async def test_group_roles_operations(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
try:
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Create roles
assign_role_req_ua = models.AssignRoleRequest({
"type": models.RoleType.USER_ADMIN
})
assign_role_req_aa = models.AssignRoleRequest({
"type": models.RoleType.APP_ADMIN
})
ua_role, _, err = await client.assign_role_to_group(
group.id, assign_role_req_ua)
assert err is None
aa_role, _, err = await client.assign_role_to_group(
group.id, assign_role_req_aa)
assert err is None
group_roles, _, err = await client.list_group_assigned_roles(group.id)
assert err is None
assert len(group_roles) == 2
assert next((rle for rle in group_roles if rle.id == ua_role.id))
assert next((rle for rle in group_roles if rle.id == aa_role.id))
_, err = await client.remove_role_from_group(group.id, ua_role.id)
assert err is None
group_roles, _, err = await client.list_group_assigned_roles(group.id)
assert err is None
assert len(group_roles) == 1
assert next((rle for rle in group_roles if rle.id ==
ua_role.id), None) is None
assert next((rle for rle in group_roles if rle.id == aa_role.id))
finally:
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
async def test_assign_user_to_role(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Assign-User-Role"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Create Assign Role Request with Roletype Enum
USER_ADMIN = models.RoleType.USER_ADMIN
assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})
# Assign Role to User
_, _, err = await test_client.assign_role_to_user(
user.id, assign_role_req)
assert err is None
# Get Roles for user and ensure role assigned is found
roles, _, err = await test_client.list_assigned_roles_for_user(user.id)
found_role = next((role for role in roles if role.type == USER_ADMIN),
None)
assert found_role is not None
# Remove assigned role from user
_, err = await test_client.remove_role_from_user(
user.id, found_role.id)
assert err is None
# Get Roles for user and ensure role assigned is NOT found
roles, _, err = await test_client.list_assigned_roles_for_user(user.id)
found_role = next((role for role in roles if role.type == USER_ADMIN),
None)
assert found_role is None
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
async def test_group_target_add(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Objects
GROUP_1_NAME = "Group-Target-Test 1"
group_1_profile = models.GroupProfile({"name": GROUP_1_NAME})
group_1_obj = models.Group({"profile": group_1_profile})
GROUP_2_NAME = "Group-Target-Test 2"
group_2_profile = models.GroupProfile({"name": GROUP_2_NAME})
group_2_obj = models.Group({"profile": group_2_profile})
# Create Groups
group_1, _, err = await client.create_group(group_1_obj)
assert err is None
assert isinstance(group_1, models.Group)
group_2, _, err = await client.create_group(group_2_obj)
assert err is None
assert isinstance(group_2, models.Group)
# Create role and add group targets
assign_role_req_ua = models.AssignRoleRequest(
{"type": models.RoleType.USER_ADMIN})
ua_role, _, err = await client.assign_role_to_group(
group_1.id, assign_role_req_ua)
assert err is None
_, err = await\
client.add_group_target_to_group_administrator_role_for_group(
group_1.id, ua_role.id, group_2.id)
# Make sure targets are listed
groups_list, _, err = await client.list_group_targets_for_group_role(
group_1.id, ua_role.id)
assert err is None
assert next((grp for grp in groups_list if grp.id == group_2.id))
# Delete created groups
_, err = await client.delete_group(group_1.id)
assert err is None
_, err = await client.delete_group(group_2.id)
assert err is None
async def test_user_group_target_to_role(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Group-Target-Role-Assign"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Create Group Object
NEW_GROUP_NAME = "Group-Target-Test-Assign"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group = models.Group({"profile": new_group_profile})
# Create Group
group, _, err = await test_client.create_group(new_group)
assert err is None
# Create request to assign role to user
USER_ADMIN = models.RoleType.USER_ADMIN
assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})
# Assign Role to User
user_role, _, err = await test_client.assign_role_to_user(
user.id, assign_role_req)
assert err is None
# Add Group Target to the Role
_, err = await test_client.add_group_target_to_role(
user.id, user_role.id, group.id)
assert err is None
# Retrieve group targets for role and ensure added one is there
groups, _, err = await test_client.list_group_targets_for_role(
user.id, user_role.id)
assert next((grp for grp in groups if grp.id == group.id),
None) is not None
# Create another group to add
NEW_GROUP_NAME = "Temp-Group-Target-Test-Assign"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group = models.Group({"profile": new_group_profile})
# Create 2nd group
temp_group, _, err = await test_client.create_group(new_group)
assert err is None
# Add new group target to role and remove original
_, err = await test_client.add_group_target_to_role(
user.id, user_role.id, temp_group.id)
assert err is None
_, err = await test_client.remove_group_target_from_role(
user.id, user_role.id, group.id)
assert err is None
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
# Delete groups created
await test_client.delete_group(group.id)
await test_client.delete_group(temp_group.id)
async def test_group_target_remove(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Group Objects
GROUP_1_NAME = "Group-Target-Test 1"
group_1_profile = models.GroupProfile({
"name": GROUP_1_NAME
})
group_1_obj = models.Group({
"profile": group_1_profile
})
GROUP_2_NAME = "Group-Target-Test 2"
group_2_profile = models.GroupProfile({
"name": GROUP_2_NAME
})
group_2_obj = models.Group({
"profile": group_2_profile
})
GROUP_3_NAME = "Group-Target-Test 3"
group_3_profile = models.GroupProfile({
"name": GROUP_3_NAME
})
group_3_obj = models.Group({
"profile": group_3_profile
})
try:
# Create Groups
group_1, _, err = await client.create_group(group_1_obj)
assert err is None
assert isinstance(group_1, models.Group)
group_2, _, err = await client.create_group(group_2_obj)
assert err is None
assert isinstance(group_2, models.Group)
group_3, _, err = await client.create_group(group_3_obj)
assert err is None
assert isinstance(group_3, models.Group)
# Create role and add group targets
assign_role_req_ua = models.AssignRoleRequest({
"type": models.RoleType.USER_ADMIN
})
ua_role, _, err = await client.assign_role_to_group(
group_1.id, assign_role_req_ua)
assert err is None
_, err = await\
client.add_group_target_to_group_administrator_role_for_group(
group_1.id, ua_role.id, group_2.id)
_, err = await\
client.add_group_target_to_group_administrator_role_for_group(
group_1.id, ua_role.id, group_3.id)
groups_list, _, err = await client.list_group_targets_for_group_role(
group_1.id, ua_role.id)
assert err is None
assert next((grp for grp in groups_list if grp.id == group_2.id))
assert next((grp for grp in groups_list if grp.id == group_3.id))
# Remove from 2 and ensure 2 isn't listed
_, err = await \
client.remove_group_target_from_group_admin_role_given_to_group(
group_1.id, ua_role.id, group_2.id)
groups_list, _, err = await client.list_group_targets_for_group_role(
group_1.id, ua_role.id)
assert err is None
assert next((grp for grp in groups_list if grp.id ==
group_2.id), None) is None
assert next((grp for grp in groups_list if grp.id == group_3.id))
finally:
errors = []
# Delete created groups
try:
_, err = await client.delete_group(group_1.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.delete_group(group_2.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.delete_group(group_3.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0