def test_02_check_role_permission(self):
# create users
self.user.create(self.pulp)
self.assertPulpOK()
self.user2.create(self.pulp)
self.assertPulpOK()
# add users to the role
self.role.add_user(
self.pulp,
data={'login': self.user.data['login']}
)
self.assertPulp(code=200)
self.role.add_user(
self.pulp,
data={'login': self.user2.data['login']}
)
self.assertPulp(code=200)
# check users' permissions
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_15_check_bindings_removed(self):
self.role.delete(self.pulp)
self.assertPulpOK()
#check that after role deletion user binding are also removed
with self.assertRaises(AssertionError):
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
def test_15_check_bindings_removed(self):
self.role.delete(self.pulp)
self.assertPulpOK()
#check that after role deletion user binding are also removed
with self.assertRaises(AssertionError):
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
def test_04_check_role_permission(self):
# create users
self.user.create(self.pulp)
self.assertPulpOK()
self.user2.create(self.pulp)
self.assertPulpOK()
# add users to the role
self.role.add_user(
self.pulp,
self.user.id
)
self.assertPulp(code=200)
self.role.add_user(
self.pulp,
self.user2.id
)
self.assertPulp(code=200)
# check users' permissions, that thay can access resource after been added to specific role
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_99_node_unbind_repo(self):
self.node.unbind_repo(self.pulp, self.repo.id, self.node_distributor.id)
self.assertPulpOK()
# nodes keep the repos after updating
child_repos = Repo.list(self.pulp_child)
for repo in child_repos:
Task.wait_for_report(self.pulp_child, repo.delete(self.pulp_child))
def test_11_two_roles_two_users(self):
# create users
self.user.create(self.pulp)
self.assertPulpOK()
self.user2.create(self.pulp)
self.assertPulpOK()
# grant permissions
self.role.grant_permission(self.pulp, self.role.id, "/", ["READ", "EXECUTE"])
self.role.grant_permission(self.pulp, self.role.id, "/repositories/", ["READ", "EXECUTE"])
self.assertPulpOK()
self.role2.grant_permission(self.pulp, self.role2.id, "/", ["READ", "EXECUTE"])
self.role2.grant_permission(self.pulp, self.role2.id, "/repositories/", ["READ", "EXECUTE"])
self.assertPulpOK()
# add users to roles
self.role.add_user(
self.pulp,
self.user.id
)
self.assertPulp(code=200)
self.role2.add_user(
self.pulp,
self.user.id
)
self.assertPulp(code=200)
self.role2.add_user(
self.pulp,
self.user2.id
)
self.assertPulp(code=200)
# check users' permissions
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
# revoke permissions from role2
self.role2.revoke_permission(self.pulp, self.role2.id, "/", ["READ", "EXECUTE"])
self.role2.revoke_permission(self.pulp, self.role2.id, "/repositories/", ["READ", "EXECUTE"])
self.assertPulpOK()
# check users' permissions
# user should still be able to access resource as it belongs to other role
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
# user2 should not be able to access resource as no more pemissions are granted to it
with self.assertRaises(AssertionError):
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_99_node_unbind_repo(self):
self.node.unbind_repo(self.pulp, self.repo.id,
self.node_distributor.id)
self.assertPulpOK()
# nodes keep the repos after updating
child_repos = Repo.list(self.pulp_child)
for repo in child_repos:
Task.wait_for_report(self.pulp_child, repo.delete(self.pulp_child))
def test_06_two_roles_two_users(self):
# create users
self.user.create(self.pulp)
self.assertPulpOK()
self.user2.create(self.pulp)
self.assertPulpOK()
# grant permissions
self.role.grant_permission(self.pulp, data={"role_id": self.role.data['id'], "resource": "/", "operations": ["READ", "EXECUTE"]})
self.role.grant_permission(self.pulp, data={"role_id": self.role.data['id'], "resource": "/repositories/", "operations": ["READ", "EXECUTE"]})
self.assertPulpOK()
self.role2.grant_permission(self.pulp, data={"role_id": self.role2.data['id'], "resource": "/", "operations": ["READ", "EXECUTE"]})
self.role2.grant_permission(self.pulp, data={"role_id": self.role2.data['id'], "resource": "/repositories/", "operations": ["READ", "EXECUTE"]})
self.assertPulpOK()
# add users to roles
self.role.add_user(
self.pulp,
data={'login': self.user.data['login']}
)
self.assertPulp(code=200)
self.role2.add_user(
self.pulp,
data={'login': self.user.data['login']}
)
self.assertPulp(code=200)
self.role2.add_user(
self.pulp,
data={'login': self.user2.data['login']}
)
self.assertPulp(code=200)
# check users' permissions
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
# revoke permissions from role2
self.role2.revoke_permission(self.pulp, data={"role_id": self.role2.data['id'], "resource": "/", "operations": ["READ", "EXECUTE"]})
self.role2.revoke_permission(self.pulp, data={"role_id": self.role2.data['id'], "resource": "/repositories/", "operations": ["READ", "EXECUTE"]})
self.assertPulpOK()
# check users' permissions
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.assertRaises(AssertionError):
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_11_two_roles_two_users(self):
# create users
self.user.create(self.pulp)
self.assertPulpOK()
self.user2.create(self.pulp)
self.assertPulpOK()
# grant permissions
self.role.grant_permission(self.pulp, self.role.id, "/",
["READ", "EXECUTE"])
self.role.grant_permission(self.pulp, self.role.id, "/repositories/",
["READ", "EXECUTE"])
self.assertPulpOK()
self.role2.grant_permission(self.pulp, self.role2.id, "/",
["READ", "EXECUTE"])
self.role2.grant_permission(self.pulp, self.role2.id, "/repositories/",
["READ", "EXECUTE"])
self.assertPulpOK()
# add users to roles
self.role.add_user(self.pulp, self.user.id)
self.assertPulp(code=200)
self.role2.add_user(self.pulp, self.user.id)
self.assertPulp(code=200)
self.role2.add_user(self.pulp, self.user2.id)
self.assertPulp(code=200)
# check users' permissions
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
# revoke permissions from role2
self.role2.revoke_permission(self.pulp, self.role2.id, "/",
["READ", "EXECUTE"])
self.role2.revoke_permission(self.pulp, self.role2.id,
"/repositories/", ["READ", "EXECUTE"])
self.assertPulpOK()
# check users' permissions
# user should still be able to access resource as it belongs to other role
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
# user2 should not be able to access resource as no more pemissions are granted to it
with self.assertRaises(AssertionError):
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_04_check_role_permission(self):
# create users
self.user.create(self.pulp)
self.assertPulpOK()
self.user2.create(self.pulp)
self.assertPulpOK()
# add users to the role
self.role.add_user(self.pulp, self.user.id)
self.assertPulp(code=200)
self.role.add_user(self.pulp, self.user2.id)
self.assertPulp(code=200)
# check users' permissions, that thay can access resource after been added to specific role
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_07_check_role_permission(self):
# check that user cannot access resource as permissions of the role were revoked
with self.assertRaises(AssertionError):
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
def test_03_check_user_permission(self):
#check that user can access resource on which permissions were granted
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
def test_03_list_repos(self):
repos = Repo.list(self.pulp)
self.assertIn(self.repo, repos)
def test_12_check_user_perm(self):
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_14_check_bindings_removed(self):
#check that after user2 removal from role user binding are also removed
with self.assertRaises(AssertionError):
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_07_check_role_permission(self):
# check that user cannot access resource as permissions of the role were revoked
with self.assertRaises(AssertionError):
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
def test_12_check_user_perm(self):
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_14_check_bindings_removed(self):
#check that after user2 removal from role user binding are also removed
with self.assertRaises(AssertionError):
with self.user_pulp2.asserting(True):
Repo.list(self.user_pulp2)
def test_05_child_repo_list(self):
# at this point the repo should be visible on both the nodes
assert self.repo in Repo.list(self.pulp_child), 'repo not propagated to child node'
def test_05_child_repo_list(self):
# at this point the repo should be visible on both the nodes
assert self.repo in Repo.list(
self.pulp_child), 'repo not propagated to child node'
def test_03_list_repos(self):
repos = Repo.list(self.pulp)
self.assertIn(self.repo, repos)
def test_03_check_user_permission(self):
#check that user can access resource on which permissions were granted
with self.user_pulp.asserting(True):
Repo.list(self.user_pulp)