def test_add_role_owner():
    """Test adding an owner to a role.

    Creates two test users and a role with user1 as owner/admin,
    then adds the second user as role owner."""
    user1_payload = {
        "name": "Test User 3",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    user2_payload = {
        "name": "Test User 4",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    with requests.Session() as session:
        create_next_admin(session)
        user_response1 = create_test_user(session, user1_payload)
        user1_result = assert_api_success(user_response1)
        user1_id = user1_result["data"]["user"]["id"]
        user2_response = create_test_user(session, user2_payload)
        user2_result = assert_api_success(user2_response)
        user2_id = user2_result["data"]["user"]["id"]
        role_payload = {
            "name": "TestRole0501201902",
            "owners": user1_id,
            "administrators": user1_id,
            "description": "Test Role 2",
        }
        role_response = create_test_role(session, role_payload)
        role_result = assert_api_success(role_response)
        role_id = role_result["data"]["id"]
        role_update_payload = {
            "id": user2_id,
            "reason": "Integration test of adding role owner.",
            "metadata": "",
        }

        response = session.post(
            "http://rbac-server:8000/api/roles/{}/owners".format(role_id),
            json=role_update_payload,
        )
        result = assert_api_success(response)
        proposal_response = get_proposal_with_retry(session, result["proposal_id"])
        proposal = assert_api_success(proposal_response)
        assert proposal["data"]["assigned_approver"][0] == user1_id

        # Logging in as role owner
        user_login(session, user1_payload["username"], user1_payload["password"])
        # Approve proposal as role owner
        approve_proposal(session, result["proposal_id"])
        proposal_response = get_proposal_with_retry(session, result["proposal_id"])
        proposal = assert_api_success(proposal_response)
        assert proposal["data"]["status"] == "CONFIRMED"
        delete_role_by_name("TestRole0501201902")
        delete_user_by_username("testuser3")
        delete_user_by_username("testuser4")
def test_add_role_task():
    """Test adding a new task to a role.

    Creates a test user and a role, then creates
    a task, to add to the role."""
    user1_payload = {
        "name": "Test Owner 2",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    with requests.Session() as session:
        create_next_admin(session)
        user1_response = create_test_user(session, user1_payload)
        user1_result = assert_api_success(user1_response)
        user1_id = user1_result["data"]["user"]["id"]

    with requests.Session() as session:
        user_login(session, "testowner2", "123456")
        task1_payload = {
            "name": "TestTask1",
            "administrators": user1_id,
            "owners": user1_id,
            "metadata": "",
        }
        task_response = create_test_task(session, task1_payload)
        task_result = assert_api_success(task_response)
        task_id = task_result["data"]["id"]
        role_payload = {
            "name": "TestRole0501201904",
            "owners": user1_id,
            "administrators": user1_id,
            "description": "Test Role 4",
        }
        role_response = create_test_role(session, role_payload)
        role_result = assert_api_success(role_response)
        role_id = role_result["data"]["id"]
        role_update_payload = {
            "id": task_id,
            "reason": "Integration test of adding a task.",
            "metadata": "",
        }
        response = session.post(
            "http://rbac-server:8000/api/roles/{}/tasks".format(role_id),
            json=role_update_payload,
        )
        result = assert_api_success(response)
        proposal_response = get_proposal_with_retry(session, result["proposal_id"])
        proposal = assert_api_success(proposal_response)
        assert proposal["data"]["assigned_approver"][0] == user1_id
        delete_role_by_name("TestRole0501201904")
        delete_user_by_username("testowner2")
        delete_task_by_name("TestTask1")
def test_add_task_owner():
    """Test adding an owner to a task.

    Creates two test users and a task using the first user,
    then adds the second user as task owner."""
    user1_payload = {
        "name": "Test User 10",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    user2_payload = {
        "name": "Test User 11",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    with requests.Session() as session:
        create_next_admin(session)
        user1_response = create_test_user(session, user1_payload)
        user1_result = assert_api_success(user1_response)
        user1_id = user1_result["data"]["user"]["id"]
        user2_response = create_test_user(session, user2_payload)
        user2_result = assert_api_success(user2_response)
        user2_id = user2_result["data"]["user"]["id"]
        task1_payload = {
            "name": "TestTask3",
            "administrators": user1_id,
            "owners": user1_id,
            "metadata": "",
        }
        task_response = create_test_task(session, task1_payload)
        task_result = assert_api_success(task_response)
        task_id = task_result["data"]["id"]
        owner_payload = {
            "id": user2_id,
            "reason": "Integration test of adding task owner.",
            "metadata": "",
        }
        response = session.post(
            "http://rbac-server:8000/api/tasks/{}/owners".format(task_id),
            json=owner_payload,
        )
        result = assert_api_success(response)
        proposal_response = get_proposal_with_retry(session,
                                                    result["proposal_id"])
        proposal = assert_api_success(proposal_response)
        assert proposal["data"]["assigned_approver"][0] == user1_id
        delete_task_by_name("TestTask3")
        delete_user_by_username("testuser10")
        delete_user_by_username("testuser11")
def test_update_manager():
    """ Creates a user and then updates their manager as nextAdmin"""
    user1_payload = {
        "name": "Test User 9",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    with requests.Session() as session:
        next_admin = create_next_admin(session)
        admin_id = next_admin.json()["data"]["next_id"]
        user1_response = create_test_user(session, user1_payload)
        user1_result = assert_api_success(user1_response)
        user1_id = user1_result["data"]["user"]["id"]

    with requests.Session() as session:
        user_login(session, "testuser9", "123456")
        manager_payload = {
            "id": user1_id,
            "reason": "Integration test of updating manager.",
            "metadata": "",
        }
        next_admin_role = get_role_by_name("NextAdmins")
        failed_response = update_manager(session, admin_id, manager_payload)
        assert failed_response.json() == {
            "code": 400,
            "message": "Proposal opener is not a Next Admin.",
        }
        add_role_member(session, next_admin_role[0]["role_id"],
                        {"id": user1_id})

    with requests.session() as session:
        create_next_admin(session)
        response = update_manager(session, admin_id, manager_payload)
        result = assert_api_success(response)
        proposal_response = get_proposal_with_retry(session,
                                                    result["proposal_id"])
        assert_api_success(proposal_response)
        delete_user_by_username("testuser6")
        delete_user_by_username("testuser7")
def test_add_role_member_outqueue():
    """ Test adding a new member to a role in NEXT-only mode.
    Creates two test users and a role using the first user,
    then adds the second user as member to role. This test will
    only run if ENABLE_NEXT_BASE_USE is set to 1.
    """
    user1_payload = {
        "name": "Test Owner 0521201905",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    user2_payload = {
        "name": "Test Member 0521201906",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    with requests.Session() as session:
        start_depth = get_outbound_queue_depth()
        create_next_admin(session)
        user_response1 = create_test_user(session, user1_payload)
        user1_result = assert_api_success(user_response1)
        user1_id = user1_result["data"]["user"]["id"]
        user2_response = create_test_user(session, user2_payload)
        user2_result = assert_api_success(user2_response)
        user2_id = user2_result["data"]["user"]["id"]
        role_payload = {
            "name": "TestRole0521201902",
            "owners": user1_id,
            "administrators": user1_id,
            "description": "Test Role 3",
        }
        role_response = create_test_role(session, role_payload)
        role_result = assert_api_success(role_response)
        role_id = role_result["data"]["id"]
        role_update_payload = {
            "id": user2_id,
            "reason": "Integration test of adding a member.",
            "metadata": "",
        }
        response = session.post(
            "http://rbac-server:8000/api/roles/{}/members".format(role_id),
            json=role_update_payload,
        )
        result = assert_api_success(response)
        proposal_response = get_proposal_with_retry(session,
                                                    result["proposal_id"])
        assert_api_success(proposal_response)
        # Logging in as role owner
        user_login(session, user1_payload["username"],
                   user1_payload["password"])
        # Approve proposal as role owner
        approve_proposal(session, result["proposal_id"])
        end_depth = get_outbound_queue_depth()
        assert end_depth > start_depth

        # NOTE: members field contains an empty string because in NEXT
        # mode all user's remote_ids are set to an empty string
        outbound_queue_data = {"members": [""], "remote_id": ""}
        expected_payload = {
            "data": outbound_queue_data,
            "data_type": "group",
            "provider_id": "NEXT-created",
            "status": "UNCONFIRMED",
            "action": "",
        }

        # Check outbound_queue entry is formatted correctly
        outbound_entry = get_outbound_queue_entry(outbound_queue_data)
        outbound_entry[0].pop("timestamp")
        outbound_entry[0].pop("id")
        assert outbound_entry[0] == expected_payload

        delete_role_by_name("TestRole0521201902")
        delete_user_by_username("test0521201905")
        delete_user_by_username("test0521201906")
def test_add_role_member_ldap():
    """ Test adding a new member to a role in LDAP-only mode.
    Creates two test users and a role using the first user,
    then adds the second user as member to role. This test will
    only run if ENABLE_LDAP_SYNC is set to 1.
    """
    user1_payload = {
        "name": "Michael Scott",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    user2_payload = {
        "name": "Jim Halpert",
        "username": "******",
        "password": "******",
        "email": "*****@*****.**",
    }
    with requests.Session() as session:
        start_depth = get_outbound_queue_depth()
        create_next_admin(session)
        user1_response = create_test_user(session, user1_payload)
        user1_result = assert_api_success(user1_response)
        user1_id = user1_result["data"]["user"]["id"]
        user2_response = create_test_user(session, user2_payload)
        user2_result = assert_api_success(user2_response)
        user2_id = user2_result["data"]["user"]["id"]
        role_payload = {
            "name": "Michael_Scott_Paper_Company",
            "owners": user1_id,
            "administrators": user1_id,
            "description": "Infinite ideas await....",
        }
        role_response = create_test_role(session, role_payload)
        role_result = assert_api_success(role_response)
        role_id = role_result["data"]["id"]
        role_update_payload = {
            "id": user2_id,
            "reason": "Integration test of adding a member.",
            "metadata": "",
        }
        response = session.post(
            "http://rbac-server:8000/api/roles/{}/members".format(role_id),
            json=role_update_payload,
        )
        result = assert_api_success(response)
        proposal_response = get_proposal_with_retry(session,
                                                    result["proposal_id"])
        assert_api_success(proposal_response)
        # Logging in as role owner
        user_login(session, user1_payload["username"],
                   user1_payload["password"])
        # Approve proposal as role owner
        approve_proposal(session, result["proposal_id"])
        end_depth = get_outbound_queue_depth()
        assert end_depth > start_depth

        # NOTE: members field contains an empty string because in NEXT
        # mode all user's remote_ids are set to an empty string
        outbound_queue_data = {
            "description": "Infinite ideas await....",
            "name": "Michael_Scott_Paper_Company",
            "group_types": -2147483646,
            "members": [""],
            "owners": "",
            "remote_id":
            "CN=Michael_Scott_Paper_Company," + ENV("GROUP_BASE_DN"),
        }
        expected_payload = {
            "data": outbound_queue_data,
            "data_type": "group",
            "provider_id": ENV("LDAP_DC"),
            "status": "UNCONFIRMED",
            "action": "",
        }

        # Check outbound_queue entry is formatted correctly
        outbound_entry = get_outbound_queue_entry(outbound_queue_data)
        outbound_entry[0].pop("timestamp")
        outbound_entry[0].pop("id")
        assert outbound_entry[0] == expected_payload

        delete_role_by_name("Michael_Scott_Paper_Company")
        delete_user_by_username("jimh062619")
        delete_user_by_username("michaels062619")