예제 #1
0
 def test_group_remove_should_not_remove_system_pool(self):
     with session.begin():
         user = data_setup.create_user(password='******')
         group = data_setup.create_group(owner=user)
         pool = data_setup.create_system_pool(owning_group=group)
     b = self.browser
     login(b, user=user.user_name, password='******')
     b.get(get_server_base() + 'groups/')
     b.find_element_by_xpath("//input[@name='group.text']").clear()
     b.find_element_by_xpath("//input[@name='group.text']").send_keys(group.group_name)
     b.find_element_by_id('Search').submit()
     delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
                        group.group_name, delete_text='Delete Group')
     self.assertEqual(
         b.find_element_by_class_name('flash').text,
         '%s deleted' % group.display_name)
     with session.begin():
         session.refresh(pool)
         self.assertFalse(pool.owning_group)
         self.assertEquals(pool.owning_user, user)
         self.assertEquals(pool.activity[-1].action, u'Changed')
         self.assertEquals(pool.activity[-1].field_name, u'Owner')
         self.assertEquals(pool.activity[-1].old_value, 'Group %s' % group.group_name)
         self.assertEquals(pool.activity[-1].new_value, user.user_name)
         self.assertEquals(pool.activity[-1].service, u'WEBUI')
예제 #2
0
    def test_modify_active_access_policy(self):
        with session.begin():
            user1 = data_setup.create_user()
            perm = SystemPermission.reserve
            system1 = data_setup.create_system(shared=False)
            system2 = data_setup.create_system(shared=False)
            system1.custom_access_policy.add_rule(perm, user=user1)
            system2.custom_access_policy.add_rule(perm, user=user1)

            pool = data_setup.create_system_pool(systems=[system1, system2])
            user2 = data_setup.create_user()
            pool.access_policy.add_rule(perm, user=user2)

        # use pool policy
        run_client(['bkr', 'system-modify',
                    '--pool-policy', pool.name,
                    system1.fqdn, system2.fqdn])
        with session.begin():
            session.expire_all()
            for s in [system1, system2]:
                self.assertFalse(s.active_access_policy.grants(user1, perm))
                self.assertTrue(s.active_access_policy.grants(user2, perm))
                self.assertEquals(s.activity[-1].field_name, u'Active Access Policy')
                self.assertEquals(s.activity[-1].action, u'Changed')
                self.assertEquals(s.activity[-1].old_value, 'Custom Access Policy')
                self.assertEquals(s.activity[-1].new_value,'Pool policy: %s' % pool.name)

        # system not in a pool
        try:
            run_client(['bkr', 'system-modify',
                        '--pool-policy', data_setup.create_system_pool().name,
                        system1.fqdn])
        except ClientError as e:
            self.assertIn('To use a pool policy, the system must be in the pool first',
                          e.stderr_output)

        # Revert to custom policy
        run_client(['bkr', 'system-modify',
                    '--use-custom-policy',
                    system1.fqdn, system2.fqdn])

        with session.begin():
            session.expire_all()
            for s in [system1, system2]:
                self.assertTrue(s.active_access_policy.grants(user1, perm))
                self.assertFalse(s.active_access_policy.grants(user2, perm))

        # insufficient permission to change active policy
        with session.begin():
            user1 = data_setup.create_user(password='******')
        try:
            run_client(['bkr', 'system-modify',
                        '--use-custom-policy',
                        '--user', user1.user_name,
                        '--password', 'abc',
                        system1.fqdn])
            self.fail('Must raise')
        except ClientError as e:
            self.assertIn('Cannot edit system access policy',
                          e.stderr_output)
예제 #3
0
 def test_PUT_result_log(self):
     with session.begin():
         task = self.recipe.tasks[0]
         task.pass_(u'', 0, u'Pass')
         result = self.recipe.tasks[0].results[0]
     upload_url = '%srecipes/%s/tasks/%s/results/%s/logs/PUT-result-log' % (
             self.get_proxy_url(), self.recipe.id, task.id, result.id)
     response = requests.put(upload_url, data='a' * 10)
     self.assertEquals(response.status_code, 204)
     local_log_dir = '%s/results/%s+/%s/' % (get_conf().get('CACHEPATH'),
             result.id // 1000, result.id)
     with session.begin():
         self.assertEquals(result.logs[0].path, '/')
         self.assertEquals(result.logs[0].filename, 'PUT-result-log')
         self.assertEquals(result.logs[0].server,
                 '%s/beaker/logs/results/%s+/%s/'
                 % (self.get_log_base_url(), result.id // 1000, result.id))
         self.assertEquals(result.logs[0].basepath, local_log_dir)
         self.assertEquals(
                 open(os.path.join(local_log_dir, 'PUT-result-log'), 'r').read(),
                 'aaaaaaaaaa')
     response = requests.put(upload_url, data='b' * 10,
             headers={'Content-Range': 'bytes 10-19/20'})
     self.assertEquals(response.status_code, 204)
     with session.begin():
         self.assertEquals(
                 open(os.path.join(local_log_dir, 'PUT-result-log'), 'r').read(),
                 'aaaaaaaaaabbbbbbbbbb')
     response = requests.get(upload_url)
     response.raise_for_status()
     self.assertEquals(response.content, 'aaaaaaaaaabbbbbbbbbb')
예제 #4
0
 def test_clear_netboot_GET(self):
     with session.begin():
         system = data_setup.create_system()
     response = requests.get(self.get_proxy_url() + 'nopxe/%s' % system.fqdn)
     response.raise_for_status()
     with session.begin():
         self.assertEqual(system.command_queue[0].action, 'clear_netboot')
예제 #5
0
 def test_start_and_complete_external_task(self):
     # Alternative harnesses which support external tasks can report back 
     # the name and version of the task after they fetch it.
     task_url = '%srecipes/%s/tasks/%s/' % (self.get_proxy_url(),
             self.recipe.id, self.recipe.tasks[2].id)
     name = '/external/example'
     version = '3.14-1'
     response = requests.patch(task_url, data=dict(status='Running',
             name=name, version=version))
     self.assertEquals(response.status_code, 200)
     json = response.json()
     self.assertEquals(json['status'], 'Running')
     self.assertEquals(json['name'], name)
     self.assertEquals(json['version'], version)
     with session.begin():
         session.expire_all()
         task = self.recipe.tasks[2]
         self.assertEquals(task.status, TaskStatus.running)
         self.assertEquals(task.name, name)
         self.assertEquals(task.version, version)
     response = requests.patch(task_url, data=dict(status='Completed'))
     self.assertEquals(response.status_code, 200)
     self.assertEquals(response.json()['status'], 'Completed')
     with session.begin():
         session.expire_all()
         task = self.recipe.tasks[2]
         self.assertEquals(task.status, TaskStatus.completed)
예제 #6
0
    def test_modify_attributes_policy(self):
        with session.begin():
            system1 = data_setup.create_system(shared=False)
            system2 = data_setup.create_system(shared=False)
            new_owner = data_setup.create_user()
            perm = SystemPermission.reserve
            user1 = data_setup.create_user()
            system1.custom_access_policy.add_rule(perm, user=user1)
            system2.custom_access_policy.add_rule(perm, user=user1)
            pool = data_setup.create_system_pool(systems=[system1, system2])
            user2 = data_setup.create_user()
            pool.access_policy.add_rule(perm, user=user2)

        run_client(['bkr', 'system-modify',
                    '--owner', new_owner.user_name,
                    '--condition', 'Manual',
                    '--pool-policy', pool.name,
                    system1.fqdn, system2.fqdn])
        with session.begin():
            session.expire_all()
            for s in [system1, system2]:
                self.assertEquals(s.owner.user_name, new_owner.user_name)
                self.assertEquals(s.status, SystemStatus.manual)
                self.assertFalse(s.active_access_policy.grants(user1, perm))
                self.assertTrue(s.active_access_policy.grants(user2, perm))
예제 #7
0
 def test_xmlrpc_result_log(self):
     with session.begin():
         self.recipe.tasks[0].pass_(u'', 0, u'Pass')
         result = self.recipe.tasks[0].results[0]
     s = xmlrpclib.ServerProxy(self.get_proxy_url(), allow_none=True)
     s.result_upload_file(result.id, '/', 'result-log', 10, None, 0,
             b64encode('a' * 10))
     local_log_dir = '%s/results/%s+/%s/' % (get_conf().get('CACHEPATH'),
             result.id // 1000, result.id)
     with session.begin():
         self.assertEquals(result.logs[0].path, '/')
         self.assertEquals(result.logs[0].filename, 'result-log')
         self.assertEquals(result.logs[0].server,
                 '%s/beaker/logs/results/%s+/%s/'
                 % (self.get_log_base_url(), result.id // 1000, result.id))
         self.assertEquals(result.logs[0].basepath, local_log_dir)
         self.assertEquals(
                 open(os.path.join(local_log_dir, 'result-log'), 'r').read(),
                 'aaaaaaaaaa')
     s.result_upload_file(result.id, '/', 'result-log', 10, None, 10,
             b64encode('b' * 10))
     with session.begin():
         self.assertEquals(
                 open(os.path.join(local_log_dir, 'result-log'), 'r').read(),
                 'aaaaaaaaaabbbbbbbbbb')
예제 #8
0
    def test_add_system_to_pool(self):
        with session.begin():
            other_system = data_setup.create_system(owner=self.owner)
        s = requests.Session()
        s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
                'password': '******'}).raise_for_status()
        response = post_json(get_server_base() + 'pools/%s/systems/' % self.pool.name,
                session=s, data={'fqdn': other_system.fqdn})
        response.raise_for_status()
        with session.begin():
            session.expire_all()
            self.assertItemsEqual(self.pool.systems, [self.system, other_system])
            self.assertEquals(self.pool.activity[-1].field_name, 'System')
            self.assertEquals(self.pool.activity[-1].action, 'Added')
            self.assertEquals(self.pool.activity[-1].new_value, unicode(other_system))
            self.assertEquals(other_system.activity[-1].field_name, 'Pool')
            self.assertEquals(other_system.activity[-1].action, 'Added')
            self.assertEquals(other_system.activity[-1].new_value, unicode(self.pool))

        # adding to a pool that doesn't exist is a 404
        response = post_json(get_server_base() + 'pools/nosuchpool/systems/',
                session=s, data={'fqdn': other_system.fqdn})
        self.assertEquals(response.status_code, 404)
        self.assertEquals(response.text, 'System pool nosuchpool does not exist')

        # adding a system that doesn't exist is a 400
        response = post_json(get_server_base() + 'pools/%s/systems/' % self.pool.name,
                session=s, data={'fqdn': 'nosuchsystem'})
        self.assertEquals(response.status_code, 400)
        self.assertEquals(response.text, "System 'nosuchsystem' does not exist")
예제 #9
0
    def test_update_system_pool(self):
        s = requests.Session()
        s.post(get_server_base() + 'login', data={'user_name': self.owner.user_name,
                                                  'password': '******'}).raise_for_status()
        response = patch_json(get_server_base() +
                'pools/%s/' % self.pool.name, session=s,
                data={'name': 'newname',
                      'description': 'newdescription',
                      'owner': {'user_name': self.user.user_name}})
        response.raise_for_status()
        with session.begin():
            session.expire_all()
            self.assertEquals(self.pool.name, 'newname')
            self.assertEquals(self.pool.description, 'newdescription')
            self.assertEquals(self.pool.owner.user_name, self.user.user_name)

        s = requests.Session()
        s.post(get_server_base() + 'login', data={'user_name': self.user.user_name,
                                                  'password': '******'}).raise_for_status()
        response = patch_json(get_server_base() +
                              'pools/%s/' % self.pool.name, session=s,
                              data={'name': 'newname',
                                    'description': 'newdescription',
                                    'owner': {'group_name': self.group.group_name}})
        response.raise_for_status()
        with session.begin():
            session.expire_all()
            self.assertEquals(self.pool.owner, self.group)
            self.assertFalse(self.pool.owning_user)
예제 #10
0
    def test_create_pool_set_owner(self):
        pool_name = data_setup.unique_name(u'mypool%s')
        owner = data_setup.create_user()
        run_client(['bkr', 'pool-create',
                    '--owner', owner.user_name,
                    pool_name])
        with session.begin():
            p = SystemPool.by_name(pool_name)
            self.assertFalse(p.owning_group)
            self.assertTrue(p.owning_user.user_name,
                            owner.user_name)

        pool_name = data_setup.unique_name(u'mypool%s')

        owning_group = data_setup.create_group()
        run_client(['bkr', 'pool-create',
                    '--owning-group', owning_group.group_name,
                    pool_name])
        with session.begin():
            p = SystemPool.by_name(pool_name)
            self.assertTrue(p.owning_group, owning_group)
            self.assertFalse(p.owning_user)

        # specifying both should error out
        try:
            run_client(['bkr', 'pool-create',
                        '--owner', owner.user_name,
                        '--owning-group', owning_group.group_name,
                    pool_name])
            self.fail('Must error out')
        except ClientError as e:
            self.assertIn('Only one of owner or owning-group must be specified',
                          e.stderr_output)
예제 #11
0
 def test_clear_netboot(self):
     with session.begin():
         system = data_setup.create_system()
     s = xmlrpclib.ServerProxy(self.get_proxy_url())
     s.clear_netboot(system.fqdn)
     with session.begin():
         self.assertEqual(system.command_queue[0].action, 'clear_netboot')
예제 #12
0
 def test_no_requested_tasks(self):
     # If you don't request any tasks (by passing the --task option)
     # each recipe should contain only the install checking task
     # and nothing more.
     with session.begin():
         # This one will use /distribution/check-install
         data_setup.create_distro_tree(osmajor=u'Fedorarawhide')
         # This one will use /distribution/install
         data_setup.create_distro_tree(osmajor=u'RedHatEnterpriseLinux7')
     out = run_client(['bkr', 'harness-test'])
     self.assertIn("Submitted:", out)
     with session.begin():
         new_job = Job.query.order_by(Job.id.desc()).first()
         # There will be one recipe per OS major that exists in the database,
         # which is potentially a large number left from earlier tests.
         # What we care about is that every recipe must have one task,
         # either /distribution/check-install (default)
         # or /distribution/install (on known, older distros).
         self.assertGreater(len(new_job.recipesets), 1)
         for recipe in new_job.all_recipes:
             self.assertEqual(len(recipe.tasks), 1)
             if recipe.installation.osmajor == 'Fedorarawhide':
                 self.assertEqual(recipe.tasks[0].name, '/distribution/check-install')
             if recipe.installation.osmajor == 'RedHatEnterpriseLinux7':
                 self.assertEqual(recipe.tasks[0].name, '/distribution/install')
예제 #13
0
 def test_remove_account(self):
     with session.begin():
         user = data_setup.create_user()
         job = data_setup.create_job(owner=user)
         data_setup.mark_job_running(job)
         owned_system = data_setup.create_system(owner=user)
         loaned_system = data_setup.create_system()
         loaned_system.loaned = user
         reserved_system = data_setup.create_system(status=SystemStatus.manual)
         reserved_system.reserve_manually(service=u'testdata', user=user)
         reserved_system.custom_access_policy.add_rule(
                 SystemPermission.reserve, user=user)
         owned_pool = data_setup.create_system_pool(owning_user=user)
         group = data_setup.create_group(owner=user)
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'removed': 'now'}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertIsNotNone(user.removed)
         # running jobs should be cancelled
         job.update_status()
         self.assertEquals(job.status, TaskStatus.cancelled)
         self.assertIn('User %s removed' % user.user_name,
                       job.recipesets[0].recipes[0].tasks[0].results[0].log)
         # reservations should be released
         self.assertIsNone(reserved_system.user)
         # loans should be returned
         self.assertIsNone(loaned_system.loaned)
         # access policy rules should be removed
         self.assertEqual([],
                 [rule for rule in reserved_system.custom_access_policy.rules
                  if rule.user == user])
         self.assertEqual(reserved_system.activity[0].field_name, u'Access Policy Rule')
         self.assertEqual(reserved_system.activity[0].action, u'Removed')
         self.assertEqual(reserved_system.activity[0].old_value,
                 u'User:%s:reserve' % user.user_name)
         # systems owned by the user should be transferred to the caller
         self.assertEqual(owned_system.owner.user_name, data_setup.ADMIN_USER)
         self.assertEqual(owned_system.activity[0].field_name, u'Owner')
         self.assertEqual(owned_system.activity[0].action, u'Changed')
         self.assertEqual(owned_system.activity[0].old_value, user.user_name)
         self.assertEqual(owned_system.activity[0].new_value, data_setup.ADMIN_USER)
         # pools owned by the user should be transferred to the caller
         self.assertEqual(owned_pool.owner.user_name, data_setup.ADMIN_USER)
         self.assertEqual(owned_pool.activity[0].field_name, u'Owner')
         self.assertEqual(owned_pool.activity[0].action, u'Changed')
         self.assertEqual(owned_pool.activity[0].old_value, user.user_name)
         self.assertEqual(owned_pool.activity[0].new_value, data_setup.ADMIN_USER)
         # group membership/ownership should be removed
         self.assertNotIn(group, user.groups)
         self.assertNotIn(user, group.users)
         self.assertFalse(group.has_owner(user))
         self.assertEqual(group.activity[-1].field_name, u'User')
         self.assertEqual(group.activity[-1].action, u'Removed')
         self.assertEqual(group.activity[-1].old_value, user.user_name)
예제 #14
0
 def test_change_condition(self):
     with session.begin():
         system = data_setup.create_system(status=SystemStatus.automated)
     run_client(['bkr', 'system-modify', '--condition=Manual', system.fqdn])
     with session.begin():
         session.expire_all()
         self.assertEquals(system.status, SystemStatus.manual)
         self.assertEquals(system.activity[0].field_name, u'Status')
         self.assertEquals(system.activity[0].new_value, u'Manual')
    def test_active_access_policy_selection(self):
        with session.begin():
            user = data_setup.create_user()
            owner = data_setup.create_user(password='******')
            system = data_setup.create_system(owner=owner)
            data_setup.create_system_pool(systems=[system])
            pool2 = data_setup.create_system_pool(systems=[system])
            pool2.access_policy.add_rule(user=user,
                                         permission=SystemPermission.edit_system)
        b = self.browser
        login(b, owner.user_name, password='******')
        b.get(get_server_base() + 'view/%s/' % system.fqdn)
        b.find_element_by_link_text('Access Policy').click()
        pane = b.find_element_by_id('access-policy')
        # Currently the system is using its custom access policy
        self.assertTrue(pane.find_element_by_xpath(
            '//label[contains(string(.), "Use custom access policy")]'
            '/input[@type="radio"]').is_selected())

        # change to pool policy
        pane.find_element_by_xpath(
                           '//label[contains(string(.), "Use policy from pool:")]'
                           '/input[@type="radio"]').click()
        Select(pane.find_element_by_name('pool_name')).select_by_visible_text(pool2.name)
        pane.find_element_by_xpath('.//button[text()="Save changes"]').click()
        # wait for the request to complete
        pane.find_element_by_xpath('.//span[@class="sync-status" and not(node())]')
        # check if the policy change has persisted
        b.get(get_server_base() + 'view/%s/' % system.fqdn)
        b.find_element_by_link_text('Access Policy').click()
        self.assertTrue(b.find_element_by_xpath(
                                        '//label[contains(string(.), "Use policy from pool:")]'
                                        '/input[@type="radio"]').is_selected())
        selected_options = Select(b.find_element_by_name('pool_name')).\
                           all_selected_options
        self.assertTrue(len(selected_options), 1)
        self.assertEquals(selected_options[0].text, pool2.name)
        self.assertFalse(b.find_element_by_xpath(
                                         '//label[contains(string(.), "Use custom access policy")]'
                                         '/input[@type="radio"]').is_selected())
        with session.begin():
            session.expire_all()
            self.assertTrue(system.active_access_policy.grants(user,
                                                   SystemPermission.edit_system))
        logout(b)
        # no change allowed when not logged in/no right privileges
        b.get(get_server_base() + 'view/%s/' % system.fqdn)
        b.find_element_by_link_text('Access Policy').click()
        self.assertFalse(b.find_element_by_xpath(
                                         '//label[contains(string(.), "Use policy from pool:")]'
                                         '/input[@type="radio"]').is_enabled())
        selected_options = Select(b.find_element_by_name('pool_name')). \
                           all_selected_options
        self.assertEquals(selected_options[0].text, pool2.name)
        self.assertFalse(b.find_element_by_xpath(
            '//label[contains(string(.), "Use custom access policy")]'
            '/input[@type="radio"]').is_enabled())
예제 #16
0
    def test_grant_policy_pool(self):
        with session.begin():
            pool = data_setup.create_system_pool()
            user = data_setup.create_user()
            group = data_setup.create_group()
            group.add_member(user)
            user1 = data_setup.create_user()

        # group
        run_client(['bkr', 'policy-grant', '--pool', pool.name,
                    '--permission', 'edit_system', '--group', group.group_name])
        with session.begin():
            session.refresh(pool)
            self.assertTrue(pool.access_policy.grants(
                user, SystemPermission.edit_system))
        # non-existent group
        try:
            run_client(['bkr', 'policy-grant', '--pool', pool.name,
                        '--permission', 'edit_system', '--group', 'idontexist'])
            self.fail('Must fail or die')
        except ClientError as e:
            self.assertIn("Group 'idontexist' does not exist", e.stderr_output)

        # Everybody edit_system
        run_client(['bkr', 'policy-grant', '--pool', pool.name,
                '--permission', 'edit_system', '--everybody'])
        with session.begin():
            session.refresh(pool)
            self.assertTrue(pool.access_policy.grants(
                    user1, SystemPermission.edit_system))

        # test_multiple_permissions_and_targets
        with session.begin():
            user = data_setup.create_user()
            group = data_setup.create_group()
            user1 = data_setup.create_user()
            group.add_member(user1)
        run_client(['bkr', 'policy-grant', '--pool', pool.name,
                    '--permission=reserve', '--permission=view_power', \
                    '--user', user.user_name, '--group', group.group_name])
        with session.begin():
            session.refresh(pool)
            self.assertTrue(pool.access_policy.grants(
                    user, SystemPermission.view_power))
            self.assertTrue(pool.access_policy.grants(
                    user, SystemPermission.reserve))
            self.assertTrue(pool.access_policy.grants(
                user1, SystemPermission.view_power))
            self.assertTrue(pool.access_policy.grants(
                    user1, SystemPermission.reserve))
        # non-existent pool
        try:
            run_client(['bkr', 'policy-grant', '--pool', 'idontexist',
                        '--permission=reserve', '--permission=view_power', \
                        '--user', user.user_name, '--group', group.group_name])
        except ClientError as e:
            self.assertIn("System pool idontexist does not exist", e.stderr_output)
예제 #17
0
 def test_removing_group_removes_admin(self):
     with session.begin():
         self.system.group_assocs.append(
                 SystemGroup(group=self.group, admin=True))
         self.assert_(self.system.can_admin(self.user_in_group))
     b = self.browser
     self.delete_group_from_system(b)
     with session.begin():
         session.refresh(self.system)
         self.assert_(not self.system.can_admin(self.user_in_group))
예제 #18
0
 def test_can_release_system(self):
     with session.begin():
         system = data_setup.create_system(status=SystemStatus.manual)
         user = data_setup.create_user()
         system.reserve_manually("TESTING", user=user)
     self.assertEqual(system.user, user)
     run_client(["bkr", "system-release", system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEqual(system.user, None)
예제 #19
0
 def test_create_system_set_condition(self):
     fqdn = data_setup.unique_name(u'mysystem%s')
     with session.begin():
         lc = data_setup.create_labcontroller()
     run_client(['bkr', 'system-create', fqdn,
                 '--lab-controller', str(lc.fqdn),
                 '--condition=Automated'])
     with session.begin():
         system = System.by_fqdn(fqdn, User.by_user_name(u'admin'))
         self.assertTrue(system.lab_controller, lc)
         self.assertEquals(str(system.status), u'Automated')
예제 #20
0
 def test_404(self):
     with session.begin():
         distro_tree = data_setup.create_distro_tree(
                 lab_controllers=[self.lc],
                 urls=['http://localhost:19998/error/404'])
     check_all_trees(ignore_errors=True)
     with session.begin():
         session.expire_all()
         # The distro tree should be expired.
         self.assertFalse(any(dla.lab_controller == self.lc
                 for dla in distro_tree.lab_controller_assocs))
예제 #21
0
 def test_grant_everybody(self):
     with session.begin():
         user = data_setup.create_user()
         self.assertFalse(self.system.custom_access_policy.grants(
                 user, SystemPermission.edit_system))
     run_client(['bkr', 'policy-grant', '--system', self.system.fqdn,
             '--permission', 'edit_system', '--everybody'])
     with session.begin():
         session.expire_all()
         self.assertTrue(self.system.custom_access_policy.grants(
                 user, SystemPermission.edit_system))
예제 #22
0
 def test_update_email_address(self):
     with session.begin():
         user = data_setup.create_user(email_address=u'*****@*****.**')
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'email_address': u'*****@*****.**'}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertEqual(user.email_address, u'*****@*****.**')
예제 #23
0
 def test_update_display_name(self):
     with session.begin():
         user = data_setup.create_user(display_name=u'Frodo Baggins')
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'display_name': u'Frodo Gamgee'}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertEqual(user.display_name, u'Frodo Gamgee')
예제 #24
0
    def test_error_when_deleting_referenced_power_type(self):
        with session.begin():
            system = data_setup.create_system()
            power_type = system.power.power_type

        response = self.s.delete(get_server_base() + 'powertypes/%s' % power_type.id)
        self.assertEqual(400, response.status_code)
        with session.begin():
            session.expire_all()
            self.assertTrue(session.query(PowerType).filter_by(
                name=power_type.name).count())
예제 #25
0
 def test_disable_user(self):
     with session.begin():
         user = data_setup.create_user()
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'disabled': True}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertTrue(user.disabled)
예제 #26
0
 def test_set_root_password(self):
     with session.begin():
         user = data_setup.create_user()
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'root_password': u'D6BeK7Cq9a4M'}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertIsNotNone(user._root_password)
예제 #27
0
 def test_404(self):
     with session.begin():
         distro_tree = data_setup.create_distro_tree(
             lab_controllers=[self.lc],
             urls=['http://localhost:19998/error/404'])
     check_all_trees(ignore_errors=True)
     with session.begin():
         session.expire_all()
         # The distro tree should be expired.
         self.assertFalse(
             any(dla.lab_controller == self.lc
                 for dla in distro_tree.lab_controller_assocs))
예제 #28
0
 def test_revoke_everybody(self):
     with session.begin():
         self.system.custom_access_policy.add_rule(
                 permission=SystemPermission.edit_system, everybody=True)
         self.assertTrue(self.system.custom_access_policy.grants_everybody(
                 SystemPermission.edit_system))
     run_client(['bkr', 'policy-revoke', '--system', self.system.fqdn,
             '--permission', 'edit_system', '--everybody'])
     with session.begin():
         session.expire_all()
         self.assertFalse(self.system.custom_access_policy.grants_everybody(
                 SystemPermission.edit_system))
예제 #29
0
 def test_revoke_everybody(self):
     with session.begin():
         self.system.custom_access_policy.add_rule(
                 permission=SystemPermission.edit_system, everybody=True)
         self.assertTrue(self.system.custom_access_policy.grants_everybody(
                 SystemPermission.edit_system))
     run_client(['bkr', 'policy-revoke', '--system', self.system.fqdn,
             '--permission', 'edit_system', '--everybody'])
     with session.begin():
         session.expire_all()
         self.assertFalse(self.system.custom_access_policy.grants_everybody(
                 SystemPermission.edit_system))
예제 #30
0
파일: test_users.py 프로젝트: joyxu/beaker
 def test_update_display_name(self):
     with session.begin():
         user = data_setup.create_user(display_name=u'Frodo Baggins')
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
                           data={'display_name': u'Frodo Gamgee'},
                           session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertEqual(user.display_name, u'Frodo Gamgee')
예제 #31
0
    def test_modify_active_access_policy(self):
        with session.begin():
            user1 = data_setup.create_user()
            perm = SystemPermission.reserve
            system1 = data_setup.create_system(shared=False)
            system2 = data_setup.create_system(shared=False)
            system1.custom_access_policy.add_rule(perm, user=user1)
            system2.custom_access_policy.add_rule(perm, user=user1)

            pool = data_setup.create_system_pool(systems=[system1, system2])
            user2 = data_setup.create_user()
            pool.access_policy.add_rule(perm, user=user2)

        # use pool policy
        run_client([
            'bkr', 'system-modify', '--pool-policy', pool.name, system1.fqdn,
            system2.fqdn
        ])
        with session.begin():
            session.expire_all()
            for s in [system1, system2]:
                self.assertFalse(s.active_access_policy.grants(user1, perm))
                self.assertTrue(s.active_access_policy.grants(user2, perm))
                self.assertEquals(s.activity[-1].field_name,
                                  u'Active Access Policy')
                self.assertEquals(s.activity[-1].action, u'Changed')
                self.assertEquals(s.activity[-1].old_value,
                                  'Custom access policy')
                self.assertEquals(s.activity[-1].new_value,
                                  'Pool policy: %s' % pool.name)

        # system not in a pool
        try:
            run_client([
                'bkr', 'system-modify', '--pool-policy',
                data_setup.create_system_pool().name, system1.fqdn
            ])
        except ClientError as e:
            self.assertIn(
                'To use a pool policy, the system must be in the pool first',
                e.stderr_output)

        # Revert to custom policy
        run_client([
            'bkr', 'system-modify', '--use-custom-policy', system1.fqdn,
            system2.fqdn
        ])

        with session.begin():
            session.expire_all()
            for s in [system1, system2]:
                self.assertTrue(s.active_access_policy.grants(user1, perm))
                self.assertFalse(s.active_access_policy.grants(user2, perm))
예제 #32
0
 def test_add_systems_to_pool(self):
     pool_name = data_setup.unique_name(u'mypool%s')
     with session.begin():
         pool = data_setup.create_system_pool(name=pool_name)
         s1 = data_setup.create_system()
         s2 = data_setup.create_system()
     run_client(['bkr', 'pool-add', '--pool', pool_name,
                 '--system', s1.fqdn,
                 '--system', s2.fqdn])
     with session.begin():
         session.refresh(pool)
         self.assertItemsEqual([s1, s2], pool.systems)
예제 #33
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_set_password(self):
     with session.begin():
         user = data_setup.create_user()
         user.password = u'frodo'
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'password': u'bilbo'}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertTrue(user.check_password(u'bilbo'))
예제 #34
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_clear_root_password(self):
     with session.begin():
         user = data_setup.create_user()
         user.root_password = u'D6BeK7Cq9a4M'
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'root_password': u''}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertIsNone(user._root_password)
예제 #35
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_set_use_old_job_page(self):
     with session.begin():
         user = data_setup.create_user(password=u'password')
         user.use_old_job_page = True
     s = requests.Session()
     requests_login(s, user=user.user_name, password='******')
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'use_old_job_page': False}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertEqual(user.use_old_job_page, False)
예제 #36
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_reenable_user(self):
     with session.begin():
         user = data_setup.create_user()
         user.disabled = True
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'disabled': False}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertFalse(user.disabled)
예제 #37
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_add_submission_delegate(self):
     with session.begin():
         user = data_setup.create_user()
         other_user = data_setup.create_user()
     s = requests.Session()
     requests_login(s)
     response = post_json(get_server_base() + 'users/%s/submission-delegates/' % user.user_name,
             session=s, data={'user_name': other_user.user_name})
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertItemsEqual(user.submission_delegates, [other_user])
예제 #38
0
 def test_create_system_set_condition(self):
     fqdn = data_setup.unique_name(u'mysystem%s')
     with session.begin():
         lc = data_setup.create_labcontroller()
     run_client([
         'bkr', 'system-create', fqdn, '--lab-controller',
         str(lc.fqdn), '--condition=Automated'
     ])
     with session.begin():
         system = System.by_fqdn(fqdn, User.by_user_name(u'admin'))
         self.assertTrue(system.lab_controller, lc)
         self.assertEquals(str(system.status), u'Automated')
예제 #39
0
 def test_multiple_permissions_and_targets(self):
     with session.begin():
         user = data_setup.create_user()
         group = data_setup.create_group()
         # there is always the rule granting everybody view
         self.assertEquals(len(self.system.custom_access_policy.rules), 1)
     run_client(['bkr', 'policy-grant', '--system', self.system.fqdn,
             '--permission=reserve', '--permission=view_power',
             '--user', user.user_name, '--group', group.group_name])
     with session.begin():
         session.expire_all()
         self.assertEquals(len(self.system.custom_access_policy.rules), 5)
예제 #40
0
 def test_update_email_address(self):
     with session.begin():
         user = data_setup.create_user(
             email_address=u'*****@*****.**')
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
                           data={'email_address': u'*****@*****.**'},
                           session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertEqual(user.email_address, u'*****@*****.**')
예제 #41
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_delete_ssh_public_key(self):
     with session.begin():
         user = data_setup.create_user()
         user.sshpubkeys.append(SSHPubKey(keytype=u'ssh-rsa',
                 pubkey=u'abc', ident=u'*****@*****.**'))
     s = requests.Session()
     requests_login(s)
     response = s.delete(get_server_base() + 'users/%s/ssh-public-keys/%s'
             % (user.user_name, user.sshpubkeys[0].id))
     self.assertEqual(response.status_code, 204)
     with session.begin():
         session.expire_all()
         self.assertEqual(len(user.sshpubkeys), 0)
예제 #42
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_remove_submission_delegate(self):
     with session.begin():
         user = data_setup.create_user()
         other_user = data_setup.create_user()
         user.add_submission_delegate(other_user, service=u'testdata')
     s = requests.Session()
     requests_login(s)
     response = s.delete(get_server_base() + 'users/%s/submission-delegates/' % user.user_name,
             params={'user_name': other_user.user_name})
     self.assertEqual(response.status_code, 204)
     with session.begin():
         session.expire_all()
         self.assertEqual(len(user.submission_delegates), 0)
예제 #43
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_rename_user(self):
     with session.begin():
         user = data_setup.create_user()
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             session=s, data={'user_name': 'sgamgee'})
     response.raise_for_status()
     self.assertEqual(response.headers['Location'], get_server_base() + 'users/sgamgee')
     self.assertEqual(response.json()['user_name'], 'sgamgee')
     with session.begin():
         session.expire_all()
         self.assertEqual(user.user_name, u'sgamgee')
예제 #44
0
 def test_revoke_user(self):
     with session.begin():
         user = data_setup.create_user()
         self.system.custom_access_policy.add_rule(
                 permission=SystemPermission.edit_system, user=user)
         self.assertTrue(self.system.custom_access_policy.grants(
                 user, SystemPermission.edit_system))
     run_client(['bkr', 'policy-revoke', '--system', self.system.fqdn,
             '--permission', 'edit_system', '--user', user.user_name])
     with session.begin():
         session.expire_all()
         self.assertFalse(self.system.custom_access_policy.grants(
                 user, SystemPermission.edit_system))
예제 #45
0
 def test_500(self):
     with session.begin():
         lc = self.get_lc()
         distro_tree = data_setup.create_distro_tree(
             lab_controllers=[lc],
             urls=[u'http://localhost:19998/error/500'])
     check_all_trees(ignore_errors=True)
     with session.begin():
         session.expire_all()
         # The distro tree should not be expired.
         self.assertTrue(
             any(dla.lab_controller == self.lc
                 for dla in distro_tree.lab_controller_assocs))
예제 #46
0
    def test_error_when_deleting_referenced_power_type(self):
        with session.begin():
            system = data_setup.create_system()
            power_type = system.power.power_type

        response = self.s.delete(get_server_base() +
                                 'powertypes/%s' % power_type.id)
        self.assertEqual(400, response.status_code)
        with session.begin():
            session.expire_all()
            self.assertTrue(
                session.query(PowerType).filter_by(
                    name=power_type.name).count())
예제 #47
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_unremove_account(self):
     with session.begin():
         user = data_setup.create_user()
         user.removed = datetime.datetime.utcnow()
     s = requests.Session()
     requests_login(s)
     response = patch_json(get_server_base() + 'users/%s' % user.user_name,
             data={'removed': None}, session=s)
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertIsNone(user.removed)
         self.assertFalse(user.disabled)
예제 #48
0
 def test_change_hypervisor(self):
     with session.begin():
         system = data_setup.create_system(hypervisor=None)
     # set to KVM
     run_client(
         ['bkr', 'system-modify', '--host-hypervisor=KVM', system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEquals(system.hypervisor, Hypervisor.by_name(u'KVM'))
     # set back to none (bare metal)
     run_client(['bkr', 'system-modify', '--host-hypervisor=', system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEquals(system.hypervisor, None)
예제 #49
0
 def test_change_power_id(self):
     with session.begin():
         system = data_setup.create_system(hypervisor=None)
     # set to 'dummyvm'
     run_client(['bkr', 'system-modify', '--power-id=dummyvm', system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEquals(system.power.power_id, u'dummyvm')
     # set to 'vm-dummy'
     run_client(
         ['bkr', 'system-modify', '--power-id=vm-dummy', system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEquals(system.power.power_id, u'vm-dummy')
예제 #50
0
 def test_multiple_permissions_and_targets(self):
     with session.begin():
         user = data_setup.create_user()
         group = data_setup.create_group()
         # there is always the rule granting everybody view
         self.assertEquals(len(self.system.custom_access_policy.rules), 1)
     run_client([
         'bkr', 'policy-grant', '--system', self.system.fqdn,
         '--permission=reserve', '--permission=view_power', '--user',
         user.user_name, '--group', group.group_name
     ])
     with session.begin():
         session.expire_all()
         self.assertEquals(len(self.system.custom_access_policy.rules), 5)
예제 #51
0
    def test_revoke_policy_pool(self):
        with session.begin():
            pool = data_setup.create_system_pool()
            user = data_setup.create_user()
            user1 = data_setup.create_user()
            group = data_setup.create_group()
            group.add_member(user1)

            pol = pool.access_policy
            pol.add_rule(SystemPermission.reserve, user=user)
            pol.add_rule(SystemPermission.view_power, user=user)
            pol.add_rule(SystemPermission.reserve, group=group)
            pol.add_rule(SystemPermission.view_power, group=group)

        # revoke edit_system from group
        run_client(['bkr', 'policy-revoke', '--pool', pool.name,
                    '--permission', 'view_power', '--group', group.group_name])
        with session.begin():
            session.refresh(pool)
            self.assertFalse(pool.access_policy.grants(
                user1, SystemPermission.edit_system))

        # test_multiple_permissions_and_targets
        run_client(['bkr', 'policy-revoke', '--pool', pool.name,
                    '--permission=reserve', '--permission=view_power', \
                    '--user', user.user_name, '--group', group.group_name])
        with session.begin():
            session.refresh(pool)
            self.assertFalse(pool.access_policy.grants(
                    user, SystemPermission.view_power))
            self.assertFalse(pool.access_policy.grants(
                    user, SystemPermission.reserve))
            self.assertFalse(pool.access_policy.grants(
                user1, SystemPermission.view_power))
            self.assertFalse(pool.access_policy.grants(
                    user1, SystemPermission.reserve))

        # this should still exist
        with session.begin():
            session.refresh(pool)
            self.assertTrue(pool.access_policy.grants(
                user, SystemPermission.view))

        # non-existent pool
        try:
            run_client(['bkr', 'policy-revoke', '--pool', 'idontexist',
                        '--permission=reserve', '--permission=view_power', \
                        '--user', user.user_name, '--group', group.group_name])
        except ClientError as e:
            self.assertIn("System pool idontexist does not exist", e.stderr_output)
예제 #52
0
    def test_group_has_access_policy_rule_remove(self):
        with session.begin():
            user = data_setup.create_user(password='******')
            system = data_setup.create_system(owner=user,
                                                   shared=False)
            system.custom_access_policy = SystemAccessPolicy()
            group = data_setup.create_group(owner=user)
            p = system.custom_access_policy
            p.add_rule(permission=SystemPermission.edit_system,
                       group=group)
            p.add_rule(permission=SystemPermission.edit_policy,
                       group=group)

        b = self.browser
        login(b, user=user.user_name, password='******')

        # check current rules
        self.assertEquals(len(p.rules), 2)
        self.assert_(p.rules[0].user is None)
        self.assertEquals(p.rules[0].group, group)
        self.assert_(p.rules[1].user is None)
        self.assertEquals(p.rules[1].group, group)


        # save current rules for later use
        access_policy_rule_1 = repr(p.rules[0])
        access_policy_rule_2 = repr(p.rules[1])

        # delete the group
        b.get(get_server_base() + 'groups/mine')
        delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" %
                           group.group_name, delete_text='Delete Group')
        self.assertEqual(
            b.find_element_by_class_name('flash').text,
            '%s deleted' % group.display_name)

        with session.begin():
            session.expire_all()
            # check if the access policy rule has been removed
            self.assertEquals(len(p.rules), 0)

            # Check whether the rules deleted have been recorded in the
            # Activity table
            self.assertEquals(system.activity[0].field_name, u'Access Policy Rule')
            self.assertEquals(system.activity[0].action, u'Removed')
            self.assertEquals(system.activity[0].old_value, access_policy_rule_2)
            self.assertEquals(system.activity[1].field_name, u'Access Policy Rule')
            self.assertEquals(system.activity[1].action, u'Removed')
            self.assertEquals(system.activity[1].old_value, access_policy_rule_1)
예제 #53
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_add_ssh_public_key(self):
     with session.begin():
         user = data_setup.create_user()
     s = requests.Session()
     requests_login(s)
     response = s.post(get_server_base() + 'users/%s/ssh-public-keys/' % user.user_name,
             headers={'Content-Type': 'text/plain'},
             data='ssh-rsa abc [email protected]')
     response.raise_for_status()
     with session.begin():
         session.expire_all()
         self.assertEqual(len(user.sshpubkeys), 1)
         self.assertEqual(user.sshpubkeys[0].keytype, u'ssh-rsa')
         self.assertEqual(user.sshpubkeys[0].pubkey, u'abc')
         self.assertEqual(user.sshpubkeys[0].ident, u'*****@*****.**')
예제 #54
0
 def test_grant_everybody(self):
     with session.begin():
         user = data_setup.create_user()
         self.assertFalse(
             self.system.custom_access_policy.grants(
                 user, SystemPermission.edit_system))
     run_client([
         'bkr', 'policy-grant', '--system', self.system.fqdn,
         '--permission', 'edit_system', '--everybody'
     ])
     with session.begin():
         session.expire_all()
         self.assertTrue(
             self.system.custom_access_policy.grants(
                 user, SystemPermission.edit_system))
예제 #55
0
 def test_change_release_action(self):
     with session.begin():
         system = data_setup.create_system(hypervisor=None)
     # set to 'LeaveOn'
     run_client(
         ['bkr', 'system-modify', '--release-action=LeaveOn', system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEquals(system.release_action, ReleaseAction.leave_on)
     # set to 'PowerOff'
     run_client(
         ['bkr', 'system-modify', '--release-action=PowerOff', system.fqdn])
     with session.begin():
         session.refresh(system)
         self.assertEquals(system.release_action, ReleaseAction.power_off)
예제 #56
0
 def test_clearing_alias_stores_null(self):
     with session.begin():
         data_setup.create_distro_tree(osmajor=u'YellowSpaceshipLinux2')
         osmajor = OSMajor.by_name(u'YellowSpaceshipLinux2')
         osmajor.alias = u'YSL2'
     b = self.browser
     go_to_edit_osmajor(b, 'YellowSpaceshipLinux2')
     b.find_element_by_xpath('//input[@id="form_alias"]').clear()
     b.find_element_by_xpath('//button[text()="Edit OSMajor"]').submit()
     self.assertEquals(
         b.find_element_by_class_name('flash').text,
         'Changes saved for YellowSpaceshipLinux2')
     with session.begin():
         session.refresh(osmajor)
         self.assertEquals(osmajor.alias, None)  # not ''
예제 #57
0
파일: test_users.py 프로젝트: walbon/beaker
 def test_disable_enable(self):
     b = self.browser
     login(b)
     b.get(get_server_base() + 'users/%s' % self.user.user_name)
     b.find_element_by_xpath('//button[contains(text(), "Disable")]').click()
     b.find_element_by_xpath('//div[@class="alert" and text()="Account is currently disabled."]')
     with session.begin():
         session.expire_all()
         self.assertTrue(self.user.disabled)
     b.find_element_by_xpath('//button[contains(text(), "Enable")]').click()
     # Wait for the button to change back to "Disable"
     b.find_element_by_xpath('//button[contains(text(), "Disable")]')
     with session.begin():
         session.expire_all()
         self.assertFalse(self.user.disabled)
예제 #58
0
 def test_POST_task_status(self):
     status_url = '%srecipes/%s/tasks/%s/status' % (
         self.get_proxy_url(), self.recipe.id, self.recipe.tasks[0].id)
     response = requests.post(status_url, data=dict(status='Running'))
     self.assertEquals(response.status_code, 204)
     with session.begin():
         session.expire_all()
         task = self.recipe.tasks[0]
         self.assertEquals(task.status, TaskStatus.running)
     response = requests.post(status_url, data=dict(status='Completed'))
     self.assertEquals(response.status_code, 204)
     with session.begin():
         session.expire_all()
         task = self.recipe.tasks[0]
         self.assertEquals(task.status, TaskStatus.completed)