def test_positive_user_access_with_host_filter(test_name, module_loc,
rhel7_contenthost):
"""Check if user with necessary host permissions can access dashboard
and required widgets are rendered with proper values
:id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d
:Steps:
1. Specify proper filter with permission for your role
2. Create new user and assign role to it
3. Login into application using this new user
4. Check dashboard and widgets on it
5. Register new content host to populate some values into dashboard widgets
:expectedresults: Dashboard and Errata Widget rendered without errors and
contain proper values
:BZ: 1417114
:CaseLevel: System
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
org = entities.Organization().create()
lce = entities.LifecycleEnvironment(organization=org).create()
# create a role with necessary permissions
role = entities.Role().create()
user_permissions = {
'Organization': ['view_organizations'],
'Location': ['view_locations'],
None: ['access_dashboard'],
'Host': ['view_hosts'],
}
create_role_permissions(role, user_permissions)
# create a user and assign the above created role
entities.User(
default_organization=org,
organization=[org],
default_location=module_loc,
location=[module_loc],
role=[role],
login=user_login,
password=user_password,
).create()
with Session(test_name, user=user_login,
password=user_password) as session:
assert session.dashboard.read(
'HostConfigurationStatus')['total_count'] == 0
assert len(session.dashboard.read('LatestErrata')) == 0
repos_collection = RepositoryCollection(
distro=DISTRO_RHEL7,
repositories=[
SatelliteToolsRepository(),
YumRepository(url=FAKE_6_YUM_REPO)
],
)
repos_collection.setup_content(org.id, lce.id, upload_manifest=True)
repos_collection.setup_virtual_machine(rhel7_contenthost)
result = rhel7_contenthost.run(
f'yum install -y {FAKE_1_CUSTOM_PACKAGE}')
assert result.status == 0
hostname = rhel7_contenthost.hostname
# Check UI for values
assert session.host.search(hostname)[0]['Name'] == hostname
hosts_values = session.dashboard.read('HostConfigurationStatus')
assert hosts_values['total_count'] == 1
errata_values = session.dashboard.read('LatestErrata')['erratas']
assert len(errata_values) == 1
assert errata_values[0]['Type'] == 'security'
assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_create_by_type():
"""Create entities of different types and check audit logs for these
events using entity type as search criteria
:id: 6c7ea7fc-6728-447f-9655-26fe0a2881bc
:customerscenario: true
:expectedresults: Audit logs contain corresponding entries per each
create event
:BZ: 1426742, 1492668, 1492696
:CaseImportance: Medium
:CaseComponent: AuditLog
:Assignee: rplevka
"""
for entity_item in [
{
'entity': entities.Architecture()
},
{
'entity': entities.AuthSourceLDAP(),
'entity_type': 'auth_source',
'value_template': 'LDAP-{entity.name}',
},
{
'entity': entities.ComputeProfile(),
'entity_type': 'compute_profile'
},
{
'entity': entities.LibvirtComputeResource(),
'entity_type': 'compute_resource',
'value_template': '{entity.name} (Libvirt)',
},
{
'entity': entities.ConfigGroup(),
'entity_type': 'config_group'
},
{
'entity': entities.Domain()
},
{
'entity': entities.Host()
},
{
'entity': entities.HostGroup()
},
{
'entity':
entities.Image(
compute_resource=entities.LibvirtComputeResource().create())
},
{
'entity': entities.Location()
},
{
'entity': entities.Media(),
'entity_type': 'medium'
},
{
'entity': entities.Organization()
},
{
'entity': entities.OperatingSystem(),
'entity_type': 'os',
'value_template': '{entity.name} {entity.major}',
},
{
'entity': entities.PartitionTable(),
'entity_type': 'ptable'
},
{
'entity': entities.PuppetClass()
},
{
'entity': entities.Role()
},
{
'entity': entities.Subnet(),
'value_template': '{entity.name} ({entity.network}/{entity.cidr})',
},
{
'entity': entities.ProvisioningTemplate(),
'entity_type': 'provisioning_template'
},
{
'entity': entities.User(),
'value_template': '{entity.login}'
},
{
'entity': entities.UserGroup()
},
{
'entity': entities.ContentView(),
'entity_type': 'katello/content_view'
},
{
'entity': entities.LifecycleEnvironment(),
'entity_type': 'katello/kt_environment'
},
{
'entity': entities.ActivationKey(),
'entity_type': 'katello/activation_key'
},
{
'entity': entities.HostCollection(),
'entity_type': 'katello/host_collection'
},
{
'entity': entities.Product(),
'entity_type': 'katello/product'
},
{
'entity': entities.GPGKey(),
'entity_type': 'katello/gpg_key',
'value_template': 'content credential (gpg_key - {entity.name})',
},
{
'entity':
entities.SyncPlan(organization=entities.Organization(id=1)),
'entity_type': 'katello/sync_plan',
},
]:
created_entity = entity_item['entity'].create()
entity_type = entity_item.get(
'entity_type', created_entity.__class__.__name__.lower())
value_template = entity_item.get('value_template', '{entity.name}')
entity_value = value_template.format(entity=created_entity)
audits = entities.Audit().search(
query={'search': f'type={entity_type}'})
entity_audits = [
entry for entry in audits if entry.auditable_name == entity_value
]
assert entity_audits, (
f'audit not found by name "{entity_value}" for entity: '
f'{created_entity.__class__.__name__.lower()}')
audit = entity_audits[0]
assert audit.auditable_id == created_entity.id
assert audit.action == 'create'
assert audit.version == 1
def function_role():
return entities.Role().create()
def test_positive_end_to_end(session, test_name, module_org, module_loc):
"""Perform end to end testing for user component
:id: 2794fdd0-cfe3-4f1a-aa5f-25b2d211ae12
:expectedresults: All expected CRUD actions finished successfully
:CaseLevel: Integration
:CaseImportance: High
"""
name = gen_string('alpha')
new_name = gen_string('alpha')
ak_name = gen_string('alpha')
firstname = gen_string('alpha')
lastname = gen_string('alpha')
password = gen_string('alpha')
email = gen_email()
description = gen_string('alphanumeric')
language = 'English (United States)'
timezone = '(GMT+00:00) UTC'
role = entities.Role().create().name
with session:
# Create new user and validate its values
session.user.create({
'user.login':
name,
'user.firstname':
firstname,
'user.lastname':
lastname,
'user.mail':
email,
'user.description':
description,
'user.language':
language,
'user.timezone':
timezone,
'user.auth':
'INTERNAL',
'user.password':
password,
'user.confirm':
password,
'locations.resources.assigned': [module_loc.name],
'organizations.resources.assigned': [module_org.name],
'roles.admin':
True,
'roles.resources.assigned': [role],
})
assert session.user.search(name)[0]['Username'] == name
user_values = session.user.read(name)
assert user_values['user']['login'] == name
assert user_values['user']['firstname'] == firstname
assert user_values['user']['lastname'] == lastname
assert user_values['user']['mail'] == email
assert user_values['user']['description'] == description
assert user_values['user']['language'] == language
assert user_values['user']['timezone'] == timezone
assert user_values['user']['auth'] == 'INTERNAL'
assert user_values['locations']['resources']['assigned'] == [
module_loc.name
]
assert user_values['organizations']['resources']['assigned'] == [
module_org.name
]
assert user_values['roles']['admin'] is True
assert user_values['roles']['resources']['assigned'] == [role]
# Update user with new name
session.user.update(name, {'user.login': new_name})
assert session.user.search(new_name)[0]['Username'] == new_name
assert not session.user.search(name)
# Login into application using new user
with Session(test_name, new_name, password) as newsession:
newsession.organization.select(module_org.name)
newsession.location.select(module_loc.name)
newsession.activationkey.create({'name': ak_name})
assert newsession.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = newsession.activationkey.read(
ak_name, 'current_user')['current_user']
assert current_user == f'{firstname} {lastname}'
# Delete user
session.user.delete(new_name)
assert not session.user.search(new_name)
def test_positive_create_as_non_admin_user_with_cv_published(
module_org, test_name):
"""Create a repository as a non admin user in a product that already
contain a repository that is used in a published content view.
:id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f
:expectedresults: New repository successfully created by non admin user
:BZ: 1447829
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
repo_name = gen_string('alpha')
user_permissions = {
None: ['access_dashboard'],
'Katello::Product': [
'view_products',
'create_products',
'edit_products',
'destroy_products',
'sync_products',
'export_products',
],
}
role = entities.Role().create()
create_role_permissions(role, user_permissions)
entities.User(
login=user_login,
password=user_password,
role=[role],
admin=False,
default_organization=module_org,
organization=[module_org],
).create()
prod = entities.Product(organization=module_org).create()
repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create()
repo.sync()
content_view = entities.ContentView(organization=module_org).create()
content_view.repository = [repo]
content_view = content_view.update(['repository'])
content_view.publish()
with Session(test_name, user_login, user_password) as session:
# ensure that the created user is not a global admin user
# check administer->users page
with pytest.raises(NavigationTriesExceeded):
pswd = gen_string('alphanumeric')
session.user.create({
'user.login': gen_string('alphanumeric'),
'user.auth': 'INTERNAL',
'user.password': pswd,
'user.confirm': pswd,
})
# ensure that the created user has only the assigned permissions
# check that host collections menu tab does not exist
with pytest.raises(NavigationTriesExceeded):
session.hostcollection.create({'name': gen_string('alphanumeric')})
session.repository.create(
prod.name,
{
'name': repo_name,
'repo_type': REPO_TYPE['yum'],
'repo_content.upstream_url': FAKE_1_YUM_REPO,
},
)
assert session.repository.search(prod.name,
repo.name)[0]['Name'] == repo.name
def test_positive_update_external_user_roles(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Assure that user has roles/can access feature areas for
additional roles assigned outside any roles assigned by his group
:id: a487f7d6-22f2-4e42-b34f-8d984f721c83
:setup: Assign roles to UserGroup and configure external UserGroup
subsequently assign specified roles to the user(s). roles that are
not part of the larger UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Assign some more roles to a User(which is part of external AD
UserGroup) at the User level.
5. Login to sat6 with the above AD user and attempt to access areas
assigned specifically to user.
:expectedresults: User can access not only those feature areas in his
UserGroup but those additional feature areas / roles assigned
specifically to user
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.user.update(
ldap_data['ldap_user_name'], {'roles.resources.assigned': [katello_role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_add_foreman_role_with_org_loc(session, ldap_data,
ldap_user_name, test_name,
auth_source,
ldap_usergroup_name,
module_org, module_loc):
"""Associate foreman roles to User Group with org and loc set.
[belonging to external AD User Group.]
:id: b39d7b2a-6d78-4c35-969a-37c8317ce64f
:setup: LDAP Auth Source should be created with Org and Location
Associated.
:Steps:
1. Create an UserGroup.
2. Assign some foreman roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access foreman entities as per roles, with the associated org and
loc in LDAP Auth source page as the context set.
"""
auth_source_name = 'LDAP-' + auth_source.name
name = gen_string('alpha')
user_permissions = {
'Hostgroup': PERMISSIONS['Hostgroup'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
foreman_role = entities.Role().create()
create_role_permissions(foreman_role, user_permissions)
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name,
EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.hostgroup.create({'host_group.name': name})
hostgroup = session.hostgroup.read(name,
['organizations', 'locations'])
assert len(hostgroup['organizations']['resources']['assigned']) == 1
assert module_org.name in hostgroup['organizations']['resources'][
'assigned']
assert len(hostgroup['locations']['resources']['assigned']) == 1
assert module_loc.name in hostgroup['locations']['resources'][
'assigned']
def test_positive_create_by_type(self):
"""Create entities of different types and check audit logs for these
events using entity type as search criteria
:id: 6c7ea7fc-6728-447f-9655-26fe0a2881bc
:customerscenario: true
:expectedresults: Audit logs contain corresponding entries per each
create event
:BZ: 1426742, 1492668, 1492696
:CaseImportance: Critical
"""
for entity_item in [
{'entity': entities.Architecture()},
{
'entity': entities.AuthSourceLDAP(),
'entity_type': 'auth_source',
'value_template': 'LDAP-{entity.name}'
},
{
'entity': entities.ComputeProfile(),
'entity_type': 'compute_profile'
},
{
'entity': entities.LibvirtComputeResource(),
'entity_type': 'compute_resource',
'value_template': '{entity.name} (Libvirt)'
},
{'entity': entities.ConfigGroup(), 'entity_type': 'config_group'},
{'entity': entities.Domain()},
{'entity': entities.Host()},
{'entity': entities.HostGroup()},
{'entity': entities.Image(
compute_resource=entities.LibvirtComputeResource().create())},
{'entity': entities.Location()},
{'entity': entities.Media(), 'entity_type': 'medium'},
{'entity': entities.Organization()},
{
'entity': entities.OperatingSystem(),
'entity_type': 'os',
'value_template': '{entity.name} {entity.major}'
},
{
'entity': entities.PartitionTable(),
'entity_type': 'ptable',
},
{'entity': entities.PuppetClass()},
{'entity': entities.Role()},
{
'entity': entities.Subnet(),
'value_template': '{entity.name} '
'({entity.network}/{entity.cidr})'
},
{
'entity': entities.ProvisioningTemplate(),
'entity_type': 'template',
},
{'entity': entities.User(), 'value_template': '{entity.login}'},
{'entity': entities.UserGroup()},
]:
created_entity = entity_item['entity'].create()
entity_type = entity_item.get(
'entity_type', created_entity.__class__.__name__.lower())
value_template = entity_item.get('value_template', '{entity.name}')
entity_value = value_template.format(entity=created_entity)
audit = entities.Audit().search(
query={'search': 'type={0}'.format(entity_type)})[0]
self.assertEqual(audit.auditable_name, entity_value)
self.assertEqual(audit.auditable_id, created_entity.id)
self.assertEqual(audit.action, 'create')
self.assertEqual(audit.version, 1)
def test_positive_custom_user_view_lce(self):
"""As a custom user attempt to view a lifecycle environment created
by admin user
:id: 768b647b-c530-4eca-9caa-38cf8622f36d
:BZ: 1420511
:Steps:
As an admin user:
1. Create an additional lifecycle environments other than Library
2. Create a user without administrator privileges
3. Create a role with the the following permissions:
* (Miscellaneous): access_dashboard
* Lifecycle Environment:
* edit_lifecycle_environments
* promote_or_remove_content_views_to_environment
* view_lifecycle_environments
* Location: view_locations
* Organization: view_organizations
4. Assign the created role to the custom user
As a custom user:
1. Log in
2. Navigate to Content -> Lifecycle Environments
:expectedresults: The additional lifecycle environment is viewable and
accessible by the custom user.
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
env_name = gen_string('alpha')
user_login = gen_string('alpha')
user_password = gen_string('alpha')
org = entities.Organization().create()
role = entities.Role(name=role_name).create()
permissions_types_names = {
None: ['access_dashboard'],
'Organization': ['view_organizations'],
'Location': ['view_locations'],
'Katello::KTEnvironment': [
'view_lifecycle_environments', 'edit_lifecycle_environments',
'promote_or_remove_content_views_to_environments'
]
}
create_role_permissions(role, permissions_types_names)
entities.User(default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password).create()
# create a life cycle environment as admin user and ensure it's visible
with Session(self) as session:
make_lifecycle_environment(session, org=org.name, name=env_name)
self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
# ensure the created user also can find the created life cycle
# environment link
with Session(self, user=user_login, password=user_password) as session:
# to ensure that the created user has only the assigned
# permissions, check that hosts menu tab does not exist
self.assertIsNone(
self.content_views.wait_until_element(
menu_locators['menu.hosts'], timeout=1))
# assert that the created user is not a global admin user
# check administer->users page
with self.assertRaises(UINoSuchElementError):
session.nav.go_to_users()
# assert that the user can view the lvce created by admin user
self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
def setUpClass(cls):
"""Create two roles and fetch the 'Anonymous' role."""
super(UserRoleTestCase, cls).setUpClass()
cls.roles = [entities.Role().create() for _ in range(2)]
roles = entities.Role().search(query={'search': 'name="Default role"'})
cls.anon_role = roles[0]
def setUpClass(cls):
"""Create two roles."""
super(UserRoleTestCase, cls).setUpClass()
cls.roles = [entities.Role().create() for _ in range(2)]
def test_positive_create_by_type(self):
"""Create entities of different types and check audit logs for these
events using entity type and performed action as search criteria
:id: 26197b39-4d56-4aab-8df8-f0fcedbffdb7
:expectedresults: Audit logs contain corresponding entries per each
create event
:CaseImportance: Critical
"""
with Session(self):
for entity_item in [
{
'entity': entities.Architecture(),
'entity_type': 'architecture'
},
{
'entity': entities.AuthSourceLDAP(),
'entity_type': 'auth_source',
'value_template': 'LDAP-{entity.name}'
},
{
'entity': entities.ComputeProfile(),
'entity_type': 'compute_profile'
},
{
'entity': entities.LibvirtComputeResource(),
'entity_type': 'compute_resource',
'value_template': '{entity.name} (Libvirt)'
},
{
'entity': entities.ConfigGroup(),
'entity_type': 'config_group'
},
{
'entity': entities.Domain(),
'entity_type': 'domain'
},
{
'entity': entities.Host(),
'entity_type': 'host'
},
{
'entity': entities.HostGroup(),
'entity_type': 'hostgroup'
},
{
'entity':
entities.Image(compute_resource=entities.
LibvirtComputeResource().create()),
'entity_type':
'image'
},
{
'entity': entities.Location(),
'entity_type': 'location'
},
{
'entity': entities.Media(),
'entity_type': 'medium',
'custom_operation': 'added',
},
{
'entity': entities.Organization(),
'entity_type': 'organization'
},
{
'entity': entities.OperatingSystem(),
'entity_type': 'os',
'value_template': '{entity.name} {entity.major}'
},
{
'entity': entities.PartitionTable(),
'entity_type': 'ptable',
},
{
'entity': entities.PuppetClass(),
'entity_type': 'puppetclass'
},
{
'entity': entities.Role(),
'entity_type': 'role'
},
{
'entity':
entities.Subnet(),
'entity_type':
'subnet',
'value_template':
'{entity.name} '
'({entity.network}/{entity.cidr})'
},
{
'entity': entities.ProvisioningTemplate(),
'entity_type': 'template',
},
{
'entity': entities.User(),
'value_template': '{entity.login}',
'entity_type': 'user',
},
{
'entity': entities.UserGroup(),
'entity_type': 'usergroup'
},
]:
created_entity = entity_item['entity'].create()
value_template = entity_item.get('value_template',
'{entity.name}')
operation_type = entity_item.get('custom_operation', 'created')
entity_value = value_template.format(entity=created_entity)
self.audit.filter('type={} and action=create'.format(
entity_item['entity_type']))
result = self.audit.get_last_entry()
self.assertIn(operation_type, result['full_statement'])
self.assertEqual(entity_value, result['entity_name'])
def test_positive_update_by_type(self):
"""Update entities of different types and check audit logs for these
events using entity type and performed action as search criteria
:id: fef54686-4c13-4f36-a616-51dc9b58be19
:expectedresults: Audit logs contain corresponding entries per each
update event
"""
with Session(self):
for entity_item in [
{
'entity': entities.Architecture(),
'entity_type': 'architecture'
},
{
'entity': entities.ConfigGroup(),
'entity_type': 'config_group'
},
{
'entity': entities.Domain(),
'entity_type': 'domain'
},
{
'entity': entities.HostGroup(),
'entity_type': 'hostgroup'
},
{
'entity': entities.Location(),
'entity_type': 'location'
},
{
'entity': entities.PartitionTable(),
'entity_type': 'ptable',
},
{
'entity': entities.Role(),
'entity_type': 'role'
},
{
'entity': entities.ProvisioningTemplate(),
'entity_type': 'template',
},
{
'entity': entities.UserGroup(),
'entity_type': 'usergroup'
},
]:
entity = entity_item['entity'].create()
name = entity.name
new_name = gen_string('alpha')
entity.name = new_name
entity.update(['name'])
self.audit.filter('type={} and action=update'.format(
entity_item['entity_type']))
result = self.audit.get_last_entry()
self.assertIn('updated', result['full_statement'])
self.assertEqual(result['entity_name'], name)
self.assertEqual(
result['update_list'][0],
'Name changed from {} to {}'.format(name, new_name),
)
def test_positive_check_permissions_affect_create_procedure(
test_name, module_loc):
"""Verify whether user permissions affect what entities can be selected
when host is created
:id: 4502f99d-86fb-4655-a9dc-b2612cf849c6
:customerscenario: true
:expectedresults: user with specific permissions can choose only
entities for create host procedure that he has access to
:BZ: 1293716
:CaseLevel: System
"""
# Create new organization
org = entities.Organization().create()
# Create two lifecycle environments
lc_env = entities.LifecycleEnvironment(organization=org).create()
filter_lc_env = entities.LifecycleEnvironment(organization=org).create()
# Create two content views and promote them to one lifecycle
# environment which will be used in filter
cv = entities.ContentView(organization=org).create()
filter_cv = entities.ContentView(organization=org).create()
for content_view in [cv, filter_cv]:
content_view.publish()
content_view = content_view.read()
promote(content_view.version[0], filter_lc_env.id)
# Create two host groups
hg = entities.HostGroup(organization=[org]).create()
filter_hg = entities.HostGroup(organization=[org]).create()
# Create new role
role = entities.Role().create()
# Create lifecycle environment permissions and select one specific
# environment user will have access to
create_role_permissions(
role,
{
'Katello::KTEnvironment': [
'promote_or_remove_content_views_to_environments',
'view_lifecycle_environments'
]
},
# allow access only to the mentioned here environment
search='name = {0}'.format(filter_lc_env.name))
# Add necessary permissions for content view as we did for lce
create_role_permissions(
role,
{
'Katello::ContentView': [
'promote_or_remove_content_views',
'view_content_views',
'publish_content_views',
]
},
# allow access only to the mentioned here cv
search='name = {0}'.format(filter_cv.name))
# Add necessary permissions for hosts as we did for lce
create_role_permissions(
role,
{'Host': ['create_hosts', 'view_hosts']},
# allow access only to the mentioned here host group
search='hostgroup_fullname = {0}'.format(filter_hg.name))
# Add necessary permissions for host groups as we did for lce
create_role_permissions(
role,
{'Hostgroup': ['view_hostgroups']},
# allow access only to the mentioned here host group
search='name = {0}'.format(filter_hg.name))
# Add permissions for Organization and Location
create_role_permissions(
role,
{
'Organization': PERMISSIONS['Organization'],
'Location': PERMISSIONS['Location'],
},
)
# Create new user with a configured role
user_password = gen_string('alpha')
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[org],
location=[module_loc],
default_organization=org,
default_location=module_loc,
).create()
host_fields = [
{
'name': 'host.hostgroup',
'unexpected_value': hg.name,
'expected_value': filter_hg.name,
},
{
'name': 'host.lce',
'unexpected_value': lc_env.name,
'expected_value': filter_lc_env.name,
},
{
'name': 'host.content_view',
'unexpected_value': cv.name,
'expected_value': filter_cv.name,
# content view selection needs the right lce to be selected
'other_fields_values': {
'host.lce': filter_lc_env.name
}
},
]
with Session(test_name, user=user.login,
password=user_password) as session:
for host_field in host_fields:
with pytest.raises(NoSuchElementException) as context:
values = {host_field['name']: host_field['unexpected_value']}
values.update(host_field.get('other_fields_values', {}))
session.host.helper.read_create_view(values)
error_message = str(context.value)
assert host_field['unexpected_value'] in error_message
# After the NoSuchElementException from FilteredDropdown, airgun is not able to
# navigate to other locations, Note in normal situation we should send Escape key to
# browser.
session.browser.refresh()
values = {host_field['name']: host_field['expected_value']}
values.update(host_field.get('other_fields_values', {}))
create_values = session.host.helper.read_create_view(
values, host_field['name'])
tab_name, field_name = host_field['name'].split('.')
assert create_values[tab_name][field_name] == host_field[
'expected_value']
def test_positive_access_non_admin_user(session, test_name):
"""Access activation key that has specific name and assigned environment by
user that has filter configured for that specific activation key
:id: 358a22d1-d576-475a-b90c-98e90a2ed1a9
:customerscenario: true
:expectedresults: Only expected activation key can be accessed by new non
admin user
:BZ: 1463813
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
non_searchable_ak_name = gen_string('alpha')
org = entities.Organization().create()
envs_list = ['STAGING', 'DEV', 'IT', 'UAT', 'PROD']
for name in envs_list:
entities.LifecycleEnvironment(name=name, organization=org).create()
env_name = random.choice(envs_list)
cv = entities.ContentView(organization=org).create()
cv.publish()
promote(cv.read().version[0],
entities.LifecycleEnvironment(name=env_name).search()[0].id)
# Create new role
role = entities.Role().create()
# Create filter with predefined activation keys search criteria
envs_condition = ' or '.join(['environment = ' + s for s in envs_list])
entities.Filter(
organization=[org],
permission=entities.Permission(name='view_activation_keys').search(),
role=role,
search='name ~ {} and ({})'.format(ak_name, envs_condition)).create()
# Add permissions for Organization and Location
entities.Filter(
permission=entities.Permission(resource_type='Organization').search(),
role=role,
).create()
entities.Filter(
permission=entities.Permission(resource_type='Location').search(),
role=role,
).create()
# Create new user with a configured role
default_loc = entities.Location().search(
query={'search': 'name="{0}"'.format(DEFAULT_LOC)})[0]
user_login = gen_string('alpha')
user_password = gen_string('alpha')
entities.User(
role=[role],
admin=False,
login=user_login,
password=user_password,
organization=[org],
location=[default_loc],
default_organization=org,
).create()
with session:
session.organization.select(org_name=org.name)
session.location.select(DEFAULT_LOC)
for name in [ak_name, non_searchable_ak_name]:
session.activationkey.create({
'name': name,
'lce': {
env_name: True
},
'content_view': cv.name
})
assert session.activationkey.read(
name)['details']['lce'][env_name][env_name]
with Session(test_name, user=user_login,
password=user_password) as session:
session.organization.select(org.name)
session.location.select(DEFAULT_LOC)
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
assert not session.activationkey.search(non_searchable_ak_name)
def test_positive_add_katello_role_with_org(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name,
module_org):
"""Associate katello roles to User Group with org set.
[belonging to external AD User Group.]
:id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6
:setup: LDAP Auth Source should be created with Organization associated.
:Steps:
1. Create an UserGroup.
2. Assign some katello roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles, with the associated org
in LDAP Auth source page as the context set.
:CaseLevel: Integration
"""
auth_source_name = 'LDAP-' + auth_source.name
ak_name = gen_string('alpha')
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
different_org = entities.Organization().create()
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
if bz_bug_is_open(1652938):
try:
ldapsession.activationkey.search('')
except NoSuchElementException:
ldapsession.browser.refresh()
ldapsession.activationkey.create({'name': ak_name})
# Since it's not possible to fetch assigned organization via UI directly,
# verify AK can be found in right org, can't be found in wrong one and
# double check via API
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
results = session.activationkey.search(ak_name)
assert results[0]['Name'] == ak_name
session.organization.select(different_org.name)
assert not session.activationkey.search(ak_name)
ak = entities.ActivationKey(organization=module_org).search(
query={'search': 'name={}'.format(ak_name)})[0].read()
assert ak.organization.id == module_org.id
def test_positive_update_external_roles(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Added AD UserGroup roles get pushed down to user
:id: f3ca1aae-5461-4af3-a508-82679bb6afed
:setup: assign additional roles to the UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Assign additional roles to the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User has access to all NEW functional areas that are
assigned to aforementioned UserGroup.
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def make_roles(self):
"""Create two roles."""
return [entities.Role().create() for _ in range(2)]
def test_positive_custom_user_view_lce(session, test_name):
"""As a custom user attempt to view a lifecycle environment created
by admin user
:id: 768b647b-c530-4eca-9caa-38cf8622f36d
:BZ: 1420511
:Steps:
As an admin user:
1. Create an additional lifecycle environments other than Library
2. Create a user without administrator privileges
3. Create a role with the the following permissions:
* (Miscellaneous): access_dashboard
* Lifecycle Environment:
* edit_lifecycle_environments
* promote_or_remove_content_views_to_environment
* view_lifecycle_environments
* Location: view_locations
* Organization: view_organizations
4. Assign the created role to the custom user
As a custom user:
1. Log in
2. Navigate to Content -> Lifecycle Environments
:expectedresults: The additional lifecycle environment is viewable and
accessible by the custom user.
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
lce_name = gen_string('alpha')
user_login = gen_string('alpha')
user_password = gen_string('alpha')
org = entities.Organization().create()
role = entities.Role(name=role_name).create()
permissions_types_names = {
None: ['access_dashboard'],
'Organization': ['view_organizations'],
'Location': ['view_locations'],
'Katello::KTEnvironment': [
'view_lifecycle_environments',
'edit_lifecycle_environments',
'promote_or_remove_content_views_to_environments',
],
}
create_role_permissions(role, permissions_types_names)
entities.User(
default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password,
).create()
# create a life cycle environment as admin user and ensure it's visible
with session:
session.organization.select(org.name)
session.lifecycleenvironment.create(values={'name': lce_name})
lce_values = session.lifecycleenvironment.read_all()
assert lce_name in lce_values['lce']
# ensure the created user also can find the created lifecycle environment link
with Session(test_name, user_login, user_password) as non_admin_session:
# to ensure that the created user has only the assigned
# permissions, check that hosts menu tab does not exist
with raises(NavigationTriesExceeded):
assert not non_admin_session.host.read_all()
# assert that the user can view the lvce created by admin user
lce_values = non_admin_session.lifecycleenvironment.read_all()
assert lce_name in lce_values['lce']
def test_positive_delete_external_roles(session, ldap_data, ldap_user_name,
test_name, auth_source,
ldap_usergroup_name):
"""Deleted AD UserGroup roles get pushed down to user
:id: 479bc8fe-f6a3-4c89-8c7e-3d997315383f
:setup: delete roles from an AD UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Unassign some of the existing roles of the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User no longer has access to all deleted functional
areas that were assigned to aforementioned UserGroup.
"""
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
create_role_permissions(foreman_role, foreman_permissions)
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(
location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(
location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name,
{'roles.resources.unassigned': [foreman_role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.location.create({'name': gen_string('alpha')})
