def test_positive_disable_session(self):
"""Check if user logs out when session is disabled
:id: 38ee0d85-c2fe-4cac-a992-c5dbcec11031
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Disable use_sessions
:expectedresults: The session is terminated
"""
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({'username': self.uname_admin, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
# list organizations without supplying credentials
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
# disabling sessions
result = configure_sessions(False)
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
result = Auth.with_user().status()
self.assertIn(NOTCONF_MSG.format(self.uname_admin), result[0]['message'])
with self.assertRaises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_session_survives_failed_login(admin_user, non_admin_user,
target_sat):
"""Check if session stays up after failed login attempt
:id: 6c4d5c4c-eff0-411b-829f-0c2f2ec26132
:BZ: 1465552
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Run login with invalid credentials
:expectedresults: The session is unchanged
"""
result = configure_sessions(target_sat)
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({'username': admin_user['login'], 'password': password})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
Org.with_user().list()
# using invalid password
with pytest.raises(CLIReturnCodeError):
AuthLogin.basic({
'username': non_admin_user['login'],
'password': gen_string('alpha')
})
# checking the session status again
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
Org.with_user().list()
def test_positive_change_session(self):
"""Change from existing session to a different session
:id: b6ea6f3c-fcbd-4e7b-97bd-f3e0e6b9da8f
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Login as a different user
:expectedresults: The session is altered
"""
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({'username': self.uname_admin, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
# list organizations without supplying credentials
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
AuthLogin.basic({'username': self.uname_viewer, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_viewer), result[0]['message'])
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_change_session(admin_user, non_admin_user, target_sat):
"""Change from existing session to a different session
:id: b6ea6f3c-fcbd-4e7b-97bd-f3e0e6b9da8f
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Login as a different user
:CaseImportance: High
:expectedresults: The session is altered
"""
result = configure_sessions(target_sat)
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({'username': admin_user['login'], 'password': password})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
# list organizations without supplying credentials
assert User.with_user().list()
AuthLogin.basic({
'username': non_admin_user['login'],
'password': password
})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(non_admin_user['login']) in result[0]['message']
assert User.with_user().list()
def test_positive_session_survives_unauthenticated_call(self):
"""Check if session stays up after unauthenticated call
:id: 8bc304a0-70ea-489c-9c3f-ea8343c5284c
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Run `hammer ping`
:expectedresults: The session is unchanged
"""
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({'username': self.uname_admin, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
# list organizations without supplying credentials
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
result = ssh.command('hammer ping')
self.assertEqual(result.return_code, 0, 'Failed to run hammer ping')
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_disable_session(admin_user, target_sat):
"""Check if user logs out when session is disabled
:id: 38ee0d85-c2fe-4cac-a992-c5dbcec11031
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Disable use_sessions
:expectedresults: The session is terminated
"""
result = configure_sessions(target_sat)
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({'username': admin_user['login'], 'password': password})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
# list organizations without supplying credentials
assert Org.with_user().list()
# disabling sessions
result = configure_sessions(satellite=target_sat, enable=False)
assert result == 0, 'Failed to configure hammer sessions'
result = Auth.with_user().status()
assert NOTCONF_MSG.format(admin_user['login']) in result[0]['message']
with pytest.raises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_log_out_from_session(admin_user, target_sat):
"""Check if session is terminated when user logs out
:id: 0ba05f2d-7b83-4b0c-a04c-80e62b7c4cf2
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Run `hammer auth logout`
:expectedresults: The session is terminated
"""
result = configure_sessions(target_sat)
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({'username': admin_user['login'], 'password': password})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
# list organizations without supplying credentials
assert Org.with_user().list()
Auth.logout()
result = Auth.with_user().status()
assert LOGEDOFF_MSG.format(admin_user['login']) in result[0]['message']
with pytest.raises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_session_survives_failed_login(self):
"""Check if session stays up after failed login attempt
:id: 6c4d5c4c-eff0-411b-829f-0c2f2ec26132
:BZ: 1465552
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Run login with invalid credentials
:expectedresults: The session is unchanged
"""
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({'username': self.uname_admin, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
# using invalid password
with self.assertRaises(CLIReturnCodeError):
AuthLogin.basic({'username': self.uname_viewer, 'password': gen_string('alpha')})
# checking the session status again
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_log_out_from_session(self):
"""Check if session is terminated when user logs out
:id: 0ba05f2d-7b83-4b0c-a04c-80e62b7c4cf2
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Run `hammer auth logout`
:expectedresults: The session is terminated
"""
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({'username': self.uname_admin, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin), result[0]['message'])
# list organizations without supplying credentials
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
Auth.logout()
result = Auth.with_user().status()
self.assertIn(LOGEDOFF_MSG.format(self.uname_admin), result[0]['message'])
with self.assertRaises(CLIReturnCodeError):
Org.with_user().list()
def test_positive_session_survives_unauthenticated_call(
admin_user, target_sat):
"""Check if session stays up after unauthenticated call
:id: 8bc304a0-70ea-489c-9c3f-ea8343c5284c
:Steps:
1. Set use_sessions
2. Authenticate, assert credentials are not demanded
on next command run
3. Run `hammer ping`
:CaseImportance: Medium
:expectedresults: The session is unchanged
"""
result = configure_sessions(target_sat)
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({'username': admin_user['login'], 'password': password})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
# list organizations without supplying credentials
Org.with_user().list()
result = target_sat.execute('hammer ping')
assert result.status == 0, 'Failed to run hammer ping'
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
Org.with_user().list()
def test_rhsso_timeout_using_hammer(
self,
enable_external_auth_rhsso,
rhsso_setting_setup_with_timeout,
rh_sso_hammer_auth_setup,
):
"""verify the hammer auth timeout using RHSSO auth source
:id: d014cc98-d198-11ea-b526-d46d6dd3b5b2
:expectedresults: hammer auth login timeout should be suceessful for a rhsso user
:CaseImportance: Medium
"""
result = AuthLogin.oauth({
'oidc-token-endpoint':
get_oidc_token_endpoint(),
'oidc-client-id':
get_oidc_client_id(),
'username':
settings.rhsso.rhsso_user,
'password':
settings.rhsso.password,
})
assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." == result[
0]['message']
sleep(70)
with pytest.raises(CLIReturnCodeError) as error:
Task.with_user(username=settings.rhsso.rhsso_user,
password=settings.rhsso.password).list()
assert 'Unable to authenticate user sat_admin' in error.value.message
def test_rhsso_login_using_hammer(self, enable_external_auth_rhsso,
rhsso_setting_setup,
rh_sso_hammer_auth_setup):
"""verify the hammer auth login using RHSSO auth source
:id: 56c09a1a-d0e5-11ea-9024-d46d6dd3b5b2
:expectedresults: hammer auth login should be suceessful for a rhsso user
:CaseImportance: High
"""
result = AuthLogin.oauth({
'oidc-token-endpoint':
get_oidc_token_endpoint(),
'oidc-client-id':
get_oidc_client_id(),
'username':
settings.rhsso.rhsso_user,
'password':
settings.rhsso.password,
})
assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." == result[
0]['message']
result = Auth.with_user(username=settings.rhsso.rhsso_user,
password=settings.rhsso.password).status()
assert (
f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'."
== result[0]['message'])
task_list = Task.with_user(username=settings.rhsso.rhsso_user,
password=settings.rhsso.password).list()
assert len(task_list) >= 0
with pytest.raises(CLIReturnCodeError) as error:
Role.with_user(username=settings.rhsso.rhsso_user,
password=settings.rhsso.password).list()
assert 'Missing one of the required permissions' in error.value.message
def test_negative_no_permissions(self):
"""Attempt to execute command out of user's permissions
:id: 756f666f-270a-4b02-b587-a2ab09b7d46c
:expectedresults: Command is not executed
"""
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({'username': self.uname_viewer, 'password': self.password})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_viewer), result[0]['message'])
# try to update user from viewer's session
with self.assertRaises(CLIReturnCodeError):
User.with_user().update({'login': self.uname_admin, 'new-login': gen_string('alpha')})
def test_positive_session_preceeds_saved_credentials(self):
"""Check if enabled session is mutually exclusive with
saved credentials in hammer config
:id: e4277298-1c24-494b-84a6-22f45f96e144
:BZ: 1471099
:Steps:
1. Set use_sessions, set usernam and password,
set short expiration time
2. Authenticate, assert credentials are not demanded
on next command run
3. Wait until session expires
:expectedresults: Session expires after specified time
and saved credentials are not applied
"""
try:
idle_timeout = Settings.list({'search':
'name=idle_timeout'})[0]['value']
Settings.set({'name': 'idle_timeout', 'value': 1})
result = configure_sessions(add_default_creds=True)
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({
'username': self.uname_admin,
'password': self.password
})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin),
result[0]['message'])
# list organizations without supplying credentials
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
# wait until session expires
sleep(70)
with self.assertRaises(CLIReturnCodeError):
Org.with_user().list()
result = Auth.with_user().status()
self.assertIn(LOGEDOFF_MSG.format(self.uname_admin),
result[0]['message'])
finally:
# reset timeout to default
Settings.set({'name': 'idle_timeout', 'value': f'{idle_timeout}'})
def test_positive_session_preceeds_saved_credentials(admin_user, target_sat):
"""Check if enabled session is mutually exclusive with
saved credentials in hammer config
:id: e4277298-1c24-494b-84a6-22f45f96e144
:BZ: 1471099, 1903693
:CaseImportance: High
:Steps:
1. Set use_sessions, set username and password,
set short expiration time
2. Authenticate, assert credentials are not demanded
on next command run
3. Wait until session expires
:expectedresults: Session expires after specified time
and saved credentials are not applied
"""
try:
idle_timeout = Settings.list({'search':
'name=idle_timeout'})[0]['value']
Settings.set({'name': 'idle_timeout', 'value': 1})
result = configure_sessions(satellite=target_sat,
add_default_creds=True)
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({
'username': admin_user['login'],
'password': password
})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(admin_user['login']) in result[0]['message']
# list organizations without supplying credentials
sleep(70)
if not is_open('BZ:1903693'):
result = Auth.with_user().status()
assert LOGEDOFF_MSG.format(
admin_user['login']) in result[0]['message']
with pytest.raises(CLIReturnCodeError):
Org.with_user().list()
finally:
# reset timeout to default
Settings.set({'name': 'idle_timeout', 'value': f'{idle_timeout}'})
def test_positive_create_session(self):
"""Check if user stays authenticated with session enabled
:id: fcee7f5f-1040-41a9-bf17-6d0c24a93e22
:Steps:
1. Set use_sessions, set short expiration time
2. Authenticate, assert credentials are not demanded
on next command run
3. Wait until session expires, assert credentials
are required
:expectedresults: The session is successfully created and
expires after specified time
"""
try:
idle_timeout = Settings.list({'search':
'name=idle_timeout'})[0]['value']
Settings.set({'name': 'idle_timeout', 'value': 1})
result = configure_sessions()
self.assertEqual(result, 0, 'Failed to configure hammer sessions')
AuthLogin.basic({
'username': self.uname_admin,
'password': self.password
})
result = Auth.with_user().status()
self.assertIn(LOGEDIN_MSG.format(self.uname_admin),
result[0]['message'])
# list organizations without supplying credentials
with self.assertNotRaises(CLIReturnCodeError):
Org.with_user().list()
# wait until session expires
sleep(70)
with self.assertRaises(CLIReturnCodeError):
Org.with_user().list()
result = Auth.with_user().status()
self.assertIn(LOGEDOFF_MSG.format(self.uname_admin),
result[0]['message'])
finally:
# reset timeout to default
Settings.set({'name': 'idle_timeout', 'value': f'{idle_timeout}'})
def test_negative_no_permissions(admin_user, non_admin_user):
"""Attempt to execute command out of user's permissions
:id: 756f666f-270a-4b02-b587-a2ab09b7d46c
:expectedresults: Command is not executed
"""
result = configure_sessions()
assert result == 0, 'Failed to configure hammer sessions'
AuthLogin.basic({
'username': non_admin_user['login'],
'password': password
})
result = Auth.with_user().status()
assert LOGEDIN_MSG.format(non_admin_user['login']) in result[0]['message']
# try to update user from viewer's session
with pytest.raises(CLIReturnCodeError):
User.with_user().update({
'login': admin_user['login'],
'new-login': gen_string('alpha')
})