def login_admin(self, **kwargs): username = conf.credentials['default']['username'] password = conf.credentials['default']['password'] cred = Credential(principal=username, secret=password) from cfme.configure.access_control import User user = User(credential=cred, name='Administrator') return self.log_in(user, **kwargs)
def vm_ownership(enable_candu, clean_setup_provider, provider, appliance): # In these tests, Metering report is filtered on VM owner.So,VMs have to be # assigned ownership. vm_name = provider.data['cap_and_util']['chargeback_vm'] if not provider.mgmt.does_vm_exist(vm_name): pytest.skip("Skipping test, {} VM does not exist".format(vm_name)) provider.mgmt.start_vm(vm_name) provider.mgmt.wait_vm_running(vm_name) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(), credential=Credential(principal='uid' + '{}'.format(fauxfactory.gen_alphanumeric()), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm = VM.factory(vm_name, provider) try: vm.set_ownership(user=user.name) logger.info('Assigned VM OWNERSHIP for {} running on {}'.format( vm_name, provider.name)) yield user.name finally: vm.unset_ownership() user.delete()
def vm_ownership(enable_candu, provider, appliance): """In these tests, chargeback reports are filtered on VM owner.So,VMs have to be assigned ownership. """ collection = appliance.provider_based_collection(provider) vm_name = provider.data['cap_and_util']['chargeback_vm'] vm = collection.instantiate(vm_name, provider) if not vm.exists_on_provider: pytest.skip("Skipping test, cu-24x7 VM does not exist") vm.mgmt.ensure_state(VmState.RUNNING) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') # don't assume collection is infra, in case test collected against other provider types # No vm creation or cleanup user = appliance.collections.users.create( name='{}_{}'.format(provider.name, fauxfactory.gen_alphanumeric()), credential=Credential(principal='uid{}'.format( fauxfactory.gen_alphanumeric()), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') vm.set_ownership(user=user.name) logger.info('Assigned VM OWNERSHIP for {} running on {}'.format( vm_name, provider.name)) yield user.name vm.unset_ownership() if user: user.delete()
def test_multiple_host_good_creds(setup_provider, provider, creds): if len(provider.data.get('hosts', {})) < 2: pytest.skip('not enough hosts to run test') """ Tests multiple host credentialing with good credentials """ host = random.choice(provider.data["hosts"]) host_creds = credentials[host['credentials'][creds]] cred = Credential(principal=host_creds.username, secret=host_creds.password) edit_view = navigate_and_select_quads(provider=provider) # Fill form with valid credentials for default endpoint and validate edit_view.endpoints.default.fill_with(cred.view_value_mapping) edit_view.validation_host.fill(host.name) edit_view.endpoints.default.validate_button.click() edit_view.flash.assert_no_error() edit_view.flash.assert_success_message( 'Credential validation was successful') # Save changes edit_view.save_button.click() view = provider.create_view(ProviderNodesView) view.flash.assert_no_error() view.flash.assert_success_message( 'Credentials/Settings saved successfully')
def user(appliance): """Creates new user with role which does not have permission of modifying automate domains""" product_features = [ (['Everything', 'Automation', 'Automate', 'Explorer', 'Automate Domains', 'Modify'], False) ] role = appliance.collections.roles.create(name=fauxfactory.gen_alphanumeric(), product_features=product_features) group = appliance.collections.groups.create( description=fauxfactory.gen_alphanumeric(), role=role.name, tenant=appliance.collections.tenants.get_root_tenant().name ) user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric().lower(), credential=Credential( principal=fauxfactory.gen_alphanumeric(4), secret=fauxfactory.gen_alphanumeric(4), ), email=fauxfactory.gen_email(), groups=group, cost_center="Workload", value_assign="Database", ) yield user user.delete_if_exists() group.delete_if_exists() role.delete_if_exists()
def new_user(appliance, permission): # Tenant created collection = appliance.collections.tenants tenant = collection.create( name=fauxfactory.gen_alphanumeric(), description=fauxfactory.gen_alphanumeric(), parent=collection.get_root_tenant(), ) # Role created role = appliance.collections.roles.create( name=f'role_{fauxfactory.gen_alphanumeric()}', vm_restriction="Only User or Group Owned", product_features=permission) # Group creates group = appliance.collections.groups.create( description=fauxfactory.gen_alphanumeric(), role=role.name, tenant=f"My Company/{tenant.name}") creds = Credential(principal=fauxfactory.gen_alphanumeric(4), secret=fauxfactory.gen_alphanumeric(4)) # User created user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(), credential=creds, email=fauxfactory.gen_email(), groups=group, cost_center='Workload', value_assign='Database') yield user user.delete_if_exists() group.delete_if_exists() role.delete_if_exists() tenant.delete_if_exists()
def test_multiple_host_bad_creds(setup_provider, provider): """ Tests multiple host credentialing with bad credentials Polarion: assignee: nachandr caseimportance: medium casecomponent: Infra initialEstimate: 1/15h """ if len(provider.data.get('hosts', {})) < 2: pytest.skip('not enough hosts to run test') host = random.choice(provider.data["hosts"]) cred = Credential(principal='wrong', secret='bad_password') edit_view = navigate_and_select_quads(provider=provider) edit_view.endpoints.default.fill_with(cred.view_value_mapping) edit_view.validation_host.fill(host.name) edit_view.endpoints.default.validate_button.click() if provider.one_of(RHEVMProvider): msg = 'Login failed due to a bad username or password.' elif provider.one_of(SCVMMProvider): msg = 'Check credentials. Remote error message: WinRM::WinRMAuthorizationError' else: msg = 'Cannot complete login due to an incorrect user name or password.' edit_view.flash.assert_message(msg) edit_view.cancel_button.click()
def user_self_service_role(appliance): """This is fixture with create user with user_self_service_role""" with appliance.context.use(ViaUI): # copy role with no restrictions role = appliance.collections.roles.instantiate( name="EvmRole-user_self_service") user_self_service_role = role.copy(name=fauxfactory.gen_alphanumeric( 25, "self_service_role_"), vm_restriction="None") # Group with user self service role user_self_service_gp = appliance.collections.groups.create( description=fauxfactory.gen_alphanumeric(22, "self_service_gp_"), role=user_self_service_role.name) # credentials for user creds = Credential( principal=fauxfactory.gen_alphanumeric(start="user_"), secret=fauxfactory.gen_alphanumeric(), ) # user with above group user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(start="user_"), credential=creds, email=fauxfactory.gen_email(), groups=user_self_service_gp, ) yield user, user_self_service_role user.delete_if_exists() user_self_service_gp.delete_if_exists() user_self_service_role.delete_if_exists()
def update_password(self, new_password, verify_password=None, user=None, method=LOGIN_METHODS[1]): if not user: username = conf.credentials['default']['username'] password = conf.credentials['default']['password'] cred = Credential(principal=username, secret=password) user = self.appliance.collections.users.instantiate(credential=cred, name='Administrator') logged_in_view = self.appliance.browser.create_view(BaseLoggedInPage) if not logged_in_view.logged_in_as_user(user): if logged_in_view.logged_in: logged_in_view.logout() from cfme.utils.appliance.implementations.ui import navigate_to login_view = navigate_to(self.appliance.server, 'LoginScreen') logger.debug('Changing password for user %s', user.credential.principal) login_view.update_password(user=user, new_password=new_password, verify_password=verify_password, method=method) try: assert logged_in_view.is_displayed except AssertionError: login_view.flash.assert_no_error() return logged_in_view
def test_password_max_character_validation(appliance): password = fauxfactory.gen_alphanumeric(51) cred = Credential(principal=fauxfactory.gen_alphanumeric(5), secret=password, verify_secret=password) collection = appliance.collections.cloud_providers collection.discover(cred, EC2Provider)
def retrieve_group(temp_appliance_preconfig_long, auth_mode, username, groupname, auth_provider, tenant=None): """Retrieve group from ext/ldap auth provider through UI Args: temp_appliance_preconfig_long: temp_appliance_preconfig_long object auth_mode: key from cfme.configure.configuration.server_settings.AUTH_MODES, parametrization user_data: user_data AttrDict from yaml, with username, groupname, password fields """ group = temp_appliance_preconfig_long.collections.groups.instantiate( description=groupname, role='EvmRole-user', tenant=tenant, user_to_lookup=username, ldap_credentials=Credential(principal=auth_provider.bind_dn, secret=auth_provider.bind_password)) add_method = ('add_group_from_ext_auth_lookup' if auth_mode == 'external' else 'add_group_from_ldap_lookup') if not group.exists: getattr(group, add_method)() # call method to add wait_for(lambda: group.exists) else: logger.info('User Group exists, skipping create: %r', group) return group
def test_db_user_pwd(appliance, user, pwd, soft_assert): """ Polarion: assignee: dgaikwad casecomponent: Appliance initialEstimate: 1/6h """ new_credential = Credential(principal=user.credential.principal, secret=pwd) if pwd: with update(user): user.credential = new_credential with user: # now make sure the user can login view = navigate_to(appliance.server, "LoggedIn") soft_assert( view.current_fullname == user.name, 'user full name "{}" did not match UI display name "{}"'. format(user.name, view.current_fullname)) soft_assert( user.groups[0].description in view.group_names, 'local group "{}" not displayed in UI groups list "{}"'.format( user.groups[0].description, view.group_names)) else: # blank pwd doesn't allow you to click save view = navigate_to(user, 'Edit') user.change_stored_password() view.fill({ 'password_txt': new_credential.secret, 'password_verify_txt': new_credential.verify_secret }) assert view.save_button.disabled view.cancel_button.click()
def group(request, data, auth_mode, add_group, appliance): if not data: pytest.skip("No data spcified for user group") credentials = Credential( principal=data["username"], secret=data["password"], ) group_collection = appliance.collections.rbac_groups user_group = None if add_group == RETRIEVE_GROUP: user_group = group_collection.instantiate( description=data['group_name'], role="EvmRole-user", user_to_lookup=data["username"], ldap_credentials=credentials) if 'ext' in auth_mode: user_group.add_group_from_ext_auth_lookup() elif 'miq' in auth_mode: user_group.add_group_from_ldap_lookup() request.addfinalizer(user_group.delete) elif add_group == CREATE_GROUP: user_group = group_collection.create(description=data['group_name'], role="EvmRole-user", user_to_lookup=data["username"], ldap_credentials=credentials) request.addfinalizer(user_group.delete)
def get_credentials(cls, credential_dict, cred_type=None): """Processes a credential dictionary into a credential object. Args: credential_dict: A credential dictionary. cred_type: Type of credential (None, token, ssh, amqp, ...) Returns: A :py:class:`cfme.base.credential.Credential` instance. """ domain = credential_dict.get('domain') token = credential_dict.get('token') if not cred_type: return Credential(principal=credential_dict['username'], secret=credential_dict['password'], domain=domain) elif cred_type == 'amqp': return EventsCredential(principal=credential_dict['username'], secret=credential_dict['password']) elif cred_type == 'ssh': return SSHCredential(principal=credential_dict['username'], secret=credential_dict['password']) elif cred_type == 'candu': return CANDUCredential(principal=credential_dict['username'], secret=credential_dict['password']) elif cred_type == 'token': return TokenCredential(token=token)
def vm_ownership(enable_candu, clean_setup_provider, provider, appliance): # In these tests, Metering report is filtered on VM owner.So,VMs have to be # assigned ownership. vm_name = provider.data['cap_and_util']['chargeback_vm'] collection = provider.appliance.provider_based_collection(provider) vm = collection.instantiate(vm_name, provider) if not vm.exists_on_provider: pytest.skip(f"Skipping test, {vm_name} VM does not exist") vm.mgmt.ensure_state(VmState.RUNNING) group_collection = appliance.collections.groups cb_group = group_collection.instantiate(description='EvmGroup-user') user = appliance.collections.users.create( name=fauxfactory.gen_alphanumeric(), credential=Credential( principal=fauxfactory.gen_alphanumeric(start="uid"), secret='secret'), email='*****@*****.**', groups=cb_group, cost_center='Workload', value_assign='Database') try: vm.set_ownership(user=user) logger.info( f'Assigned VM OWNERSHIP for {vm_name} running on {provider.name}') yield user.name finally: vm.unset_ownership() user.delete()
def test_userid_required_error_validation(): user = User(name='user' + fauxfactory.gen_alphanumeric(), credential=Credential(principal='', secret='redhat'), email='*****@*****.**', group=group_user) with error.expected("Userid can't be blank"): user.create()
def test_update_password(context, request, appliance): """ Test updating password from the login screen. Polarion: assignee: jdupuy casecomponent: Infra initialEstimate: 1/6h """ # First, create a temporary new user username = '******'.format(fauxfactory.gen_alphanumeric(4).lower()) new_creds = Credential(principal=username, secret='redhat') user_group = appliance.collections.groups.instantiate(description="EvmGroup-vm_user") user = appliance.collections.users.create( name=username, credential=new_creds, groups=user_group ) error_message = "Login failed: Unauthorized" # Try to login as the new user to verify it has been created logged_in_page = appliance.server.login(user) assert logged_in_page.is_displayed logged_in_page.logout() # Now try to login while changing the password for the user changed_pass_page = appliance.server.update_password(new_password='******', user=user) assert changed_pass_page.is_displayed changed_pass_page.logout() # Try to login with the user with old password with pytest.raises(Exception, match=error_message): appliance.server.login(user) # Now try changing password with invalid default password new_cred = Credential(principal=username, secret="made_up_invalid_pass") user2 = appliance.collections.users.instantiate(credential=new_cred, name=username) with pytest.raises(Exception, match=error_message): appliance.server.update_password(new_password='******', user=user2) # Workaround for emptying the password fields. # If this wasn't here, we would change the password for admin user while # deleting our user. Which is bad. appliance.server.browser.refresh() # Delete the user we created user.delete()
def test_provider_add_with_bad_credentials(provider): """ Tests provider add with bad credentials""" provider.credentials['default'] = Credential(principal='bad', secret='reallybad') with error.expected( 'Credential validation was not successful: Invalid credentials'): provider.create(validate_credentials=True) assert (not provider.add_provider_button.can_be_clicked)
def test_discovery_password_mismatch_validation_cloud(appliance): cred = Credential(principal=fauxfactory.gen_alphanumeric(5), secret=fauxfactory.gen_alphanumeric(5), verify_secret=fauxfactory.gen_alphanumeric(7)) collection = appliance.collections.cloud_providers collection.discover(cred, EC2Provider) view = appliance.browser.create_view(CloudProvidersView) view.flash.assert_message('Password/Verify Password do not match')
def new_credential(): """ Returns credentials object used for new user in test module """ # Todo remove .lower() for principal after 1486041 fix return Credential(principal='uid{}'.format( fauxfactory.gen_alphanumeric().lower()), secret='redhat')
def login_admin(self, **kwargs): username = conf.credentials['default']['username'] password = conf.credentials['default']['password'] cred = Credential(principal=username, secret=password) user = self.extra.appliance.collections.users.instantiate( credential=cred, name='Administrator' ) return self.log_in(user, **kwargs)
def rbac_user(appliance, request, group): user, user_data = _users(request, appliance, group=group) return appliance.collections.users.instantiate( name=user[0].name, credential=Credential(principal=user_data[0]["userid"], secret=user_data[0]["password"]), groups=[group], )
def new_user(request, appliance): user, user_data = _users(request, appliance, group="EvmGroup-vm_user") yield appliance.collections.users.instantiate( name=user[0].name, credential=Credential(principal=user_data[0]["userid"], secret=user_data[0]["password"]), ) if user[0].exists: user[0].action.delete()
def test_provider_add_with_bad_credentials(provider): """ Tests provider add with bad credentials""" provider.endpoints['default'].credentials = Credential(principal='bad', secret='reallybad') with error.expected( 'Credential validation was not successful: Invalid credentials'): provider.create(validate_credentials=True) view = provider.create_view(MiddlewareProviderAddView) assert not view.add.active
def test_user_id_max_character_validation(appliance): """ Polarion: assignee: None initialEstimate: None """ cred = Credential(principal=fauxfactory.gen_alphanumeric(51), secret='') collection = appliance.collections.cloud_providers collection.discover(cred, EC2Provider)
def new_user(request, appliance): """This fixture creates custom user with tenant attached""" tenant = _tenants(request, appliance) role = appliance.rest_api.collections.roles.get(name="EvmRole-super_administrator") group = _groups(request, appliance, role, tenant=tenant) user, user_data = _users(request, appliance, group=group.description) yield appliance.collections.users.instantiate( name=user[0].name, credential=Credential(principal=user_data[0]["userid"], secret=user_data[0]["password"]), ), tenant
def test_infra_provider_add_with_bad_credentials(provider): """Tests provider add with bad credentials Metadata: test_flag: crud """ provider.default_endpoint.credentials = Credential( principal='bad', secret='reallybad', verify_secret='reallybad') with pytest.raises(Exception, match=provider.bad_credentials_error_msg): provider.create(validate_credentials=True)
def test_provider_add_with_bad_credentials(provider): """Tests provider add with bad credentials Metadata: test_flag: crud """ provider.default_endpoint.credentials = Credential( principal='bad', secret='reallybad', verify_secret='reallybad') with error.expected(provider.bad_credentials_error_msg): provider.create(validate_credentials=True)
def db_user(appliance): name = fauxfactory.gen_alpha(15, start="test-user-") creds = Credential(principal=name, secret=fauxfactory.gen_alpha()) user_group = appliance.collections.groups.instantiate(description="EvmGroup-vm_user") user = appliance.collections.users.create( name=name, credential=creds, groups=user_group, ) yield user user.delete_if_exists()
def test_userid_required_error_validation(): user = User(name='user' + fauxfactory.gen_alphanumeric(), credential=Credential(principal='', secret='redhat'), email='*****@*****.**', group=group_user) with error.expected("Userid can't be blank"): user.create() # Navigating away from this page will create an "Abandon Changes" alert # Since group creation failed we need to reset the state of the page navigate_to(user.appliance.server, 'Dashboard')