예제 #1
0
def test_disabling_group_clears_audit(tmpdir: LocalPath, setup: SetupTest,
                                      browser: Chrome) -> None:
    future = datetime.utcnow() + timedelta(days=60)

    with setup.transaction():
        setup.add_user_to_group("*****@*****.**", "some-group", role="owner")
        setup.add_user_to_group("*****@*****.**", "some-group")
        setup.create_permission("some-permission", audited=True)
        setup.grant_permission_to_group("some-permission", "argument",
                                        "some-group")
        setup.add_user_to_group("*****@*****.**", "auditors")
        setup.grant_permission_to_group(AUDIT_VIEWER, "", "auditors")
        setup.grant_permission_to_group(AUDIT_MANAGER, "", "auditors")
        setup.grant_permission_to_group(PERMISSION_AUDITOR, "", "auditors")

    with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
        browser.get(url(frontend_url, "/audits/create"))

        create_page = AuditsCreatePage(browser)
        create_page.set_end_date(future.strftime("%m/%d/%Y"))
        create_page.submit()

        browser.get(url(frontend_url, "/groups/some-group"))

        group_page = GroupViewPage(browser)
        assert group_page.subheading == "some-group AUDIT IN PROGRESS"

    # Check that this created email reminder messages to the group owner.  We have to refresh the
    # session since otherwise SQLite may not see changes.
    setup.reopen_database()
    group = Group.get(setup.session, name="some-group")
    assert group
    expected_key = f"audit-{group.id}"
    emails = setup.session.query(AsyncNotification).filter_by(
        sent=False, email="*****@*****.**").all()
    assert len(emails) > 0
    assert all((e.key is None or e.key == expected_key for e in emails))
    assert all(("Group Audit" in e.subject for e in emails))

    # Now, disable the group, which should complete the audit.
    with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
        browser.get(url(frontend_url, "/groups/some-group"))
        page = GroupViewPage(browser)

        audit_modal = page.get_audit_modal()
        audit_modal.click_close_button()
        page.wait_until_audit_modal_clears()
        page.click_disable_button()
        modal = page.get_disable_modal()
        modal.confirm()

        assert page.subheading == "some-group (disabled)"

    # And now all of the email messages should be marked sent except the immediate one (the one
    # that wasn't created with async_send_email).
    setup.reopen_database()
    emails = setup.session.query(AsyncNotification).filter_by(
        sent=False, email="*****@*****.**").all()
    assert len(emails) == 1
    assert emails[0].key is None
예제 #2
0
def test_service_account_lifecycle(async_server, browser):  # noqa: F811
    browser.get(url(async_server, "/groups/user-admins"))

    page = GroupViewPage(browser)
    page.click_add_service_account_button()

    page = ServiceAccountCreatePage(browser)
    page.set_name("my-special-service-account")
    page.submit()

    page = ServiceAccountViewPage(browser)
    page.click_disable_button()

    disable_modal = page.get_disable_modal()
    disable_modal.confirm()

    browser.get(url(async_server, "/users"))

    page = UsersViewPage(browser)
    page.click_show_disabled_users_button()
    page.click_show_service_accounts_button()

    user_row = page.find_user_row(
        "[email protected] (service)")
    user_row.click()

    page = ServiceAccountViewPage(browser)
    page.click_enable_button()

    page = ServiceAccountEnablePage(browser)
    page.select_owner("Group: user-admins")
    page.submit()
예제 #3
0
def test_service_account_lifecycle(async_server, browser):  # noqa: F811
    browser.get(url(async_server, "/groups/user-admins"))

    page = GroupViewPage(browser)
    page.click_add_service_account_button()

    page = ServiceAccountCreatePage(browser)
    page.set_name("my-special-service-account")
    page.submit()

    page = ServiceAccountViewPage(browser)
    page.click_disable_button()

    disable_modal = page.get_disable_modal()
    disable_modal.confirm()

    browser.get(url(async_server, "/users"))

    page = UsersViewPage(browser)
    page.click_show_disabled_users_button()
    page.click_show_service_accounts_button()

    user_row = page.find_user_row("[email protected] (service)")
    user_row.click()

    page = ServiceAccountViewPage(browser)
    page.click_enable_button()

    page = ServiceAccountEnablePage(browser)
    page.select_owner("Group: user-admins")
    page.submit()
예제 #4
0
def test_disable_must_be_owner(tmpdir: LocalPath, setup: SetupTest,
                               browser: Chrome) -> None:
    with setup.transaction():
        setup.add_user_to_group("*****@*****.**", "some-group", role="owner")
        setup.add_user_to_group("*****@*****.**", "some-group")

    with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
        browser.get(url(frontend_url, "/groups/some-group"))
        page = GroupViewPage(browser)

        with pytest.raises(NoSuchElementException):
            page.click_disable_button()
예제 #5
0
def test_disable(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None:
    with setup.transaction():
        setup.add_user_to_group("*****@*****.**", "some-group", role="owner")

    with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
        browser.get(url(frontend_url, "/groups/some-group"))
        page = GroupViewPage(browser)

        page.click_disable_button()
        modal = page.get_disable_modal()
        modal.confirm()

        assert page.subheading == "some-group (disabled)"