def test_add_group(self):
with session.begin():
group = data_setup.create_group()
user_password = '******'
user = data_setup.create_user(password=user_password)
data_setup.add_user_to_group(user, group)
orig_date_modified = self.system.date_modified
# as admin, assign the system to our test group
b = self.browser
login(b)
self.go_to_system_view(tab='Groups')
b.find_element_by_name('group.text').send_keys(group.group_name)
b.find_element_by_name('groups').submit()
b.find_element_by_xpath(
'//div[@id="groups"]'
'//td[normalize-space(text())="%s"]' % group.group_name)
with session.begin():
session.refresh(self.system)
self.assert_(self.system.date_modified > orig_date_modified)
# as a user in the group, can we see it?
logout(b)
login(b, user.user_name, user_password)
click_menu_item(b, 'Systems', 'Available')
b.find_element_by_name('simplesearch').send_keys(self.system.fqdn)
b.find_element_by_name('systemsearch_simple').submit()
check_system_search_results(b, present=[self.system])
def test_add_group(self):
with session.begin():
group = data_setup.create_group()
user_password = '******'
user = data_setup.create_user(password=user_password)
data_setup.add_user_to_group(user, group)
orig_date_modified = self.system.date_modified
# as admin, assign the system to our test group
b = self.browser
login(b)
self.go_to_system_view(tab='Groups')
b.find_element_by_name('group.text').send_keys(group.group_name)
b.find_element_by_name('groups').submit()
b.find_element_by_xpath('//div[@id="groups"]'
'//td[normalize-space(text())="%s"]' %
group.group_name)
with session.begin():
session.refresh(self.system)
self.assert_(self.system.date_modified > orig_date_modified)
# as a user in the group, can we see it?
logout(b)
login(b, user.user_name, user_password)
click_menu_item(b, 'Systems', 'Available')
b.find_element_by_name('simplesearch').send_keys(self.system.fqdn)
b.find_element_by_name('systemsearch_simple').submit()
check_system_search_results(b, present=[self.system])
def test_disable_legacy_perms(self):
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(
CONFIG_FILE,
'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn',
env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=None)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.check_cannot_review()
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_cant_delete_group_mates_job(self):
# XXX This whole test can go away with BZ#1000861
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(
CONFIG_FILE,
'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn',
env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
group = data_setup.create_group()
mate = data_setup.create_user(password=u'asdf')
test_job = data_setup.create_completed_job(owner=mate)
data_setup.add_user_to_group(self.user, group)
data_setup.add_user_to_group(mate, group)
try:
run_client(['bkr', 'job-delete', test_job.t_id],
config=self.client_config)
self.fail('We should not have permission to delete %s' % \
test_job.t_id)
except ClientError, e:
self.assertIn(
"You don't have permission to delete job %s" %
test_job.t_id, e.stderr_output)
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_disable_legacy_perms(self):
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(CONFIG_FILE,
'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=None)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.check_cannot_review()
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_reserve_via_external_service(self):
with session.begin():
service_group = data_setup.create_group(
permissions=[u'proxy_auth'])
service_user = data_setup.create_user(password=u'password')
data_setup.add_user_to_group(service_user, service_group)
user = data_setup.create_user(password=u'notused')
system = data_setup.create_system(owner=User.by_user_name(
data_setup.ADMIN_USER),
status=u'Manual',
shared=True)
self.assert_(system.user is None)
server = self.get_server()
server.auth.login_password(service_user.user_name, 'password',
user.user_name)
server.systems.reserve(system.fqdn)
with session.begin():
session.refresh(system)
self.assertEqual(system.user, user)
self.assertEqual(system.reservations[0].type, u'manual')
self.assertEqual(system.reservations[0].user, user)
self.assert_(system.reservations[0].finish_time is None)
assert_durations_not_overlapping(system.reservations)
reserved_activity = system.activity[0]
self.assertEqual(reserved_activity.action, 'Reserved')
self.assertEqual(reserved_activity.service, service_user.user_name)
def test_ackability(self):
# XXX If this test gets any more complicated, we should break
# it up
b = self.browser
login(b, user=self.user_1.user_name, password=self.password)
b.get(get_server_base() + 'jobs/%d' % self.job.id)
#This tests that the ack is there for owner
b.find_element_by_name("response_box_%d" % self.job.recipesets[0].id)
logout(b)
# Not there for non owner
login(b, user=self.user_2.user_name, password=self.password)
b.get(get_server_base() + 'jobs/%d' % self.job.id)
b.find_element_by_xpath("//td[normalize-space(text())='RS:%s' and "
"not(./input[@name='response_box_%s'])]" % (
self.job.recipesets[0].id, self.job.recipesets[0].id))
# Is there for job owner's group co-member.
with session.begin():
data_setup.add_user_to_group(self.user_1, self.group)
data_setup.add_user_to_group(self.user_3, self.group)
logout(b)
login(b, user=self.user_3.user_name, password=self.password)
b.get(get_server_base() + 'jobs/%d' % self.job.id)
b.find_element_by_xpath("//input[@name='response_box_%s']" %
self.job.recipesets[0].id)
# There for job's group member
with session.begin():
self.job.group = self.group
self.user_2.groups.append(self.group)
logout(b)
login(b, user=self.user_2.user_name, password=self.password)
b.get(get_server_base() + 'jobs/%s' % self.job.id)
b.find_element_by_name("response_box_%s" % self.job.recipesets[0].id)
def test_add_group(self):
with session.begin():
group = data_setup.create_group()
user_password = "******"
user = data_setup.create_user(password=user_password)
data_setup.add_user_to_group(user, group)
orig_date_modified = self.system.date_modified
# as admin, assign the system to our test group
self.login()
sel = self.selenium
self.go_to_system_view()
sel.click('//ul[@class="tabbernav"]//a[text()="Groups"]')
sel.type("groups_group_text", group.group_name)
sel.click('//form[@name="groups"]//a[text()="Add ( + )"]')
sel.wait_for_page_to_load("30000")
self.assertEquals(
sel.get_xpath_count(
'//div[normalize-space(@class)="tabbertab"]' '//td[normalize-space(text())="%s"]' % group.group_name
),
1,
)
with session.begin():
session.refresh(self.system)
self.assert_(self.system.date_modified > orig_date_modified)
# as a user in the group, can we see it?
self.logout()
self.login(user.user_name, user_password)
sel.click("link=Available")
sel.wait_for_page_to_load("30000")
sel.type("simplesearch", self.system.fqdn)
sel.submit("systemsearch_simple")
sel.wait_for_page_to_load("30000")
self.failUnless(sel.is_text_present(self.system.fqdn))
def test_cant_delete_group_mates_job(self):
# XXX This whole test can go away with BZ#1000861
try:
stop_process('gunicorn')
except ValueError:
# It seems gunicorn is not a running process
raise SkipTest('Can only run this test against gunicorn')
try:
tmp_config = edit_file(CONFIG_FILE, 'beaker.deprecated_job_group_permissions.on = True',
'beaker.deprecated_job_group_permissions.on = False')
start_process('gunicorn', env={'BEAKER_CONFIG_FILE': tmp_config.name})
with session.begin():
group = data_setup.create_group()
mate = data_setup.create_user(password=u'asdf')
test_job = data_setup.create_completed_job(owner=mate)
data_setup.add_user_to_group(self.user, group)
data_setup.add_user_to_group(mate, group)
try:
run_client(['bkr', 'job-delete', test_job.t_id],
config=self.client_config)
self.fail('We should not have permission to delete %s' % \
test_job.t_id)
except ClientError, e:
self.assertIn("You don't have permission to delete job %s" %
test_job.t_id, e.stderr_output)
finally:
stop_process('gunicorn')
start_process('gunicorn')
def test_delete_group_mates_job(self):
with session.begin():
group = data_setup.create_group()
mate = data_setup.create_user(password=u'asdf')
test_job = data_setup.create_completed_job(owner=mate)
data_setup.add_user_to_group(self.user, group)
data_setup.add_user_to_group(mate, group)
out = run_client(['bkr', 'job-delete', test_job.t_id],
config=self.client_config)
self.assert_(out.startswith('Jobs deleted:'), out)
self.assert_(test_job.t_id in out, out)
def test_delete_group_mates_job(self):
with session.begin():
group = data_setup.create_group()
mate = data_setup.create_user(password=u'asdf')
test_job = data_setup.create_completed_job(owner=mate)
data_setup.add_user_to_group(self.user, group)
data_setup.add_user_to_group(mate, group)
out = run_client(['bkr', 'job-delete', test_job.t_id],
config=self.client_config)
self.assert_(out.startswith('Jobs deleted:'), out)
self.assert_(test_job.t_id in out, out)
def test_password_proxy_login(self):
with session.begin():
group = data_setup.create_group(permissions=[u'proxy_auth'])
user = data_setup.create_user(password=u'lulz')
proxied_user = data_setup.create_user(password=u'not_used')
data_setup.add_user_to_group(user, group)
server = self.get_server()
server.auth.login_password(user.user_name, u'lulz', proxied_user.user_name)
who_am_i = server.auth.who_am_i()
self.assertEquals(who_am_i['username'], proxied_user.user_name)
self.assertEquals(who_am_i['proxied_by_username'], user.user_name)
def test_group_member_can_change_retention_tag(self):
with session.begin():
group = data_setup.create_group()
job_owner = data_setup.create_user()
group_member = data_setup.create_user(password=u'group_member')
data_setup.add_user_to_group(job_owner, group)
data_setup.add_user_to_group(group_member, group)
job = data_setup.create_job(owner=job_owner,
retention_tag=u'scratch')
login(self.browser, user=group_member.user_name, password=u'group_member')
self.check_can_change_retention_tag(job, '60days')
def test_group_member_can_change_retention_tag(self):
with session.begin():
group = data_setup.create_group()
job_owner = data_setup.create_user()
group_member = data_setup.create_user(password=u'group_member')
data_setup.add_user_to_group(job_owner, group)
data_setup.add_user_to_group(group_member, group)
job = data_setup.create_job(owner=job_owner,
retention_tag=u'scratch')
login(self.browser, user=group_member.user_name, password=u'group_member')
self.check_can_change_retention_tag(job, '60days')
def test_password_proxy_login(self):
with session.begin():
group = data_setup.create_group(permissions=[u'proxy_auth'])
user = data_setup.create_user(password=u'lulz')
proxied_user = data_setup.create_user(password=u'not_used')
data_setup.add_user_to_group(user, group)
server = self.get_server()
server.auth.login_password(user.user_name, u'lulz',
proxied_user.user_name)
who_am_i = server.auth.who_am_i()
self.assertEquals(who_am_i['username'], proxied_user.user_name)
self.assertEquals(who_am_i['proxied_by_username'], user.user_name)
def test_manual_system_restricted_to_users_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.manual,
shared=False, lab_controller=self.lc)
user = data_setup.create_user(password=u'testing')
group = data_setup.create_group()
data_setup.add_user_to_group(user, group)
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_take(system)
def test_group_member_can_review_group_job(self):
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=group)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.review(job.recipesets[0])
def test_schedule_provision_system_has_user_with_group(self):
with session.begin():
self.automated_system.user = self.user2
data_setup.add_user_to_group(self.user,self.group)
data_setup.add_group_to_system(self.automated_system,self.group)
self.logout()
self.login(user=self.user.user_name,password='******') # login as admin
sel = self.selenium
sel.open("view/%s/" % self.automated_system.fqdn)
sel.wait_for_page_to_load("30000")
sel.click("link=Provision")
try: self.failUnless(sel.is_text_present("Schedule provision"))
except AssertionError, e: self.verificationErrors.append('Systemgroup has no schedule provision option when system is in use')
def test_group_member_can_change_product(self):
with session.begin():
group = data_setup.create_group()
job_owner = data_setup.create_user()
group_member = data_setup.create_user(password=u'group_member')
data_setup.add_user_to_group(job_owner, group)
data_setup.add_user_to_group(group_member, group)
job = data_setup.create_job(owner=job_owner,
retention_tag=u'active',
product=data_setup.create_product())
new_product = data_setup.create_product()
login(self.browser, user=group_member.user_name, password=u'group_member')
self.check_can_change_product(job, new_product)
def test_group_member_can_review_group_job(self):
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=group)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.review(job.recipesets[0])
def test_manual_system_restricted_to_users_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.manual,
shared=False,
lab_controller=self.lc)
user = data_setup.create_user(password=u'testing')
group = data_setup.create_group()
data_setup.add_user_to_group(user, group)
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_take(system)
def test_group_member_can_change_product(self):
with session.begin():
group = data_setup.create_group()
job_owner = data_setup.create_user()
group_member = data_setup.create_user(password=u'group_member')
data_setup.add_user_to_group(job_owner, group)
data_setup.add_user_to_group(group_member, group)
job = data_setup.create_job(owner=job_owner,
retention_tag=u'active',
product=data_setup.create_product())
new_product = data_setup.create_product()
login(self.browser, user=group_member.user_name, password=u'group_member')
self.check_can_change_product(job, new_product)
def test_group_member_can_review_non_group_job(self):
# This is a legacy permission which will go away eventually (see below)
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=None)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.review(job.recipesets[0])
def test_system_restricted_to_users_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.automated,
shared=False, lab_controller=self.lc)
user = data_setup.create_user(password=u'testing')
group = data_setup.create_group()
data_setup.add_user_to_group(user, group)
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_system_is_available(system)
self.check_cannot_take_automated(system)
self.check_schedule_provision(system, MSG_AUTO)
def test_group_member_can_review_non_group_job(self):
# This is a legacy permission which will go away eventually (see below)
with session.begin():
owner = data_setup.create_user()
member = data_setup.create_user(password=u'group_member')
group = data_setup.create_group()
data_setup.add_user_to_group(owner, group)
data_setup.add_user_to_group(member, group)
job = data_setup.create_job(owner=owner, group=None)
data_setup.mark_job_complete(job, result=TaskResult.fail)
b = self.browser
login(b, user=member.user_name, password='******')
b.get(get_server_base() + 'jobs/%s' % job.id)
self.review(job.recipesets[0])
def test_system_restricted_to_different_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.automated,
shared=False, lab_controller=self.lc)
wrong_group = data_setup.create_group()
user = data_setup.create_user(password=u'testing')
# user is not in the same group as system
data_setup.add_user_to_group(user, wrong_group)
group = data_setup.create_group()
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_system_is_not_available(system)
self.check_cannot_take(system)
def test_system_restricted_to_different_group(self):
with session.begin():
system = data_setup.create_system(status=SystemStatus.automated,
shared=False,
lab_controller=self.lc)
wrong_group = data_setup.create_group()
user = data_setup.create_user(password=u'testing')
# user is not in the same group as system
data_setup.add_user_to_group(user, wrong_group)
group = data_setup.create_group()
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
b = self.browser
login(b, user=user.user_name, password='******')
self.check_system_is_not_available(system)
self.check_cannot_take(system)
def test_system_in_use_by_another_group_member(self):
with session.begin():
user = data_setup.create_user(password=u'testing')
group = data_setup.create_group()
system = data_setup.create_system(status=SystemStatus.automated,
shared=False, lab_controller=self.lc)
data_setup.add_user_to_group(user, group)
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
user2 = data_setup.create_user()
data_setup.add_user_to_group(user2, group)
job = data_setup.create_job(owner=user2)
data_setup.mark_job_running(job, system=system)
b = self.browser
login(b, user=user.user_name, password=u'testing')
self.check_system_is_available(system)
self.check_system_is_not_free(system)
def test_system_in_use_by_another_group_member(self):
with session.begin():
user = data_setup.create_user(password=u'testing')
group = data_setup.create_group()
system = data_setup.create_system(status=SystemStatus.automated,
shared=False,
lab_controller=self.lc)
data_setup.add_user_to_group(user, group)
system.custom_access_policy.add_rule(
permission=SystemPermission.reserve, group=group)
user2 = data_setup.create_user()
data_setup.add_user_to_group(user2, group)
job = data_setup.create_job(owner=user2)
data_setup.mark_job_running(job, system=system)
b = self.browser
login(b, user=user.user_name, password=u'testing')
self.check_system_is_available(system)
self.check_system_is_not_free(system)
def test_reserve_via_external_service(self):
with session.begin():
service_group = data_setup.create_group(permissions=[u'proxy_auth'])
service_user = data_setup.create_user(password=u'password')
data_setup.add_user_to_group(service_user, service_group)
user = data_setup.create_user(password=u'notused')
system = data_setup.create_system(
owner=User.by_user_name(data_setup.ADMIN_USER),
status=u'Manual', shared=True)
self.assert_(system.user is None)
server = self.get_server()
server.auth.login_password(service_user.user_name, 'password',
user.user_name)
server.systems.reserve(system.fqdn)
with session.begin():
session.refresh(system)
self.assertEqual(system.user, user)
self.assertEqual(system.reservations[0].type, u'manual')
self.assertEqual(system.reservations[0].user, user)
self.assert_(system.reservations[0].finish_time is None)
assert_durations_not_overlapping(system.reservations)
reserved_activity = system.activity[0]
self.assertEqual(reserved_activity.action, 'Reserved')
self.assertEqual(reserved_activity.service, service_user.user_name)
def test_system_group_user_group(self):
#Automated machine
with session.begin():
data_setup.add_group_to_system(self.automated_system, self.group) # Add systemgroup
data_setup.add_user_to_group(self.user, self.wrong_group) # Add user to group
sel = self.selenium
self.logout()
self.login(user=self.user.user_name, password='******')
sel.open("")
sel.type("simplesearch", "%s" % self.automated_system.fqdn)
sel.click("search")
sel.wait_for_page_to_load("30000")
sel.click("link=%s" % self.automated_system.fqdn) #this tests the click!
sel.wait_for_page_to_load("30000")
self.assertEqual("%s" % self.automated_system.fqdn, sel.get_title()) #ensure the page has opened
try: self.failUnless(not sel.is_text_present("(Take)")) #Should be not here
except AssertionError, e: self.verificationErrors.\
append('Take is available to automated machine with system group privs' )
# Test for https://bugzilla.redhat.com/show_bug.cgi?id=747328
sel.open('user_change?id=%s' % self.automated_system.id)
sel.wait_for_page_to_load("30000")
self.assert_('You were unable to change the user for %s' % self.automated_system.fqdn in sel.get_text('//body'))
with session.begin():
self.user.groups = [self.group]
sel.open("")
sel.type("simplesearch", "%s" % self.automated_system.fqdn)
sel.click("search")
sel.wait_for_page_to_load("30000")
sel.click("link=%s" % self.automated_system.fqdn)
sel.wait_for_page_to_load("30000")
try: self.failUnless(sel.is_text_present("(Take)")) #Should be here
except AssertionError, e: self.verificationErrors.\
append('Take is not available to automated machine with system group pirvs' )
self._do_schedule_provision(self.automated_system.fqdn)
# Now can I actually take it?
sel.open("")
sel.type("simplesearch", "%s" % self.automated_system.fqdn)
sel.click("search")
sel.wait_for_page_to_load("30000")
sel.click("link=%s" % self.automated_system.fqdn)
sel.wait_for_page_to_load("30000")
self._do_take(self.automated_system.fqdn)
#Manual machine
with session.begin():
data_setup.add_group_to_system(self.manual_system, self.group) # Add systemgroup
sel = self.selenium
sel.open("")
sel.type("simplesearch", "%s" % self.manual_system.fqdn)
sel.click("search")
sel.wait_for_page_to_load("30000")
sel.click("link=%s" % self.manual_system.fqdn)
sel.wait_for_page_to_load("30000")
try: self.failUnless(sel.is_text_present("(Take)")) #Should be here
except AssertionError, e: self.verificationErrors.append('Take is not here for manual machine with system group privs')
self._do_schedule_provision(self.manual_system.fqdn)
# Now can I actually take it?
sel.open("")
sel.type("simplesearch", "%s" % self.manual_system.fqdn)
sel.click("search")
sel.wait_for_page_to_load("30000")
sel.click("link=%s" % self.manual_system.fqdn)
sel.wait_for_page_to_load("30000")
self._do_take(self.manual_system.fqdn)
