def test_add_role_owner(): """Test adding an owner to a role. Creates two test users and a role with user1 as owner/admin, then adds the second user as role owner.""" user1_payload = { "name": "Test User 3", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 4", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0501201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 2", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/owners".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id # Logging in as role owner user_login(session, user1_payload["username"], user1_payload["password"]) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["status"] == "CONFIRMED" delete_role_by_name("TestRole0501201902") delete_user_by_username("testuser3") delete_user_by_username("testuser4")
def test_approve_update_manager(user, approver, expected_status_code): """ Tests four UpdateUserManager proposal approval scenarios: 1. NextAdmin approves the proposal 2. A random user tries to approve the proposal 3. New manager (related_id of proposal) tries to approve the proposal 4. Manager of NextAdmin tries to approve the proposal Args: user: (dict) User object that will be added to the role. Dict should contain the following field: { next_id: str } approver: (dict) User object of the approver. Dict should contain the following fields: { username: str password: str } expected_status_code: (int) Expected HTTP response code (either 200 or 401) """ user_id = user["next_id"] update_user_payload = {"id": TEST_USERS[2]["next_id"]} with requests.Session() as session: # Create UpdateUserManager proposal create_next_admin(session) response = update_manager(session, user_id, update_user_payload) LOGGER.info(response) proposal_id = response.json()["proposal_id"] proposal_exists = wait_for_resource_in_db( "proposals", "proposal_id", proposal_id ) if proposal_exists: # Attempt to approve the UpdateUserManager proposal if approver != "next_admin": log_in_payload = { "id": approver["username"], "password": approver["password"], } user_login(session, log_in_payload["id"], log_in_payload["password"]) approval_response = approve_proposal(session, proposal_id) assert ( approval_response.status_code == expected_status_code ), "An error occurred while approving UpdateUserManager proposal: {}".format( approval_response.json() )
def test_add_role_owner(user, approver, expected_status_code): """ Tests three AddRoleOwner proposal approval scenarios: 1. Role owner approves the proposal 2. A random user tries to approve the proposal 3. Role owner's manager approves the proposal Args: user: (dict) User object that will be added to the role. Dict should contain the following field: { next_id: str } approver: (dict) User object of the approver. Dict should contain the following fields: { username: str password: str } expected_status_code: (int) Expected HTTP response code (either 200 or 401) """ log_in_payload = {"id": approver["username"], "password": approver["password"]} add_role_member_payload = {"id": user["next_id"]} role_id = TEST_ROLES[0]["role_id"] with requests.Session() as session: # Create AddRoleOwner proposal user_login(session, log_in_payload["id"], log_in_payload["password"]) response = add_role_owner(session, role_id, add_role_member_payload) proposal_id = response.json()["proposal_id"] proposal_exists = wait_for_resource_in_db( "proposals", "proposal_id", proposal_id ) if proposal_exists: # Attempt to approve the AddRoleOwner proposal approval_response = approve_proposal(session, proposal_id) assert ( approval_response.status_code == expected_status_code ), "An error occurred while approving AddRoleOwner proposal: {}".format( approval_response.json() )
def test_add_role_member_outqueue(): """ Test adding a new member to a role in NEXT-only mode. Creates two test users and a role using the first user, then adds the second user as member to role. This test will only run if ENABLE_NEXT_BASE_USE is set to 1. """ user1_payload = { "name": "Test Owner 0521201905", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test Member 0521201906", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: start_depth = get_outbound_queue_depth() create_next_admin(session) user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0521201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 3", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) assert_api_success(proposal_response) # Logging in as role owner user_login(session, user1_payload["username"], user1_payload["password"]) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # NOTE: members field contains an empty string because in NEXT # mode all user's remote_ids are set to an empty string outbound_queue_data = {"members": [""], "remote_id": ""} expected_payload = { "data": outbound_queue_data, "data_type": "group", "provider_id": "NEXT-created", "status": "UNCONFIRMED", "action": "", } # Check outbound_queue entry is formatted correctly outbound_entry = get_outbound_queue_entry(outbound_queue_data) outbound_entry[0].pop("timestamp") outbound_entry[0].pop("id") assert outbound_entry[0] == expected_payload delete_role_by_name("TestRole0521201902") delete_user_by_username("test0521201905") delete_user_by_username("test0521201906")
def test_add_role_member_ldap(): """ Test adding a new member to a role in LDAP-only mode. Creates two test users and a role using the first user, then adds the second user as member to role. This test will only run if ENABLE_LDAP_SYNC is set to 1. """ user1_payload = { "name": "Michael Scott", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Jim Halpert", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: start_depth = get_outbound_queue_depth() create_next_admin(session) user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "Michael_Scott_Paper_Company", "owners": user1_id, "administrators": user1_id, "description": "Infinite ideas await....", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) assert_api_success(proposal_response) # Logging in as role owner user_login(session, user1_payload["username"], user1_payload["password"]) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # NOTE: members field contains an empty string because in NEXT # mode all user's remote_ids are set to an empty string outbound_queue_data = { "description": "Infinite ideas await....", "name": "Michael_Scott_Paper_Company", "group_types": -2147483646, "members": [""], "owners": "", "remote_id": "CN=Michael_Scott_Paper_Company," + ENV("GROUP_BASE_DN"), } expected_payload = { "data": outbound_queue_data, "data_type": "group", "provider_id": ENV("LDAP_DC"), "status": "UNCONFIRMED", "action": "", } # Check outbound_queue entry is formatted correctly outbound_entry = get_outbound_queue_entry(outbound_queue_data) outbound_entry[0].pop("timestamp") outbound_entry[0].pop("id") assert outbound_entry[0] == expected_payload delete_role_by_name("Michael_Scott_Paper_Company") delete_user_by_username("jimh062619") delete_user_by_username("michaels062619")