def test_update_system_pool(self):
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
'password': '******'}).raise_for_status()
response = patch_json(get_server_base() +
'pools/%s/' % self.pool.name, session=s,
data={'name': 'newname',
'description': 'newdescription',
'owner': {'user_name': self.user.user_name}})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(self.pool.name, 'newname')
self.assertEquals(self.pool.description, 'newdescription')
self.assertEquals(self.pool.owner.user_name, self.user.user_name)
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.user.user_name,
'password': '******'}).raise_for_status()
response = patch_json(get_server_base() +
'pools/%s/' % self.pool.name, session=s,
data={'name': 'newname',
'description': 'newdescription',
'owner': {'group_name': self.group.group_name}})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(self.pool.owner, self.group)
self.assertFalse(self.pool.owning_user)
def test_invalid_email_address(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'email_address': u'asdf'}, session=s)
self.assertEqual(response.status_code, 400)
self.assertIn('Invalid email address', response.text)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'email_address': u''}, session=s)
self.assertEqual(response.status_code, 400)
self.assertIn('Email address must not be empty', response.text)
def test_set_active_policy_to_custom_policy(self):
with session.begin():
user1 = data_setup.create_user()
user2 = data_setup.create_user()
self.system.custom_access_policy.add_rule(
permission=SystemPermission.edit_system, user=user1)
pool = data_setup.create_system_pool()
pool.access_policy.add_rule(
permission=SystemPermission.edit_system, user=user2)
self.system.active_access_policy = pool.access_policy
self.assertFalse(self.system.active_access_policy.grants
(user1, SystemPermission.edit_system))
self.assertTrue(self.system.active_access_policy.grants
(user2, SystemPermission.edit_system))
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
'password': '******'}).raise_for_status()
response = patch_json(get_server_base() +
'systems/%s/' % self.system.fqdn, session=s,
data={'active_access_policy': {'custom': True}},
)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(self.system.active_access_policy.grants \
(user1, SystemPermission.edit_system))
def test_user_resource_counts_are_accurate_when_removing(self):
with session.begin():
user = data_setup.create_user()
job = data_setup.create_job(owner=user)
data_setup.mark_job_running(job)
owned_system = data_setup.create_system(owner=user)
loaned_system = data_setup.create_system()
loaned_system.loaned = user
owned_pool = data_setup.create_system_pool(owning_user=user)
group = data_setup.create_group(owner=user)
s = requests.Session()
requests_login(s)
response = s.get(get_server_base() + 'users/%s' % user.user_name,
headers={'Accept': 'application/json'})
response.raise_for_status()
self.assertEquals(response.json()['job_count'], 1)
self.assertEquals(response.json()['reservation_count'], 1)
self.assertEquals(response.json()['loan_count'], 1)
self.assertEquals(response.json()['owned_system_count'], 1)
self.assertEquals(response.json()['owned_pool_count'], 1)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': 'now'}, session=s)
response.raise_for_status()
# The bug was that the counts in the PATCH response would still show
# their old values, because the queries for producing the counts were
# being run before all the removals were flushed to the database.
# Note that job_count stays as 1, because the job has been cancelled
# but it will still be running until the next iteration of beakerd's
# update_dirty_jobs.
self.assertEquals(response.json()['job_count'], 1)
self.assertEquals(response.json()['reservation_count'], 0)
self.assertEquals(response.json()['loan_count'], 0)
self.assertEquals(response.json()['owned_system_count'], 0)
self.assertEquals(response.json()['owned_pool_count'], 0)
def test_anonymous_cannot_delete_note(self):
with session.begin():
self.system.notes.append(Note(text=u'asdf', user=self.owner))
session.flush()
note_id = self.system.notes[0].id
response = patch_json(get_server_base() + 'systems/%s/notes/%s'
% (self.system.fqdn, note_id), data={'deleted': 'now'})
self.assertEquals(response.status_code, 401)
def test_remove_account(self):
with session.begin():
user = data_setup.create_user()
job = data_setup.create_job(owner=user)
data_setup.mark_job_running(job)
owned_system = data_setup.create_system(owner=user)
loaned_system = data_setup.create_system()
loaned_system.loaned = user
reserved_system = data_setup.create_system(status=SystemStatus.manual)
reserved_system.reserve_manually(service=u'testdata', user=user)
reserved_system.custom_access_policy.add_rule(
SystemPermission.reserve, user=user)
owned_pool = data_setup.create_system_pool(owning_user=user)
group = data_setup.create_group(owner=user)
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': 'now'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNotNone(user.removed)
# running jobs should be cancelled
job.update_status()
self.assertEquals(job.status, TaskStatus.cancelled)
self.assertIn('User %s removed' % user.user_name,
job.recipesets[0].recipes[0].tasks[0].results[0].log)
# reservations should be released
self.assertIsNone(reserved_system.user)
# loans should be returned
self.assertIsNone(loaned_system.loaned)
# access policy rules should be removed
self.assertEqual([],
[rule for rule in reserved_system.custom_access_policy.rules
if rule.user == user])
self.assertEqual(reserved_system.activity[0].field_name, u'Access Policy Rule')
self.assertEqual(reserved_system.activity[0].action, u'Removed')
self.assertEqual(reserved_system.activity[0].old_value,
u'User:%s:reserve' % user.user_name)
# systems owned by the user should be transferred to the caller
self.assertEqual(owned_system.owner.user_name, data_setup.ADMIN_USER)
self.assertEqual(owned_system.activity[0].field_name, u'Owner')
self.assertEqual(owned_system.activity[0].action, u'Changed')
self.assertEqual(owned_system.activity[0].old_value, user.user_name)
self.assertEqual(owned_system.activity[0].new_value, data_setup.ADMIN_USER)
# pools owned by the user should be transferred to the caller
self.assertEqual(owned_pool.owner.user_name, data_setup.ADMIN_USER)
self.assertEqual(owned_pool.activity[0].field_name, u'Owner')
self.assertEqual(owned_pool.activity[0].action, u'Changed')
self.assertEqual(owned_pool.activity[0].old_value, user.user_name)
self.assertEqual(owned_pool.activity[0].new_value, data_setup.ADMIN_USER)
# group membership/ownership should be removed
self.assertNotIn(group, user.groups)
self.assertNotIn(user, group.users)
self.assertFalse(group.has_owner(user))
self.assertEqual(group.activity[-1].field_name, u'User')
self.assertEqual(group.activity[-1].action, u'Removed')
self.assertEqual(group.activity[-1].old_value, user.user_name)
def test_regular_users_cannot_rename_themselves(self):
with session.begin():
user = data_setup.create_user(password=u'password')
s = requests.Session()
requests_login(s, user=user.user_name, password=u'password')
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
session=s, data={'user_name': 'gandalf'})
self.assertEqual(response.status_code, 403)
self.assertIn('Cannot rename user', response.text)
def test_cannot_update_reservation_request_if_duration_too_long(self):
with session.begin():
data_setup.mark_job_running(self.job)
s = requests.Session()
requests_login(s, user=self.owner, password=u'theowner')
response = patch_json(get_server_base() +
'recipes/%s/reservation-request' % self.recipe_with_reservation_request.id,
session=s, data={'reserve': True, 'duration': 605000})
self.assertEquals(response.status_code, 400)
def test_condition_report_length_is_enforced(self):
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
'password': '******'}).raise_for_status()
response = patch_json(get_server_base() + 'systems/%s/' % self.system.fqdn,
session=s, data={'status': 'Broken', 'status_reason': 'reallylong' * 500})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.text,
'System condition report is longer than 4000 characters')
def test_updating_power_returns_correct_id(self):
# The bug was that Power.id was overwriting System.id
with session.begin():
system = data_setup.create_system(with_power=False, owner=self.owner)
s = requests.Session()
requests_login(s, user=self.owner.user_name, password=u'theowner')
response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn,
session=s, data={'power_type': 'ilo', 'power_address': 'nowhere'})
response.raise_for_status()
self.assertEqual(response.json()['id'], system.id)
def test_task_update_disable_normal_user_fail(self):
req_sess = requests.Session()
requests_login(req_sess, self.normal_user.user_name, 'secret')
self.assertEqual(self.my_task.valid, True)
response = patch_json(get_server_base() + 'tasks/%s' % self.my_task.id,
session=req_sess, data={'disabled': True})
self.assertEqual(response.status_code, 403)
with session.begin():
session.expire_all()
self.assertEqual(self.my_task.valid, True)
def test_task_update_task_not_available_404(self):
req_sess = requests.Session()
with session.begin():
result = session.query(func.max(Task.id)).first()
fake_id = result[0] + 1
requests_login(req_sess, data_setup.ADMIN_USER, data_setup.ADMIN_PASSWORD)
response = patch_json(get_server_base() + 'tasks/%s' % fake_id,
session=req_sess, data={'disabled': True})
self.assertEqual(response.status_code, 404)
self.assertEqual(response.text, 'Task %s does not exist' % fake_id)
def test_unprivileged_user_cannot_delete_note(self):
with session.begin():
self.system.notes.append(Note(text=u'asdf', user=self.owner))
session.flush()
note_id = self.system.notes[0].id
unprivileged = data_setup.create_user(password=u'password')
s = requests.Session()
requests_login(s, user=unprivileged.user_name, password=u'password')
response = patch_json(get_server_base() + 'systems/%s/notes/%s'
% (self.system.fqdn, note_id), session=s, data={'deleted': 'now'})
self.assertEquals(response.status_code, 403)
def test_update_email_address(self):
with session.begin():
user = data_setup.create_user(email_address=u'*****@*****.**')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'email_address': u'*****@*****.**'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.email_address, u'*****@*****.**')
def test_task_update_disable_successful(self):
req_sess = requests.Session()
requests_login(req_sess, data_setup.ADMIN_USER, data_setup.ADMIN_PASSWORD)
self.assertEqual(self.my_task.valid, True)
response = patch_json(get_server_base() + 'tasks/%s' % self.my_task.id,
session=req_sess, data={'disabled': True})
response.raise_for_status()
self.assertEqual(response.json()['valid'], False)
with session.begin():
session.expire_all()
self.assertEqual(self.my_task.valid, False)
def test_set_root_password(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'root_password': u'D6BeK7Cq9a4M'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNotNone(user._root_password)
def test_disable_user(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'disabled': True}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(user.disabled)
def test_update_display_name(self):
with session.begin():
user = data_setup.create_user(display_name=u'Frodo Baggins')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'display_name': u'Frodo Gamgee'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.display_name, u'Frodo Gamgee')
def test_renaming_user_to_existing_username_gives_409(self):
with session.begin():
user = data_setup.create_user()
other_user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
session=s, data={'user_name': other_user.user_name})
self.assertEqual(response.status_code, 409)
self.assertEqual(response.text,
'User %s already exists' % other_user.user_name)
def test_can_clear_reviewed_state(self):
with session.begin():
self.recipe.set_reviewed_state(self.owner, True)
s = requests.Session()
requests_login(s, user=self.owner, password=u'theowner')
response = patch_json(get_server_base() + 'recipes/%s' % self.recipe.id,
session=s, data={'reviewed': False})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(self.recipe.get_reviewed_state(self.owner), False)
def test_records_activity_on_changing_access_policy(self):
with session.begin():
system = data_setup.create_system()
pool = data_setup.create_system_pool()
pool.systems.append(system)
# change the system active access policy to pool access policy
s = requests.Session()
s.post(
get_server_base() + "login",
data={"user_name": data_setup.ADMIN_USER, "password": data_setup.ADMIN_PASSWORD},
).raise_for_status()
response = patch_json(
get_server_base() + "systems/%s/" % system.fqdn,
session=s,
data={"active_access_policy": {"pool_name": pool.name}},
)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(system.active_access_policy, pool.access_policy)
self.assertEquals(system.activity[-1].field_name, "Active Access Policy")
self.assertEquals(system.activity[-1].action, "Changed")
self.assertEquals(system.activity[-1].old_value, "Custom access policy")
self.assertEquals(system.activity[-1].new_value, "Pool policy: %s" % unicode(pool))
# change the system active access policy back to custom access policy
s = requests.Session()
s.post(
get_server_base() + "login",
data={"user_name": data_setup.ADMIN_USER, "password": data_setup.ADMIN_PASSWORD},
).raise_for_status()
response = patch_json(
get_server_base() + "systems/%s/" % system.fqdn, session=s, data={"active_access_policy": {"custom": True}}
)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(system.active_access_policy, system.custom_access_policy)
self.assertEquals(system.activity[-2].field_name, "Active Access Policy")
self.assertEquals(system.activity[-2].action, "Changed")
self.assertEquals(system.activity[-2].old_value, "Pool policy: %s" % unicode(pool))
self.assertEquals(system.activity[-2].new_value, "Custom access policy")
def test_set_password(self):
with session.begin():
user = data_setup.create_user()
user.password = u'frodo'
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'password': u'bilbo'}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(user.check_password(u'bilbo'))
def test_condition_report_length_is_enforced(self):
s = requests.Session()
s.post(
get_server_base() + "login", data={"user_name": self.owner.user_name, "password": "******"}
).raise_for_status()
response = patch_json(
get_server_base() + "systems/%s/" % self.system.fqdn,
session=s,
data={"status": "Broken", "status_reason": "reallylong" * 500},
)
self.assertEqual(response.status_code, 400)
self.assertEqual(response.text, "System condition report is longer than 4000 characters")
def test_set_use_old_job_page(self):
with session.begin():
user = data_setup.create_user(password=u'password')
user.use_old_job_page = True
s = requests.Session()
requests_login(s, user=user.user_name, password='******')
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'use_old_job_page': False}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.use_old_job_page, False)
def test_cannot_update_system_details_with_edit_policy_permission(self):
with session.begin():
user = data_setup.create_user(password="******")
system = data_setup.create_system()
system.custom_access_policy.add_rule(permission=SystemPermission.edit_policy, user=user)
s = requests.Session()
s.post(
get_server_base() + "login", data={"user_name": user.user_name, "password": "******"}
).raise_for_status()
response = patch_json(get_server_base() + "systems/%s/" % system.fqdn, session=s, data={"fqdn": u"newfqdn"})
self.assertEquals(response.status_code, 403)
self.assertIn("Cannot edit system", response.text)
def test_can_set_zero_quiescent_period(self):
with session.begin():
system = data_setup.create_system()
s = requests.Session()
s.post(get_server_base() + 'login', data={'user_name': data_setup.ADMIN_USER,
'password': data_setup.ADMIN_PASSWORD}).raise_for_status()
response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn,
session=s, data={'power_quiescent_period': 0})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(system.power.power_quiescent_period, 0)
def test_cannot_give_to_deleted_user(self):
with session.begin():
system = data_setup.create_system()
deleted_user = data_setup.create_user()
deleted_user.removed = datetime.datetime.utcnow()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn,
session=s, data={'owner': {'user_name': deleted_user.user_name}})
self.assertEquals(response.status_code, 400)
self.assertEquals(response.text,
'Cannot change owner to deleted user %s' % deleted_user.user_name)
def test_update_email_address(self):
with session.begin():
user = data_setup.create_user(
email_address=u'*****@*****.**')
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'email_address': u'*****@*****.**'},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.email_address, u'*****@*****.**')
def test_rename_user(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
session=s, data={'user_name': 'sgamgee'})
response.raise_for_status()
self.assertEqual(response.headers['Location'], get_server_base() + 'users/sgamgee')
self.assertEqual(response.json()['user_name'], 'sgamgee')
with session.begin():
session.expire_all()
self.assertEqual(user.user_name, u'sgamgee')
def test_set_password(self):
with session.begin():
user = data_setup.create_user()
user.password = u'frodo'
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'password': u'bilbo'},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(user.check_password(u'bilbo'))
def test_clear_root_password(self):
with session.begin():
user = data_setup.create_user()
user.root_password = u'D6BeK7Cq9a4M'
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'root_password': u''},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNone(user._root_password)
def test_can_update_recipe_whiteboard(self):
s = requests.Session()
requests_login(s, user=self.owner, password=u'theowner')
response = patch_json(get_server_base() +
'recipes/%s' % self.recipe.id,
session=s, data={'whiteboard': u'newwhiteboard'})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(self.recipe.whiteboard, 'newwhiteboard')
self.assertEquals(self.recipe.activity[0].field_name, u'Whiteboard')
self.assertEquals(self.recipe.activity[0].action, u'Changed')
self.assertEquals(self.recipe.activity[0].new_value, u'newwhiteboard')
def test_set_use_old_job_page(self):
with session.begin():
user = data_setup.create_user(password=u'password')
user.use_old_job_page = True
s = requests.Session()
requests_login(s, user=user.user_name, password='******')
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'use_old_job_page': False},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEqual(user.use_old_job_page, False)
def test_reenable_user(self):
with session.begin():
user = data_setup.create_user()
user.disabled = True
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'disabled': False},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertFalse(user.disabled)
def test_unremove_account(self):
with session.begin():
user = data_setup.create_user()
user.removed = datetime.datetime.utcnow()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': None}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNone(user.removed)
self.assertFalse(user.disabled)
def test_unremove_account(self):
with session.begin():
user = data_setup.create_user()
user.removed = datetime.datetime.utcnow()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': None}, session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNone(user.removed)
self.assertFalse(user.disabled)
def test_task_update_disable_successful(self):
req_sess = requests.Session()
requests_login(req_sess, data_setup.ADMIN_USER,
data_setup.ADMIN_PASSWORD)
self.assertEqual(self.my_task.valid, True)
response = patch_json(get_server_base() + 'tasks/%s' % self.my_task.id,
session=req_sess,
data={'disabled': True})
response.raise_for_status()
self.assertEqual(response.json()['valid'], False)
with session.begin():
session.expire_all()
self.assertEqual(self.my_task.valid, False)
def test_rename_user(self):
with session.begin():
user = data_setup.create_user()
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
session=s, data={'user_name': 'sgamgee'})
response.raise_for_status()
self.assertEqual(response.headers['Location'], get_server_base() + 'users/sgamgee')
self.assertEqual(response.json()['user_name'], 'sgamgee')
with session.begin():
session.expire_all()
self.assertEqual(user.user_name, u'sgamgee')
def test_updating_power_returns_correct_id(self):
# The bug was that Power.id was overwriting System.id
with session.begin():
system = data_setup.create_system(with_power=False,
owner=self.owner)
s = requests.Session()
requests_login(s, user=self.owner.user_name, password=u'theowner')
response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={
'power_type': 'ilo',
'power_address': 'nowhere'
})
response.raise_for_status()
self.assertEqual(response.json()['id'], system.id)
def test_cannot_update_system_pool_with_empty_name(self):
"""Verify that updating a system pool with an empty name returns an error."""
self.assertTrue(self.pool.name,
"Cannot run test with empty pool name in fixture")
s = requests.Session()
send_login(s, self.owner, 'theowner')
response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name,
session=s,
data={'name': ''})
self.assertEqual(400, response.status_code)
self.assertEqual('Pool name cannot be empty', response.text)
with session.begin():
session.refresh(self.pool)
self.assertTrue(self.pool.name)
def test_cannot_change_system_pool_owner_to_deleted_user(self):
with session.begin():
self.user.removed = datetime.datetime.utcnow()
s = requests.Session()
send_login(s, user=self.owner, password=u'theowner')
response = patch_json(
get_server_base() + 'pools/%s/' % self.pool.name,
session=s,
data={'owner': {
'user_name': self.user.user_name
}})
self.assertEquals(response.status_code, 400)
self.assertEquals(
response.text, 'System pool cannot be owned by deleted user %s' %
self.user.user_name)
def test_user_with_edit_permission_can_delete_note(self):
with session.begin():
self.system.notes.append(Note(text=u'asdf', user=self.owner))
session.flush()
note_id = self.system.notes[0].id
user = data_setup.create_user(password='******')
self.system.custom_access_policy.add_rule(
permission=SystemPermission.edit_system, user=user)
s = requests.Session()
requests_login(s, user=user.user_name, password=u'password')
response = patch_json(get_server_base() + 'systems/%s/notes/%s' %
(self.system.fqdn, note_id),
session=s,
data={'deleted': 'now'})
response.raise_for_status()
def test_can_update_reservation_request_to_reserve_system(self):
with session.begin():
data_setup.mark_job_running(self.job)
# On a recipe with reservation request
s = requests.Session()
requests_login(s, user=self.owner, password=u'theowner')
response = patch_json(get_server_base() +
'recipes/%s/reservation-request' % self.recipe_with_reservation_request.id,
session=s, data={'reserve': True, 'duration': 300})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(self.recipe_with_reservation_request.reservation_request.duration,
300)
self.assertEquals(self.recipe_with_reservation_request.activity[0].field_name,
u'Reservation Request')
self.assertEquals(self.recipe_with_reservation_request.activity[0].action,
u'Changed')
self.assertEquals(self.recipe_with_reservation_request.activity[0].new_value,
u'300')
# On a recipe without reservation request
s = requests.Session()
requests_login(s, user=self.owner, password=u'theowner')
response = patch_json(get_server_base() +
'recipes/%s/reservation-request' % self.recipe_without_reservation_request.id,
session=s, data={'reserve': True, 'duration': 300})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(self.recipe_without_reservation_request.reservation_request)
self.assertEquals(self.recipe_without_reservation_request.activity[0].field_name,
u'Reservation Request')
self.assertEquals(self.recipe_without_reservation_request.activity[0].action,
u'Changed')
self.assertEquals(self.recipe_without_reservation_request.activity[0].new_value,
u'300')
def test_can_set_zero_quiescent_period(self):
with session.begin():
system = data_setup.create_system()
s = requests.Session()
s.post(get_server_base() + 'login',
data={
'user_name': data_setup.ADMIN_USER,
'password': data_setup.ADMIN_PASSWORD
}).raise_for_status()
response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={'power_quiescent_period': 0})
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(system.power.power_quiescent_period, 0)
def test_cannot_give_to_deleted_user(self):
with session.begin():
system = data_setup.create_system()
deleted_user = data_setup.create_user()
deleted_user.removed = datetime.datetime.utcnow()
s = requests.Session()
requests_login(s)
response = patch_json(
get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={'owner': {
'user_name': deleted_user.user_name
}})
self.assertEquals(response.status_code, 400)
self.assertEquals(
response.text,
'Cannot change owner to deleted user %s' % deleted_user.user_name)
def test_condition_report_length_is_enforced(self):
s = requests.Session()
s.post(get_server_base() + 'login',
data={
'user_name': self.owner.user_name,
'password': '******'
}).raise_for_status()
response = patch_json(get_server_base() +
'systems/%s/' % self.system.fqdn,
session=s,
data={
'status': 'Broken',
'status_reason': 'reallylong' * 500
})
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.text,
'System condition report is longer than 4000 characters')
def test_cannot_update_system_details_with_edit_policy_permission(self):
with session.begin():
user = data_setup.create_user(password='******')
system = data_setup.create_system()
system.custom_access_policy.add_rule(
permission=SystemPermission.edit_policy, user=user)
s = requests.Session()
s.post(get_server_base() + 'login',
data={
'user_name': user.user_name,
'password': '******'
}).raise_for_status()
response = patch_json(
get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={'fqdn': u'newfqdn'},
)
self.assertEquals(response.status_code, 403)
self.assertIn('Cannot edit system', response.text)
def test_system_owner_username_is_truncated(self):
with session.begin():
system = data_setup.create_system()
max_new_value_length = 60
long_username = '******' * max_new_value_length + 's'
user_with_long_username = data_setup.create_user(
user_name=long_username)
s = requests.Session()
requests_login(s)
response = patch_json(
get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={'owner': {
'user_name': user_with_long_username.user_name
}})
self.assertEquals(response.status_code, 200)
with session.begin():
self.assertEquals(system.activity[0].field_name, u'Owner')
self.assertEquals(system.activity[0].action, u'Changed')
self.assertEquals(system.activity[0].new_value,
u'z' * max_new_value_length)
def test_rejects_non_ascii_chars_in_fqdn(self):
b = self.browser
login(b)
self.go_to_system_view()
b.find_element_by_xpath(
'//h1/button[contains(text(), "Rename")]').click()
modal = b.find_element_by_class_name('modal')
modal.find_element_by_name('fqdn').clear()
modal.find_element_by_name('fqdn').send_keys(u'lööööl')
modal.find_element_by_tag_name('form').submit()
# we can't actually check the HTML5 validation error,
# but we should still be at the system rename modal
modal.find_element_by_css_selector('input[name=fqdn]:invalid')
# should be rejected server-side also
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() +
'systems/%s/' % self.system.fqdn,
session=s,
data=dict(fqdn=u'löööööl'))
self.assertEquals(response.status_code, 400)
self.assertEquals(response.text, u'Invalid FQDN for system: löööööl')
def test_updating_access_policy_with_no_change_should_not_record_activity(
self):
with session.begin():
system = data_setup.create_system()
s = requests.Session()
s.post(get_server_base() + 'login',
data={
'user_name': data_setup.ADMIN_USER,
'password': data_setup.ADMIN_PASSWORD
}).raise_for_status()
response = patch_json(
get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={'active_access_policy': {
'custom': True
}},
)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(system.active_access_policy,
system.custom_access_policy)
self.assertEquals(system.activity, [])
def test_sends_mail_notification_for_loan_return(self):
with session.begin():
owner = data_setup.create_user(user_name='mturnbull', email_address='*****@*****.**')
system = data_setup.create_system(fqdn='lya4.aemo.com.au', owner=owner)
loanee = data_setup.create_user(user_name='bshorten')
system.loaned = loanee
s = requests.Session()
requests_login(s)
mail_capture_thread.start_capturing()
response = patch_json(get_server_base() + 'systems/%s/loans/+current' % system.fqdn,
session=s, data={'finish': 'now'})
self.assertEquals(response.status_code, 200)
captured_mails = mail_capture_thread.stop_capturing()
self.assertEquals(len(captured_mails), 1)
sender, rcpts, raw_msg = captured_mails[0]
msg = email.message_from_string(raw_msg)
self.assertEquals(['*****@*****.**'], rcpts)
self.assertEquals('*****@*****.**', msg['To'])
self.assertEquals('System lya4.aemo.com.au loan returned', msg['Subject'])
self.assertEquals(
'Beaker system lya4.aemo.com.au <%sview/lya4.aemo.com.au>\n'
'loan has been returned by admin.'
% get_server_base(),
msg.get_payload(decode=True))
def test_set_active_policy_to_custom_policy(self):
with session.begin():
user1 = data_setup.create_user()
user2 = data_setup.create_user()
self.system.custom_access_policy.add_rule(
permission=SystemPermission.edit_system, user=user1)
pool = data_setup.create_system_pool()
pool.access_policy.add_rule(
permission=SystemPermission.edit_system, user=user2)
self.system.active_access_policy = pool.access_policy
self.assertFalse(
self.system.active_access_policy.grants(
user1, SystemPermission.edit_system))
self.assertTrue(
self.system.active_access_policy.grants(
user2, SystemPermission.edit_system))
s = requests.Session()
s.post(get_server_base() + 'login',
data={
'user_name': self.owner.user_name,
'password': '******'
}).raise_for_status()
response = patch_json(
get_server_base() + 'systems/%s/' % self.system.fqdn,
session=s,
data={'active_access_policy': {
'custom': True
}},
)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertTrue(self.system.active_access_policy.grants \
(user1, SystemPermission.edit_system))
def test_can_update_active_access_policy_with_edit_policy_permission(self):
with session.begin():
user = data_setup.create_user(password='******')
system = data_setup.create_system()
system.custom_access_policy.add_rule(
permission=SystemPermission.edit_policy, user=user)
pool = data_setup.create_system_pool(systems=[system])
s = requests.Session()
s.post(get_server_base() + 'login',
data={
'user_name': user.user_name,
'password': '******'
}).raise_for_status()
response = patch_json(
get_server_base() + 'systems/%s/' % system.fqdn,
session=s,
data={'active_access_policy': {
'pool_name': pool.name
}},
)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertEquals(system.active_access_policy, pool.access_policy)
def test_anonymous_cannot_update_reservation_request(self):
response = patch_json(get_server_base() +
'recipes/%s/reservation-request' % self.recipe_with_reservation_request.id,
data={'reserve': True, 'duration': 300})
self.assertEquals(response.status_code, 401)
def test_anonymous_cannot_update_recipe(self):
response = patch_json(get_server_base() +
'recipes/%s' % self.recipe.id,
data={'whiteboard': u'testwhiteboard'})
self.assertEquals(response.status_code, 401)
def test_remove_account(self):
with session.begin():
user = data_setup.create_user()
job = data_setup.create_job(owner=user)
data_setup.mark_job_running(job)
owned_system = data_setup.create_system(owner=user)
loaned_system = data_setup.create_system()
loaned_system.loaned = user
reserved_system = data_setup.create_system(
status=SystemStatus.manual)
reserved_system.reserve_manually(service=u'testdata', user=user)
reserved_system.custom_access_policy.add_rule(
SystemPermission.reserve, user=user)
owned_pool = data_setup.create_system_pool(owning_user=user)
group = data_setup.create_group(owner=user)
s = requests.Session()
requests_login(s)
response = patch_json(get_server_base() + 'users/%s' % user.user_name,
data={'removed': 'now'},
session=s)
response.raise_for_status()
with session.begin():
session.expire_all()
self.assertIsNotNone(user.removed)
# running jobs should be cancelled
job.update_status()
self.assertEquals(job.status, TaskStatus.cancelled)
self.assertIn('User %s removed' % user.user_name,
job.recipesets[0].recipes[0].tasks[0].results[0].log)
# reservations should be released
self.assertIsNone(reserved_system.user)
# loans should be returned
self.assertIsNone(loaned_system.loaned)
# access policy rules should be removed
self.assertEqual([], [
rule for rule in reserved_system.custom_access_policy.rules
if rule.user == user
])
self.assertEqual(reserved_system.activity[0].field_name,
u'Access Policy Rule')
self.assertEqual(reserved_system.activity[0].action, u'Removed')
self.assertEqual(reserved_system.activity[0].old_value,
u'<grant reserve to %s>' % user.user_name)
# systems owned by the user should be transferred to the caller
self.assertEqual(owned_system.owner.user_name,
data_setup.ADMIN_USER)
self.assertEqual(owned_system.activity[0].field_name, u'Owner')
self.assertEqual(owned_system.activity[0].action, u'Changed')
self.assertEqual(owned_system.activity[0].old_value,
user.user_name)
self.assertEqual(owned_system.activity[0].new_value,
data_setup.ADMIN_USER)
# pools owned by the user should be transferred to the caller
self.assertEqual(owned_pool.owner.user_name, data_setup.ADMIN_USER)
self.assertEqual(owned_pool.activity[0].field_name, u'Owner')
self.assertEqual(owned_pool.activity[0].action, u'Changed')
self.assertEqual(owned_pool.activity[0].old_value, user.user_name)
self.assertEqual(owned_pool.activity[0].new_value,
data_setup.ADMIN_USER)
# group membership/ownership should be removed
self.assertNotIn(group, user.groups)
self.assertNotIn(user, group.users)
self.assertFalse(group.has_owner(user))
self.assertEqual(group.activity[-1].field_name, u'User')
self.assertEqual(group.activity[-1].action, u'Removed')
self.assertEqual(group.activity[-1].old_value, user.user_name)
