def test_add_group(self): with session.begin(): group = data_setup.create_group() user_password = '******' user = data_setup.create_user(password=user_password) data_setup.add_user_to_group(user, group) orig_date_modified = self.system.date_modified # as admin, assign the system to our test group b = self.browser login(b) self.go_to_system_view(tab='Groups') b.find_element_by_name('group.text').send_keys(group.group_name) b.find_element_by_name('groups').submit() b.find_element_by_xpath( '//div[@id="groups"]' '//td[normalize-space(text())="%s"]' % group.group_name) with session.begin(): session.refresh(self.system) self.assert_(self.system.date_modified > orig_date_modified) # as a user in the group, can we see it? logout(b) login(b, user.user_name, user_password) click_menu_item(b, 'Systems', 'Available') b.find_element_by_name('simplesearch').send_keys(self.system.fqdn) b.find_element_by_name('systemsearch_simple').submit() check_system_search_results(b, present=[self.system])
def test_add_group(self): with session.begin(): group = data_setup.create_group() user_password = '******' user = data_setup.create_user(password=user_password) data_setup.add_user_to_group(user, group) orig_date_modified = self.system.date_modified # as admin, assign the system to our test group b = self.browser login(b) self.go_to_system_view(tab='Groups') b.find_element_by_name('group.text').send_keys(group.group_name) b.find_element_by_name('groups').submit() b.find_element_by_xpath('//div[@id="groups"]' '//td[normalize-space(text())="%s"]' % group.group_name) with session.begin(): session.refresh(self.system) self.assert_(self.system.date_modified > orig_date_modified) # as a user in the group, can we see it? logout(b) login(b, user.user_name, user_password) click_menu_item(b, 'Systems', 'Available') b.find_element_by_name('simplesearch').send_keys(self.system.fqdn) b.find_element_by_name('systemsearch_simple').submit() check_system_search_results(b, present=[self.system])
def test_disable_legacy_perms(self): try: stop_process('gunicorn') except ValueError: # It seems gunicorn is not a running process raise SkipTest('Can only run this test against gunicorn') try: tmp_config = edit_file( CONFIG_FILE, 'beaker.deprecated_job_group_permissions.on = True', 'beaker.deprecated_job_group_permissions.on = False') start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name}) with session.begin(): owner = data_setup.create_user() member = data_setup.create_user(password=u'group_member') group = data_setup.create_group() data_setup.add_user_to_group(owner, group) data_setup.add_user_to_group(member, group) job = data_setup.create_job(owner=owner, group=None) data_setup.mark_job_complete(job, result=TaskResult.fail) b = self.browser login(b, user=member.user_name, password='******') b.get(get_server_base() + 'jobs/%s' % job.id) self.check_cannot_review() finally: stop_process('gunicorn') start_process('gunicorn')
def test_cant_delete_group_mates_job(self): # XXX This whole test can go away with BZ#1000861 try: stop_process('gunicorn') except ValueError: # It seems gunicorn is not a running process raise SkipTest('Can only run this test against gunicorn') try: tmp_config = edit_file( CONFIG_FILE, 'beaker.deprecated_job_group_permissions.on = True', 'beaker.deprecated_job_group_permissions.on = False') start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name}) with session.begin(): group = data_setup.create_group() mate = data_setup.create_user(password=u'asdf') test_job = data_setup.create_completed_job(owner=mate) data_setup.add_user_to_group(self.user, group) data_setup.add_user_to_group(mate, group) try: run_client(['bkr', 'job-delete', test_job.t_id], config=self.client_config) self.fail('We should not have permission to delete %s' % \ test_job.t_id) except ClientError, e: self.assertIn( "You don't have permission to delete job %s" % test_job.t_id, e.stderr_output) finally: stop_process('gunicorn') start_process('gunicorn')
def test_disable_legacy_perms(self): try: stop_process('gunicorn') except ValueError: # It seems gunicorn is not a running process raise SkipTest('Can only run this test against gunicorn') try: tmp_config = edit_file(CONFIG_FILE, 'beaker.deprecated_job_group_permissions.on = True', 'beaker.deprecated_job_group_permissions.on = False') start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name}) with session.begin(): owner = data_setup.create_user() member = data_setup.create_user(password=u'group_member') group = data_setup.create_group() data_setup.add_user_to_group(owner, group) data_setup.add_user_to_group(member, group) job = data_setup.create_job(owner=owner, group=None) data_setup.mark_job_complete(job, result=TaskResult.fail) b = self.browser login(b, user=member.user_name, password='******') b.get(get_server_base() + 'jobs/%s' % job.id) self.check_cannot_review() finally: stop_process('gunicorn') start_process('gunicorn')
def test_reserve_via_external_service(self): with session.begin(): service_group = data_setup.create_group( permissions=[u'proxy_auth']) service_user = data_setup.create_user(password=u'password') data_setup.add_user_to_group(service_user, service_group) user = data_setup.create_user(password=u'notused') system = data_setup.create_system(owner=User.by_user_name( data_setup.ADMIN_USER), status=u'Manual', shared=True) self.assert_(system.user is None) server = self.get_server() server.auth.login_password(service_user.user_name, 'password', user.user_name) server.systems.reserve(system.fqdn) with session.begin(): session.refresh(system) self.assertEqual(system.user, user) self.assertEqual(system.reservations[0].type, u'manual') self.assertEqual(system.reservations[0].user, user) self.assert_(system.reservations[0].finish_time is None) assert_durations_not_overlapping(system.reservations) reserved_activity = system.activity[0] self.assertEqual(reserved_activity.action, 'Reserved') self.assertEqual(reserved_activity.service, service_user.user_name)
def test_ackability(self): # XXX If this test gets any more complicated, we should break # it up b = self.browser login(b, user=self.user_1.user_name, password=self.password) b.get(get_server_base() + 'jobs/%d' % self.job.id) #This tests that the ack is there for owner b.find_element_by_name("response_box_%d" % self.job.recipesets[0].id) logout(b) # Not there for non owner login(b, user=self.user_2.user_name, password=self.password) b.get(get_server_base() + 'jobs/%d' % self.job.id) b.find_element_by_xpath("//td[normalize-space(text())='RS:%s' and " "not(./input[@name='response_box_%s'])]" % ( self.job.recipesets[0].id, self.job.recipesets[0].id)) # Is there for job owner's group co-member. with session.begin(): data_setup.add_user_to_group(self.user_1, self.group) data_setup.add_user_to_group(self.user_3, self.group) logout(b) login(b, user=self.user_3.user_name, password=self.password) b.get(get_server_base() + 'jobs/%d' % self.job.id) b.find_element_by_xpath("//input[@name='response_box_%s']" % self.job.recipesets[0].id) # There for job's group member with session.begin(): self.job.group = self.group self.user_2.groups.append(self.group) logout(b) login(b, user=self.user_2.user_name, password=self.password) b.get(get_server_base() + 'jobs/%s' % self.job.id) b.find_element_by_name("response_box_%s" % self.job.recipesets[0].id)
def test_add_group(self): with session.begin(): group = data_setup.create_group() user_password = "******" user = data_setup.create_user(password=user_password) data_setup.add_user_to_group(user, group) orig_date_modified = self.system.date_modified # as admin, assign the system to our test group self.login() sel = self.selenium self.go_to_system_view() sel.click('//ul[@class="tabbernav"]//a[text()="Groups"]') sel.type("groups_group_text", group.group_name) sel.click('//form[@name="groups"]//a[text()="Add ( + )"]') sel.wait_for_page_to_load("30000") self.assertEquals( sel.get_xpath_count( '//div[normalize-space(@class)="tabbertab"]' '//td[normalize-space(text())="%s"]' % group.group_name ), 1, ) with session.begin(): session.refresh(self.system) self.assert_(self.system.date_modified > orig_date_modified) # as a user in the group, can we see it? self.logout() self.login(user.user_name, user_password) sel.click("link=Available") sel.wait_for_page_to_load("30000") sel.type("simplesearch", self.system.fqdn) sel.submit("systemsearch_simple") sel.wait_for_page_to_load("30000") self.failUnless(sel.is_text_present(self.system.fqdn))
def test_cant_delete_group_mates_job(self): # XXX This whole test can go away with BZ#1000861 try: stop_process('gunicorn') except ValueError: # It seems gunicorn is not a running process raise SkipTest('Can only run this test against gunicorn') try: tmp_config = edit_file(CONFIG_FILE, 'beaker.deprecated_job_group_permissions.on = True', 'beaker.deprecated_job_group_permissions.on = False') start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name}) with session.begin(): group = data_setup.create_group() mate = data_setup.create_user(password=u'asdf') test_job = data_setup.create_completed_job(owner=mate) data_setup.add_user_to_group(self.user, group) data_setup.add_user_to_group(mate, group) try: run_client(['bkr', 'job-delete', test_job.t_id], config=self.client_config) self.fail('We should not have permission to delete %s' % \ test_job.t_id) except ClientError, e: self.assertIn("You don't have permission to delete job %s" % test_job.t_id, e.stderr_output) finally: stop_process('gunicorn') start_process('gunicorn')
def test_delete_group_mates_job(self): with session.begin(): group = data_setup.create_group() mate = data_setup.create_user(password=u'asdf') test_job = data_setup.create_completed_job(owner=mate) data_setup.add_user_to_group(self.user, group) data_setup.add_user_to_group(mate, group) out = run_client(['bkr', 'job-delete', test_job.t_id], config=self.client_config) self.assert_(out.startswith('Jobs deleted:'), out) self.assert_(test_job.t_id in out, out)
def test_password_proxy_login(self): with session.begin(): group = data_setup.create_group(permissions=[u'proxy_auth']) user = data_setup.create_user(password=u'lulz') proxied_user = data_setup.create_user(password=u'not_used') data_setup.add_user_to_group(user, group) server = self.get_server() server.auth.login_password(user.user_name, u'lulz', proxied_user.user_name) who_am_i = server.auth.who_am_i() self.assertEquals(who_am_i['username'], proxied_user.user_name) self.assertEquals(who_am_i['proxied_by_username'], user.user_name)
def test_group_member_can_change_retention_tag(self): with session.begin(): group = data_setup.create_group() job_owner = data_setup.create_user() group_member = data_setup.create_user(password=u'group_member') data_setup.add_user_to_group(job_owner, group) data_setup.add_user_to_group(group_member, group) job = data_setup.create_job(owner=job_owner, retention_tag=u'scratch') login(self.browser, user=group_member.user_name, password=u'group_member') self.check_can_change_retention_tag(job, '60days')
def test_manual_system_restricted_to_users_group(self): with session.begin(): system = data_setup.create_system(status=SystemStatus.manual, shared=False, lab_controller=self.lc) user = data_setup.create_user(password=u'testing') group = data_setup.create_group() data_setup.add_user_to_group(user, group) system.custom_access_policy.add_rule( permission=SystemPermission.reserve, group=group) b = self.browser login(b, user=user.user_name, password='******') self.check_take(system)
def test_group_member_can_review_group_job(self): with session.begin(): owner = data_setup.create_user() member = data_setup.create_user(password=u'group_member') group = data_setup.create_group() data_setup.add_user_to_group(owner, group) data_setup.add_user_to_group(member, group) job = data_setup.create_job(owner=owner, group=group) data_setup.mark_job_complete(job, result=TaskResult.fail) b = self.browser login(b, user=member.user_name, password='******') b.get(get_server_base() + 'jobs/%s' % job.id) self.review(job.recipesets[0])
def test_schedule_provision_system_has_user_with_group(self): with session.begin(): self.automated_system.user = self.user2 data_setup.add_user_to_group(self.user,self.group) data_setup.add_group_to_system(self.automated_system,self.group) self.logout() self.login(user=self.user.user_name,password='******') # login as admin sel = self.selenium sel.open("view/%s/" % self.automated_system.fqdn) sel.wait_for_page_to_load("30000") sel.click("link=Provision") try: self.failUnless(sel.is_text_present("Schedule provision")) except AssertionError, e: self.verificationErrors.append('Systemgroup has no schedule provision option when system is in use')
def test_group_member_can_change_product(self): with session.begin(): group = data_setup.create_group() job_owner = data_setup.create_user() group_member = data_setup.create_user(password=u'group_member') data_setup.add_user_to_group(job_owner, group) data_setup.add_user_to_group(group_member, group) job = data_setup.create_job(owner=job_owner, retention_tag=u'active', product=data_setup.create_product()) new_product = data_setup.create_product() login(self.browser, user=group_member.user_name, password=u'group_member') self.check_can_change_product(job, new_product)
def test_group_member_can_review_non_group_job(self): # This is a legacy permission which will go away eventually (see below) with session.begin(): owner = data_setup.create_user() member = data_setup.create_user(password=u'group_member') group = data_setup.create_group() data_setup.add_user_to_group(owner, group) data_setup.add_user_to_group(member, group) job = data_setup.create_job(owner=owner, group=None) data_setup.mark_job_complete(job, result=TaskResult.fail) b = self.browser login(b, user=member.user_name, password='******') b.get(get_server_base() + 'jobs/%s' % job.id) self.review(job.recipesets[0])
def test_system_restricted_to_users_group(self): with session.begin(): system = data_setup.create_system(status=SystemStatus.automated, shared=False, lab_controller=self.lc) user = data_setup.create_user(password=u'testing') group = data_setup.create_group() data_setup.add_user_to_group(user, group) system.custom_access_policy.add_rule( permission=SystemPermission.reserve, group=group) b = self.browser login(b, user=user.user_name, password='******') self.check_system_is_available(system) self.check_cannot_take_automated(system) self.check_schedule_provision(system, MSG_AUTO)
def test_system_restricted_to_different_group(self): with session.begin(): system = data_setup.create_system(status=SystemStatus.automated, shared=False, lab_controller=self.lc) wrong_group = data_setup.create_group() user = data_setup.create_user(password=u'testing') # user is not in the same group as system data_setup.add_user_to_group(user, wrong_group) group = data_setup.create_group() system.custom_access_policy.add_rule( permission=SystemPermission.reserve, group=group) b = self.browser login(b, user=user.user_name, password='******') self.check_system_is_not_available(system) self.check_cannot_take(system)
def test_system_in_use_by_another_group_member(self): with session.begin(): user = data_setup.create_user(password=u'testing') group = data_setup.create_group() system = data_setup.create_system(status=SystemStatus.automated, shared=False, lab_controller=self.lc) data_setup.add_user_to_group(user, group) system.custom_access_policy.add_rule( permission=SystemPermission.reserve, group=group) user2 = data_setup.create_user() data_setup.add_user_to_group(user2, group) job = data_setup.create_job(owner=user2) data_setup.mark_job_running(job, system=system) b = self.browser login(b, user=user.user_name, password=u'testing') self.check_system_is_available(system) self.check_system_is_not_free(system)
def test_reserve_via_external_service(self): with session.begin(): service_group = data_setup.create_group(permissions=[u'proxy_auth']) service_user = data_setup.create_user(password=u'password') data_setup.add_user_to_group(service_user, service_group) user = data_setup.create_user(password=u'notused') system = data_setup.create_system( owner=User.by_user_name(data_setup.ADMIN_USER), status=u'Manual', shared=True) self.assert_(system.user is None) server = self.get_server() server.auth.login_password(service_user.user_name, 'password', user.user_name) server.systems.reserve(system.fqdn) with session.begin(): session.refresh(system) self.assertEqual(system.user, user) self.assertEqual(system.reservations[0].type, u'manual') self.assertEqual(system.reservations[0].user, user) self.assert_(system.reservations[0].finish_time is None) assert_durations_not_overlapping(system.reservations) reserved_activity = system.activity[0] self.assertEqual(reserved_activity.action, 'Reserved') self.assertEqual(reserved_activity.service, service_user.user_name)
def test_system_group_user_group(self): #Automated machine with session.begin(): data_setup.add_group_to_system(self.automated_system, self.group) # Add systemgroup data_setup.add_user_to_group(self.user, self.wrong_group) # Add user to group sel = self.selenium self.logout() self.login(user=self.user.user_name, password='******') sel.open("") sel.type("simplesearch", "%s" % self.automated_system.fqdn) sel.click("search") sel.wait_for_page_to_load("30000") sel.click("link=%s" % self.automated_system.fqdn) #this tests the click! sel.wait_for_page_to_load("30000") self.assertEqual("%s" % self.automated_system.fqdn, sel.get_title()) #ensure the page has opened try: self.failUnless(not sel.is_text_present("(Take)")) #Should be not here except AssertionError, e: self.verificationErrors.\ append('Take is available to automated machine with system group privs' ) # Test for https://bugzilla.redhat.com/show_bug.cgi?id=747328 sel.open('user_change?id=%s' % self.automated_system.id) sel.wait_for_page_to_load("30000") self.assert_('You were unable to change the user for %s' % self.automated_system.fqdn in sel.get_text('//body')) with session.begin(): self.user.groups = [self.group] sel.open("") sel.type("simplesearch", "%s" % self.automated_system.fqdn) sel.click("search") sel.wait_for_page_to_load("30000") sel.click("link=%s" % self.automated_system.fqdn) sel.wait_for_page_to_load("30000") try: self.failUnless(sel.is_text_present("(Take)")) #Should be here except AssertionError, e: self.verificationErrors.\ append('Take is not available to automated machine with system group pirvs' ) self._do_schedule_provision(self.automated_system.fqdn) # Now can I actually take it? sel.open("") sel.type("simplesearch", "%s" % self.automated_system.fqdn) sel.click("search") sel.wait_for_page_to_load("30000") sel.click("link=%s" % self.automated_system.fqdn) sel.wait_for_page_to_load("30000") self._do_take(self.automated_system.fqdn) #Manual machine with session.begin(): data_setup.add_group_to_system(self.manual_system, self.group) # Add systemgroup sel = self.selenium sel.open("") sel.type("simplesearch", "%s" % self.manual_system.fqdn) sel.click("search") sel.wait_for_page_to_load("30000") sel.click("link=%s" % self.manual_system.fqdn) sel.wait_for_page_to_load("30000") try: self.failUnless(sel.is_text_present("(Take)")) #Should be here except AssertionError, e: self.verificationErrors.append('Take is not here for manual machine with system group privs') self._do_schedule_provision(self.manual_system.fqdn) # Now can I actually take it? sel.open("") sel.type("simplesearch", "%s" % self.manual_system.fqdn) sel.click("search") sel.wait_for_page_to_load("30000") sel.click("link=%s" % self.manual_system.fqdn) sel.wait_for_page_to_load("30000") self._do_take(self.manual_system.fqdn)