def test_put_facts_with_RBAC_denied(subtests, mocker, api_put, db_create_host,
db_get_host, enable_rbac):
get_rbac_permissions_mock = mocker.patch(
"lib.middleware.get_rbac_permissions")
updated_facts = {
"updatedfact1": "updatedvalue1",
"updatedfact2": "updatedvalue2"
}
for response_file in WRITE_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
host = db_create_host(extra_data={"facts": DB_FACTS})
url = build_facts_url(host_list_or_id=host.id,
namespace=DB_FACTS_NAMESPACE)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
response_status, response_data = api_put(url, updated_facts)
assert_response_status(response_status, 403)
assert db_get_host(
host.id).facts[DB_FACTS_NAMESPACE] != updated_facts
def test_delete_host_with_RBAC_allowed(
subtests,
mocker,
api_delete_host,
event_datetime_mock,
event_producer_mock,
db_get_host,
db_create_host,
enable_rbac,
):
get_rbac_permissions_mock = mocker.patch(
"lib.middleware.get_rbac_permissions")
for response_file in WRITE_ALLOWED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
host = db_create_host()
response_status, response_data = api_delete_host(host.id)
assert_response_status(response_status, 200)
assert_delete_event_is_valid(event_producer=event_producer_mock,
host=host,
timestamp=event_datetime_mock)
assert not db_get_host(host.id)
def test_get_system_profile_RBAC_allowed(mocker, subtests, api_get, db_create_host, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
host = db_create_host()
for response_file in READ_ALLOWED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
response_status, response_data = api_get(f"{HOST_URL}/{host.id}/system_profile")
assert_response_status(response_status, 200)
def test_get_host_tags_with_RBAC_denied(subtests, mocker, db_create_host, api_get, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
host = db_create_host()
url = build_host_tags_url(host_list_or_id=host.id)
response_status, response_data = api_get(url, identity_type="User")
assert_response_status(response_status, 403)
def test_patch_host_with_RBAC_allowed(subtests, mocker, api_patch, db_create_host, event_producer_mock, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
for response_file in WRITE_ALLOWED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
host = db_create_host()
url = build_hosts_url(host_list_or_id=host.id)
response_status, response_data = api_patch(url, {"display_name": "fred_flintstone"}, identity_type="User")
assert_response_status(response_status, 200)
def test_put_facts_with_RBAC_allowed(subtests, mocker, api_put, db_create_host, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
for response_file in WRITE_ALLOWED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
host = db_create_host(extra_data={"facts": DB_FACTS})
url = build_facts_url(host_list_or_id=host.id, namespace=DB_FACTS_NAMESPACE)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
response_status, response_data = api_put(url, DB_NEW_FACTS, identity_type="User")
assert_response_status(response_status, 200)
def test_get_system_profile_with_RBAC_denied(subtests, mocker, query_source_xjoin, api_get, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
urls = (build_system_profile_sap_system_url(), build_system_profile_sap_sids_url())
for url in urls:
for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
response_status, response_data = api_get(url, identity_type="User")
assert_response_status(response_status, 403)
def test_delete_host_with_RBAC_denied(
subtests, mocker, api_delete_host, event_producer_mock, db_create_host, enable_rbac
):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
for response_file in WRITE_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
host = db_create_host()
response_status, response_data = api_delete_host(host.id, identity_type="User")
assert_response_status(response_status, 403)
def test_get_system_profile_sap_sids_with_RBAC_allowed(
subtests, mocker, query_source_xjoin, graphql_system_profile_sap_sids_query_with_response, api_get, enable_rbac
):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
url = build_system_profile_sap_sids_url()
for response_file in READ_ALLOWED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
response_status, response_data = api_get(url, identity_type="User")
assert_response_status(response_status, 200)
def test_get_host_tag_count_RBAC_denied(mq_create_four_specific_hosts, mocker, api_get, subtests, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
find_non_culled_hosts_mock = mocker.patch("lib.host_repository.find_non_culled_hosts", wraps=find_non_culled_hosts)
created_hosts = mq_create_four_specific_hosts
for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
url = build_tags_count_url(host_list_or_id=created_hosts, query="?order_by=updated&order_how=ASC")
response_status, response_data = api_get(url)
assert response_status == 403
find_non_culled_hosts_mock.assert_not_called()
def test_get_system_profile_RBAC_denied(mocker, subtests, api_get, db_create_host, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
find_hosts_by_staleness_mock = mocker.patch(
"lib.host_repository.find_hosts_by_staleness", wraps=find_hosts_by_staleness
)
host = db_create_host()
for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
response_status, response_data = api_get(f"{HOST_URL}/{host.id}/system_profile")
assert_response_status(response_status, 403)
find_hosts_by_staleness_mock.assert_not_called()
def test_get_host_tag_count_RBAC_allowed(mq_create_four_specific_hosts, mocker, api_get, subtests, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
created_hosts = mq_create_four_specific_hosts
expected_response = {host.id: len(host.tags) for host in created_hosts}
for response_file in READ_ALLOWED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
url = build_tags_count_url(host_list_or_id=created_hosts, query="?order_by=updated&order_how=ASC")
response_status, response_data = api_get(url)
assert response_status == 200
assert len(expected_response) == len(response_data["results"])
api_pagination_test(api_get, subtests, url, expected_total=len(expected_response))
def test_get_host_tags_with_RBAC_denied(subtests, mocker, db_create_host, api_get, enable_rbac):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
find_hosts_by_staleness_mock = mocker.patch(
"lib.host_repository.find_hosts_by_staleness", wraps=find_hosts_by_staleness
)
for response_file in READ_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
host = db_create_host()
url = build_host_tags_url(host_list_or_id=host.id)
response_status, response_data = api_get(url)
assert_response_status(response_status, 403)
find_hosts_by_staleness_mock.assert_not_called()
def test_patch_host_with_RBAC_denied(
subtests, mocker, api_patch, db_create_host, event_producer_mock, db_get_host, enable_rbac
):
get_rbac_permissions_mock = mocker.patch("lib.middleware.get_rbac_permissions")
for response_file in WRITE_PROHIBITED_RBAC_RESPONSE_FILES:
mock_rbac_response = create_mock_rbac_response(response_file)
with subtests.test():
get_rbac_permissions_mock.return_value = mock_rbac_response
host = db_create_host()
url = build_hosts_url(host_list_or_id=host.id)
new_display_name = "fred_flintstone"
response_status, response_data = api_patch(url, {"display_name": new_display_name})
assert_response_status(response_status, 403)
assert not db_get_host(host.id).display_name == new_display_name
