def test_update_system_pool(self): s = requests.Session() s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name, 'password': '******'}).raise_for_status() response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name, session=s, data={'name': 'newname', 'description': 'newdescription', 'owner': {'user_name': self.user.user_name}}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(self.pool.name, 'newname') self.assertEquals(self.pool.description, 'newdescription') self.assertEquals(self.pool.owner.user_name, self.user.user_name) s = requests.Session() s.post(get_server_base() + 'login', data={'user_name': self.user.user_name, 'password': '******'}).raise_for_status() response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name, session=s, data={'name': 'newname', 'description': 'newdescription', 'owner': {'group_name': self.group.group_name}}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(self.pool.owner, self.group) self.assertFalse(self.pool.owning_user)
def test_invalid_email_address(self): with session.begin(): user = data_setup.create_user() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'email_address': u'asdf'}, session=s) self.assertEqual(response.status_code, 400) self.assertIn('Invalid email address', response.text) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'email_address': u''}, session=s) self.assertEqual(response.status_code, 400) self.assertIn('Email address must not be empty', response.text)
def test_set_active_policy_to_custom_policy(self): with session.begin(): user1 = data_setup.create_user() user2 = data_setup.create_user() self.system.custom_access_policy.add_rule( permission=SystemPermission.edit_system, user=user1) pool = data_setup.create_system_pool() pool.access_policy.add_rule( permission=SystemPermission.edit_system, user=user2) self.system.active_access_policy = pool.access_policy self.assertFalse(self.system.active_access_policy.grants (user1, SystemPermission.edit_system)) self.assertTrue(self.system.active_access_policy.grants (user2, SystemPermission.edit_system)) s = requests.Session() s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name, 'password': '******'}).raise_for_status() response = patch_json(get_server_base() + 'systems/%s/' % self.system.fqdn, session=s, data={'active_access_policy': {'custom': True}}, ) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(self.system.active_access_policy.grants \ (user1, SystemPermission.edit_system))
def test_user_resource_counts_are_accurate_when_removing(self): with session.begin(): user = data_setup.create_user() job = data_setup.create_job(owner=user) data_setup.mark_job_running(job) owned_system = data_setup.create_system(owner=user) loaned_system = data_setup.create_system() loaned_system.loaned = user owned_pool = data_setup.create_system_pool(owning_user=user) group = data_setup.create_group(owner=user) s = requests.Session() requests_login(s) response = s.get(get_server_base() + 'users/%s' % user.user_name, headers={'Accept': 'application/json'}) response.raise_for_status() self.assertEquals(response.json()['job_count'], 1) self.assertEquals(response.json()['reservation_count'], 1) self.assertEquals(response.json()['loan_count'], 1) self.assertEquals(response.json()['owned_system_count'], 1) self.assertEquals(response.json()['owned_pool_count'], 1) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'removed': 'now'}, session=s) response.raise_for_status() # The bug was that the counts in the PATCH response would still show # their old values, because the queries for producing the counts were # being run before all the removals were flushed to the database. # Note that job_count stays as 1, because the job has been cancelled # but it will still be running until the next iteration of beakerd's # update_dirty_jobs. self.assertEquals(response.json()['job_count'], 1) self.assertEquals(response.json()['reservation_count'], 0) self.assertEquals(response.json()['loan_count'], 0) self.assertEquals(response.json()['owned_system_count'], 0) self.assertEquals(response.json()['owned_pool_count'], 0)
def test_anonymous_cannot_delete_note(self): with session.begin(): self.system.notes.append(Note(text=u'asdf', user=self.owner)) session.flush() note_id = self.system.notes[0].id response = patch_json(get_server_base() + 'systems/%s/notes/%s' % (self.system.fqdn, note_id), data={'deleted': 'now'}) self.assertEquals(response.status_code, 401)
def test_remove_account(self): with session.begin(): user = data_setup.create_user() job = data_setup.create_job(owner=user) data_setup.mark_job_running(job) owned_system = data_setup.create_system(owner=user) loaned_system = data_setup.create_system() loaned_system.loaned = user reserved_system = data_setup.create_system(status=SystemStatus.manual) reserved_system.reserve_manually(service=u'testdata', user=user) reserved_system.custom_access_policy.add_rule( SystemPermission.reserve, user=user) owned_pool = data_setup.create_system_pool(owning_user=user) group = data_setup.create_group(owner=user) s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'removed': 'now'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertIsNotNone(user.removed) # running jobs should be cancelled job.update_status() self.assertEquals(job.status, TaskStatus.cancelled) self.assertIn('User %s removed' % user.user_name, job.recipesets[0].recipes[0].tasks[0].results[0].log) # reservations should be released self.assertIsNone(reserved_system.user) # loans should be returned self.assertIsNone(loaned_system.loaned) # access policy rules should be removed self.assertEqual([], [rule for rule in reserved_system.custom_access_policy.rules if rule.user == user]) self.assertEqual(reserved_system.activity[0].field_name, u'Access Policy Rule') self.assertEqual(reserved_system.activity[0].action, u'Removed') self.assertEqual(reserved_system.activity[0].old_value, u'User:%s:reserve' % user.user_name) # systems owned by the user should be transferred to the caller self.assertEqual(owned_system.owner.user_name, data_setup.ADMIN_USER) self.assertEqual(owned_system.activity[0].field_name, u'Owner') self.assertEqual(owned_system.activity[0].action, u'Changed') self.assertEqual(owned_system.activity[0].old_value, user.user_name) self.assertEqual(owned_system.activity[0].new_value, data_setup.ADMIN_USER) # pools owned by the user should be transferred to the caller self.assertEqual(owned_pool.owner.user_name, data_setup.ADMIN_USER) self.assertEqual(owned_pool.activity[0].field_name, u'Owner') self.assertEqual(owned_pool.activity[0].action, u'Changed') self.assertEqual(owned_pool.activity[0].old_value, user.user_name) self.assertEqual(owned_pool.activity[0].new_value, data_setup.ADMIN_USER) # group membership/ownership should be removed self.assertNotIn(group, user.groups) self.assertNotIn(user, group.users) self.assertFalse(group.has_owner(user)) self.assertEqual(group.activity[-1].field_name, u'User') self.assertEqual(group.activity[-1].action, u'Removed') self.assertEqual(group.activity[-1].old_value, user.user_name)
def test_regular_users_cannot_rename_themselves(self): with session.begin(): user = data_setup.create_user(password=u'password') s = requests.Session() requests_login(s, user=user.user_name, password=u'password') response = patch_json(get_server_base() + 'users/%s' % user.user_name, session=s, data={'user_name': 'gandalf'}) self.assertEqual(response.status_code, 403) self.assertIn('Cannot rename user', response.text)
def test_cannot_update_reservation_request_if_duration_too_long(self): with session.begin(): data_setup.mark_job_running(self.job) s = requests.Session() requests_login(s, user=self.owner, password=u'theowner') response = patch_json(get_server_base() + 'recipes/%s/reservation-request' % self.recipe_with_reservation_request.id, session=s, data={'reserve': True, 'duration': 605000}) self.assertEquals(response.status_code, 400)
def test_condition_report_length_is_enforced(self): s = requests.Session() s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name, 'password': '******'}).raise_for_status() response = patch_json(get_server_base() + 'systems/%s/' % self.system.fqdn, session=s, data={'status': 'Broken', 'status_reason': 'reallylong' * 500}) self.assertEqual(response.status_code, 400) self.assertEqual(response.text, 'System condition report is longer than 4000 characters')
def test_updating_power_returns_correct_id(self): # The bug was that Power.id was overwriting System.id with session.begin(): system = data_setup.create_system(with_power=False, owner=self.owner) s = requests.Session() requests_login(s, user=self.owner.user_name, password=u'theowner') response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'power_type': 'ilo', 'power_address': 'nowhere'}) response.raise_for_status() self.assertEqual(response.json()['id'], system.id)
def test_task_update_disable_normal_user_fail(self): req_sess = requests.Session() requests_login(req_sess, self.normal_user.user_name, 'secret') self.assertEqual(self.my_task.valid, True) response = patch_json(get_server_base() + 'tasks/%s' % self.my_task.id, session=req_sess, data={'disabled': True}) self.assertEqual(response.status_code, 403) with session.begin(): session.expire_all() self.assertEqual(self.my_task.valid, True)
def test_task_update_task_not_available_404(self): req_sess = requests.Session() with session.begin(): result = session.query(func.max(Task.id)).first() fake_id = result[0] + 1 requests_login(req_sess, data_setup.ADMIN_USER, data_setup.ADMIN_PASSWORD) response = patch_json(get_server_base() + 'tasks/%s' % fake_id, session=req_sess, data={'disabled': True}) self.assertEqual(response.status_code, 404) self.assertEqual(response.text, 'Task %s does not exist' % fake_id)
def test_unprivileged_user_cannot_delete_note(self): with session.begin(): self.system.notes.append(Note(text=u'asdf', user=self.owner)) session.flush() note_id = self.system.notes[0].id unprivileged = data_setup.create_user(password=u'password') s = requests.Session() requests_login(s, user=unprivileged.user_name, password=u'password') response = patch_json(get_server_base() + 'systems/%s/notes/%s' % (self.system.fqdn, note_id), session=s, data={'deleted': 'now'}) self.assertEquals(response.status_code, 403)
def test_update_email_address(self): with session.begin(): user = data_setup.create_user(email_address=u'*****@*****.**') s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'email_address': u'*****@*****.**'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertEqual(user.email_address, u'*****@*****.**')
def test_task_update_disable_successful(self): req_sess = requests.Session() requests_login(req_sess, data_setup.ADMIN_USER, data_setup.ADMIN_PASSWORD) self.assertEqual(self.my_task.valid, True) response = patch_json(get_server_base() + 'tasks/%s' % self.my_task.id, session=req_sess, data={'disabled': True}) response.raise_for_status() self.assertEqual(response.json()['valid'], False) with session.begin(): session.expire_all() self.assertEqual(self.my_task.valid, False)
def test_set_root_password(self): with session.begin(): user = data_setup.create_user() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'root_password': u'D6BeK7Cq9a4M'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertIsNotNone(user._root_password)
def test_disable_user(self): with session.begin(): user = data_setup.create_user() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'disabled': True}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(user.disabled)
def test_update_display_name(self): with session.begin(): user = data_setup.create_user(display_name=u'Frodo Baggins') s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'display_name': u'Frodo Gamgee'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertEqual(user.display_name, u'Frodo Gamgee')
def test_renaming_user_to_existing_username_gives_409(self): with session.begin(): user = data_setup.create_user() other_user = data_setup.create_user() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, session=s, data={'user_name': other_user.user_name}) self.assertEqual(response.status_code, 409) self.assertEqual(response.text, 'User %s already exists' % other_user.user_name)
def test_can_clear_reviewed_state(self): with session.begin(): self.recipe.set_reviewed_state(self.owner, True) s = requests.Session() requests_login(s, user=self.owner, password=u'theowner') response = patch_json(get_server_base() + 'recipes/%s' % self.recipe.id, session=s, data={'reviewed': False}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEqual(self.recipe.get_reviewed_state(self.owner), False)
def test_records_activity_on_changing_access_policy(self): with session.begin(): system = data_setup.create_system() pool = data_setup.create_system_pool() pool.systems.append(system) # change the system active access policy to pool access policy s = requests.Session() s.post( get_server_base() + "login", data={"user_name": data_setup.ADMIN_USER, "password": data_setup.ADMIN_PASSWORD}, ).raise_for_status() response = patch_json( get_server_base() + "systems/%s/" % system.fqdn, session=s, data={"active_access_policy": {"pool_name": pool.name}}, ) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(system.active_access_policy, pool.access_policy) self.assertEquals(system.activity[-1].field_name, "Active Access Policy") self.assertEquals(system.activity[-1].action, "Changed") self.assertEquals(system.activity[-1].old_value, "Custom access policy") self.assertEquals(system.activity[-1].new_value, "Pool policy: %s" % unicode(pool)) # change the system active access policy back to custom access policy s = requests.Session() s.post( get_server_base() + "login", data={"user_name": data_setup.ADMIN_USER, "password": data_setup.ADMIN_PASSWORD}, ).raise_for_status() response = patch_json( get_server_base() + "systems/%s/" % system.fqdn, session=s, data={"active_access_policy": {"custom": True}} ) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(system.active_access_policy, system.custom_access_policy) self.assertEquals(system.activity[-2].field_name, "Active Access Policy") self.assertEquals(system.activity[-2].action, "Changed") self.assertEquals(system.activity[-2].old_value, "Pool policy: %s" % unicode(pool)) self.assertEquals(system.activity[-2].new_value, "Custom access policy")
def test_set_password(self): with session.begin(): user = data_setup.create_user() user.password = u'frodo' s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'password': u'bilbo'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(user.check_password(u'bilbo'))
def test_condition_report_length_is_enforced(self): s = requests.Session() s.post( get_server_base() + "login", data={"user_name": self.owner.user_name, "password": "******"} ).raise_for_status() response = patch_json( get_server_base() + "systems/%s/" % self.system.fqdn, session=s, data={"status": "Broken", "status_reason": "reallylong" * 500}, ) self.assertEqual(response.status_code, 400) self.assertEqual(response.text, "System condition report is longer than 4000 characters")
def test_set_use_old_job_page(self): with session.begin(): user = data_setup.create_user(password=u'password') user.use_old_job_page = True s = requests.Session() requests_login(s, user=user.user_name, password='******') response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'use_old_job_page': False}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertEqual(user.use_old_job_page, False)
def test_cannot_update_system_details_with_edit_policy_permission(self): with session.begin(): user = data_setup.create_user(password="******") system = data_setup.create_system() system.custom_access_policy.add_rule(permission=SystemPermission.edit_policy, user=user) s = requests.Session() s.post( get_server_base() + "login", data={"user_name": user.user_name, "password": "******"} ).raise_for_status() response = patch_json(get_server_base() + "systems/%s/" % system.fqdn, session=s, data={"fqdn": u"newfqdn"}) self.assertEquals(response.status_code, 403) self.assertIn("Cannot edit system", response.text)
def test_can_set_zero_quiescent_period(self): with session.begin(): system = data_setup.create_system() s = requests.Session() s.post(get_server_base() + 'login', data={'user_name': data_setup.ADMIN_USER, 'password': data_setup.ADMIN_PASSWORD}).raise_for_status() response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'power_quiescent_period': 0}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(system.power.power_quiescent_period, 0)
def test_cannot_give_to_deleted_user(self): with session.begin(): system = data_setup.create_system() deleted_user = data_setup.create_user() deleted_user.removed = datetime.datetime.utcnow() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'owner': {'user_name': deleted_user.user_name}}) self.assertEquals(response.status_code, 400) self.assertEquals(response.text, 'Cannot change owner to deleted user %s' % deleted_user.user_name)
def test_update_email_address(self): with session.begin(): user = data_setup.create_user( email_address=u'*****@*****.**') s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'email_address': u'*****@*****.**'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertEqual(user.email_address, u'*****@*****.**')
def test_rename_user(self): with session.begin(): user = data_setup.create_user() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, session=s, data={'user_name': 'sgamgee'}) response.raise_for_status() self.assertEqual(response.headers['Location'], get_server_base() + 'users/sgamgee') self.assertEqual(response.json()['user_name'], 'sgamgee') with session.begin(): session.expire_all() self.assertEqual(user.user_name, u'sgamgee')
def test_clear_root_password(self): with session.begin(): user = data_setup.create_user() user.root_password = u'D6BeK7Cq9a4M' s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'root_password': u''}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertIsNone(user._root_password)
def test_can_update_recipe_whiteboard(self): s = requests.Session() requests_login(s, user=self.owner, password=u'theowner') response = patch_json(get_server_base() + 'recipes/%s' % self.recipe.id, session=s, data={'whiteboard': u'newwhiteboard'}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(self.recipe.whiteboard, 'newwhiteboard') self.assertEquals(self.recipe.activity[0].field_name, u'Whiteboard') self.assertEquals(self.recipe.activity[0].action, u'Changed') self.assertEquals(self.recipe.activity[0].new_value, u'newwhiteboard')
def test_reenable_user(self): with session.begin(): user = data_setup.create_user() user.disabled = True s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'disabled': False}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertFalse(user.disabled)
def test_unremove_account(self): with session.begin(): user = data_setup.create_user() user.removed = datetime.datetime.utcnow() s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'removed': None}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertIsNone(user.removed) self.assertFalse(user.disabled)
def test_updating_power_returns_correct_id(self): # The bug was that Power.id was overwriting System.id with session.begin(): system = data_setup.create_system(with_power=False, owner=self.owner) s = requests.Session() requests_login(s, user=self.owner.user_name, password=u'theowner') response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={ 'power_type': 'ilo', 'power_address': 'nowhere' }) response.raise_for_status() self.assertEqual(response.json()['id'], system.id)
def test_cannot_update_system_pool_with_empty_name(self): """Verify that updating a system pool with an empty name returns an error.""" self.assertTrue(self.pool.name, "Cannot run test with empty pool name in fixture") s = requests.Session() send_login(s, self.owner, 'theowner') response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name, session=s, data={'name': ''}) self.assertEqual(400, response.status_code) self.assertEqual('Pool name cannot be empty', response.text) with session.begin(): session.refresh(self.pool) self.assertTrue(self.pool.name)
def test_cannot_change_system_pool_owner_to_deleted_user(self): with session.begin(): self.user.removed = datetime.datetime.utcnow() s = requests.Session() send_login(s, user=self.owner, password=u'theowner') response = patch_json( get_server_base() + 'pools/%s/' % self.pool.name, session=s, data={'owner': { 'user_name': self.user.user_name }}) self.assertEquals(response.status_code, 400) self.assertEquals( response.text, 'System pool cannot be owned by deleted user %s' % self.user.user_name)
def test_user_with_edit_permission_can_delete_note(self): with session.begin(): self.system.notes.append(Note(text=u'asdf', user=self.owner)) session.flush() note_id = self.system.notes[0].id user = data_setup.create_user(password='******') self.system.custom_access_policy.add_rule( permission=SystemPermission.edit_system, user=user) s = requests.Session() requests_login(s, user=user.user_name, password=u'password') response = patch_json(get_server_base() + 'systems/%s/notes/%s' % (self.system.fqdn, note_id), session=s, data={'deleted': 'now'}) response.raise_for_status()
def test_can_update_reservation_request_to_reserve_system(self): with session.begin(): data_setup.mark_job_running(self.job) # On a recipe with reservation request s = requests.Session() requests_login(s, user=self.owner, password=u'theowner') response = patch_json(get_server_base() + 'recipes/%s/reservation-request' % self.recipe_with_reservation_request.id, session=s, data={'reserve': True, 'duration': 300}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(self.recipe_with_reservation_request.reservation_request.duration, 300) self.assertEquals(self.recipe_with_reservation_request.activity[0].field_name, u'Reservation Request') self.assertEquals(self.recipe_with_reservation_request.activity[0].action, u'Changed') self.assertEquals(self.recipe_with_reservation_request.activity[0].new_value, u'300') # On a recipe without reservation request s = requests.Session() requests_login(s, user=self.owner, password=u'theowner') response = patch_json(get_server_base() + 'recipes/%s/reservation-request' % self.recipe_without_reservation_request.id, session=s, data={'reserve': True, 'duration': 300}) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(self.recipe_without_reservation_request.reservation_request) self.assertEquals(self.recipe_without_reservation_request.activity[0].field_name, u'Reservation Request') self.assertEquals(self.recipe_without_reservation_request.activity[0].action, u'Changed') self.assertEquals(self.recipe_without_reservation_request.activity[0].new_value, u'300')
def test_can_set_zero_quiescent_period(self): with session.begin(): system = data_setup.create_system() s = requests.Session() s.post(get_server_base() + 'login', data={ 'user_name': data_setup.ADMIN_USER, 'password': data_setup.ADMIN_PASSWORD }).raise_for_status() response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'power_quiescent_period': 0}) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(system.power.power_quiescent_period, 0)
def test_cannot_give_to_deleted_user(self): with session.begin(): system = data_setup.create_system() deleted_user = data_setup.create_user() deleted_user.removed = datetime.datetime.utcnow() s = requests.Session() requests_login(s) response = patch_json( get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'owner': { 'user_name': deleted_user.user_name }}) self.assertEquals(response.status_code, 400) self.assertEquals( response.text, 'Cannot change owner to deleted user %s' % deleted_user.user_name)
def test_condition_report_length_is_enforced(self): s = requests.Session() s.post(get_server_base() + 'login', data={ 'user_name': self.owner.user_name, 'password': '******' }).raise_for_status() response = patch_json(get_server_base() + 'systems/%s/' % self.system.fqdn, session=s, data={ 'status': 'Broken', 'status_reason': 'reallylong' * 500 }) self.assertEqual(response.status_code, 400) self.assertEqual( response.text, 'System condition report is longer than 4000 characters')
def test_cannot_update_system_details_with_edit_policy_permission(self): with session.begin(): user = data_setup.create_user(password='******') system = data_setup.create_system() system.custom_access_policy.add_rule( permission=SystemPermission.edit_policy, user=user) s = requests.Session() s.post(get_server_base() + 'login', data={ 'user_name': user.user_name, 'password': '******' }).raise_for_status() response = patch_json( get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'fqdn': u'newfqdn'}, ) self.assertEquals(response.status_code, 403) self.assertIn('Cannot edit system', response.text)
def test_system_owner_username_is_truncated(self): with session.begin(): system = data_setup.create_system() max_new_value_length = 60 long_username = '******' * max_new_value_length + 's' user_with_long_username = data_setup.create_user( user_name=long_username) s = requests.Session() requests_login(s) response = patch_json( get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'owner': { 'user_name': user_with_long_username.user_name }}) self.assertEquals(response.status_code, 200) with session.begin(): self.assertEquals(system.activity[0].field_name, u'Owner') self.assertEquals(system.activity[0].action, u'Changed') self.assertEquals(system.activity[0].new_value, u'z' * max_new_value_length)
def test_rejects_non_ascii_chars_in_fqdn(self): b = self.browser login(b) self.go_to_system_view() b.find_element_by_xpath( '//h1/button[contains(text(), "Rename")]').click() modal = b.find_element_by_class_name('modal') modal.find_element_by_name('fqdn').clear() modal.find_element_by_name('fqdn').send_keys(u'lööööl') modal.find_element_by_tag_name('form').submit() # we can't actually check the HTML5 validation error, # but we should still be at the system rename modal modal.find_element_by_css_selector('input[name=fqdn]:invalid') # should be rejected server-side also s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'systems/%s/' % self.system.fqdn, session=s, data=dict(fqdn=u'löööööl')) self.assertEquals(response.status_code, 400) self.assertEquals(response.text, u'Invalid FQDN for system: löööööl')
def test_updating_access_policy_with_no_change_should_not_record_activity( self): with session.begin(): system = data_setup.create_system() s = requests.Session() s.post(get_server_base() + 'login', data={ 'user_name': data_setup.ADMIN_USER, 'password': data_setup.ADMIN_PASSWORD }).raise_for_status() response = patch_json( get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'active_access_policy': { 'custom': True }}, ) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(system.active_access_policy, system.custom_access_policy) self.assertEquals(system.activity, [])
def test_sends_mail_notification_for_loan_return(self): with session.begin(): owner = data_setup.create_user(user_name='mturnbull', email_address='*****@*****.**') system = data_setup.create_system(fqdn='lya4.aemo.com.au', owner=owner) loanee = data_setup.create_user(user_name='bshorten') system.loaned = loanee s = requests.Session() requests_login(s) mail_capture_thread.start_capturing() response = patch_json(get_server_base() + 'systems/%s/loans/+current' % system.fqdn, session=s, data={'finish': 'now'}) self.assertEquals(response.status_code, 200) captured_mails = mail_capture_thread.stop_capturing() self.assertEquals(len(captured_mails), 1) sender, rcpts, raw_msg = captured_mails[0] msg = email.message_from_string(raw_msg) self.assertEquals(['*****@*****.**'], rcpts) self.assertEquals('*****@*****.**', msg['To']) self.assertEquals('System lya4.aemo.com.au loan returned', msg['Subject']) self.assertEquals( 'Beaker system lya4.aemo.com.au <%sview/lya4.aemo.com.au>\n' 'loan has been returned by admin.' % get_server_base(), msg.get_payload(decode=True))
def test_set_active_policy_to_custom_policy(self): with session.begin(): user1 = data_setup.create_user() user2 = data_setup.create_user() self.system.custom_access_policy.add_rule( permission=SystemPermission.edit_system, user=user1) pool = data_setup.create_system_pool() pool.access_policy.add_rule( permission=SystemPermission.edit_system, user=user2) self.system.active_access_policy = pool.access_policy self.assertFalse( self.system.active_access_policy.grants( user1, SystemPermission.edit_system)) self.assertTrue( self.system.active_access_policy.grants( user2, SystemPermission.edit_system)) s = requests.Session() s.post(get_server_base() + 'login', data={ 'user_name': self.owner.user_name, 'password': '******' }).raise_for_status() response = patch_json( get_server_base() + 'systems/%s/' % self.system.fqdn, session=s, data={'active_access_policy': { 'custom': True }}, ) response.raise_for_status() with session.begin(): session.expire_all() self.assertTrue(self.system.active_access_policy.grants \ (user1, SystemPermission.edit_system))
def test_can_update_active_access_policy_with_edit_policy_permission(self): with session.begin(): user = data_setup.create_user(password='******') system = data_setup.create_system() system.custom_access_policy.add_rule( permission=SystemPermission.edit_policy, user=user) pool = data_setup.create_system_pool(systems=[system]) s = requests.Session() s.post(get_server_base() + 'login', data={ 'user_name': user.user_name, 'password': '******' }).raise_for_status() response = patch_json( get_server_base() + 'systems/%s/' % system.fqdn, session=s, data={'active_access_policy': { 'pool_name': pool.name }}, ) response.raise_for_status() with session.begin(): session.expire_all() self.assertEquals(system.active_access_policy, pool.access_policy)
def test_anonymous_cannot_update_reservation_request(self): response = patch_json(get_server_base() + 'recipes/%s/reservation-request' % self.recipe_with_reservation_request.id, data={'reserve': True, 'duration': 300}) self.assertEquals(response.status_code, 401)
def test_anonymous_cannot_update_recipe(self): response = patch_json(get_server_base() + 'recipes/%s' % self.recipe.id, data={'whiteboard': u'testwhiteboard'}) self.assertEquals(response.status_code, 401)
def test_remove_account(self): with session.begin(): user = data_setup.create_user() job = data_setup.create_job(owner=user) data_setup.mark_job_running(job) owned_system = data_setup.create_system(owner=user) loaned_system = data_setup.create_system() loaned_system.loaned = user reserved_system = data_setup.create_system( status=SystemStatus.manual) reserved_system.reserve_manually(service=u'testdata', user=user) reserved_system.custom_access_policy.add_rule( SystemPermission.reserve, user=user) owned_pool = data_setup.create_system_pool(owning_user=user) group = data_setup.create_group(owner=user) s = requests.Session() requests_login(s) response = patch_json(get_server_base() + 'users/%s' % user.user_name, data={'removed': 'now'}, session=s) response.raise_for_status() with session.begin(): session.expire_all() self.assertIsNotNone(user.removed) # running jobs should be cancelled job.update_status() self.assertEquals(job.status, TaskStatus.cancelled) self.assertIn('User %s removed' % user.user_name, job.recipesets[0].recipes[0].tasks[0].results[0].log) # reservations should be released self.assertIsNone(reserved_system.user) # loans should be returned self.assertIsNone(loaned_system.loaned) # access policy rules should be removed self.assertEqual([], [ rule for rule in reserved_system.custom_access_policy.rules if rule.user == user ]) self.assertEqual(reserved_system.activity[0].field_name, u'Access Policy Rule') self.assertEqual(reserved_system.activity[0].action, u'Removed') self.assertEqual(reserved_system.activity[0].old_value, u'<grant reserve to %s>' % user.user_name) # systems owned by the user should be transferred to the caller self.assertEqual(owned_system.owner.user_name, data_setup.ADMIN_USER) self.assertEqual(owned_system.activity[0].field_name, u'Owner') self.assertEqual(owned_system.activity[0].action, u'Changed') self.assertEqual(owned_system.activity[0].old_value, user.user_name) self.assertEqual(owned_system.activity[0].new_value, data_setup.ADMIN_USER) # pools owned by the user should be transferred to the caller self.assertEqual(owned_pool.owner.user_name, data_setup.ADMIN_USER) self.assertEqual(owned_pool.activity[0].field_name, u'Owner') self.assertEqual(owned_pool.activity[0].action, u'Changed') self.assertEqual(owned_pool.activity[0].old_value, user.user_name) self.assertEqual(owned_pool.activity[0].new_value, data_setup.ADMIN_USER) # group membership/ownership should be removed self.assertNotIn(group, user.groups) self.assertNotIn(user, group.users) self.assertFalse(group.has_owner(user)) self.assertEqual(group.activity[-1].field_name, u'User') self.assertEqual(group.activity[-1].action, u'Removed') self.assertEqual(group.activity[-1].old_value, user.user_name)