def test_verify_bugzilla_1103157(self):
"""Create organization and add two compute resources one by one
using different transactions and different users to see that they
actually added, but not overwrite each other
:id: 5f4fd2b7-d998-4980-b5e7-9822bd54156b
:Steps:
1. Use the admin user to create an organization and two compute
resources. Make one compute resource point at / belong to the
organization.
2. Create a user and give them the ability to update compute
resources and organizations. Have this user make the second
compute resource point at / belong to the organization.
3. Use the admin user to read information about the organization.
Verify that both compute resources are pointing at / belong to
the organization.
:expectedresults: Organization contains both compute resources
:CaseLevel: Integration
"""
# setUpClass() creates an organization w/admin user. Here, we use admin
# to make two compute resources and make first belong to organization.
compute_resources = [
entities.LibvirtComputeResource(
name=gen_string('alpha'),
url='qemu://host.example.com/system').create()
for _ in range(2)
]
self.organization.compute_resource = compute_resources[:1] # list
self.organization = self.organization.update(['compute_resource'])
self.assertEqual(len(self.organization.compute_resource), 1)
# Create a new user and give them minimal permissions.
login = gen_alphanumeric()
password = gen_alphanumeric()
user = entities.User(login=login, password=password).create()
role = entities.Role().create()
for perm in ['edit_compute_resources', 'edit_organizations']:
permissions = [
entities.Permission(id=permission['id'])
for permission in entities.Permission(name=perm).search()
]
entities.Filter(permission=permissions, role=role).create()
user.role = [role]
user = user.update(['role'])
# Make new user assign second compute resource to org.
cfg = get_nailgun_config()
cfg.auth = (login, password)
entities.Organization(
cfg,
id=self.organization.id,
compute_resource=compute_resources[1:], # slice returns list
).update(['compute_resource'])
# Use admin to verify both compute resources belong to organization.
self.assertEqual(len(self.organization.read().compute_resource), 2)
def test_positive_user_access_with_host_filter(self):
"""Check if user with necessary host permissions can access dashboard
and required widgets are rendered
:id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d
:Steps:
1. Specify proper filter with permission for your role
2. Create new user and assign role to it
3. Login into application using this new user
4. Check dashboard and widgets on it
:expectedresults: Dashboard and Errata Widget rendered without errors
:BZ: 1417114
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
org = entities.Organization().create()
# create a role with necessary permissions
role = entities.Role().create()
entities.Filter(
permission=entities.Permission(
resource_type='Organization',
name='view_organizations').search(),
role=role,
search=None
).create()
entities.Filter(
organization=[org],
permission=entities.Permission(name='view_hosts').search(),
role=role,
search='compute_resource = RHEV'
).create()
entities.Filter(
permission=entities.Permission(
resource_type=None, name='access_dashboard').search(),
role=role,
search=None
).create()
# create a user and assign the above created role
entities.User(
default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password
).create()
with Session(self.browser, user_login, user_password):
self.assertEqual(
self.dashboard.get_total_hosts_count(), 0)
self.assertIsNotNone(self.dashboard.get_widget('Latest Errata'))
self.assertIsNotNone(self.dashboard.wait_until_element(
locators['dashboard.latest_errata.empty']))
def test_positive_search_by_resource_type(self):
"""Search for permissions by resource type.
:id: 29d9362b-1bf3-4722-b40f-a5e8b4d0d9ba
:expectedresults: The permissions returned are equal to what is listed
for that resource type in :data:`robottelo.constants.PERMISSIONS`.
:CaseImportance: Critical
"""
failures = {}
for resource_type in self.permission_resource_types:
if resource_type is None:
continue
perm_group = entities.Permission(
resource_type=resource_type).search()
permissions = {perm.name for perm in perm_group}
expected_permissions = set(self.permissions[resource_type])
added = tuple(permissions - expected_permissions)
removed = tuple(expected_permissions - permissions)
if added or removed:
failures[resource_type] = {}
if added or removed:
failures[resource_type]['added'] = added
if removed:
failures[resource_type]['removed'] = removed
if failures:
self.fail(json.dumps(failures, indent=True, sort_keys=True))
def test_positive_update_role_taxonomies(self):
"""Update role taxonomies which applies to its non-overrided filters
:id: 902dcb32-2126-4ff4-b733-3e86749ccd1e
:steps: Update existing role with different taxonomies
:expectedresults: The taxonomies are applied only to non-overrided role
filters
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role.name, role_name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(
permission=dom_perm,
role=role.id,
).create()
self.assertEqual(role.id, filtr.role.id)
role.organization = [self.filter_org]
role.location = [self.filter_loc]
role = role.update(['organization', 'location'])
# Updated Role
role = entities.Role(id=role.id).read()
self.assertEqual(self.filter_org.id, role.organization[0].id)
self.assertEqual(self.filter_loc.id, role.location[0].id)
# Updated Filter
filtr = entities.Filter(id=filtr.id).read()
self.assertEqual(self.filter_org.id, filtr.organization[0].id)
self.assertEqual(self.filter_loc.id, filtr.location[0].id)
def test_positive_override_cloned_role_filter(self):
"""Cloned role filter overrides
:id: 8a32ed5f-b93f-4f31-aff4-16602fbe7fab
:steps:
1. Create a role with overridden filter
2. Clone above role
3. Attempt to override the filter in cloned role
:expectedresults: Filter in cloned role should be overridden
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name).create()
dom_perm = entities.Permission(resource_type='Domain').search()
entities.Filter(permission=dom_perm, role=role.id).create()
cloned_role_name = gen_string('alpha')
cloned_role = entities.Role(id=role.id).clone(
data={'name': cloned_role_name})
self.assertEqual(cloned_role_name, cloned_role['name'])
filter_cloned_id = entities.Role(
id=cloned_role['id']).read().filters[0].id
filter_cloned = entities.Filter(id=filter_cloned_id).read()
filter_cloned.override = True
filter_cloned.organization = [self.role_org]
filter_cloned.location = [self.role_loc]
filter_cloned.update(['override', 'organization', 'location'])
# Updated Filter
filter_cloned = entities.Filter(id=filter_cloned_id).read()
self.assertTrue(filter_cloned.override)
self.assertEqual(self.role_org.id, filter_cloned.organization[0].id)
self.assertEqual(self.role_loc.id, filter_cloned.location[0].id)
def setUpClass(cls):
"""Search for provisioning template permissions. Set ``cls.ct_perms``.
"""
super(FilterTestCase, cls).setUpClass()
cls.ct_perms = entities.Permission().search(
query={'search': 'resource_type="ProvisioningTemplate"'}
)
def test_positive_search(self):
"""search with no parameters return all permissions
@feature: Permission
@assert: Search returns a list of all expected permissions
"""
permissions = entities.Permission().search(query={'per_page': 1000})
names = {perm.name for perm in permissions}
resource_types = {perm.resource_type for perm in permissions}
expected_names = set(self.permission_names)
expected_resource_types = set(self.permission_resource_types)
added_resource_types = tuple(resource_types - expected_resource_types)
removed_resource_types = tuple(expected_resource_types -
resource_types)
added_names = tuple(names - expected_names)
removed_names = tuple(expected_names - names)
diff = {}
if added_resource_types:
diff['added_resource_types'] = added_resource_types
if removed_resource_types:
diff['removed_resource_types'] = removed_resource_types
if added_names:
diff['added_names'] = added_names
if removed_names:
diff['removed_names'] = removed_names
if diff:
self.fail(json.dumps(diff, indent=True, sort_keys=True))
def test_positive_search_by_resource_type(self):
"""Search for permissions by resource type.
@feature: Permissions
@assert: The permissions returned are equal to what is listed for that
resource type in :data:`robottelo.constants.PERMISSIONS`.
"""
failures = {}
for resource_type in self.permission_resource_types:
if resource_type is None:
continue
perm_group = entities.Permission(
resource_type=resource_type).search()
permissions = {perm.name for perm in perm_group}
expected_permissions = set(self.permissions[resource_type])
added = tuple(permissions - expected_permissions)
removed = tuple(expected_permissions - permissions)
if added or removed:
failures[resource_type] = {}
if added or removed:
failures[resource_type]['added'] = added
if removed:
failures[resource_type]['removed'] = removed
if failures:
self.fail(json.dumps(failures, indent=True, sort_keys=True))
def test_positive_search(self):
"""search with no parameters return all permissions
:id: e58308df-19ec-415d-8fa1-63ebf3cd0ad6
:expectedresults: Search returns a list of all expected permissions
:CaseImportance: Critical
"""
permissions = entities.Permission().search(query={'per_page': 1000})
names = {perm.name for perm in permissions}
resource_types = {perm.resource_type for perm in permissions}
expected_names = set(self.permission_names)
expected_resource_types = set(self.permission_resource_types)
added_resource_types = tuple(resource_types - expected_resource_types)
removed_resource_types = tuple(expected_resource_types -
resource_types)
added_names = tuple(names - expected_names)
removed_names = tuple(expected_names - names)
diff = {}
if added_resource_types:
diff['added_resource_types'] = added_resource_types
if removed_resource_types:
diff['removed_resource_types'] = removed_resource_types
if added_names:
diff['added_names'] = added_names
if removed_names:
diff['removed_names'] = removed_names
if diff:
self.fail(json.dumps(diff, indent=True, sort_keys=True))
def test_positive_create_filter_without_override(self):
"""Create filter in role w/o overriding it
:id: 1aadb7ea-ff76-4171-850f-188ba6f87021
:steps:
1. Create a role with taxonomies assigned
2. Create filter in role without overriding it
:expectedresults:
1. Filter w/o override is created in role
2. The taxonomies of role are inherited to filter
3. Override check is not marked by default in filters table
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role.name, role_name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(permission=dom_perm, role=role.id).create()
self.assertEqual(role.id, filtr.role.id)
self.assertEqual(self.role_org.id, filtr.organization[0].id)
self.assertEqual(self.role_loc.id, filtr.location[0].id)
self.assertFalse(filtr.override)
def setUpClass(cls):
"""Search for provisioning template permissions. Set ``cls.ct_perms``.
"""
super(FilterTestCase, cls).setUpClass()
cls.ct_perms = (
entities.Permission(resource_type='ProvisioningTemplate').search()
)
def test_positive_delete_filter(session):
resource_name = 'Architecture'
role = entities.Role().create()
permission = entities.Permission(resource_type=resource_name).search()
entities.Filter(permission=permission, role=role.id).create()
with session:
assert session.filter.search(
role.name, resource_name)[0]['Resource'] == resource_name
session.filter.delete(role.name, resource_name)
assert not session.filter.search(role.name, resource_name)
def test_positive_permission_read(self):
"""Create an Permission entity and get it using
``nailgun.entity_mixins.EntityReadMixin.read``.
@id: 5631a1eb-33ff-4abe-bf01-6c8d98c47a96
@Assert: The just-read entity is an instance of the correct class and
name and resource_type fields are populated
"""
perm = entities.Permission().search(query={'per_page': 1})[0]
self.assertGreater(len(perm.name), 0)
self.assertGreater(len(perm.resource_type), 0)
def test_positive_permission_read(self):
"""Create an Permission entity and get it using
``nailgun.entity_mixins.EntityReadMixin.read``.
@Feature: Test multiple API paths
@Assert: The just-read entity is an instance of the correct class and
name and resource_type fields are populated
"""
perm = entities.Permission().search(query={'per_page': 1})[0]
self.assertGreater(len(perm.name), 0)
self.assertGreater(len(perm.resource_type), 0)
def test_positive_permission_read(self):
"""Create an Permission entity and get it using
``nailgun.entity_mixins.EntityReadMixin.read``.
:id: 5631a1eb-33ff-4abe-bf01-6c8d98c47a96
:expectedresults: The just-read entity is an instance of the correct
class and name and resource_type fields are populated
:CaseImportance: Critical
"""
perm = entities.Permission().search(query={'per_page': '1'})[0]
assert perm.name
assert perm.resource_type
def test_positive_update_filter(session):
resource_name = 'Architecture'
permission_name = 'edit_architectures'
role = entities.Role().create()
permission = entities.Permission(resource_type=resource_name).search()
entities.Filter(permission=permission, role=role.id).create()
with session:
filter_values = session.filter.read(role.name, resource_name)
assert permission_name in filter_values['permission']['assigned']
session.filter.update(
role.name, resource_name,
{'permission.unassigned': ['edit_architectures']})
filter_values = session.filter.read(role.name, resource_name)
assert permission_name in filter_values['permission']['unassigned']
def test_pre_default_role_added_permission(self):
"""New permission is added to Default Role
:steps: New permission is added to existing 'Default role'
:expectedresults: Permission is added to existing 'Default role'.
"""
defaultrole = entities.Role().search(
query={'search': 'name="Default role"'})[0]
subnetfilter = entities.Filter(permission=entities.Permission(
resource_type='Subnet').search(filters={'name': 'view_subnets'}),
role=defaultrole).create()
self.assertIn(subnetfilter.id,
[filt.id for filt in defaultrole.read().filters])
def test_positive_list_permission(test_name, module_org, module_repos_col,
module_rhva_repos_col):
"""Show errata only if the User has permissions to view them
:id: cdb28f6a-23df-47a2-88ab-cd3b492126b2
:Setup:
1. Create two products with one repo each. Sync them.
2. Make sure that they both have errata.
3. Create a user with view access on one product and not on the other.
:Steps: Go to Content -> Errata.
:expectedresults: Check that the new user is able to see errata for one
product only.
:CaseLevel: Integration
"""
role = entities.Role().create()
entities.Filter(
organization=[module_org],
permission=entities.Permission(
resource_type='Katello::Product').search(),
role=role,
search='name = "{0}"'.format(PRDS['rhel']),
).create()
user_password = gen_string('alphanumeric')
user = entities.User(
default_organization=module_org,
organization=[module_org],
role=[role],
password=user_password,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
if bz_bug_is_open(1652938):
# The bug has a persistent effect when user has no access to dashboard and foreman
# access denied page is shown directly after login.
try:
session.errata.search('')
except NoSuchElementException:
session.errata.browser.refresh()
assert (session.errata.search(
RHVA_ERRATA_ID,
applicable=False)[0]['Errata ID'] == RHVA_ERRATA_ID)
assert not session.errata.search(CUSTOM_REPO_ERRATA_ID,
applicable=False)
def test_pre_default_role_added_permission_with_filter(self):
"""New permission with filter is added to Default Role
:steps: New permission is added to existing 'Default role' with filter
:expectedresults: Permission with filter is added to existing
'Default role'
"""
defaultrole = entities.Role().search(
query={'search': 'name="Default role"'})[0]
domainfilter = entities.Filter(permission=entities.Permission(
resource_type='Domain').search(filters={'name': 'view_domains'}),
unlimited=False,
role=defaultrole,
search='name ~ a').create()
self.assertIn(domainfilter.id,
[filt.id for filt in defaultrole.read().filters])
def test_positive_search_by_name(self):
"""Search for a permission by name.
@feature: Permissions
@assert: Only one permission is returned, and the permission returned
is the one searched for.
"""
failures = {}
for permission_name in self.permission_names:
results = entities.Permission(name=permission_name).search()
if (len(results) != 1 or len(results) == 1
and results[0].name != permission_name):
failures[permission_name] = {
'length': len(results),
'returned_names': [result.name for result in results]
}
if failures:
self.fail(json.dumps(failures, indent=True, sort_keys=True))
def test_positive_list_permission(test_name, module_org, module_repos_col,
module_rhva_repos_col):
"""Show errata only if the User has permissions to view them
:id: cdb28f6a-23df-47a2-88ab-cd3b492126b2
:Setup:
1. Create two products with one repo each. Sync them.
2. Make sure that they both have errata.
3. Create a user with view access on one product and not on the other.
:Steps: Go to Content -> Errata.
:expectedresults: Check that the new user is able to see errata for one
product only.
:CaseLevel: Integration
"""
role = entities.Role().create()
entities.Filter(
organization=[module_org],
permission=entities.Permission().search(
query={'search': 'resource_type="Katello::Product"'}),
role=role,
search='name = "{}"'.format(PRDS['rhel']),
).create()
user_password = gen_string('alphanumeric')
user = entities.User(
default_organization=module_org,
organization=[module_org],
role=[role],
password=user_password,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
assert (session.errata.search(
RHVA_ERRATA_ID,
applicable=False)[0]['Errata ID'] == RHVA_ERRATA_ID)
assert not session.errata.search(CUSTOM_REPO_ERRATA_ID,
applicable=False)
def test_pre_default_role_added_permission(self):
"""New permission is added to Default Role
:id: preupgrade-3a350e4a-96b3-4033-b562-3130fc43a4bc
:steps: New permission is added to existing 'Default role'
:expectedresults: Permission is added to existing 'Default role'.
"""
defaultrole = entities.Role().search(
query={'search': 'name="Default role"'})[0]
subnetfilter = entities.Filter(
permission=entities.Permission().search(
filters={'name': 'view_subnets'},
query={'search': 'resource_type="Subnet"'}),
role=defaultrole,
).create()
assert subnetfilter.id in [
filt.id for filt in defaultrole.read().filters
]
def test_positive_search_by_name(self):
"""Search for a permission by name.
:id: 1b6117f6-599d-4b2d-80a8-1e0764bdc04d
:expectedresults: Only one permission is returned, and the permission
returned is the one searched for.
:CaseImportance: Critical
"""
failures = {}
for permission_name in self.permission_names:
results = entities.Permission().search(query={'search': f'name="{permission_name}"'})
if len(results) != 1 or len(results) == 1 and results[0].name != permission_name:
failures[permission_name] = {
'length': len(results),
'returned_names': [result.name for result in results],
}
if failures:
self.fail(json.dumps(failures, indent=True, sort_keys=True))
def test_positive_list_permission(self):
"""Show errata only if the User has permissions to view them
@id: cdb28f6a-23df-47a2-88ab-cd3b492126b2
@Setup:
1. Create two products with one repo each. Sync them.
2. Make sure that they both have errata.
3. Create a user with view access on one product and not on the other.
@Steps:
1. Go to Content -> Errata.
@Assert: Check that the new user is able to see errata for one product
only.
@CaseLevel: Integration
"""
role = entities.Role().create()
entities.Filter(
organization=[self.session_org],
permission=entities.Permission(
resource_type='Katello::Product').search(),
role=role,
search='name = "{0}"'.format(PRDS['rhel']),
).create()
user_password = gen_string('alphanumeric')
user = entities.User(
default_organization=self.session_org,
organization=[self.session_org],
role=[role],
password=user_password,
).create()
with Session(self.browser, user.login, user_password) as session:
session.nav.go_to_errata()
self.errata.show_only_applicable(False)
self.assertIsNotNone(self.errata.search(REAL_0_ERRATA_ID))
self.assertIsNone(self.errata.search(CUSTOM_REPO_ERRATA_ID))
def test_negative_update_role_taxonomies(self):
"""Update role taxonomies which doesnt applies to its overrided filters
:id: 9f3bf95a-f71a-4063-b51c-12610bc655f2
:steps:
1. Update existing role with different taxonomies
:expectedresults: The overridden role filters are not updated
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name,
organization=[self.role_org],
location=[self.role_loc]).create()
self.assertEqual(role.name, role_name)
dom_perm = entities.Permission(resource_type='Domain').search()
filtr = entities.Filter(permission=dom_perm,
role=role.id,
override=True,
organization=[self.filter_org],
location=[self.filter_loc]).create()
self.assertEqual(role.id, filtr.role.id)
# Creating new Taxonomies
org_new = entities.Organization().create()
loc_new = entities.Location().create()
# Updating Taxonomies
role.organization = [org_new]
role.location = [loc_new]
role = role.update(['organization', 'location'])
# Updated Role
role = entities.Role(id=role.id).read()
self.assertEqual(org_new.id, role.organization[0].id)
self.assertEqual(loc_new.id, role.location[0].id)
# Updated Filter
filtr = entities.Filter(id=filtr.id).read()
self.assertNotEqual(org_new.id, filtr.organization[0].id)
self.assertNotEqual(loc_new.id, filtr.location[0].id)
def get_role_by_bz(bz_id):
"""Create and configure custom role entity for the testing of specific bugs
This function will read the dictionary of permissions and their associated
bugzilla id's from robottelo.constants "PERMISSIONS_WITH_BZ",
these permissions will create filter and a single role will be created
from all the filters.
:param bz_id: This is the bugzilla id that is specified in the
PERMISSIONS_WITH_BZ list, all the permissions associated with the bz_id
will be fetched and filters will be created
:return: A single role entity will be created from all the created filters
"""
role = entities.Role().create()
for perms in PERMISSIONS_WITH_BZ.values():
perms_with_bz = [x for x in perms if bz_id in x.get('bz', [])]
if perms_with_bz:
permissions = [
entities.Permission(name=perm['name']).search()[0]
for perm in perms_with_bz
]
entities.Filter(permission=permissions, role=role).create()
return role.read()
def give_user_permission(self, perm_name):
"""Give ``self.user`` the ``perm_name`` permission.
This method creates a role and filter to accomplish the above goal.
When complete, the relevant relationhips look like this:
user → role ← filter → permission
:param str perm_name: The name of a permission. For example:
'create_architectures'.
:raises: ``AssertionError`` if more than one permission is found when
searching for the permission with name ``perm_name``.
:raises: ``requests.exceptions.HTTPError`` if an error occurs when
updating ``self.user``'s roles.
:returns: Nothing.
"""
role = entities.Role().create()
permissions = entities.Permission(name=perm_name).search()
self.assertEqual(len(permissions), 1)
entities.Filter(permission=permissions, role=role).create()
self.user.role += [role]
self.user = self.user.update(['role'])
def test_positive_create_non_overridable_filter(self):
"""Create non overridable filter in role
:id: f891e2e1-76f8-4edf-8c96-b41d05483298
:steps: Create a filter to which taxonomies cannot be associated.
e.g Architecture filter
:expectedresults:
1. Filter is created without taxonomies
2. Override check is set to false
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name).create()
self.assertEqual(role.name, role_name)
arch_perm = entities.Permission(resource_type='Architecture').search()
filtr = entities.Filter(permission=arch_perm, role=role.id).create()
self.assertEqual(role.id, filtr.role.id)
self.assertFalse(filtr.override)
def test_positive_search_errata_non_admin(self):
"""Search for host's errata by non-admin user with enough permissions
:id: 5b8887d2-987f-4bce-86a1-8f65ca7e1195
:customerscenario: true
:BZ: 1255515
:expectedresults: User can access errata page and proper errata is
listed
:CaseLevel: System
"""
self.client.run('yum install -y {0}'.format(FAKE_1_CUSTOM_PACKAGE))
user_login = gen_string('alpha')
user_password = gen_string('alpha')
default_loc = entities.Location().search(
query={'search': 'name="{0}"'.format(DEFAULT_LOC)})[0]
role = entities.Role().create()
for permission_name in ('view_hosts', 'view_lifecycle_environments',
'view_content_views', 'view_organizations'):
entities.Filter(
permission=entities.Permission(name=permission_name).search(),
role=role,
).create()
entities.User(
role=[role],
admin=False,
login=user_login,
password=user_password,
organization=[self.session_org],
location=[default_loc],
default_organization=self.session_org,
).create()
with Session(self, user=user_login, password=user_password):
result = self.contenthost.errata_search(self.client.hostname,
FAKE_2_ERRATA_ID)
self.assertIsNotNone(result)
def test_negative_override_non_overridable_filter(self):
"""Override non overridable filter
:id: 7793be96-e8eb-451b-a986-51a46a1ab4f9
:steps: Attempt to override a filter to which taxonomies cannot be
associated. e.g Architecture filter
:expectedresults: Filter is not overrided as taxonomies cannot be
applied to that filter
:CaseImportance: Critical
"""
role_name = gen_string('alpha')
role = entities.Role(name=role_name).create()
self.assertEqual(role.name, role_name)
arch_perm = entities.Permission(resource_type='Architecture').search()
with self.assertRaises(HTTPError):
entities.Filter(permission=arch_perm,
role=[role.id],
override=True,
organization=[self.filter_org],
location=[self.filter_loc]).create()