def test_group_create(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups")) # First create a group from the view page with an error (an invalid name, doubling as a # test that @ in group names is rejected). This should leave that page and go to the # dedicated group creation page with the form already set up. groups_page = GroupsViewPage(browser) groups_page.click_create_group_button() create_group_modal = groups_page.get_create_group_modal() create_group_modal.set_group_name("test-group@something") create_group_modal.set_description("some description") create_group_modal.confirm() create_page = GroupCreatePage(browser) create_page.has_alert("Group names cannot contain @") create_page.set_group_name("test-group") create_page.submit() view_page = GroupViewPage(browser) assert view_page.subheading == "test-group" row = view_page.find_member_row("*****@*****.**") assert row.role == "owner" assert row.href.endswith("/users/[email protected]")
def test_request_permission(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", "owner") setup.create_permission("some-permission") setup.add_user_to_group("*****@*****.**", "admins") setup.grant_permission_to_group(PERMISSION_GRANT, "some-permission", "admins") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) group_page = GroupViewPage(browser) group_page.click_request_permission_button() request_page = PermissionRequestPage(browser) request_page.set_permission("some-permission") request_page.set_argument_freeform("some-argument") request_page.set_reason("testing") request_page.submit() assert browser.current_url.endswith("/permissions/requests/1") update_page = PermissionRequestUpdatePage(browser) assert update_page.has_text("some-group") assert update_page.has_text("some-argument") assert update_page.has_text("testing")
def test_require_clickthru(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups")) groups_page = GroupsViewPage(browser) groups_page.click_create_group_button() create_group_modal = groups_page.get_create_group_modal() create_group_modal.set_group_name("test-group") create_group_modal.set_join_policy(GroupJoinPolicy.CAN_JOIN) create_group_modal.click_require_clickthru_checkbox() create_group_modal.confirm() with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/test-group/join")) join_page = GroupJoinPage(browser) join_page.set_reason("Testing") join_page.submit() clickthru_modal = join_page.get_clickthru_modal() clickthru_modal.confirm() group_page = GroupViewPage(browser) assert group_page.current_url.endswith( "/groups/test-group?refresh=yes") assert group_page.find_member_row("*****@*****.**")
def test_remove_last_owner_via_audit(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: future = datetime.utcnow() + timedelta(1) with setup.transaction(): setup.add_user_to_group("*****@*****.**", "audited-team", role="owner") setup.create_permission("audited", audited=True) setup.grant_permission_to_group("audited", "", "audited-team") setup.add_user_to_group("*****@*****.**", "auditors") setup.add_user_to_group("*****@*****.**", "auditors", role="owner") setup.grant_permission_to_group(AUDIT_VIEWER, "", "auditors") setup.grant_permission_to_group(AUDIT_MANAGER, "", "auditors") setup.grant_permission_to_group(PERMISSION_AUDITOR, "", "auditors") setup.add_user_to_group("*****@*****.**", "audited-team", role="owner", expiration=future) with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/audits/create")) create_page = AuditsCreatePage(browser) create_page.set_end_date(future.strftime("%m/%d/%Y")) create_page.submit() browser.get(url(frontend_url, "/groups/audited-team")) group_page = GroupViewPage(browser) audit_modal = group_page.get_audit_modal() audit_modal.find_member_row("*****@*****.**").set_audit_status("remove") audit_modal.confirm() assert group_page.current_url.endswith("/groups/audited-team") assert group_page.has_alert(group_ownership_policy.EXCEPTION_MESSAGE)
def test_require_clickthru(tmpdir, setup, browser): # type: (LocalPath, SetupTest, Chrome) -> None with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups")) groups_page = GroupsViewPage(browser) groups_page.click_create_group_button() create_group_modal = groups_page.get_create_group_modal() create_group_modal.set_group_name("test-group") create_group_modal.set_join_policy(GroupJoinPolicy.CAN_JOIN) create_group_modal.click_require_clickthru_checkbox() create_group_modal.confirm() with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/test-group/join")) join_page = GroupJoinPage(browser) join_page.set_reason("Testing") join_page.submit() clickthru_modal = join_page.get_clickthru_modal() clickthru_modal.confirm() group_page = GroupViewPage(browser) assert group_page.current_url.endswith("/groups/test-group?refresh=yes") assert group_page.find_member_row("*****@*****.**")
def test_service_account_lifecycle(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "user-admins") setup.add_user_to_group("*****@*****.**", "some-group") setup.grant_permission_to_group(USER_ADMIN, "", "user-admins") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/user-admins")) group_page = GroupViewPage(browser) group_page.click_add_service_account_button() # Test with an invalid machine set. create_page = ServiceAccountCreatePage(browser) create_page.set_name("my-special-service-account") create_page.set_description("some description") create_page.set_machine_set("some machines bad-machine") create_page.submit() assert create_page.has_alert("machine_set") expected = "[email protected] has invalid machine set" assert create_page.has_alert(expected) # Fix the machine set but test with an invalid name. create_page.set_name("service@service@service") create_page.set_machine_set("some machines") create_page.submit() assert create_page.has_alert("name") # Fix the name and then creation should succeed. create_page.set_name("my-special-service-account") create_page.submit() view_page = ServiceAccountViewPage(browser) assert view_page.owner == "user-admins" assert view_page.description == "some description" assert view_page.machine_set == "some machines" view_page.click_disable_button() disable_modal = view_page.get_disable_modal() disable_modal.confirm() browser.get(url(frontend_url, "/users")) users_page = UsersViewPage(browser) users_page.click_show_disabled_users_button() users_page.click_show_service_accounts_button() user_row = users_page.find_user_row( "[email protected] (service)") user_row.click() view_page = ServiceAccountViewPage(browser) view_page.click_enable_button() enable_page = ServiceAccountEnablePage(browser) enable_page.select_owner("Group: some-group") enable_page.submit() view_page = ServiceAccountViewPage(browser) assert view_page.owner == "some-group"
def test_grant_permission(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group") setup.grant_permission_to_group(PERMISSION_GRANT, "some-permission", "some-group") setup.create_permission("some-permission") setup.create_group("other-group") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) group_page = GroupViewPage(browser) assert group_page.find_permission_rows("some-permission") == [] group_page.click_add_permission_button() grant_page = PermissionGrantPage(browser) grant_page.set_permission("some-permission") grant_page.set_argument("foo") grant_page.submit() rows = group_page.find_permission_rows("some-permission") assert len(rows) == 1 assert rows[0].argument == "foo" # Grant a permission with surrounding and internal whitespace to test whitespace handling. browser.get(url(frontend_url, "/groups/other-group")) assert group_page.find_permission_rows("some-permission") == [] group_page.click_add_permission_button() grant_page.set_permission("some-permission") grant_page.set_argument(" arg u ment ") grant_page.submit() rows = group_page.find_permission_rows("some-permission") assert len(rows) == 1 assert rows[0].argument in ("arg u ment", "arg u ment" ) # browser messes with whitespace # Check directly in the database to make sure the whitespace is stripped, since we may not be # able to see it via the browser. We need to explicitly reopen the database since otherwise # SQLite doesn't always see changes written by the frontend. setup.reopen_database() permission_grant_repository = setup.sql_repository_factory.create_permission_grant_repository( ) grants = permission_grant_repository.permission_grants_for_group( "other-group") assert grants == [ GroupPermissionGrant( group="other-group", permission="some-permission", argument="arg u ment", granted_on=ANY, is_alias=False, grant_id=ANY, ) ]
def test_show_group_hides_aliased_permissions(async_server, browser): # noqa: F811 fe_url = url(async_server, "/groups/sad-team") browser.get(fe_url) page = GroupViewPage(browser) assert len(page.find_permission_rows("owner", "sad-team")) == 1 assert page.find_permission_rows("ssh", "owner=sad-team") == [] assert page.find_permission_rows("sudo", "sad-team") == []
def test_disabling_group_clears_audit(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: future = datetime.utcnow() + timedelta(days=60) with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") setup.add_user_to_group("*****@*****.**", "some-group") setup.create_permission("some-permission", audited=True) setup.grant_permission_to_group("some-permission", "argument", "some-group") setup.add_user_to_group("*****@*****.**", "auditors") setup.grant_permission_to_group(AUDIT_VIEWER, "", "auditors") setup.grant_permission_to_group(AUDIT_MANAGER, "", "auditors") setup.grant_permission_to_group(PERMISSION_AUDITOR, "", "auditors") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/audits/create")) create_page = AuditsCreatePage(browser) create_page.set_end_date(future.strftime("%m/%d/%Y")) create_page.submit() browser.get(url(frontend_url, "/groups/some-group")) group_page = GroupViewPage(browser) assert group_page.subheading == "some-group AUDIT IN PROGRESS" # Check that this created email reminder messages to the group owner. We have to refresh the # session since otherwise SQLite may not see changes. setup.reopen_database() group = Group.get(setup.session, name="some-group") assert group expected_key = f"audit-{group.id}" emails = setup.session.query(AsyncNotification).filter_by( sent=False, email="*****@*****.**").all() assert len(emails) > 0 assert all((e.key is None or e.key == expected_key for e in emails)) assert all(("Group Audit" in e.subject for e in emails)) # Now, disable the group, which should complete the audit. with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) page = GroupViewPage(browser) audit_modal = page.get_audit_modal() audit_modal.click_close_button() page.wait_until_audit_modal_clears() page.click_disable_button() modal = page.get_disable_modal() modal.confirm() assert page.subheading == "some-group (disabled)" # And now all of the email messages should be marked sent except the immediate one (the one # that wasn't created with async_send_email). setup.reopen_database() emails = setup.session.query(AsyncNotification).filter_by( sent=False, email="*****@*****.**").all() assert len(emails) == 1 assert emails[0].key is None
def test_disable_must_be_owner(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") setup.add_user_to_group("*****@*****.**", "some-group") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) page = GroupViewPage(browser) with pytest.raises(NoSuchElementException): page.click_disable_button()
def test_leave_as_last_owner(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") setup.add_user_to_group("*****@*****.**", "some-group", role="manager") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) view_page = GroupViewPage(browser) with pytest.raises(NoSuchElementException): view_page.click_leave_button()
def test_disable(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) page = GroupViewPage(browser) page.click_disable_button() modal = page.get_disable_modal() modal.confirm() assert page.subheading == "some-group (disabled)"
def test_rename(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) view_page = GroupViewPage(browser) view_page.click_edit_button() edit_page = GroupEditPage(browser) edit_page.set_name("other-group") edit_page.submit() assert browser.current_url.endswith("?refresh=yes") assert view_page.subheading == "other-group"
def test_remove_last_owner_via_audit(async_server, browser, users, groups, session): # noqa: F811 future = datetime.utcnow() + timedelta(1) add_member(groups["auditors"], users["*****@*****.**"], role="owner") add_member(groups["audited-team"], users["*****@*****.**"], role="owner", expiration=future) session.commit() fe_url = url(async_server, "/audits/create") browser.get(fe_url) page = AuditsCreatePage(browser) page.set_end_date(future.strftime("%m/%d/%Y")) page.submit() fe_url = url(async_server, "/groups/audited-team") browser.get(fe_url) page = GroupViewPage(browser) audit_modal = page.get_audit_modal() audit_modal.find_member_row("*****@*****.**").set_audit_status("remove") audit_modal.confirm() assert page.current_url.endswith("/groups/audited-team") assert page.has_text(group_ownership_policy.EXCEPTION_MESSAGE)
def test_group_join_as_owner(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.create_group("some-group", join_policy=GroupJoinPolicy.CAN_JOIN) with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group/join")) join_page = GroupJoinPage(browser) join_page.set_role("Owner") join_page.set_reason("Testing") join_page.submit() view_page = GroupViewPage(browser) with pytest.raises(NoSuchElementException): view_page.find_member_row("*****@*****.**")
def test_show_group_hides_aliased_permissions( tmpdir: LocalPath, setup: SetupTest, browser: Chrome ) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "sad-team", role="owner") setup.create_permission("ssh") setup.create_permission("sudo") setup.grant_permission_to_group("owner", "sad-team", "sad-team") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/sad-team")) page = GroupViewPage(browser) assert len(page.find_permission_rows("owner", "sad-team")) == 1 assert page.find_permission_rows("ssh", "owner=sad-team") == [] assert page.find_permission_rows("sudo", "sad-team") == []
def test_expire_last_owner(async_server, browser): # noqa: F811 fe_url = url(async_server, "/groups/sad-team") browser.get(fe_url) page = GroupViewPage(browser) row = page.find_member_row("*****@*****.**") row.click_edit_button() page = GroupEditMemberPage(browser) page.set_expiration("12/31/2999") page.set_reason("Unit Testing") page.submit() assert page.current_url.endswith("/groups/sad-team/edit/user/[email protected]") assert page.has_text(group_ownership_policy.EXCEPTION_MESSAGE)
def test_group_join_group(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", "owner") setup.create_group("parent-group", join_policy=GroupJoinPolicy.CAN_JOIN) with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/parent-group/join")) join_page = GroupJoinPage(browser) join_page.set_member("some-group") join_page.set_reason("Testing") join_page.submit() group_page = GroupViewPage(browser) assert group_page.find_member_row("some-group")
def test_edit_member_group_role(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") setup.add_group_to_group("other-group", "some-group") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) view_page = GroupViewPage(browser) row = view_page.find_member_row("other-group") assert row.role == "member" row.click_edit_button() edit_page = GroupEditMemberPage(browser) with pytest.raises(NoSuchElementException): edit_page.set_role("Owner")
def test_remove_last_owner(async_server, browser): # noqa: F811 fe_url = url(async_server, "/groups/team-sre") browser.get(fe_url) page = GroupViewPage(browser) row = page.find_member_row("*****@*****.**") assert row.role == "owner" row.click_remove_button() modal = page.get_remove_user_modal() modal.confirm() row = page.find_member_row("*****@*****.**") assert row.role == "owner" assert page.has_text(group_ownership_policy.EXCEPTION_MESSAGE)
def test_show_group(async_server, browser, groups): # noqa: F811 group = groups["team-sre"] fe_url = url(async_server, "/groups/{}".format(group.name)) browser.get(fe_url) page = GroupViewPage(browser) members = group.my_members() for (_, username) in members: row = page.find_member_row(username) assert row.href.endswith("/users/{}".format(username)) for permission in group.my_permissions(): rows = page.find_permission_rows(permission.name) assert len(rows) == 1 assert rows[0].argument == permission.argument assert rows[0].href.endswith("/permissions/{}".format(permission.name))
def test_remove_member(async_server, browser): # noqa: F811 fe_url = url(async_server, "/groups/team-sre") browser.get(fe_url) page = GroupViewPage(browser) row = page.find_member_row("*****@*****.**") assert row.role == "member" row.click_remove_button() modal = page.get_remove_user_modal() modal.confirm() assert page.current_url.endswith("/groups/team-sre?refresh=yes") with pytest.raises(NoSuchElementException): assert page.find_member_row("*****@*****.**")
def test_show_group(async_server, browser, groups): # noqa: F811 group = groups["team-sre"] fe_url = url(async_server, "/groups/{}".format(group.name)) browser.get(fe_url) page = GroupViewPage(browser) members = group.my_members() for [_, username], _ in members.iteritems(): row = page.find_member_row(username) assert row.href.endswith("/users/{}".format(username)) for permission in group.my_permissions(): rows = page.find_permission_rows(permission.name) assert len(rows) == 1 assert rows[0].argument == permission.argument assert rows[0].href.endswith("/permissions/{}".format(permission.name))
def test_rename_name_conflict(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group", role="owner") setup.create_group("other-group") setup.disable_group("other-group") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) view_page = GroupViewPage(browser) view_page.click_edit_button() edit_page = GroupEditPage(browser) edit_page.set_name("other-group") edit_page.submit() assert edit_page.has_alert( "A group named 'other-group' already exists")
def test_remove_member(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "team-sre", role="owner") setup.add_user_to_group("*****@*****.**", "team-sre") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/team-sre")) page = GroupViewPage(browser) row = page.find_member_row("*****@*****.**") assert row.role == "member" row.click_remove_button() modal = page.get_remove_user_modal() modal.confirm() assert page.current_url.endswith("/groups/team-sre?refresh=yes") with pytest.raises(NoSuchElementException): assert page.find_member_row("*****@*****.**")
def test_show_group(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "team-sre", role="owner") setup.add_user_to_group("*****@*****.**", "team-sre") setup.grant_permission_to_group("ssh", "*", "team-sre") setup.grant_permission_to_group("team-sre", "foo", "team-sre") setup.grant_permission_to_group("team-sre", "bar", "team-sre") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/team-sre")) page = GroupViewPage(browser) row = page.find_member_row("*****@*****.**") assert row.role == "owner" assert row.href.endswith("/users/[email protected]") row = page.find_member_row("*****@*****.**") assert row.role == "member" assert row.href.endswith("/users/[email protected]") rows = page.find_permission_rows("ssh") assert len(rows) == 1 assert rows[0].argument == "*" assert rows[0].href.endswith("/permissions/ssh") rows = page.find_permission_rows("team-sre") for permission_row in rows: assert permission_row.href.endswith("/permissions/team-sre") assert sorted([r.argument for r in rows]) == ["bar", "foo"]
def test_leave(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "some-group") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/some-group")) view_page = GroupViewPage(browser) assert view_page.find_member_row("*****@*****.**") view_page.click_leave_button() leave_page = GroupLeavePage(browser) assert leave_page.subheading == "Leave (some-group)" leave_page.submit() assert browser.current_url.endswith("/groups/some-group?refresh=yes") with pytest.raises(NoSuchElementException): view_page.find_member_row("*****@*****.**")
def test_remove_last_owner(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None: with setup.transaction(): setup.add_user_to_group("*****@*****.**", "team-sre", role="owner") setup.add_user_to_group("*****@*****.**", "admins") setup.grant_permission_to_group(GROUP_ADMIN, "", "admins") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/groups/team-sre")) page = GroupViewPage(browser) row = page.find_member_row("*****@*****.**") assert row.role == "owner" row.click_remove_button() modal = page.get_remove_user_modal() modal.confirm() row = page.find_member_row("*****@*****.**") assert row.role == "owner" assert page.has_alert(group_ownership_policy.EXCEPTION_MESSAGE)
def test_end_to_end_whitespace_in_argument(tmpdir, setup, browser): # type: (LocalPath, SetupTest, Chrome) -> None with setup.transaction(): setup.create_group("some-group") setup.create_permission("some-permission") setup.add_user_to_group("*****@*****.**", "some-group", "owner") setup.add_user_to_group("*****@*****.**", "admins") setup.grant_permission_to_group(PERMISSION_GRANT, "some-permission", "admins") with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/permissions/some-permission")) permission_page = PermissionPage(browser) assert permission_page.subheading == "some-permission" permission_page.button_to_request_this_permission.click() permission_request_page = PermissionRequestPage(browser) permission_request_page.set_group("some-group") permission_request_page.set_argument_freeform(" arg u ment ") permission_request_page.set_reason("testing whitespace") permission_request_page.submit() with frontend_server(tmpdir, "*****@*****.**") as frontend_url: browser.get(url(frontend_url, "/permissions/requests?status=pending")) requests_page = PermissionRequestsPage(browser) request_rows = requests_page.request_rows assert len(request_rows) == 1 request = request_rows[0] request.click_modify_link() modify_page = PermissionRequestUpdatePage(browser) modify_page.set_status("actioned") modify_page.set_reason("testing whitespace") modify_page.submit() browser.get(url(frontend_url, "/groups/some-group?refresh=yes")) group_page = GroupViewPage(browser) permission_rows = group_page.find_permission_rows("some-permission") assert len(permission_rows) == 1 grant = permission_rows[0] assert grant.name == "some-permission" assert grant.argument in ("arg u ment", "arg u ment") # browser messes with whitespace assert grant.source == "(direct)" # Check directly in the database to make sure the whitespace is stripped, since we may not be # able to see it via the browser. We need to explicitly reopen the database since otherwise # SQLite doesn't always see changes written by the frontend. setup.reopen_database() permission_grant_repository = setup.sql_repository_factory.create_permission_grant_repository() grants = permission_grant_repository.permission_grants_for_group("some-group") assert grants == [ GroupPermissionGrant( group="some-group", permission="some-permission", argument="arg u ment", granted_on=ANY, is_alias=False, grant_id=ANY, ) ]
def test_service_account_lifecycle(async_server, browser): # noqa: F811 browser.get(url(async_server, "/groups/user-admins")) page = GroupViewPage(browser) page.click_add_service_account_button() page = ServiceAccountCreatePage(browser) page.set_name("my-special-service-account") page.submit() page = ServiceAccountViewPage(browser) page.click_disable_button() disable_modal = page.get_disable_modal() disable_modal.confirm() browser.get(url(async_server, "/users")) page = UsersViewPage(browser) page.click_show_disabled_users_button() page.click_show_service_accounts_button() user_row = page.find_user_row("[email protected] (service)") user_row.click() page = ServiceAccountViewPage(browser) page.click_enable_button() page = ServiceAccountEnablePage(browser) page.select_owner("Group: user-admins") page.submit()
def test_service_account_lifecycle(async_server, browser): # noqa: F811 browser.get(url(async_server, "/groups/user-admins")) page = GroupViewPage(browser) page.click_add_service_account_button() page = ServiceAccountCreatePage(browser) page.set_name("my-special-service-account") page.submit() page = ServiceAccountViewPage(browser) page.click_disable_button() disable_modal = page.get_disable_modal() disable_modal.confirm() browser.get(url(async_server, "/users")) page = UsersViewPage(browser) page.click_show_disabled_users_button() page.click_show_service_accounts_button() user_row = page.find_user_row( "[email protected] (service)") user_row.click() page = ServiceAccountViewPage(browser) page.click_enable_button() page = ServiceAccountEnablePage(browser) page.select_owner("Group: user-admins") page.submit()