def test_put_facts_with_RBAC_denied(subtests, mocker, api_put, db_create_host, db_get_host, enable_rbac): get_rbac_permissions_mock = mocker.patch( "lib.middleware.get_rbac_permissions") updated_facts = { "updatedfact1": "updatedvalue1", "updatedfact2": "updatedvalue2" } for response_file in WRITE_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) host = db_create_host(extra_data={"facts": DB_FACTS}) url = build_facts_url(host_list_or_id=host.id, namespace=DB_FACTS_NAMESPACE) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response response_status, response_data = api_put(url, updated_facts) assert_response_status(response_status, 403) assert db_get_host( host.id).facts[DB_FACTS_NAMESPACE] != updated_facts
def test_delete_host_with_RBAC_allowed( subtests, mocker, api_delete_host, event_datetime_mock, event_producer_mock, db_get_host, db_create_host, enable_rbac, ): get_rbac_permissions_mock = mocker.patch( "lib.middleware.get_rbac_permissions") for response_file in WRITE_ALLOWED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response host = db_create_host() response_status, response_data = api_delete_host(host.id) assert_response_status(response_status, 200) assert_delete_event_is_valid(event_producer=event_producer_mock, host=host, timestamp=event_datetime_mock) assert not db_get_host(host.id)
def test_get_system_profile_RBAC_allowed(mocker, subtests, api_get, db_create_host, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") host = db_create_host() for response_file in READ_ALLOWED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response response_status, response_data = api_get(f"{HOST_URL}/{host.id}/system_profile") assert_response_status(response_status, 200)
def test_get_host_tags_with_RBAC_denied(subtests, mocker, db_create_host, api_get, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response host = db_create_host() url = build_host_tags_url(host_list_or_id=host.id) response_status, response_data = api_get(url, identity_type="User") assert_response_status(response_status, 403)
def test_patch_host_with_RBAC_allowed(subtests, mocker, api_patch, db_create_host, event_producer_mock, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") for response_file in WRITE_ALLOWED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response host = db_create_host() url = build_hosts_url(host_list_or_id=host.id) response_status, response_data = api_patch(url, {"display_name": "fred_flintstone"}, identity_type="User") assert_response_status(response_status, 200)
def test_put_facts_with_RBAC_allowed(subtests, mocker, api_put, db_create_host, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") for response_file in WRITE_ALLOWED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) host = db_create_host(extra_data={"facts": DB_FACTS}) url = build_facts_url(host_list_or_id=host.id, namespace=DB_FACTS_NAMESPACE) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response response_status, response_data = api_put(url, DB_NEW_FACTS, identity_type="User") assert_response_status(response_status, 200)
def test_get_system_profile_with_RBAC_denied(subtests, mocker, query_source_xjoin, api_get, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") urls = (build_system_profile_sap_system_url(), build_system_profile_sap_sids_url()) for url in urls: for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response response_status, response_data = api_get(url, identity_type="User") assert_response_status(response_status, 403)
def test_delete_host_with_RBAC_denied( subtests, mocker, api_delete_host, event_producer_mock, db_create_host, enable_rbac ): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") for response_file in WRITE_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response host = db_create_host() response_status, response_data = api_delete_host(host.id, identity_type="User") assert_response_status(response_status, 403)
def test_get_system_profile_sap_sids_with_RBAC_allowed( subtests, mocker, query_source_xjoin, graphql_system_profile_sap_sids_query_with_response, api_get, enable_rbac ): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") url = build_system_profile_sap_sids_url() for response_file in READ_ALLOWED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response response_status, response_data = api_get(url, identity_type="User") assert_response_status(response_status, 200)
def test_get_host_tag_count_RBAC_denied(mq_create_four_specific_hosts, mocker, api_get, subtests, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") find_non_culled_hosts_mock = mocker.patch("lib.host_repository.find_non_culled_hosts", wraps=find_non_culled_hosts) created_hosts = mq_create_four_specific_hosts for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response url = build_tags_count_url(host_list_or_id=created_hosts, query="?order_by=updated&order_how=ASC") response_status, response_data = api_get(url) assert response_status == 403 find_non_culled_hosts_mock.assert_not_called()
def test_get_system_profile_RBAC_denied(mocker, subtests, api_get, db_create_host, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") find_hosts_by_staleness_mock = mocker.patch( "lib.host_repository.find_hosts_by_staleness", wraps=find_hosts_by_staleness ) host = db_create_host() for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response response_status, response_data = api_get(f"{HOST_URL}/{host.id}/system_profile") assert_response_status(response_status, 403) find_hosts_by_staleness_mock.assert_not_called()
def test_get_host_tag_count_RBAC_allowed(mq_create_four_specific_hosts, mocker, api_get, subtests, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") created_hosts = mq_create_four_specific_hosts expected_response = {host.id: len(host.tags) for host in created_hosts} for response_file in READ_ALLOWED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response url = build_tags_count_url(host_list_or_id=created_hosts, query="?order_by=updated&order_how=ASC") response_status, response_data = api_get(url) assert response_status == 200 assert len(expected_response) == len(response_data["results"]) api_pagination_test(api_get, subtests, url, expected_total=len(expected_response))
def test_get_host_tags_with_RBAC_denied(subtests, mocker, db_create_host, api_get, enable_rbac): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") find_hosts_by_staleness_mock = mocker.patch( "lib.host_repository.find_hosts_by_staleness", wraps=find_hosts_by_staleness ) for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response host = db_create_host() url = build_host_tags_url(host_list_or_id=host.id) response_status, response_data = api_get(url) assert_response_status(response_status, 403) find_hosts_by_staleness_mock.assert_not_called()
def test_patch_host_with_RBAC_denied( subtests, mocker, api_patch, db_create_host, event_producer_mock, db_get_host, enable_rbac ): get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions") for response_file in WRITE_PROHIBITED_RBAC_RESPONSE_FILES: mock_rbac_response = create_mock_rbac_response(response_file) with subtests.test(): get_rbac_permissions_mock.return_value = mock_rbac_response host = db_create_host() url = build_hosts_url(host_list_or_id=host.id) new_display_name = "fred_flintstone" response_status, response_data = api_patch(url, {"display_name": new_display_name}) assert_response_status(response_status, 403) assert not db_get_host(host.id).display_name == new_display_name