def test_jobs_group_column(self):
with session.begin():
user = data_setup.create_user(password='******')
group1 = data_setup.create_group(owner=user)
group2 = data_setup.create_group()
user.groups.append(group2)
job1 = data_setup.create_job(owner=user, group=None)
job2 = data_setup.create_job(owner=user, group=group1)
job3 = data_setup.create_job(owner=user, group=group2)
b = self.browser
# jobs/mine
login(b, user=user.user_name, password='******')
b.find_element_by_link_text('My Jobs').click()
b.find_element_by_xpath('//title[normalize-space(text())="My Jobs"]')
self.check_job_row(rownum=1, job_t_id=job3.t_id, group=group2)
self.check_job_row(rownum=2, job_t_id=job2.t_id, group=group1)
self.check_job_row(rownum=3, job_t_id=job1.t_id, group=None)
# jobs
logout(b)
b.get(get_server_base() + 'jobs/')
self.check_job_row(rownum=1, job_t_id=job3.t_id, group=group2)
self.check_job_row(rownum=2, job_t_id=job2.t_id, group=group1)
self.check_job_row(rownum=3, job_t_id=job1.t_id, group=None)
def setUp(self):
self.distro = data_setup.create_distro()
self.distro_tree1 = data_setup.create_distro_tree(distro=self.distro,
arch='x86_64')
self.distro_tree2 = data_setup.create_distro_tree(distro=self.distro,
arch='i386')
self.distro_tree1.activity.append(DistroTreeActivity(
user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata', field_name=u'Nonesente',
old_value=u'sdfas', new_value=u'sdfa', action='Added'))
self.distro_tree2.activity.append(DistroTreeActivity(
user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata', field_name=u'Noneseonce',
old_value=u'bsdf', new_value=u'sdfas', action='Added'))
self.distro.activity.append(DistroActivity(
user=User.by_user_name(data_setup.ADMIN_USER), service=u'testdata',
action=u'Nothing', field_name=u'Nonsense',
old_value=u'asdf', new_value=u'omgwtfbbq'))
self.system = data_setup.create_system()
self.system.activity.append(SystemActivity(
user=User.by_user_name(data_setup.ADMIN_USER), service=u'testdata',
action=u'Nothing', field_name=u'Nonsense',
old_value=u'asdf', new_value=u'omgwtfbbq'))
self.group2 = data_setup.create_group()
self.group = data_setup.create_group()
self.group.activity.append(GroupActivity(
user=User.by_user_name(data_setup.ADMIN_USER), service=u'testdata',
action=u'Nothing', field_name=u'Nonsense',
old_value=u'asdf', new_value=u'omgwtfbbq'))
self.browser = self.get_browser()
def test_list_groups(self):
with session.begin():
group1 = data_setup.create_group()
group2 = data_setup.create_group()
out = run_client(['bkr', 'group-list'])
self.assertIn(group1.group_name, out)
self.assertIn(group2.group_name, out)
def test_jobs_group_column(self):
with session.begin():
user = data_setup.create_user(password='******')
group1 = data_setup.create_group(owner=user)
group2 = data_setup.create_group()
user.groups.append(group2)
job1 = data_setup.create_job(owner=user, group=None)
job2 = data_setup.create_job(owner=user, group=group1)
job3 = data_setup.create_job(owner=user, group=group2)
b = self.browser
# jobs/mine
login(b, user=user.user_name, password='******')
b.find_element_by_link_text('My Jobs').click()
b.find_element_by_xpath('//title[normalize-space(text())="My Jobs"]')
self.check_job_row(rownum=1, job_t_id=job3.t_id, group=group2)
self.check_job_row(rownum=2, job_t_id=job2.t_id, group=group1)
self.check_job_row(rownum=3, job_t_id=job1.t_id, group=None)
# jobs
logout(b)
b.get(get_server_base() + 'jobs/')
self.check_job_row(rownum=1, job_t_id=job3.t_id, group=group2)
self.check_job_row(rownum=2, job_t_id=job2.t_id, group=group1)
self.check_job_row(rownum=3, job_t_id=job1.t_id, group=None)
def test_list_groups(self):
with session.begin():
group1 = data_setup.create_group()
group2 = data_setup.create_group()
out = run_client(['bkr', 'group-list'])
self.assertIn(group1.group_name, out)
self.assertIn(group2.group_name, out)
def test_group_not_in_cache(self):
b = self.browser
login(b, user=self.pool_owner.user_name, password='******')
self.go_to_pool_edit()
b.find_element_by_link_text('System Access Policy').click()
pane = b.find_element_by_id('access-policy')
# type the group name before it exists
with session.begin():
self.assertEquals(
Group.query.filter_by(group_name=u'anotherbeatles').first(),
None)
group_input = pane.find_element_by_xpath(
'.//input[@placeholder="Group name"]')
group_input.send_keys('anotherbeatles')
# group is created
with session.begin():
data_setup.create_group(group_name=u'anotherbeatles')
# type it again
group_input.clear()
group_input.send_keys('anotherbeatles')
# suggestion should appear
pane.find_element_by_xpath('.//div[@class="tt-suggestion" and '
'contains(string(.), "anotherbeatles")]')
group_input.send_keys('\n')
find_policy_checkbox(b, 'anotherbeatles', 'Edit this policy')
def setUp(self):
data_setup.create_product(product_name=u'the_product')
data_setup.create_group(group_name=u'somegroup')
self.user_foo = data_setup.create_user(password=u'foo')
self.user_bar = data_setup.create_user(password=u'bar')
self.bot = data_setup.create_user(password=u'bot')
# Add bot as delegate submission of foo
self.user_foo.add_submission_delegate(self.bot, service=u'testdata')
def test_grant_policy_pool(self):
with session.begin():
pool = data_setup.create_system_pool()
user = data_setup.create_user()
group = data_setup.create_group()
group.add_member(user)
user1 = data_setup.create_user()
# group
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.edit_system))
# non-existent group
try:
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--group', 'idontexist'])
self.fail('Must fail or die')
except ClientError as e:
self.assertIn("Group 'idontexist' does not exist", e.stderr_output)
# Everybody edit_system
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission', 'edit_system', '--everybody'])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.edit_system))
# test_multiple_permissions_and_targets
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
user1 = data_setup.create_user()
group.add_member(user1)
run_client(['bkr', 'policy-grant', '--pool', pool.name,
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
with session.begin():
session.refresh(pool)
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.view_power))
self.assertTrue(pool.access_policy.grants(
user, SystemPermission.reserve))
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.view_power))
self.assertTrue(pool.access_policy.grants(
user1, SystemPermission.reserve))
# non-existent pool
try:
run_client(['bkr', 'policy-grant', '--pool', 'idontexist',
'--permission=reserve', '--permission=view_power', \
'--user', user.user_name, '--group', group.group_name])
except ClientError as e:
self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_list_groups_by_owner(self):
with session.begin():
user1 = data_setup.create_user()
user2 = data_setup.create_user()
group1 = data_setup.create_group(owner=user1)
group2 = data_setup.create_group(owner=user2)
out = run_client(['bkr', 'group-list', '--owner', str(user1.user_name)])
self.assertIn(group1.group_name, out)
self.assertNotIn(group2.group_name, out)
def test_list_groups_limit(self):
with session.begin():
data_setup.create_group()
data_setup.create_group()
out1 = run_client(['bkr', 'group-list'])
groups1 = out1.split()
out2 = run_client(['bkr', 'group-list', '--limit=1'])
groups2 = out2.split()
self.assertEquals(len(groups2), 1)
self.assertEquals(groups1[0], groups2[0])
def test_list_groups_limit(self):
with session.begin():
data_setup.create_group()
data_setup.create_group()
out1 = run_client(['bkr', 'group-list'])
groups1 = out1.split()
out2 = run_client(['bkr', 'group-list', '--limit=1'])
groups2 = out2.split()
self.assertEquals(len(groups2), 1)
self.assertEquals(groups1[0], groups2[0])
def test_can_search_by_group_name(self):
with session.begin():
group = data_setup.create_group()
other_group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
b = self.browser
b.get(get_server_base() + 'groups/')
b.find_element_by_class_name('search-query').send_keys(
'group_name:"%s"' % group.group_name)
b.find_element_by_class_name('grid-filter').submit()
check_group_search_results(b, present=[group], absent=[other_group])
def test_list_pools_by_ownergroup(self):
with session.begin():
group1 = data_setup.create_group()
pool1 = data_setup.create_system_pool(owning_group=group1)
group2 = data_setup.create_group()
pool2 = data_setup.create_system_pool(owning_group=group2)
out = run_client(
['bkr', 'pool-list', '--owning-group',
str(group1.group_name)])
self.assertIn(pool1.name, out)
self.assertNotIn(pool2.name, out)
def test_can_search_by_group_name(self):
with session.begin():
group = data_setup.create_group()
other_group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
b = self.browser
b.get(get_server_base() + 'groups/')
b.find_element_by_class_name('search-query').send_keys(
'group_name:"%s"' % group.group_name)
b.find_element_by_class_name('grid-filter').submit()
check_group_search_results(b, present=[group], absent=[other_group])
def test_list_groups_by_owner(self):
with session.begin():
user1 = data_setup.create_user()
user2 = data_setup.create_user()
group1 = data_setup.create_group(owner=user1)
group2 = data_setup.create_group(owner=user2)
out = run_client(
['bkr', 'group-list', '--owner',
str(user1.user_name)])
self.assertIn(group1.group_name, out)
self.assertNotIn(group2.group_name, out)
def setUp(self):
with session.begin():
self.user = data_setup.create_user(password="******")
self.system = data_setup.create_system()
self.group = data_setup.create_group()
self.user.groups.append(self.group)
self.system.groups.append(self.group)
self.rand_group = data_setup.create_group(group_name=data_setup.unique_name(u"aardvark%s"))
session.flush()
self.browser = self.get_browser()
def test_group_modify_group_name_duplicate(self):
with session.begin():
group1 = data_setup.create_group(owner=self.user)
group2 = data_setup.create_group(owner=self.user)
try:
out = run_client(['bkr', 'group-modify',
'--group-name', group1.group_name,
group2.group_name],
config = self.client_config)
self.fail('Must fail or die')
except ClientError, e:
self.assert_('Group name already exists' in e.stderr_output)
def test_group_modify_group_name_duplicate(self):
with session.begin():
group1 = data_setup.create_group(owner=self.user)
group2 = data_setup.create_group(owner=self.user)
try:
out = run_client(['bkr', 'group-modify',
'--group-name', group1.group_name,
group2.group_name],
config = self.client_config)
self.fail('Must fail or die')
except ClientError as e:
self.assert_('Group %s already exists' % group1.group_name in e.stderr_output)
def test_can_search_normal_groups_by_member_username(self):
with session.begin():
group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
member = data_setup.create_user()
group.add_member(member)
other_group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
b = self.browser
b.get(get_server_base() + 'groups/')
b.find_element_by_class_name('search-query').send_keys(
'member.user_name:%s' % member.user_name)
b.find_element_by_class_name('grid-filter').submit()
check_group_search_results(b, present=[group], absent=[other_group])
def test_can_search_inverted_groups_by_member_username(self):
with session.begin():
member = data_setup.create_user()
group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
inverted_group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'),
membership_type=GroupMembershipType.inverted)
b = self.browser
b.get(get_server_base() + 'groups/')
b.find_element_by_class_name('search-query').send_keys(
'member.user_name:%s' % member.user_name)
b.find_element_by_class_name('grid-filter').submit()
check_group_search_results(b, present=[inverted_group], absent=[group])
def test_can_search_normal_groups_by_member_username(self):
with session.begin():
group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
member = data_setup.create_user()
group.add_member(member)
other_group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
b = self.browser
b.get(get_server_base() + 'groups/')
b.find_element_by_class_name('search-query').send_keys(
'member.user_name:%s' % member.user_name)
b.find_element_by_class_name('grid-filter').submit()
check_group_search_results(b, present=[group], absent=[other_group])
def test_can_search_inverted_groups_by_member_username(self):
with session.begin():
member = data_setup.create_user()
group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'))
inverted_group = data_setup.create_group(
group_name=data_setup.unique_name(u'aardvark%s'),
membership_type=GroupMembershipType.inverted)
b = self.browser
b.get(get_server_base() + 'groups/')
b.find_element_by_class_name('search-query').send_keys(
'member.user_name:%s' % member.user_name)
b.find_element_by_class_name('grid-filter').submit()
check_group_search_results(b, present=[inverted_group],
absent=[group])
def test_edit_group_name_duplicate(self):
with session.begin():
user = data_setup.create_user(password='******')
group1 = data_setup.create_group(owner=user)
group2 = data_setup.create_group(owner=user)
b = self.browser
login(b, user=user.user_name, password='******')
b.get(get_server_base() + 'groups/mine')
b.find_element_by_link_text(group2.group_name).click()
self._edit_group_details(b, group1.group_name, group2.display_name)
flash_text = b.find_element_by_class_name('flash').text
self.assert_('Group name already exists' in flash_text, flash_text)
def test_edit_group_name_duplicate(self):
with session.begin():
user = data_setup.create_user(password='******')
group1 = data_setup.create_group(owner=user)
group2 = data_setup.create_group(owner=user)
b = self.browser
login(b, user=user.user_name, password='******')
b.get(get_server_base() + 'groups/mine')
b.find_element_by_link_text(group2.group_name).click()
self._edit_group_details(b, group1.group_name, group2.display_name)
flash_text = b.find_element_by_class_name('flash').text
self.assert_('Group name already exists' in flash_text, flash_text)
def test_system_restricted_to_different_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.automated,
shared=False, lab_controller=self.lc)
wrong_group = data_setup.create_group()
user = data_setup.create_user(password=u'testing')
# user is not in the same group as system
wrong_group.add_member(user)
group = data_setup.create_group()
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_system_is_not_available(system)
self.check_cannot_take(system)
def test_group(self):
group_a = data_setup.create_group()
group_b = data_setup.create_group()
system_0 = data_setup.create_system()
system_a = data_setup.create_system()
system_a.groups.append(group_a)
system_ab = data_setup.create_system()
system_ab.groups.append(group_a)
system_ab.groups.append(group_b)
system_b = data_setup.create_system()
system_b.groups.append(group_b)
self.check_filter("""
<hostRequires>
<and>
<group op="=" value="%s" />
</and>
</hostRequires>
""" % group_a.group_name,
present=[system_a, system_ab],
absent=[system_b, system_0])
self.check_filter("""
<hostRequires>
<and>
<group op="!=" value="%s" />
</and>
</hostRequires>
""" % group_a.group_name,
present=[system_b, system_0],
absent=[system_a, system_ab])
# https://bugzilla.redhat.com/show_bug.cgi?id=601952
self.check_filter("""
<hostRequires>
<and>
<group op="==" value="" />
</and>
</hostRequires>
""",
present=[system_0],
absent=[system_a, system_ab, system_b])
self.check_filter("""
<hostRequires>
<and>
<group op="!=" value="" />
</and>
</hostRequires>
""",
present=[system_a, system_ab, system_b],
absent=[system_0])
def test_group(self):
group_a = data_setup.create_group()
group_b = data_setup.create_group()
system_0 = data_setup.create_system()
system_a = data_setup.create_system()
system_a.groups.append(group_a)
system_ab = data_setup.create_system()
system_ab.groups.append(group_a)
system_ab.groups.append(group_b)
system_b = data_setup.create_system()
system_b.groups.append(group_b)
self.check_filter("""
<hostRequires>
<and>
<group op="=" value="%s" />
</and>
</hostRequires>
""" % group_a.group_name,
present=[system_a, system_ab],
absent=[system_b, system_0])
self.check_filter("""
<hostRequires>
<and>
<group op="!=" value="%s" />
</and>
</hostRequires>
""" % group_a.group_name,
present=[system_b, system_0],
absent=[system_a, system_ab])
# https://bugzilla.redhat.com/show_bug.cgi?id=601952
self.check_filter("""
<hostRequires>
<and>
<group op="==" value="" />
</and>
</hostRequires>
""",
present=[system_0],
absent=[system_a, system_ab, system_b])
self.check_filter("""
<hostRequires>
<and>
<group op="!=" value="" />
</and>
</hostRequires>
""",
present=[system_a, system_ab, system_b],
absent=[system_0])
def test_group_remove_link_visibility(self):
with session.begin():
user = data_setup.create_user(password="******")
user.groups.append(self.group)
group = data_setup.create_group(owner=user)
b = self.browser
# login as admin
login(b)
b.get(get_server_base() + "groups/")
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(self.group.group_name)
b.find_element_by_xpath("//input[@value='Search']").submit()
self.assert_(
"Remove (-)" in b.find_element_by_xpath("//tr[(td[1]/a[text()='%s'])]" % self.group.group_name).text
)
logout(b)
# login as another user
login(b, user=user.user_name, password="******")
b.get(get_server_base() + "groups/")
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(self.group.group_name)
b.find_element_by_xpath("//input[@value='Search']").submit()
self.assert_(
"Remove (-)" not in b.find_element_by_xpath("//tr[(td[1]/a[text()='%s'])]" % self.group.group_name).text
)
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(group.group_name)
b.find_element_by_xpath("//input[@value='Search']").submit()
self.assert_("Remove (-)" in b.find_element_by_xpath("//tr[(td[1]/a[text()='%s'])]" % group.group_name).text)
def test_reserve_via_external_service(self):
with session.begin():
service_group = data_setup.create_group(
permissions=[u'proxy_auth'])
service_user = data_setup.create_user(password=u'password')
data_setup.add_user_to_group(service_user, service_group)
user = data_setup.create_user(password=u'notused')
system = data_setup.create_system(owner=User.by_user_name(
data_setup.ADMIN_USER),
status=u'Manual',
shared=True)
self.assert_(system.user is None)
server = self.get_server()
server.auth.login_password(service_user.user_name, 'password',
user.user_name)
server.systems.reserve(system.fqdn)
with session.begin():
session.refresh(system)
self.assertEqual(system.user, user)
self.assertEqual(system.reservations[0].type, u'manual')
self.assertEqual(system.reservations[0].user, user)
self.assert_(system.reservations[0].finish_time is None)
assert_durations_not_overlapping(system.reservations)
reserved_activity = system.activity[0]
self.assertEqual(reserved_activity.action, 'Reserved')
self.assertEqual(reserved_activity.service, service_user.user_name)
def test_system_pool_activity(self):
with session.begin():
pool1 = data_setup.create_system_pool()
act1 = pool1.record_activity(service=u'testdata',
user=User.by_user_name(data_setup.ADMIN_USER),
action=u'Nothing', field=u'Nonsense',
old=u'asdf', new=u'omgwtfbbq')
pool2 = data_setup.create_system_pool()
act2 = pool2.record_activity(service=u'testdata',
user=User.by_user_name(data_setup.ADMIN_USER),
action=u'Nothing', field=u'Nonsense',
old=u'asdf', new=u'lollercopter')
b = self.browser
b.get(get_server_base() + 'activity/pool')
b.find_element_by_class_name('search-query').send_keys(
'pool.name:%s' % pool1.name)
b.find_element_by_class_name('grid-filter').submit()
check_activity_search_results(b, present=[act1], absent=[act2])
# search by pool owner
b.get(get_server_base() + 'activity/pool')
b.find_element_by_class_name('search-query').send_keys(
'pool.owner.user_name:%s' % pool2.owner.user_name)
b.find_element_by_class_name('grid-filter').submit()
check_activity_search_results(b, present=[act2], absent=[act1])
with session.begin():
pool1.owning_user = None
pool1.owning_group = data_setup.create_group()
b.get(get_server_base() + 'activity/pool')
b.find_element_by_class_name('search-query').send_keys(
'pool.owner.group_name:%s' % pool1.owner.group_name)
b.find_element_by_class_name('grid-filter').submit()
check_activity_search_results(b, present=[act1], absent=[act2])
def test_grant_group(self):
with session.begin():
user = data_setup.create_user()
group = data_setup.create_group()
group.add_member(user)
self.assertFalse(
self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
run_client([
'bkr', 'policy-grant', '--system', self.system.fqdn,
'--permission', 'edit_system', '--group', group.group_name
])
with session.begin():
session.expire_all()
self.assertTrue(
self.system.custom_access_policy.grants(
user, SystemPermission.edit_system))
# non-existent group
try:
run_client([
'bkr', 'policy-grant', '--system', self.system.fqdn,
'--permission', 'edit_system', '--group', 'idontexist'
])
self.fail('Must fail or die')
except ClientError as e:
self.assertIn("Group 'idontexist' does not exist", e.stderr_output)
def test_actions(self):
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user()
group = data_setup.create_group(owner=owner)
group.add_member(member)
mail_capture_thread.start_capturing()
bkr.server.mail.group_membership_notify(member, group, owner, 'Added')
captured_mails = mail_capture_thread.stop_capturing()
self.assertEqual(len(captured_mails), 1)
with session.begin():
group.remove_member(member)
mail_capture_thread.start_capturing()
bkr.server.mail.group_membership_notify(member, group, owner, 'Removed')
captured_mails = mail_capture_thread.stop_capturing()
self.assertEqual(len(captured_mails), 1)
# invalid action
try:
bkr.server.mail.group_membership_notify(member, group, owner, 'Unchanged')
self.fail('Must fail or die')
except ValueError, e:
self.assert_('Unknown action' in str(e))
def test_disable_legacy_perms(self):
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(CONFIG_FILE,
'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=None)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.check_cannot_review()
finally:
stop_process('gunicorn')
start_process('gunicorn')
def setUp(self):
with session.begin():
self.group_owner = data_setup.create_user(password='******')
self.group = data_setup.create_group()
self.group.user_group_assocs.append(
UserGroup(user=self.group_owner, is_owner=True))
self.browser = self.get_browser()
def test_inverted_group_modify_grant_owner(self):
with session.begin():
group = data_setup.create_group(
owner=self.user, membership_type=GroupMembershipType.inverted)
user1 = data_setup.create_user()
group.add_member(user1)
user2 = data_setup.create_user()
group.add_member(user2)
# user3 is not associated but can also be set as the group owner.
user3 = data_setup.create_user()
out = run_client([
'bkr', 'group-modify', '--grant-owner', user1.user_name,
'--grant-owner', user2.user_name, '--grant-owner', user3.user_name,
group.group_name
],
config=self.client_config)
with session.begin():
session.expire_all()
self.assertTrue(group.has_owner(user1))
self.assertTrue(group.has_owner(user2))
self.assertTrue(group.has_owner(user3))
self.assertEquals(group.activity[-1].action, u'Added')
self.assertEquals(group.activity[-1].field_name, u'Owner')
self.assertEquals(group.activity[-1].new_value, user3.user_name)
self.assertEquals(group.activity[-1].service, u'HTTP')
def test_show_group_owners(self):
with session.begin():
owner = data_setup.create_user(user_name='zzzz', password='******')
group = data_setup.create_group(owner=owner)
member1 = data_setup.create_user(user_name='aaaa', password='******')
member1.groups.append(group)
member2 = data_setup.create_user(user_name='bbbb', password='******')
member2.groups.append(group)
b = self.browser
login(b, user=member1.user_name, password='******')
b.get(get_server_base() + 'groups/edit?group_id=%d' % group.group_id)
# the first entry should always be the owner(s)
user_name, ownership = b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[1]/td[1]').text, \
b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[1]/td[2]').text
self.assertTrue(user_name, owner.user_name)
self.assertTrue(ownership, 'Yes')
user_name, ownership = b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[2]/td[1]').text, \
b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[2]/td[2]').text
self.assertTrue(user_name in [member1.user_name, member2.user_name])
self.assertTrue(ownership, 'No')
def test_group_column(self):
with session.begin():
group = data_setup.create_group()
system_with_group = data_setup.create_system()
system_with_group.groups.append(group)
system_without_group = data_setup.create_system()
b = self.browser
b.get(get_server_base())
b.find_element_by_link_text('Show Search Options').click()
wait_for_animation(b, '#searchform')
Select(b.find_element_by_name('systemsearch-0.table'))\
.select_by_visible_text('System/Group')
Select(b.find_element_by_name('systemsearch-0.operation'))\
.select_by_visible_text('is')
b.find_element_by_name('systemsearch-0.value').send_keys(group.group_name)
b.find_element_by_link_text('Toggle Result Columns').click()
wait_for_animation(b, '#selectablecolumns')
b.find_element_by_link_text('Select None').click()
b.find_element_by_name('systemsearch_column_System/Name').click()
b.find_element_by_name('systemsearch_column_System/Group').click()
b.find_element_by_id('searchform').submit()
check_system_search_results(b, present=[system_with_group],
absent=[system_without_group])
b.find_element_by_xpath('//table[@id="widget"]'
'//td[2][normalize-space(text())="%s"]' % group.group_name)
def test_group_column(self):
with session.begin():
group = data_setup.create_group()
system_with_group = data_setup.create_system()
system_with_group.groups.append(group)
system_without_group = data_setup.create_system()
b = self.browser
b.get(get_server_base())
b.find_element_by_link_text('Show Search Options').click()
wait_for_animation(b, '#searchform')
Select(b.find_element_by_name('systemsearch-0.table'))\
.select_by_visible_text('System/Group')
Select(b.find_element_by_name('systemsearch-0.operation'))\
.select_by_visible_text('is')
b.find_element_by_name('systemsearch-0.value').send_keys(
group.group_name)
b.find_element_by_link_text('Toggle Result Columns').click()
wait_for_animation(b, '#selectablecolumns')
b.find_element_by_link_text('Select None').click()
b.find_element_by_name('systemsearch_column_System/Name').click()
b.find_element_by_name('systemsearch_column_System/Group').click()
b.find_element_by_id('searchform').submit()
check_system_search_results(b,
present=[system_with_group],
absent=[system_without_group])
b.find_element_by_xpath('//table[@id="widget"]'
'//td[2][normalize-space(text())="%s"]' %
group.group_name)
def test_search_group(self):
with session.begin():
group = data_setup.create_group()
whiteboard = data_setup.unique_name(u'whiteboard%s')
job = data_setup.create_job(group=group, whiteboard=whiteboard)
job2 = data_setup.create_job(whiteboard=whiteboard)
b = self.browser
# Ensures that both jobs are present
b.get(get_server_base() + 'jobs')
b.find_element_by_link_text('Show Search Options').click()
wait_for_animation(b, '#searchform')
b.find_element_by_xpath("//select[@id='jobsearch_0_table'] \
/option[@value='Whiteboard']").click()
b.find_element_by_xpath("//select[@id='jobsearch_0_operation'] \
/option[@value='is']").click()
b.find_element_by_xpath("//input[@id='jobsearch_0_value']"). \
send_keys(whiteboard)
b.find_element_by_id('searchform').submit()
check_job_search_results(b, present=[job, job2])
# Now do the actual test
b.find_element_by_xpath("//select[@id='jobsearch_0_table'] \
/option[@value='Group']").click()
b.find_element_by_xpath("//select[@id='jobsearch_0_operation'] \
/option[@value='is']").click()
b.find_element_by_xpath("//input[@id='jobsearch_0_value']").clear()
b.find_element_by_xpath("//input[@id='jobsearch_0_value']"). \
send_keys(job.group.group_name)
b.find_element_by_id('searchform').submit()
check_job_search_results(b, present=[job], absent=[job2])
def test_user_resource_counts_are_accurate_when_removing(self):
with session.begin():
user = data_setup.create_user()
job = data_setup.create_job(owner=user)
data_setup.mark_job_running(job)
owned_system = data_setup.create_system(owner=user)
loaned_system = data_setup.create_system()
loaned_system.loaned = user
owned_pool = data_setup.create_system_pool(owning_user=user)
group = data_setup.create_group(owner=user)
s = requests.Session()
requests_login(s)
response = s.get(get_server_base() + 'users/%s' % user.user_name,
headers={'Accept': 'application/json'})
response.raise_for_status()
self.assertEquals(response.json()['job_count'], 1)
self.assertEquals(response.json()['reservation_count'], 1)
self.assertEquals(response.json()['loan_count'], 1)
self.assertEquals(response.json()['owned_system_count'], 1)
self.assertEquals(response.json()['owned_pool_count'], 1)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': 'now'}, session=s)
response.raise_for_status()
# The bug was that the counts in the PATCH response would still show
# their old values, because the queries for producing the counts were
# being run before all the removals were flushed to the database.
# Note that job_count stays as 1, because the job has been cancelled
# but it will still be running until the next iteration of beakerd's
# update_dirty_jobs.
self.assertEquals(response.json()['job_count'], 1)
self.assertEquals(response.json()['reservation_count'], 0)
self.assertEquals(response.json()['loan_count'], 0)
self.assertEquals(response.json()['owned_system_count'], 0)
self.assertEquals(response.json()['owned_pool_count'], 0)
def setUp(self):
with session.begin():
self.group_owner = data_setup.create_user(password='******')
self.group = data_setup.create_group()
self.group.user_group_assocs.append(
UserGroup(user=self.group_owner, is_owner=True))
self.browser = self.get_browser()
def test_escapes_uri_characters_in_group_name(self):
bad_group_name = u'!@#$%^&*()_+{}|:><?'
with session.begin():
group = data_setup.create_group(group_name=bad_group_name)
out = run_client(['bkr', 'group-members', bad_group_name])
out = json.loads(out)
self.assertEquals(len(out), 1)
def test_system_restricted_to_different_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.automated,
shared=False,
lab_controller=self.lc)
wrong_group = data_setup.create_group()
user = data_setup.create_user(password=u'testing')
# user is not in the same group as system
wrong_group.add_member(user)
group = data_setup.create_group()
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_system_is_not_available(system)
self.check_cannot_take(system)
def test_cant_delete_group_mates_job(self):
# XXX This whole test can go away with BZ#1000861
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(
CONFIG_FILE,
'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn',
env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
group = data_setup.create_group()
mate = data_setup.create_user(password=u'asdf')
test_job = data_setup.create_completed_job(owner=mate)
data_setup.add_user_to_group(self.user, group)
data_setup.add_user_to_group(mate, group)
try:
run_client(['bkr', 'job-delete', test_job.t_id],
config=self.client_config)
self.fail('We should not have permission to delete %s' % \
test_job.t_id)
except ClientError, e:
self.assertIn(
"You don't have permission to delete job %s" %
test_job.t_id, e.stderr_output)
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_inverted_group_modify_grant_owner(self):
with session.begin():
group = data_setup.create_group(owner=self.user,
membership_type=GroupMembershipType.inverted)
user1 = data_setup.create_user()
group.add_member(user1)
user2 = data_setup.create_user()
group.add_member(user2)
# user3 is not associated but can also be set as the group owner.
user3 = data_setup.create_user()
out = run_client(['bkr', 'group-modify',
'--grant-owner', user1.user_name,
'--grant-owner', user2.user_name,
'--grant-owner', user3.user_name,
group.group_name],
config = self.client_config)
with session.begin():
session.expire_all()
self.assertTrue(group.has_owner(user1))
self.assertTrue(group.has_owner(user2))
self.assertTrue(group.has_owner(user3))
self.assertEquals(group.activity[-1].action, u'Added')
self.assertEquals(group.activity[-1].field_name, u'Owner')
self.assertEquals(group.activity[-1].new_value, user3.user_name)
self.assertEquals(group.activity[-1].service, u'HTTP')
def test_add_group(self):
with session.begin():
group = data_setup.create_group()
user_password = '******'
user = data_setup.create_user(password=user_password)
data_setup.add_user_to_group(user, group)
orig_date_modified = self.system.date_modified
# as admin, assign the system to our test group
b = self.browser
login(b)
self.go_to_system_view(tab='Groups')
b.find_element_by_name('group.text').send_keys(group.group_name)
b.find_element_by_name('groups').submit()
b.find_element_by_xpath(
'//div[@id="groups"]'
'//td[normalize-space(text())="%s"]' % group.group_name)
with session.begin():
session.refresh(self.system)
self.assert_(self.system.date_modified > orig_date_modified)
# as a user in the group, can we see it?
logout(b)
login(b, user.user_name, user_password)
click_menu_item(b, 'Systems', 'Available')
b.find_element_by_name('simplesearch').send_keys(self.system.fqdn)
b.find_element_by_name('systemsearch_simple').submit()
check_system_search_results(b, present=[self.system])
def setUp(self):
jobs_to_generate = 2
self.products = [
data_setup.create_product() for _ in range(jobs_to_generate)
]
self.users = [
data_setup.create_user(password='******')
for _ in range(jobs_to_generate)
]
self.groups = [
data_setup.create_group() for _ in range(jobs_to_generate)
]
_ = [
group.add_member(self.users[i])
for i, group in enumerate(self.groups)
]
self.jobs = [
data_setup.create_completed_job(product=self.products[x],
owner=self.users[x],
group=self.groups[x])
for x in range(jobs_to_generate)
]
self.client_configs = [
create_client_config(username=user.user_name, password='******')
for user in self.users
]
def test_disable_legacy_perms(self):
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(
CONFIG_FILE,
'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn',
env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=None)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.check_cannot_review()
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_show_group_owners(self):
with session.begin():
owner = data_setup.create_user(user_name='zzzz',
password='******')
group = data_setup.create_group(owner=owner)
member1 = data_setup.create_user(user_name='aaaa',
password='******')
member1.groups.append(group)
member2 = data_setup.create_user(user_name='bbbb',
password='******')
member2.groups.append(group)
b = self.browser
login(b, user=member1.user_name, password='******')
b.get(get_server_base() + 'groups/edit?group_id=%d' % group.group_id)
# the first entry should always be the owner(s)
user_name, ownership = b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[1]/td[1]').text, \
b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[1]/td[2]').text
self.assertTrue(user_name, owner.user_name)
self.assertTrue(ownership, 'Yes')
user_name, ownership = b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[2]/td[1]').text, \
b.find_element_by_xpath('//table[@id="group_members_grid"]//tr[2]/td[2]').text
self.assertTrue(user_name in [member1.user_name, member2.user_name])
self.assertTrue(ownership, 'No')
def test_group_remove_link_visibility(self):
with session.begin():
user = data_setup.create_user(password='******')
user.groups.append(self.group)
group = data_setup.create_group(owner=user)
b = self.browser
#login as admin
login(b)
b.get(get_server_base() + 'groups/')
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(
self.group.group_name)
b.find_element_by_id('Search').submit()
self.assert_('Delete' in b.find_element_by_xpath(
"//tr[(td[1]/a[text()='%s'])]" % self.group.group_name).text)
logout(b)
# login as another user
login(b, user=user.user_name, password='******')
b.get(get_server_base() + 'groups/')
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(
self.group.group_name)
b.find_element_by_id('Search').submit()
self.assert_('Delete' not in b.find_element_by_xpath(
"//tr[(td[1]/a[text()='%s'])]" % self.group.group_name).text)
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(
group.group_name)
b.find_element_by_id('Search').submit()
self.assert_('Delete' in b.find_element_by_xpath(
"//tr[(td[1]/a[text()='%s'])]" % group.group_name).text)
def setUp(self):
self.selenium = self.get_selenium()
self.password = '******'
# create users
self.user_1 = data_setup.create_user(password=self.password)
self.user_2 = data_setup.create_user(password=self.password)
self.user_3 = data_setup.create_user(password=self.password)
# create admin users
self.admin_1 = data_setup.create_user(password=self.password)
self.admin_1.groups.append(Group.by_name(u'admin'))
self.admin_2 = data_setup.create_user(password=self.password)
self.admin_2.groups.append(Group.by_name(u'admin'))
# create systems
self.system_1 = data_setup.create_system(shared=True)
self.system_2 = data_setup.create_system(shared=True)
self.system_3 = data_setup.create_system(shared=False,
owner=self.user_3)
# create group and add users/systems to it
self.group_1 = data_setup.create_group()
self.user_3.groups.append(self.group_1)
self.admin_2.groups.append(self.group_1)
self.system_2.groups.append(self.group_1)
lc = data_setup.create_labcontroller()
self.system_1.lab_controller = lc
self.system_2.lab_controller = lc
self.system_3.lab_controller = lc
self.selenium.start()
def test_create_pool_set_owner(self):
pool_name = data_setup.unique_name(u'mypool%s')
owner = data_setup.create_user()
run_client(['bkr', 'pool-create',
'--owner', owner.user_name,
pool_name])
with session.begin():
p = SystemPool.by_name(pool_name)
self.assertFalse(p.owning_group)
self.assertTrue(p.owning_user.user_name,
owner.user_name)
pool_name = data_setup.unique_name(u'mypool%s')
owning_group = data_setup.create_group()
run_client(['bkr', 'pool-create',
'--owning-group', owning_group.group_name,
pool_name])
with session.begin():
p = SystemPool.by_name(pool_name)
self.assertTrue(p.owning_group, owning_group)
self.assertFalse(p.owning_user)
# specifying both should error out
try:
run_client(['bkr', 'pool-create',
'--owner', owner.user_name,
'--owning-group', owning_group.group_name,
pool_name])
self.fail('Must error out')
except ClientError as e:
self.assertIn('Only one of owner or owning-group must be specified',
e.stderr_output)
def test_group_remove_should_not_remove_system_pool(self):
with session.begin():
user = data_setup.create_user(password='******')
group = data_setup.create_group(owner=user)
pool = data_setup.create_system_pool(owning_group=group)
b = self.browser
login(b, user=user.user_name, password='******')
b.get(get_server_base() + 'groups/')
b.find_element_by_xpath("//input[@name='group.text']").clear()
b.find_element_by_xpath("//input[@name='group.text']").send_keys(group.group_name)
b.find_element_by_id('Search').submit()
delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
group.group_name, delete_text='Delete Group')
self.assertEqual(
b.find_element_by_class_name('flash').text,
'%s deleted' % group.display_name)
with session.begin():
session.refresh(pool)
self.assertFalse(pool.owning_group)
self.assertEquals(pool.owning_user, user)
self.assertEquals(pool.activity[-1].action, u'Changed')
self.assertEquals(pool.activity[-1].field_name, u'Owner')
self.assertEquals(pool.activity[-1].old_value, 'Group %s' % group.group_name)
self.assertEquals(pool.activity[-1].new_value, user.user_name)
self.assertEquals(pool.activity[-1].service, u'WEBUI')
def test_search_group(self):
with session.begin():
group = data_setup.create_group()
whiteboard = data_setup.unique_name(u'whiteboard%s')
job = data_setup.create_job(group=group, whiteboard=whiteboard)
job2 = data_setup.create_job(whiteboard=whiteboard)
b = self.browser
# Ensures that both jobs are present
b.get(get_server_base() + 'jobs')
b.find_element_by_link_text('Show Search Options').click()
wait_for_animation(b, '#searchform')
b.find_element_by_xpath("//select[@id='jobsearch_0_table'] \
/option[@value='Whiteboard']").click()
b.find_element_by_xpath("//select[@id='jobsearch_0_operation'] \
/option[@value='is']").click()
b.find_element_by_xpath("//input[@id='jobsearch_0_value']"). \
send_keys(whiteboard)
b.find_element_by_id('searchform').submit()
check_job_search_results(b, present=[job, job2])
# Now do the actual test
b.find_element_by_xpath("//select[@id='jobsearch_0_table'] \
/option[@value='Group']").click()
b.find_element_by_xpath("//select[@id='jobsearch_0_operation'] \
/option[@value='is']").click()
b.find_element_by_xpath("//input[@id='jobsearch_0_value']").clear()
b.find_element_by_xpath("//input[@id='jobsearch_0_value']"). \
send_keys(job.group.group_name)
b.find_element_by_id('searchform').submit()
check_job_search_results(b, present=[job], absent=[job2])
def test_cant_delete_group_mates_job(self):
# XXX This whole test can go away with BZ#1000861
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(CONFIG_FILE, 'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
group = data_setup.create_group()
mate = data_setup.create_user(password=u'asdf')
test_job = data_setup.create_completed_job(owner=mate)
data_setup.add_user_to_group(self.user, group)
data_setup.add_user_to_group(mate, group)
try:
run_client(['bkr', 'job-delete', test_job.t_id],
config=self.client_config)
self.fail('We should not have permission to delete %s' % \
test_job.t_id)
except ClientError, e:
self.assertIn("You don't have permission to delete job %s" %
test_job.t_id, e.stderr_output)
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_job_group(self):
with session.begin():
user_in_group = data_setup.create_user(password='******')
group = data_setup.create_group()
user_in_group.groups.append(group)
user_not_in_group = data_setup.create_user(password='******')
# Test submitting on behalf of user's group
config1 = create_client_config(username=user_in_group.user_name,
password='******')
out = run_client(['bkr', 'workflow-simple', '--random',
'--arch', self.distro_tree.arch.arch,
'--family', self.distro.osversion.osmajor.osmajor,
'--job-group', group.group_name,
'--task', self.task.name], config=config1)
self.assertTrue(out.startswith('Submitted:'), out)
m = re.search('J:(\d+)', out)
job_id = m.group(1)
with session.begin():
job = Job.by_id(job_id)
self.assertEqual(group, job.group)
# Test submitting on behalf of group user does not belong to
config2 = create_client_config(username=user_not_in_group.user_name,
password='******')
try:
out2 = run_client(['bkr', 'workflow-simple', '--random',
'--arch', self.distro_tree.arch.arch,
'--family', self.distro.osversion.osmajor.osmajor,
'--job-group', group.group_name,
'--task', self.task.name], config=config2)
fail('should raise')
except ClientError, e:
self.assertTrue('You are not a member of the %s group' % \
group.group_name in e.stderr_output, e)
