
check = "Password can't be blank"
with error.expected(check):
user.create()
def login_admin(self, **kwargs):
"""
Convenience function to log into CFME using the admin credentials from the yamls.
Args:
kwargs: A dict of keyword arguments to supply to the :py:meth:`login` method.
"""
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
from cfme.configure.access_control import User
user = User(credential=cred)
user.name = 'Administrator'
self.login(user, **kwargs)
def user_restricted(group_with_tag, new_credential):
"""
Returns restricted user object assigned
to group with tag filter used in test module
"""
user = User(
name='user{}'.format(fauxfactory.gen_alphanumeric()),
credential=new_credential,
email='*****@*****.**',
group=group_with_tag,
cost_center='Workload',
value_assign='Database')
user.create()
yield user
user.delete()
def test_userid_required_error_validation(group_collection):
group_name = 'EvmGroup-user'
group = group_collection.instantiate(description=group_name)
user = User(
name='user{}'.format(fauxfactory.gen_alphanumeric()),
credential=Credential(principal='', secret='redhat'),
email='*****@*****.**',
group=group)
with error.expected("Userid can't be blank"):
user.create()
# Navigating away from this page will create an "Abandon Changes" alert
# Since group creation failed we need to reset the state of the page
navigate_to(user.appliance.server, 'Dashboard')
def test_bad_password(context, request, appliance):
""" Tests logging in with a bad password. """
username = conf.credentials['default']['username']
password = "******"
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
user.name = 'Administrator'
if appliance.version.is_in_series('5.7'):
error_message = "Sorry, the username or password you entered is incorrect."
else:
error_message = "Incorrect username or password"
with appliance.context.use(context):
with error.expected(error_message):
appliance.server.login(user)
def test_bad_password(request):
""" Tests logging in with a bad password. """
appliance = get_or_create_current_appliance()
request.addfinalizer(lambda: navigate_to(appliance.server, 'LoginScreen'))
login_page = navigate_to(appliance.server, 'LoginScreen')
username = conf.credentials['default']['username']
password = "******"
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
user.name = 'Administrator'
with error.expected("Sorry, the username or password you entered is incorrect."):
login_page.log_in(user)
assert login.page.is_displayed
def login(self, user=None, method=LOGIN_METHODS[-1]):
"""
Login to CFME with the given username and password.
Optionally, submit_method can be press_enter_after_password
to use the enter key to login, rather than clicking the button.
Args:
user: The username to fill in the username field.
password: The password to fill in the password field.
submit_method: A function to call after the username and password have been input.
Raises:
RuntimeError: If the login fails, ie. if a flash message appears
"""
# Circular import
if not user:
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
from cfme.configure.access_control import User
user = User(credential=cred, name='Administrator')
logged_in_view = self.appliance.browser.create_view(BaseLoggedInPage)
if not logged_in_view.logged_in_as_user(user):
if logged_in_view.logged_in:
logged_in_view.logout()
from cfme.utils.appliance.implementations.ui import navigate_to
login_view = navigate_to(self.appliance.server, 'LoginScreen')
time.sleep(1)
logger.debug('Logging in as user %s', user.credential.principal)
login_view.flush_widget_cache()
login_view.log_in(user, method=method)
logged_in_view.flush_widget_cache()
user.name = logged_in_view.current_fullname
try:
assert logged_in_view.is_displayed
assert logged_in_view.logged_in_as_user
self.appliance.user = user
except AssertionError:
login_view.flash.assert_no_error()
return logged_in_view
def test_current_user_login_delete(request):
"""Test for deleting current user login.
Steps:
* Login as Admin user
* Create a new user
* Login with the new user
* Try deleting the user
"""
group_user = Group("EvmGroup-super_administrator")
user = User(
name='user' + fauxfactory.gen_alphanumeric(),
credential=new_credential(),
email='*****@*****.**',
group=group_user)
user.create()
request.addfinalizer(user.delete)
request.addfinalizer(login.login_admin)
with user:
with error.expected("Current EVM User \"{}\" cannot be deleted".format(user.name)):
user.delete()
def test_bad_password(request, appliance):
""" Tests logging in with a bad password. """
request.addfinalizer(lambda: navigate_to(appliance.server, 'LoginScreen'))
login_page = navigate_to(appliance.server, 'LoginScreen')
username = conf.credentials['default']['username']
password = "******"
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
user.name = 'Administrator'
if appliance.version.is_in_series('5.7'):
error_message = "Sorry, the username or password you entered is incorrect."
else:
error_message = "Incorrect username or password"
with error.expected(error_message):
login_page.log_in(user)
assert login_page.is_displayed
def login_admin(**kwargs):
"""
Convenience function to log into CFME using the admin credentials from the yamls.
Args:
kwargs: A dict of keyword arguments to supply to the :py:meth:`login` method.
"""
if current_full_name() != 'Administrator':
logout()
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
login(user, **kwargs)
def user(request, data, add_group):
if not data:
pytest.skip("No data specified for user")
username, password = data["username"], data["password"]
if 'evm_default_group' in add_group:
username, password = data['default_username'], data['default_password']
data['fullname'] = data['default_userfullname']
credentials = Credential(
principal=username,
secret=password,
verify_secret=password,
)
user_obj = User(name=data['fullname'], credential=credentials)
request.addfinalizer(user_obj.delete)
return user_obj
def test_delete_default_user():
"""Test for deleting default user Administrator.
Steps:
* Login as Administrator user
* Try deleting the user
"""
user = User(name='Administrator')
navigate_to(User, 'All')
row = records_table.find_row_by_cells({'Full Name': user.name})
sel.check(sel.element(".//input[@type='checkbox']", root=row[0]))
tb.select('Configuration', 'Delete selected Users', invokes_alert=True)
sel.handle_alert()
flash.assert_message_match(
'Default EVM User "{}" cannot be deleted'.format(user.name))
def test_edit_user_password(rest_api, user):
if "edit" not in rest_api.collections.users.action.all:
pytest.skip("Edit action for users is not implemented in this version")
try:
for cur_user in rest_api.collections.users:
if cur_user.userid != conf.credentials['default']['username']:
rest_user = cur_user
break
except:
pytest.skip("There is no user to change password")
new_password = fauxfactory.gen_alphanumeric()
rest_user.action.edit(password=new_password)
cred = Credential(principal=rest_user.userid, secret=new_password)
new_user = User(credential=cred)
login(new_user)
def login(self, user=None, **kwargs):
if not user:
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
login_view = navigate_to(self.appliance.server, 'LoginScreen')
login_view.fill({
'username': user.credential.principal,
'password': user.credential.secret,
})
login_view.login.click()
# Without this the login screen just exits after logging in
time.sleep(3)
login_view.flash.assert_no_error()
self.browser.plugin.ensure_page_safe()
def new_user(group=usergrp):
from fixtures.blockers import bug
uppercase_username_bug = bug(1487199)
user = User(name='user' + fauxfactory.gen_alphanumeric(),
credential=new_credential(),
email='*****@*****.**',
group=group,
cost_center='Workload',
value_assign='Database')
# Version 5.8.2 has a regression blocking logins for usernames w/ uppercase chars
if '5.8.2' <= user.appliance.version < '5.9' and uppercase_username_bug:
user.credential.principal = user.credential.principal.lower()
return user
def test_openldap_auth(request, setup_first_provider,
configure_openldap_auth_mode):
data = cfme_data.get("openldap_test", {})
if not data:
pytest.skip("No openldap_test section in yaml")
group = Group(description=data["group_name"], role="EvmRole-user")
request.addfinalizer(group.delete)
group.create()
credentials = Credential(
principal=data["username"],
secret=data["password"],
verify_secret=data["password"],
)
user = User(name=data["fullname"], credential=credentials)
request.addfinalizer(user.delete)
request.addfinalizer(login.login_admin)
login.login(data["username"], data["password"])
assert login.current_full_name() == data["fullname"]
def user_restricted(group_with_tag, new_credential):
"""
Returns restricted user object assigned
to group with tag filter used in test module
"""
user = User(name='user{}'.format(fauxfactory.gen_alphanumeric()),
credential=new_credential,
email='*****@*****.**',
group=group_with_tag,
cost_center='Workload',
value_assign='Database')
user.create()
yield user
user.delete()
def test_openldap_auth(request, group, add_from_ldap, configure_openldap_auth_mode):
data = cfme_data.get("openldap_test", {})
if add_from_ldap:
group.add_group_from_ldap_lookup()
else:
group.create()
request.addfinalizer(group.delete)
credentials = Credential(
principal=data["username"],
secret=data["password"],
verify_secret=data["password"],
)
user = User(name=data["fullname"], credential=credentials)
request.addfinalizer(user.delete)
request.addfinalizer(login.login_admin)
with user:
login.login(user)
assert login.current_full_name() == data["fullname"]
login.logout()
login.login_admin()
assert user.exists is True
def login(self, user=None, method=LOGIN_METHODS[-1]):
if not user:
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
logged_in_view = self.appliance.ssui.create_view(SSUIBaseLoggedInPage)
if logged_in_view.logged_in_as_user(user):
return
if logged_in_view.logged_in:
logged_in_view.logout()
login_view = navigate_to(self.appliance.server, 'LoginScreen')
login_view.log_in(user, method=method)
# Without this the login screen just exits after logging in
time.sleep(3)
login_view.flash.assert_no_error()
self.browser.plugin.ensure_page_safe()
assert logged_in_view.is_displayed
return logged_in_view
def login(user, submit_method=_js_auth_fn):
"""
Login to CFME with the given username and password.
Optionally, submit_method can be press_enter_after_password
to use the enter key to login, rather than clicking the button.
Args:
user: The username to fill in the username field.
password: The password to fill in the password field.
submit_method: A function to call after the username and password have been input.
Raises:
RuntimeError: If the login fails, ie. if a flash message appears
"""
if not user:
username = conf.credentials['default']['username']
password = conf.credentials['default']['password']
cred = Credential(principal=username, secret=password)
user = User(credential=cred)
if not logged_in() or user.credential.principal is not current_username():
if logged_in():
logout()
# workaround for strange bug where we are logged out
# as soon as we click something on the dashboard
sel.sleep(1.0)
logger.debug('Logging in as user %s', user.credential.principal)
try:
fill(
form, {
'username': user.credential.principal,
'password': user.credential.secret
})
except sel.InvalidElementStateException as e:
logger.warning("Got an error. Details follow.")
msg = str(e).lower()
if "element is read-only" in msg:
logger.warning(
"Got a read-only login form, will reload the browser.")
# Reload browser
quit()
ensure_browser_open()
sel.sleep(1.0)
sel.wait_for_ajax()
# And try filling the form again
fill(
form, {
'username': user.credential.principal,
'password': user.credential.secret
})
else:
logger.warning("Unknown error, reraising.")
logger.exception(e)
raise
with sel.ajax_timeout(90):
submit_method()
flash.assert_no_errors()
user.full_name = _full_name()
store.user = user
def user():
user = User(credential=Credential(principal=fauxfactory.gen_alphanumeric(),
secret=fauxfactory.gen_alphanumeric()), name=fauxfactory.gen_alphanumeric(),
group=Group(description='EvmGroup-super_administrator'))
user.create()
return user
def pytest_pyfunc_call(pyfuncitem):
"""Inspects and consumes certain exceptions
The guts of this function are explained above in the module documentation.
Args:
pyfuncitem: A pytest test item.
"""
# do whatever you want before the next hook executes
if not enable_rbac:
yield
return
# Login as the "new" user to run the test under
if 'rbac_role' in pyfuncitem.fixturenames:
user = pyfuncitem._request.getfuncargvalue('rbac_role')
really_logout()
logger.info("setting user to {}".format(user))
user_obj = User(username=conf.credentials[user]['username'],
password=conf.credentials[user]['password'])
# Actually perform the test. outcome is set to be a result object from the test
with user_obj:
outcome = yield
screenshot, screenshot_error = take_screenshot()
# Handle the Exception
logger.error(pyfuncitem.location[0])
loc = "{}/{}".format(pyfuncitem.location[0], pyfuncitem.location[2])
# loc = loc[:min([loc.rfind('['), len(loc)])]
logger.error(loc)
# errors = [v for k, v in tests.iteritems() if loc.startswith(k)]
errors = pyfuncitem.function.meta.kwargs['from_docs']['rbac']['roles']
if errors:
# errors = errors[0]
user = pyfuncitem.funcargs['rbac_role']
if errors[user]:
if not outcome.excinfo:
logger.error("RBAC: Test should fail!")
raise Exception("RBAC: You should fail!")
else:
if outcome.excinfo[1].__repr__().startswith(errors[user]):
logger.info("RBAC: Test failed as expected")
outcome.force_result(True)
else:
contents = "".join(
traceback.format_list(
traceback.extract_tb(outcome.excinfo[2])))
save_traceback_file(pyfuncitem, contents)
save_screenshot(pyfuncitem, screenshot,
screenshot_error)
logger.error("RBAC: You blithering idiot, "
"you failed with the wrong exception")
raise Exception(
"RBAC: You should fail with {}!".format(
errors[user]))
else:
if not outcome.excinfo:
logger.info("RBAC: Test passed as expected")
else:
logger.error("RBAC: Test should have passed!")
contents = "".join(
traceback.format_list(
traceback.extract_tb(outcome.excinfo[2])))
save_traceback_file(pyfuncitem, contents)
save_screenshot(pyfuncitem, screenshot, screenshot_error)
raise Exception("RBAC: Test should have passed!")
def test_user_group_error_validation():
user = User(
name="user" + fauxfactory.gen_alphanumeric(), credential=new_credential(), email="*****@*****.**", group=""
)
with error.expected("A User must be assigned to a Group"):
user.create()
