def test_role_outq_insertion(): """ Test the insertion of a new fake role resource which is unique into the outbound_queue table. """ user1_payload = { "name": "Test Unique User", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: expected_result = True user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] role_payload = { "name": "TestUniqueRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Unique Role 1", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_name = role_result["data"]["name"] inserted_queue_item = peek_at_queue("outbound_queue", LDAP_DC) LOGGER.info("Received queue entry %s from outbound queue...", inserted_queue_item["id"]) successful_insert = bool(inserted_queue_item) assert expected_result == successful_insert delete_role_by_name("TestUniqueRole0501201903") delete_user_by_username("testuniqueuser0501201901")
def create_next_role_ldap(user, role_name): """" Create a NEXT role as an imported LDAP user Args: user: dict: User table entry for imported LDAP user role_name: str: Name of role Returns: role_id: str: UUID of newly created NEXT role Raises: ValueError: When user was not auth successfully. """ token = ldap_auth_login(user) if token: user_next_id = user["next_id"] role_data = { "name": role_name, "owners": [user_next_id], "administrators": [user_next_id], } with requests.Session() as session: session.headers.update({"Authorization": token}) response = create_test_role(session, role_data) return response.json()["data"]["id"] raise ValueError("Unsuccessful authentication.")
async def test_check_admin_status(): """Test that checking a users admin status returns the correct boolean.""" admin_user = { "name": "admin nadia", "username": "******", "password": "******", "email": "*****@*****.**", } user = { "name": "nadia four", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: non_admin_response = create_test_user(session, user) admin_response = create_test_user(session, admin_user) admin_id = admin_response.json()["data"]["user"]["id"] non_admin_id = non_admin_response.json()["data"]["user"]["id"] next_admins = { "name": "NextAdmins", "owners": admin_id, "administrators": admin_id, } role_response = create_test_role(session, next_admins) add_role_member(session, role_response.json()["data"]["id"], {"id": admin_id}) admin = await check_admin_status(admin_id) non_admin = await check_admin_status(non_admin_id) assert admin assert not non_admin
def test_add_role_member_outqueue(): """Test adding a new member to a role. Creates two test users and a role using the first user, then adds the second user as member to role.""" user1_payload = { "name": "Test Owner 0521201905", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test Member 0521201906", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0521201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 3", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] start_depth = get_outbound_queue_depth() role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user1_payload["username"], "password": user1_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth delete_role_by_name("TestRole0521201902") delete_user_by_username("test0521201905") delete_user_by_username("test0521201906")
def setup_module(): """actions to be performed to configure the database before tests are run. """ wait_for_rethink() with requests.Session() as session: # create a management chain of users user_id = None for i, user in enumerate(TEST_USERS): # Sixth User should be outside of the management chain # Fifth User is the highest manager and should have no managers if i > 1: user["manager"] = user_id response = create_test_user(session, user) assert response.status_code == 200, response.json() user_id = response.json()["data"]["user"]["id"] # save the returned next_id in the TEST_USER object user["next_id"] = user_id # create test role(s) for i, role in enumerate(TEST_ROLES): # set the Zeroth User as the role owner role["owners"] = [user_id] role["administrators"] = [user_id] response = create_test_role(session, role) assert response.status_code == 200, response.json() role_id = response.json()["data"]["id"] role["next_id"] = role_id
def test_reject_users_proposals(): """Test that a user's proposals are rejected when they are deleted.""" user_to_delete = { "name": "nadia two", "username": "******", "password": "******", "email": "*****@*****.**", } user = { "name": "nadia three", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: response1 = create_test_user(session, user_to_delete) response2 = create_test_user(session, user) role_payload_1 = { "name": "NadiaRole1", "owners": response1.json()["data"]["user"]["id"], "administrators": response1.json()["data"]["user"]["id"], "description": "Nadia Role 1", } role_response1 = create_test_role(session, role_payload_1) proposal_1 = add_role_member( session, role_response1.json()["data"]["id"], {"id": response2.json()["data"]["user"]["id"]}, ) next_id = response1.json()["data"]["user"]["id"] conn = connect_to_db() user_exists = (r.db("rbac").table("users").filter({ "next_id": next_id }).coerce_to("array").run(conn)) assert user_exists deletion = session.delete("http://rbac-server:8000/api/users/" + next_id) time.sleep(5) assert deletion.json() == { "message": "User {} successfully deleted".format(next_id), "deleted": 1, } user_exists = (r.db("rbac").table("users").filter({ "next_id": next_id }).coerce_to("array").run(conn)) assert not user_exists proposal_1_result = (r.db("rbac").table("proposals").filter({ "proposal_id": proposal_1.json()["proposal_id"] }).coerce_to("array").run(conn)) conn.close() assert proposal_1_result[0]["status"] == "REJECTED"
def test_add_role_task(): """Test adding a new task to a role. Creates a test user and a role, then creates a task, to add to the role.""" user1_payload = { "name": "Test Owner 2", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] task1_payload = { "name": "TestTask1", "administrators": user1_id, "owners": user1_id, "metadata": "", } task_response = create_test_task(session, task1_payload) task_result = assert_api_success(task_response) task_id = task_result["data"]["id"] role_payload = { "name": "TestRole0501201904", "owners": user1_id, "administrators": user1_id, "description": "Test Role 4", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": task_id, "reason": "Integration test of adding a task.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/tasks".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_role_by_name("TestRole0501201904") delete_user_by_username("testowner2") delete_task_by_name("TestTask1")
def test_add_role_member(): """Test adding a new member to a role. Creates two test users and a role using the first user, then adds the second user as member to role.""" user1_payload = { "name": "Test Owner 1", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test Member", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Role 3", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_role_by_name("TestRole0501201903") delete_user_by_username("testowner") delete_user_by_username("testmemeber")
def setup_module(): """Setting up users and roles for various tests """ with requests.Session() as session: # Creating test users for user in TEST_USERS: user_id = create_test_user(session, user).json()["data"]["user"]["id"] user["id"] = user_id # Creating test roles for role in TEST_ROLES: role["owners"] = TEST_USERS[0]["id"] role["administrators"] = TEST_USERS[0]["id"] role_id = create_test_role(session, role).json()["data"]["id"] role["id"] = role_id
def test_role_outq_insertion(): """ Test the insertion of a new fake role resource which is unique into the outbound_queue table.""" user1_payload = { "name": "Test Unique User", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: expected_result = True user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] role_payload = { "name": "TestUniqueRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Unique Role 1", } role_response = create_test_role(session, role_payload) assert_api_success(role_response) inserted_queue_item = peek_at_q_unfiltered("outbound_queue") LOGGER.info("Received queue entry %s from outbound queue...", inserted_queue_item["id"]) successful_insert = bool(inserted_queue_item) assert expected_result == successful_insert # Check status of new outbound_entry role_entry = get_role("TestUniqueRole0501201903") outbound_queue_data = prepare_outbound_queue_data( role_entry[0], "role") outbound_entry = get_outbound_queue_entry(outbound_queue_data) assert outbound_entry[0]["status"] == "UNCONFIRMED" delete_role_by_name("TestUniqueRole0501201903") delete_user_by_username("testuniqueuser0501201901")
def test_update_manager_outqueue(): """ Creates a user and then updates their manager Manager is the second user created here.""" # TODO: Rewrite this test after data gets sent to outbound_queue # after a user has their manager updated. user1_payload = { "name": "Test User 0521201901", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 0521201902", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] start_depth = get_outbound_queue_depth() next_admins = { "name": "NextAdmins", "owners": [user2_id], "administrators": [user2_id], } role_response = create_test_role(session, next_admins) add_role_member(session, role_response.json()["data"]["id"], {"id": user2_id}) manager_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.put( "http://rbac-server:8000/api/users/{}/manager".format(user1_id), json=manager_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user2_payload["username"], "password": user2_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # TODO: Add tests to check for UNCONFIRMED outbound_queue entry status # when a user's manager gets updated. delete_user_by_username("test0521201901") delete_user_by_username("test0521201902") delete_role_by_name("NextAdmins")
def test_add_role_owner_outqueue(): """Test adding an owner to a role. Creates two test users and a role with user1 as owner/admin, then adds the second user as role owner.""" user1_payload = { "name": "Test User 0521201903", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 0521201904", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0521201901", "owners": user1_id, "administrators": user1_id, "description": "Test Role 1", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] start_depth = get_outbound_queue_depth() role_update_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/owners".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user1_payload["username"], "password": user1_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # Check status of new outbound_entry role_entry = get_role("TestRole0521201901") outbound_queue_data = prepare_outbound_queue_data( role_entry[0], "role") outbound_entry = get_outbound_queue_entry(outbound_queue_data) assert outbound_entry[0]["status"] == "UNCONFIRMED" delete_role_by_name("TestRole0521201901") delete_user_by_username("test0521201903") delete_user_by_username("test0521201904")
def test_user_delete_api(): """Test that user has been removed from database when users delete api is hit""" user = { "name": "nadia one", "username": "******", "password": "******", "email": "*****@*****.**", } pack = { "name": "michael pack one", "roles": [], "description": "Michael's test pack", } with requests.Session() as session: response = create_test_user(session, user) next_id = response.json()["data"]["user"]["id"] role_payload = { "name": "test_role", "owners": [next_id], "administrators": [next_id], "description": "This is a test Role", } role_resp = create_test_role(session, role_payload) role_id = role_resp.json()["data"]["id"] pack = { "name": "michael pack one", "owners": [next_id], "roles": [], "description": "Michael's test pack", } pack_response = create_test_pack(session, pack) add_role_member_payload = { "id": next_id, "reason": "Integration test of adding a member.", "metadata": "", } add_role_member(session, role_id, add_role_member_payload) conn = connect_to_db() user_exists = (r.db("rbac").table("users").filter({ "next_id": next_id }).coerce_to("array").run(conn)) role_owner_exists = (r.table("role_owners").filter({ "identifiers": [next_id], "role_id": role_id }).coerce_to("array").run(conn)) role_member_exists = (r.table("role_members").filter({ "identifiers": [next_id], "role_id": role_id }).coerce_to("array").run(conn)) assert user_exists assert role_owner_exists assert role_member_exists assert get_user_mapping_entry(next_id) assert get_auth_entry(next_id) assert get_user_metadata_entry(next_id) assert check_user_is_pack_owner( pack_id=pack_response.json()["data"]["pack_id"], next_id=next_id) role_admin_is_user = (r.db("rbac").table("role_admins").filter({ "related_id": next_id }).coerce_to("array").run(conn)) role_admin = role_admin_is_user[0]["identifiers"][0] assert role_admin == next_id deletion = session.delete("http://rbac-server:8000/api/users/" + next_id) time.sleep(5) assert deletion.json() == { "message": "User {} successfully deleted".format(next_id), "deleted": 1, } role_admin_user = (r.db("rbac").table("role_admins").filter({ "related_id": next_id }).coerce_to("array").run(conn)) role_owners = ( r.db("rbac").table("role_owners").filter(lambda doc: doc[ "identifiers"].contains(next_id)).coerce_to("array").run(conn)) role_members = ( r.db("rbac").table("role_members").filter(lambda doc: doc[ "identifiers"].contains(next_id)).coerce_to("array").run(conn)) delete_role_by_name("test_role") conn.close() assert role_admin_user == [] assert role_members == [] assert role_owners == [] assert get_deleted_user_entries(next_id) == [] assert get_pack_owners_by_user(next_id) == [] delete_pack_by_name("michael pack one")
def test_add_role_owner(): """Test adding an owner to a role. Creates two test users and a role with user1 as owner/admin, then adds the second user as role owner.""" user1_payload = { "name": "Test User 3", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 4", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0501201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 2", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/owners".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id # Logging in as role owner credentials_payload = { "id": user1_payload["username"], "password": user1_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["status"] == "CONFIRMED" delete_role_by_name("TestRole0501201902") delete_user_by_username("testuser3") delete_user_by_username("testuser4")