def test_positive_virtwho_viewer_role(self, session, test_name, form_data): """Verify the virt-who viewer role can TRULY work. :id: bf3be2e4-3853-41cc-9b3e-c8677f0b8c5f :expectedresults: Virt-who Viewer Role granting permissions to see all configurations including their configuration scripts, which means viewers could still deploy the virt-who instances for existing virt-who configurations. """ username = gen_string('alpha') password = gen_string('alpha') config_name = gen_string('alpha') with session: # Create an user session.user.create({ 'user.login': username, 'user.mail': valid_emails_list()[0], 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, }) # Create a virt-who config plugin form_data['name'] = config_name session.virtwho_configure.create(form_data) values = session.virtwho_configure.read(config_name) command = values['deploy']['command'] deploy_configure_by_command(command, form_data['hypervisor_type']) assert session.virtwho_configure.search( config_name)[0]['Status'] == 'ok' # Check the permissioin of Virt-who Viewer session.user.update( username, {'roles.resources.assigned': ['Virt-who Viewer']}) user = session.user.read(username) assert user['roles']['resources']['assigned'] == [ 'Virt-who Viewer' ] # Update the virt-who config file config_id = get_configure_id(config_name) config_file = get_configure_file(config_id) update_configure_option('rhsm_username', username, config_file) delete_configure_option('rhsm_encrypted_password', config_file) add_configure_option('rhsm_password', password, config_file) restart_virtwho_service() assert get_virtwho_status() == 'logerror' with Session(test_name, username, password) as newsession: create_permission = newsession.virtwho_configure.check_create_permission( ) update_permission = newsession.virtwho_configure.check_update_permission( config_name) assert create_permission['can_view'] assert not create_permission['can_create'] assert not update_permission['can_delete'] assert not update_permission['can_edit'] newsession.virtwho_configure.read(config_name) # Delete the created user session.user.delete(username) assert not session.user.search(username)
def test_positive_virtwho_reporter_role(self, default_org, session, test_name, form_data): """Verify the virt-who reporter role can TRULY work. :id: cd235ab0-d89c-464b-98d6-9d090ac40d8f :expectedresults: Virt-who Reporter Role granting minimal set of permissions for virt-who to upload the report, it can be used if you configure virt-who manually and want to use user that has locked down account. """ username = gen_string('alpha') password = gen_string('alpha') config_name = gen_string('alpha') with session: # Create an user session.user.create({ 'user.login': username, 'user.mail': valid_emails_list()[0], 'user.auth': 'INTERNAL', 'user.password': password, 'user.confirm': password, }) # Create a virt-who config plugin form_data['name'] = config_name session.virtwho_configure.create(form_data) values = session.virtwho_configure.read(config_name) command = values['deploy']['command'] deploy_configure_by_command(command, form_data['hypervisor_type'], org=default_org.label) assert session.virtwho_configure.search( config_name)[0]['Status'] == 'ok' # Update the virt-who config file config_id = get_configure_id(config_name) config_file = get_configure_file(config_id) update_configure_option('rhsm_username', username, config_file) delete_configure_option('rhsm_encrypted_password', config_file) add_configure_option('rhsm_password', password, config_file) restart_virtwho_service() assert get_virtwho_status() == 'logerror' # Check the permissioin of Virt-who Reporter session.user.update( username, {'roles.resources.assigned': ['Virt-who Reporter']}) assert session.user.search(username)[0]['Username'] == username user = session.user.read(username) assert user['roles']['resources']['assigned'] == [ 'Virt-who Reporter' ] restart_virtwho_service() assert get_virtwho_status() == 'running' with Session(test_name, username, password) as newsession: assert not newsession.virtwho_configure.check_create_permission( )['can_view'] session.user.delete(username) assert not session.user.search(username)