def test_positive_login_ad_user_basic_roles(session, test_name, ldap_data, ldap_user_name, auth_source): """Login with LDAP - AD for user with roles/rights :id: ef202e94-8e5d-4333-a4bc-e573b03ebfc8 :setup: assure properly functioning AD server for authentication :steps: Login to server with an AD user. :expectedresults: Log in to foreman UI successfully and can access appropriate functional areas in UI :CaseLevel: Integration """ name = gen_string('alpha') role = entities.Role().create() permissions = {'Architecture': PERMISSIONS['Architecture']} create_role_permissions(role, permissions) with session: session.user.update(ldap_data['ldap_user_name'], {'roles.resources.assigned': [role.name]}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.usergroup.search('') ldapsession.architecture.create({'name': name}) assert ldapsession.architecture.search(name)[0]['Name'] == name
def test_positive_access_with_non_admin_user_without_manifest(test_name): """Access subscription page with user that has only view_subscriptions permission and organization that has no manifest uploaded. :id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6 :expectedresults: Subscription page is rendered properly without errors :BZ: 1417082 :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() role = entities.Role(organization=[org]).create() create_role_permissions( role, {'Katello::Subscription': ['view_subscriptions']} ) user_password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=user_password, organization=[org], default_organization=org, ).create() with Session(test_name, user=user.login, password=user_password) as session: assert not session.subscription.search('') assert not session.subscription.has_manifest
def test_positive_access_with_non_admin_user_with_manifest(self): """Access subscription page with user that has only view_subscriptions permission and organization that has a manifest uploaded. :id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4 :expectedresults: Subscription page is rendered properly without errors and the default subscription is visible :BZ: 1417082 :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() self.upload_manifest(org.id, manifests.clone()) role = entities.Role().create() create_role_permissions( role, {'Katello::Subscription': ['view_subscriptions']} ) password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=password, organization=[org], default_organization=org, ).create() with Session(self, user.login, password): self.subscriptions.navigate_to_entity() self.assertFalse(self.browser.current_url.endswith('katello/403')) self.assertIsNotNone( self.subscriptions.search(DEFAULT_SUBSCRIPTION_NAME))
def test_positive_access_with_non_admin_user_without_manifest(self): """Access subscription page with user that has only view_subscriptions permission and organization that has no manifest uploaded. :id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6 :expectedresults: Subscription page is rendered properly without errors :BZ: 1417082 :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() role = entities.Role().create() create_role_permissions( role, {'Katello::Subscription': ['view_subscriptions']}) password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=password, organization=[org], default_organization=org, ).create() with Session(self, user.login, password): self.subscriptions.navigate_to_entity() self.assertIsNotNone( self.subscriptions.wait_until_element( locators['subs.page_title'])) self.assertFalse(self.browser.current_url.endswith('katello/403'))
def test_positive_access_with_non_admin_user_with_manifest(test_name): """Access subscription page with user that has only view_subscriptions permission and organization that has a manifest uploaded. :id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4 :expectedresults: Subscription page is rendered properly without errors and the default subscription is visible :BZ: 1417082, 1651981 :customerscenario: true :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() manifests.upload_manifest_locked(org.id) role = entities.Role(organization=[org]).create() create_role_permissions(role, {'Katello::Subscription': ['view_subscriptions']}) user_password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=user_password, organization=[org], default_organization=org, ).create() with Session(test_name, user=user.login, password=user_password) as session: assert (session.subscription.search( f'name = "{DEFAULT_SUBSCRIPTION_NAME}"')[0]['Name'] == DEFAULT_SUBSCRIPTION_NAME)
def test_positive_add_host_collection_non_admin(module_org, test_name): """Test that host collection can be associated to Activation Keys by non-admin user. :id: 417f0b36-fd49-4414-87ab-6f72a09696f2 :expectedresults: Activation key is created, added host collection is listed :BZ: 1473212 :CaseLevel: Integration """ ak_name = gen_string('alpha') hc = entities.HostCollection(organization=module_org).create() # Create non-admin user with specified permissions roles = [entities.Role().create()] user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'], } viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0] roles.append(viewer_role) create_role_permissions(roles[0], user_permissions) password = gen_string('alphanumeric') user = entities.User( admin=False, role=roles, password=password, organization=[module_org] ).create() with Session(test_name, user=user.login, password=password) as session: session.activationkey.create({'name': ak_name, 'lce': {ENVIRONMENT: True}}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name session.activationkey.add_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name, widget_names='host_collections') assert ak['host_collections']['resources']['assigned'][0]['Name'] == hc.name
def test_positive_access_with_non_admin_user_without_manifest(test_name): """Access subscription page with user that has only view_subscriptions permission and organization that has no manifest uploaded. :id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6 :expectedresults: Subscription page is rendered properly without errors :BZ: 1417082 :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() role = entities.Role(organization=[org]).create() create_role_permissions(role, {'Katello::Subscription': ['view_subscriptions']}) user_password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=user_password, organization=[org], default_organization=org, ).create() with Session(test_name, user=user.login, password=user_password) as session: assert not session.subscription.search('') assert not session.subscription.has_manifest
def test_positive_access_with_non_admin_user_with_manifest(self): """Access subscription page with user that has only view_subscriptions permission and organization that has a manifest uploaded. :id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4 :expectedresults: Subscription page is rendered properly without errors and the default subscription is visible :BZ: 1417082 :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() self.upload_manifest(org.id, manifests.clone()) role = entities.Role().create() create_role_permissions( role, {'Katello::Subscription': ['view_subscriptions']}) password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=password, organization=[org], default_organization=org, ).create() with Session(self, user.login, password): self.subscriptions.navigate_to_entity() self.assertFalse(self.browser.current_url.endswith('katello/403')) self.assertIsNotNone( self.subscriptions.search(DEFAULT_SUBSCRIPTION_NAME))
def test_positive_access_with_non_admin_user_without_manifest(self): """Access subscription page with user that has only view_subscriptions permission and organization that has no manifest uploaded. :id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6 :expectedresults: Subscription page is rendered properly without errors :BZ: 1417082 :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() role = entities.Role().create() create_role_permissions( role, {'Katello::Subscription': ['view_subscriptions']} ) password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=password, organization=[org], default_organization=org, ).create() with Session(self, user.login, password): self.subscriptions.navigate_to_entity() self.assertIsNotNone(self.subscriptions.wait_until_element( locators['subs.page_title'])) self.assertFalse(self.browser.current_url.endswith('katello/403'))
def test_positive_add_katello_role_with_org(session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name, module_org): """Associate katello roles to User Group with org set. [belonging to external AD User Group.] :id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6 :setup: LDAP Auth Source should be created with Organization associated. :Steps: 1. Create an UserGroup. 2. Assign some katello roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access katello entities as per roles, with the associated org in LDAP Auth source page as the context set. """ auth_source_name = 'LDAP-' + auth_source.name ak_name = gen_string('alpha') user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Location': ['assign_locations'], 'Organization': ['assign_organizations'], } katello_role = entities.Role().create() create_role_permissions(katello_role, user_permissions) different_org = entities.Organization().create() with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [katello_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search( ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.activationkey.create({'name': ak_name}) results = session.activationkey.search(ak_name) assert results[0]['Name'] == ak_name session.organization.select(different_org.name) assert not session.activationkey.search(ak_name)[0]['Name'] == ak_name ak = entities.ActivationKey(organization=module_org).search( query={'search': 'name={}'.format(ak_name)})[0].read() assert ak.organization.id == module_org.id
def test_positive_add_foreman_role_with_org_loc( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name, module_org, module_loc): """Associate foreman roles to User Group with org and loc set. [belonging to external AD User Group.] :id: b39d7b2a-6d78-4c35-969a-37c8317ce64f :setup: LDAP Auth Source should be created with Org and Location Associated. :Steps: 1. Create an UserGroup. 2. Assign some foreman roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access foreman entities as per roles, with the associated org and loc in LDAP Auth source page as the context set. :CaseLevel: Integration """ auth_source_name = 'LDAP-' + auth_source.name name = gen_string('alpha') user_permissions = { 'Hostgroup': PERMISSIONS['Hostgroup'], 'Location': ['assign_locations'], 'Organization': ['assign_organizations'], } foreman_role = entities.Role().create() create_role_permissions(foreman_role, user_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') if bz_bug_is_open(1652938): try: ldapsession.hostgroup.search('') except NoSuchElementException: ldapsession.browser.refresh() ldapsession.hostgroup.create({'host_group.name': name}) hostgroup = session.hostgroup.read(name, ['organizations', 'locations']) assert len(hostgroup['organizations']['resources']['assigned']) == 1 assert module_org.name in hostgroup['organizations']['resources']['assigned'] assert len(hostgroup['locations']['resources']['assigned']) == 1 assert module_loc.name in hostgroup['locations']['resources']['assigned']
def test_positive_add_katello_role(session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Associate katello roles to User Group. [belonging to external AD User Group.] :id: aa5e3bf4-cb42-43a4-93ea-a2eea54b847a :Steps: 1. Create an UserGroup. 2. Assign some foreman roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access katello entities as per roles. :CaseLevel: Integration """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'] } katello_role = entities.Role().create() create_role_permissions(katello_role, user_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [katello_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search( ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: with raises(NavigationTriesExceeded): session.architecture.search('') if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read( ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_update_external_roles( test_name, session, auth_source, ldap_usergroup_name, ldap_tear_down, ldap_data ): """Added AD UserGroup roles get pushed down to user :id: f3ca1aae-5461-4af3-a508-82679bb6afed :setup: assign additional roles to the UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Login to sat6 with the AD user. 5. Assign additional roles to the UserGroup. 6. Login to sat6 with LDAP user that is part of aforementioned UserGroup. :expectedresults: User has access to all NEW functional areas that are assigned to aforementioned UserGroup. """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() katello_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} create_role_permissions(foreman_role, foreman_permissions) create_role_permissions(katello_role, katello_permissions) with session: session.usergroup.create( { 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, } ) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'] ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.location.create({'name': location_name}) assert ldapsession.location.search(location_name)[0]['Name'] == location_name current_user = ldapsession.location.read(location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.usergroup.update( ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]} ) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session(test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']) as session: session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_delete_external_roles( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Deleted AD UserGroup roles get pushed down to user :id: 479bc8fe-f6a3-4c89-8c7e-3d997315383f :setup: delete roles from an AD UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Login to sat6 with the AD user. 5. Unassign some of the existing roles of the UserGroup. 6. Login to sat6 with LDAP user that is part of aforementioned UserGroup. :expectedresults: User no longer has access to all deleted functional areas that were assigned to aforementioned UserGroup. :CaseLevel: Integration """ auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} create_role_permissions(foreman_role, foreman_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.location.create({'name': location_name}) assert ldapsession.location.search(location_name)[0]['Name'] == location_name current_user = ldapsession.location.read(location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.usergroup.update( ldap_usergroup_name, {'roles.resources.unassigned': [foreman_role.name]}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.location.create({'name': gen_string('alpha')})
def test_positive_create_as_non_admin_user(module_org, test_name): """Create a repository as a non admin user :id: 582949c4-b95f-4d64-b7f0-fb80b3d2bd7e :expectedresults: Repository successfully created :BZ: 1426393 :CaseLevel: Integration """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') repo_name = gen_string('alpha') user_permissions = { None: ['access_dashboard'], 'Katello::Product': [ 'view_products', 'create_products', 'edit_products', 'destroy_products', 'sync_products', 'export_products', ], } role = entities.Role().create() create_role_permissions(role, user_permissions) entities.User( login=user_login, password=user_password, role=[role], admin=False, default_organization=module_org, organization=[module_org], ).create() product = entities.Product(organization=module_org).create() with Session(test_name, user=user_login, password=user_password) as session: # ensure that the created user is not a global admin user # check administer->organizations page with raises(NavigationTriesExceeded): session.organization.create({ 'name': gen_string('alpha'), 'label': gen_string('alpha') }) session.repository.create( product.name, { 'name': repo_name, 'repo_type': REPO_TYPE['yum'], 'repo_content.upstream_url': FAKE_1_YUM_REPO, }, ) assert session.repository.search(product.name, repo_name)[0]['Name'] == repo_name
def test_positive_create_as_non_admin_user(module_org, test_name): """Create a repository as a non admin user :id: 582949c4-b95f-4d64-b7f0-fb80b3d2bd7e :expectedresults: Repository successfully created :BZ: 1426393 :CaseLevel: Integration """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') repo_name = gen_string('alpha') user_permissions = { None: ['access_dashboard'], 'Katello::Product': [ 'view_products', 'create_products', 'edit_products', 'destroy_products', 'sync_products', 'export_products', ], } role = entities.Role().create() create_role_permissions(role, user_permissions) entities.User( login=user_login, password=user_password, role=[role], admin=False, default_organization=module_org, organization=[module_org], ).create() product = entities.Product(organization=module_org).create() with Session( test_name, user=user_login, password=user_password) as session: # ensure that the created user is not a global admin user # check administer->organizations page with raises(NavigationTriesExceeded): session.organization.create({ 'name': gen_string('alpha'), 'label': gen_string('alpha'), }) session.repository.create( product.name, { 'name': repo_name, 'repo_type': REPO_TYPE['yum'], 'repo_content.upstream_url': FAKE_1_YUM_REPO, } ) assert session.repository.search( product.name, repo_name)[0]['Name'] == repo_name
def test_negative_remove_parameter_non_admin_user(test_name, module_org, module_loc): """Attempt to remove host parameter as a non-admin user with insufficient permissions :BZ: 1317868 :id: 78fd230e-2ec4-4158-823b-ddbadd5e232f :customerscenario: true :expectedresults: user with insufficient permissions is unable to remove host parameter, 'Remove' link is not visible for him :CaseLevel: System """ user_password = gen_string('alpha') parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')} role = entities.Role(organization=[module_org]).create() create_role_permissions( role, { 'Parameter': ['view_params'], 'Host': PERMISSIONS['Host'], 'Operatingsystem': ['view_operatingsystems'], }) user = entities.User( role=[role], admin=False, password=user_password, organization=[module_org], location=[module_loc], default_organization=module_org, default_location=module_loc, ).create() host = entities.Host( content_facet_attributes={ 'content_view_id': module_org.default_content_view.id, 'lifecycle_environment_id': module_org.library.id, }, location=module_loc, organization=module_org, host_parameters_attributes=[parameter], ).create() with Session(test_name, user=user.login, password=user_password) as session: values = session.host.read(host.name, 'parameters') assert values['parameters']['host_params'][0] == parameter with pytest.raises(NoSuchElementException) as context: session.host.update(host.name, {'parameters.host_params': []}) assert 'Remove Parameter' in str(context.value)
def test_negative_remove_parameter_non_admin_user(test_name, module_org, module_loc): """Attempt to remove host parameter as a non-admin user with insufficient permissions :BZ: 1317868 :id: 78fd230e-2ec4-4158-823b-ddbadd5e232f :customerscenario: true :expectedresults: user with insufficient permissions is unable to remove host parameter, 'Remove' link is not visible for him :CaseLevel: System """ user_password = gen_string('alpha') parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')} role = entities.Role(organization=[module_org]).create() create_role_permissions( role, { 'Parameter': ['view_params'], 'Host': PERMISSIONS['Host'], 'Operatingsystem': ['view_operatingsystems'], } ) user = entities.User( role=[role], admin=False, password=user_password, organization=[module_org], location=[module_loc], default_organization=module_org, default_location=module_loc, ).create() host = entities.Host( content_facet_attributes={ 'content_view_id': module_org.default_content_view.id, 'lifecycle_environment_id': module_org.library.id, }, location=module_loc, organization=module_org, host_parameters_attributes=[parameter], ).create() with Session(test_name, user=user.login, password=user_password) as session: values = session.host.read(host.name, 'parameters') assert values['parameters']['host_params'][0] == parameter with pytest.raises(NoSuchElementException) as context: session.host.update(host.name, {'parameters.host_params': []}) assert 'Remove Parameter' in str(context.value)
def test_positive_add_katello_role( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Associate katello roles to User Group. [belonging to external AD User Group.] :id: aa5e3bf4-cb42-43a4-93ea-a2eea54b847a :Steps: 1. Create an UserGroup. 2. Assign some foreman roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access katello entities as per roles. :CaseLevel: Integration """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name user_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} katello_role = entities.Role().create() create_role_permissions(katello_role, user_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [katello_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: with raises(NavigationTriesExceeded): session.architecture.search('') if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_remove_host_collection_non_admin(module_org, test_name): """Test that host collection can be removed from Activation Keys by non-admin user. :id: 187456ec-5690-4524-9701-8bdb74c7912a :expectedresults: Activation key is created, removed host collection is not listed :CaseLevel: Integration """ ak_name = gen_string('alpha') hc = entities.HostCollection(organization=module_org).create() # Create non-admin user with specified permissions roles = [entities.Role().create()] user_permissions = { 'Katello::ActivationKey': constants.PERMISSIONS['Katello::ActivationKey'], 'Katello::HostCollection': constants.PERMISSIONS['Katello::HostCollection'], } viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0] roles.append(viewer_role) create_role_permissions(roles[0], user_permissions) password = gen_string('alphanumeric') user = entities.User(admin=False, role=roles, password=password, organization=[module_org]).create() with Session(test_name, user=user.login, password=password) as session: session.activationkey.create({ 'name': ak_name, 'lce': { constants.ENVIRONMENT: True } }) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name session.activationkey.add_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name, widget_names='host_collections') assert ak['host_collections']['resources']['assigned'][0][ 'Name'] == hc.name # remove Host Collection session.activationkey.remove_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name, widget_names='host_collections') assert not ak['host_collections']['resources']['assigned']
def test_positive_remove_parameter_non_admin_user(test_name, module_org, module_loc): """Remove a host parameter as a non-admin user with enough permissions :id: 598111c1-fdb6-42e9-8c28-fae999b5d112 :expectedresults: user with sufficient permissions may remove host parameter :CaseLevel: System """ user_password = gen_string('alpha') parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')} role = entities.Role(organization=[module_org]).create() create_role_permissions( role, { 'Parameter': PERMISSIONS['Parameter'], 'Host': PERMISSIONS['Host'], 'Operatingsystem': ['view_operatingsystems'], }) user = entities.User( role=[role], admin=False, password=user_password, organization=[module_org], location=[module_loc], default_organization=module_org, default_location=module_loc, ).create() host = entities.Host( content_facet_attributes={ 'content_view_id': module_org.default_content_view.id, 'lifecycle_environment_id': module_org.library.id, }, location=module_loc, organization=module_org, host_parameters_attributes=[parameter], ).create() with Session(test_name, user=user.login, password=user_password) as session: values = session.host.read(host.name, 'parameters') assert values['parameters']['host_params'][0] == parameter session.host.update(host.name, {'parameters.host_params': []}) values = session.host.read(host.name, 'parameters') assert not values['parameters']['host_params']
def test_positive_remove_parameter_non_admin_user(test_name, module_org, module_loc): """Remove a host parameter as a non-admin user with enough permissions :id: 598111c1-fdb6-42e9-8c28-fae999b5d112 :expectedresults: user with sufficient permissions may remove host parameter :CaseLevel: System """ user_password = gen_string('alpha') parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')} role = entities.Role(organization=[module_org]).create() create_role_permissions( role, { 'Parameter': PERMISSIONS['Parameter'], 'Host': PERMISSIONS['Host'], 'Operatingsystem': ['view_operatingsystems'], } ) user = entities.User( role=[role], admin=False, password=user_password, organization=[module_org], location=[module_loc], default_organization=module_org, default_location=module_loc, ).create() host = entities.Host( content_facet_attributes={ 'content_view_id': module_org.default_content_view.id, 'lifecycle_environment_id': module_org.library.id, }, location=module_loc, organization=module_org, host_parameters_attributes=[parameter], ).create() with Session(test_name, user=user.login, password=user_password) as session: values = session.host.read(host.name, 'parameters') assert values['parameters']['host_params'][0] == parameter session.host.update(host.name, {'parameters.host_params': []}) values = session.host.read(host.name, 'parameters') assert not values['parameters']['host_params']
def test_positive_search_with_non_admin_user(self): """Search for specific smart class parameter using non admin user :id: 79bd4071-1baa-44af-91dd-1e093445af29 :expectedresults: Specified smart class parameter can be found in the system :BZ: 1391556 :CaseLevel: Integration """ sc_param = self.sc_params_list.pop() username = gen_string('alpha') password = gen_string('alpha') required_user_permissions = { 'Puppetclass': [ 'view_puppetclasses', ], 'PuppetclassLookupKey': [ 'view_external_parameters', 'create_external_parameters', 'edit_external_parameters', 'destroy_external_parameters', ], } role = entities.Role().create() create_role_permissions(role, required_user_permissions) entities.User( login=username, password=password, role=[role], admin=False ).create() # assert that the user is not an admin one and cannot read the current # role info (note: view_roles is not in the required permissions) cfg = get_nailgun_config() cfg.auth = (username, password) with self.assertRaises(HTTPError) as context: entities.Role(cfg, id=role.id).read() self.assertIn( '403 Client Error: Forbidden', context.exception.message) with Session(self.browser, username, password): self.assertIsNotNone(self.sc_parameters.search(sc_param.parameter))
def test_positive_remove_host_collection_non_admin(module_org, test_name): """Test that host collection can be removed from Activation Keys by non-admin user. :id: 187456ec-5690-4524-9701-8bdb74c7912a :expectedresults: Activation key is created, removed host collection is not listed :CaseLevel: Integration """ ak_name = gen_string('alpha') hc = entities.HostCollection(organization=module_org).create() # Create non-admin user with specified permissions roles = [entities.Role().create()] user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'], } viewer_role = entities.Role().search( query={'search': 'name="Viewer"'})[0] roles.append(viewer_role) create_role_permissions(roles[0], user_permissions) password = gen_string('alphanumeric') user = entities.User( admin=False, role=roles, password=password, organization=[module_org], ).create() with Session(test_name, user=user.login, password=password) as session: session.activationkey.create({ 'name': ak_name, 'lce': {ENVIRONMENT: True}, }) assert session.activationkey.search(ak_name) == ak_name session.activationkey.add_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name) assert ak[ 'host_collections']['resources']['assigned'][0]['Name'] == hc.name # remove Host Collection session.activationkey.remove_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name) assert not ak['host_collections']['resources']['assigned']
def test_positive_search_with_non_admin_user(test_name, sc_params_list): """Search for specific smart class parameter using non admin user :id: 79bd4071-1baa-44af-91dd-1e093445af29 :expectedresults: Specified smart class parameter can be found in the system :BZ: 1391556 :CaseLevel: Integration """ sc_param = sc_params_list.pop() username = gen_string('alpha') password = gen_string('alpha') required_user_permissions = { 'Puppetclass': [ 'view_puppetclasses', ], 'PuppetclassLookupKey': [ 'view_external_parameters', 'create_external_parameters', 'edit_external_parameters', 'destroy_external_parameters', ], } role = entities.Role().create() create_role_permissions(role, required_user_permissions) entities.User( login=username, password=password, role=[role], admin=False ).create() # assert that the user is not an admin one and cannot read the current # role info (note: view_roles is not in the required permissions) cfg = get_nailgun_config() cfg.auth = (username, password) with raises(HTTPError) as context: entities.Role(cfg, id=role.id).read() assert '403 Client Error: Forbidden' in str(context.value) with Session(test_name, user=username, password=password) as session: assert session.sc_parameter.search( sc_param.parameter)[0]['Parameter'] == sc_param.parameter
def test_positive_create_product_with_limited_user_permission( session, target_sat, test_name, module_org, module_location): """A user with all permissions in Product and Repositories should be able to create a new product :id: 534a16f9-2d66-4fa1-aa5b-560f00eb4f67 :expectedresults: User successfully creates new product :customerscenario: true :CaseLevel: Component :CaseImportance: High :BZ: 1771937 """ username = gen_string('alpha') password = gen_string('alpha') product_name = gen_string('alpha') product_label = gen_string('alpha') product_description = gen_string('alpha') role = target_sat.api.Role().create() # Calling Products and Repositoy to get all the permissions in it create_role_permissions( role, {'Katello::Product': PERMISSIONS['Katello::Product']}) target_sat.api.User( default_organization=module_org, organization=[module_org], firstname='sample', lastname='test', role=[role], login=username, password=password, mail='*****@*****.**', ).create() with Session(test_name, username, password) as newsession: newsession.product.create({ 'name': product_name, 'label': product_label, 'description': product_description }) assert newsession.product.search( product_name)[0]['Name'] == product_name
def test_positive_add_host_collection_non_admin(module_org, test_name): """Test that host collection can be associated to Activation Keys by non-admin user. :id: 417f0b36-fd49-4414-87ab-6f72a09696f2 :expectedresults: Activation key is created, added host collection is listed :BZ: 1473212 :CaseLevel: Integration """ ak_name = gen_string('alpha') hc = entities.HostCollection(organization=module_org).create() # Create non-admin user with specified permissions roles = [entities.Role().create()] user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'], } viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0] roles.append(viewer_role) create_role_permissions(roles[0], user_permissions) password = gen_string('alphanumeric') user = entities.User( admin=False, role=roles, password=password, organization=[module_org], ).create() with Session(test_name, user=user.login, password=password) as session: session.activationkey.create({ 'name': ak_name, 'lce': {ENVIRONMENT: True}, }) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name session.activationkey.add_host_collection(ak_name, hc.name) ak = session.activationkey.read(ak_name) assert ak[ 'host_collections']['resources']['assigned'][0]['Name'] == hc.name
def test_positive_create_role_filter(session, module_org): """Update a role with new filter and check that corresponding event appeared in the audit log :id: 74679c0d-7ef1-4ab1-8282-9377c6cabb9f :customerscenario: true :expectedresults: audit log has an entry for a new filter that was added to the role :BZ: 1425977, 1701118, 1701132 :CaseAutomation: Automated :CaseLevel: Integration :CaseImportance: Medium """ role = entities.Role(organization=[module_org]).create() with session: session.organization.select(org_name=ANY_CONTEXT['org']) values = session.audit.search( f'type=role and organization={module_org.name}') assert values['action_type'] == 'create' assert values['resource_type'] == 'ROLE' assert values['resource_name'] == role.name create_role_permissions( role, {'Architecture': ['view_architectures', 'edit_architectures']}) values = session.audit.search('type=filter') assert values['action_type'] == 'added' assert values['resource_type'] == 'Filter' assert values['resource_name'] == '{} and {} / {}'.format( 'view_architectures', 'edit_architectures', role.name) assert len(values['action_summary']) == 1 assert values['action_summary'][0][ 'column0'] == 'Added {} and {} to {}'.format( 'view_architectures', 'edit_architectures', role.name)
def test_positive_access_with_non_admin_user_with_manifest(test_name): """Access subscription page with user that has only view_subscriptions permission and organization that has a manifest uploaded. :id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4 :expectedresults: Subscription page is rendered properly without errors and the default subscription is visible :BZ: 1417082, 1651981 :customerscenario: true :CaseLevel: Integration :CaseImportance: Critical """ org = entities.Organization().create() manifests.upload_manifest_locked(org.id) role = entities.Role(organization=[org]).create() create_role_permissions( role, {'Katello::Subscription': ['view_subscriptions']} ) user_password = gen_string('alphanumeric') user = entities.User( admin=False, role=[role], password=user_password, organization=[org], default_organization=org, ).create() with Session(test_name, user=user.login, password=user_password) as session: assert (session.subscription.search( 'name = "{0}"'.format(DEFAULT_SUBSCRIPTION_NAME))[0]['Name'] == DEFAULT_SUBSCRIPTION_NAME)
def test_positive_custom_user_view_lce(self): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') env_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments' ] } create_role_permissions(role, permissions_types_names) entities.User( default_organization=org, organization=[org], role=[role], login=user_login, password=user_password ).create() # create a life cycle environment as admin user and ensure it's visible with Session(self.browser) as session: make_lifecycle_environment( session, org=org.name, name=env_name) self.assertIsNotNone(self.lifecycleenvironment.search(env_name)) # ensure the created user also can find the created life cycle # environment link with Session(self.browser, user=user_login, password=user_password): # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist self.assertIsNone( self.content_views.wait_until_element( menu_locators['menu.hosts'], timeout=1) ) # assert that the created user is not a global admin user # check administer->users page with self.assertRaises(UINoSuchElementError): session.nav.go_to_users() # assert that the user can view the lvce created by admin user self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
def test_positive_custom_user_view_lce(session, test_name): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') lce_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments' ] } create_role_permissions(role, permissions_types_names) entities.User(default_organization=org, organization=[org], role=[role], login=user_login, password=user_password).create() # create a life cycle environment as admin user and ensure it's visible with session: session.organization.select(org.name) session.lifecycleenvironment.create(values={'name': lce_name}) lce_values = session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce'] # ensure the created user also can find the created lifecycle environment link with Session(test_name, user_login, user_password) as non_admin_session: # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist with raises(NavigationTriesExceeded): assert not non_admin_session.host.read_all() # assert that the user can view the lvce created by admin user lce_values = non_admin_session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce']
def test_positive_create_as_non_admin_user_with_cv_published( module_org, test_name): """Create a repository as a non admin user in a product that already contain a repository that is used in a published content view. :id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f :expectedresults: New repository successfully created by non admin user :BZ: 1447829 :CaseLevel: Integration """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') repo_name = gen_string('alpha') user_permissions = { None: ['access_dashboard'], 'Katello::Product': [ 'view_products', 'create_products', 'edit_products', 'destroy_products', 'sync_products', 'export_products', ], } role = entities.Role().create() create_role_permissions(role, user_permissions) entities.User( login=user_login, password=user_password, role=[role], admin=False, default_organization=module_org, organization=[module_org], ).create() prod = entities.Product(organization=module_org).create() repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create() repo.sync() content_view = entities.ContentView(organization=module_org).create() content_view.repository = [repo] content_view = content_view.update(['repository']) content_view.publish() with Session(test_name, user_login, user_password) as session: # ensure that the created user is not a global admin user # check administer->users page with raises(NavigationTriesExceeded): pswd = gen_string('alphanumeric') session.user.create({ 'user.login': gen_string('alphanumeric'), 'user.auth': 'INTERNAL', 'user.password': pswd, 'user.confirm': pswd, }) # ensure that the created user has only the assigned permissions # check that host collections menu tab does not exist with raises(NavigationTriesExceeded): session.hostcollection.create({'name': gen_string('alphanumeric')}) session.repository.create( prod.name, { 'name': repo_name, 'repo_type': REPO_TYPE['yum'], 'repo_content.upstream_url': FAKE_1_YUM_REPO, }) assert session.repository.search(prod.name, repo.name)[0]['Name'] == repo.name
def test_positive_custom_user_view_lce(session, test_name): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') lce_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments' ] } create_role_permissions(role, permissions_types_names) entities.User( default_organization=org, organization=[org], role=[role], login=user_login, password=user_password ).create() # create a life cycle environment as admin user and ensure it's visible with session: session.organization.select(org.name) session.lifecycleenvironment.create(values={'name': lce_name}) lce_values = session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce'] # ensure the created user also can find the created lifecycle environment link with Session(test_name, user_login, user_password) as non_admin_session: # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist with raises(NavigationTriesExceeded): assert not non_admin_session.host.read_all() # assert that the user can view the lvce created by admin user lce_values = non_admin_session.lifecycleenvironment.read_all() assert lce_name in lce_values['lce']
def test_positive_check_permissions_affect_create_procedure( test_name, module_loc): """Verify whether user permissions affect what entities can be selected when host is created :id: 4502f99d-86fb-4655-a9dc-b2612cf849c6 :customerscenario: true :expectedresults: user with specific permissions can choose only entities for create host procedure that he has access to :BZ: 1293716 :CaseLevel: System """ # Create new organization org = entities.Organization().create() # Create two lifecycle environments lc_env = entities.LifecycleEnvironment(organization=org).create() filter_lc_env = entities.LifecycleEnvironment(organization=org).create() # Create two content views and promote them to one lifecycle # environment which will be used in filter cv = entities.ContentView(organization=org).create() filter_cv = entities.ContentView(organization=org).create() for content_view in [cv, filter_cv]: content_view.publish() content_view = content_view.read() promote(content_view.version[0], filter_lc_env.id) # Create two host groups hg = entities.HostGroup(organization=[org]).create() filter_hg = entities.HostGroup(organization=[org]).create() # Create new role role = entities.Role().create() # Create lifecycle environment permissions and select one specific # environment user will have access to create_role_permissions( role, { 'Katello::KTEnvironment': [ 'promote_or_remove_content_views_to_environments', 'view_lifecycle_environments' ] }, # allow access only to the mentioned here environment search='name = {0}'.format(filter_lc_env.name)) # Add necessary permissions for content view as we did for lce create_role_permissions( role, { 'Katello::ContentView': [ 'promote_or_remove_content_views', 'view_content_views', 'publish_content_views', ] }, # allow access only to the mentioned here cv search='name = {0}'.format(filter_cv.name)) # Add necessary permissions for hosts as we did for lce create_role_permissions( role, {'Host': ['create_hosts', 'view_hosts']}, # allow access only to the mentioned here host group search='hostgroup_fullname = {0}'.format(filter_hg.name)) # Add necessary permissions for host groups as we did for lce create_role_permissions( role, {'Hostgroup': ['view_hostgroups']}, # allow access only to the mentioned here host group search='name = {0}'.format(filter_hg.name)) # Add permissions for Organization and Location create_role_permissions( role, { 'Organization': PERMISSIONS['Organization'], 'Location': PERMISSIONS['Location'], }, ) # Create new user with a configured role user_password = gen_string('alpha') user = entities.User( role=[role], admin=False, password=user_password, organization=[org], location=[module_loc], default_organization=org, default_location=module_loc, ).create() host_fields = [ { 'name': 'host.hostgroup', 'unexpected_value': hg.name, 'expected_value': filter_hg.name, }, { 'name': 'host.lce', 'unexpected_value': lc_env.name, 'expected_value': filter_lc_env.name, }, { 'name': 'host.content_view', 'unexpected_value': cv.name, 'expected_value': filter_cv.name, # content view selection needs the right lce to be selected 'other_fields_values': { 'host.lce': filter_lc_env.name } }, ] with Session(test_name, user=user.login, password=user_password) as session: for host_field in host_fields: with pytest.raises(NoSuchElementException) as context: values = {host_field['name']: host_field['unexpected_value']} values.update(host_field.get('other_fields_values', {})) session.host.helper.read_create_view(values) error_message = str(context.value) assert host_field['unexpected_value'] in error_message # After the NoSuchElementException from FilteredDropdown, airgun is not able to # navigate to other locations, Note in normal situation we should send Escape key to # browser. session.browser.refresh() values = {host_field['name']: host_field['expected_value']} values.update(host_field.get('other_fields_values', {})) create_values = session.host.helper.read_create_view( values, host_field['name']) tab_name, field_name = host_field['name'].split('.') assert create_values[tab_name][field_name] == host_field[ 'expected_value']
def test_positive_create_as_non_admin_user_with_cv_published( module_org, test_name): """Create a repository as a non admin user in a product that already contain a repository that is used in a published content view. :id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f :expectedresults: New repository successfully created by non admin user :BZ: 1447829 :CaseLevel: Integration """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') repo_name = gen_string('alpha') user_permissions = { None: ['access_dashboard'], 'Katello::Product': [ 'view_products', 'create_products', 'edit_products', 'destroy_products', 'sync_products', 'export_products', ], } role = entities.Role().create() create_role_permissions(role, user_permissions) entities.User( login=user_login, password=user_password, role=[role], admin=False, default_organization=module_org, organization=[module_org], ).create() prod = entities.Product(organization=module_org).create() repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create() repo.sync() content_view = entities.ContentView(organization=module_org).create() content_view.repository = [repo] content_view = content_view.update(['repository']) content_view.publish() with Session(test_name, user_login, user_password) as session: # ensure that the created user is not a global admin user # check administer->users page with raises(NavigationTriesExceeded): pswd = gen_string('alphanumeric') session.user.create({ 'user.login': gen_string('alphanumeric'), 'user.auth': 'INTERNAL', 'user.password': pswd, 'user.confirm': pswd, }) # ensure that the created user has only the assigned permissions # check that host collections menu tab does not exist with raises(NavigationTriesExceeded): session.hostcollection.create({'name': gen_string('alphanumeric')}) session.repository.create( prod.name, { 'name': repo_name, 'repo_type': REPO_TYPE['yum'], 'repo_content.upstream_url': FAKE_1_YUM_REPO, } ) assert session.repository.search( prod.name, repo.name)[0]['Name'] == repo.name
def test_positive_user_access_with_host_filter(test_name, module_loc): """Check if user with necessary host permissions can access dashboard and required widgets are rendered with proper values :id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d :Steps: 1. Specify proper filter with permission for your role 2. Create new user and assign role to it 3. Login into application using this new user 4. Check dashboard and widgets on it 5. Register new content host to populate some values into dashboard widgets :expectedresults: Dashboard and Errata Widget rendered without errors and contain proper values :BZ: 1417114 :CaseLevel: System """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') org = entities.Organization().create() lce = entities.LifecycleEnvironment(organization=org).create() # create a role with necessary permissions role = entities.Role().create() user_permissions = { 'Organization': ['view_organizations'], 'Location': ['view_locations'], None: ['access_dashboard'], 'Host': ['view_hosts'], } create_role_permissions(role, user_permissions) # create a user and assign the above created role entities.User( default_organization=org, organization=[org], default_location=module_loc, location=[module_loc], role=[role], login=user_login, password=user_password ).create() with Session(test_name, user=user_login, password=user_password) as session: assert session.dashboard.read('HostConfigurationStatus')['total_count'] == 0 assert len(session.dashboard.read('LatestErrata')) == 0 repos_collection = RepositoryCollection( distro=DISTRO_RHEL7, repositories=[ SatelliteToolsRepository(), YumRepository(url=FAKE_6_YUM_REPO), ] ) repos_collection.setup_content(org.id, lce.id) with VirtualMachine(distro=repos_collection.distro) as client: repos_collection.setup_virtual_machine(client) result = client.run('yum install -y {0}'.format(FAKE_1_CUSTOM_PACKAGE)) assert result.return_code == 0 hostname = client.hostname # Check UI for values assert session.host.search(hostname)[0]['Name'] == hostname hosts_values = session.dashboard.read('HostConfigurationStatus') assert hosts_values['total_count'] == 1 errata_values = session.dashboard.read('LatestErrata')['erratas'] assert len(errata_values) == 1 assert errata_values[0]['Type'] == 'security' assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_update_external_roles( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Added AD UserGroup roles get pushed down to user :id: f3ca1aae-5461-4af3-a508-82679bb6afed :setup: assign additional roles to the UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Login to sat6 with the AD user. 5. Assign additional roles to the UserGroup. 6. Login to sat6 with LDAP user that is part of aforementioned UserGroup. :expectedresults: User has access to all NEW functional areas that are assigned to aforementioned UserGroup. :CaseLevel: Integration """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() katello_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} create_role_permissions(foreman_role, foreman_permissions) create_role_permissions(katello_role, katello_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') ldapsession.location.create({'name': location_name}) assert ldapsession.location.search(location_name)[0]['Name'] == location_name current_user = ldapsession.location.read(location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.usergroup.update( ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_custom_user_view_lce(self): """As a custom user attempt to view a lifecycle environment created by admin user :id: 768b647b-c530-4eca-9caa-38cf8622f36d :BZ: 1420511 :Steps: As an admin user: 1. Create an additional lifecycle environments other than Library 2. Create a user without administrator privileges 3. Create a role with the the following permissions: * (Miscellaneous): access_dashboard * Lifecycle Environment: * edit_lifecycle_environments * promote_or_remove_content_views_to_environment * view_lifecycle_environments * Location: view_locations * Organization: view_organizations 4. Assign the created role to the custom user As a custom user: 1. Log in 2. Navigate to Content -> Lifecycle Environments :expectedresults: The additional lifecycle environment is viewable and accessible by the custom user. :CaseLevel: Integration """ role_name = gen_string('alpha') env_name = gen_string('alpha') user_login = gen_string('alpha') user_password = gen_string('alpha') org = entities.Organization().create() role = entities.Role(name=role_name).create() permissions_types_names = { None: ['access_dashboard'], 'Organization': ['view_organizations'], 'Location': ['view_locations'], 'Katello::KTEnvironment': [ 'view_lifecycle_environments', 'edit_lifecycle_environments', 'promote_or_remove_content_views_to_environments' ] } create_role_permissions(role, permissions_types_names) entities.User(default_organization=org, organization=[org], role=[role], login=user_login, password=user_password).create() # create a life cycle environment as admin user and ensure it's visible with Session(self.browser) as session: make_lifecycle_environment(session, org=org.name, name=env_name) self.assertIsNotNone(self.lifecycleenvironment.search(env_name)) # ensure the created user also can find the created life cycle # environment link with Session(self.browser, user=user_login, password=user_password): # to ensure that the created user has only the assigned # permissions, check that hosts menu tab does not exist self.assertIsNone( self.content_views.wait_until_element( menu_locators['menu.hosts'], timeout=1)) # assert that the created user is not a global admin user # check administer->users page with self.assertRaises(UINoSuchElementError): session.nav.go_to_users() # assert that the user can view the lvce created by admin user self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
def test_positive_user_access_with_host_filter(test_name, module_loc, rhel7_contenthost): """Check if user with necessary host permissions can access dashboard and required widgets are rendered with proper values :id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d :Steps: 1. Specify proper filter with permission for your role 2. Create new user and assign role to it 3. Login into application using this new user 4. Check dashboard and widgets on it 5. Register new content host to populate some values into dashboard widgets :expectedresults: Dashboard and Errata Widget rendered without errors and contain proper values :BZ: 1417114 :CaseLevel: System """ user_login = gen_string('alpha') user_password = gen_string('alphanumeric') org = entities.Organization().create() lce = entities.LifecycleEnvironment(organization=org).create() # create a role with necessary permissions role = entities.Role().create() user_permissions = { 'Organization': ['view_organizations'], 'Location': ['view_locations'], None: ['access_dashboard'], 'Host': ['view_hosts'], } create_role_permissions(role, user_permissions) # create a user and assign the above created role entities.User( default_organization=org, organization=[org], default_location=module_loc, location=[module_loc], role=[role], login=user_login, password=user_password, ).create() with Session(test_name, user=user_login, password=user_password) as session: assert session.dashboard.read( 'HostConfigurationStatus')['total_count'] == 0 assert len(session.dashboard.read('LatestErrata')) == 0 repos_collection = RepositoryCollection( distro=DISTRO_RHEL7, repositories=[ SatelliteToolsRepository(), YumRepository(url=FAKE_6_YUM_REPO) ], ) repos_collection.setup_content(org.id, lce.id, upload_manifest=True) repos_collection.setup_virtual_machine(rhel7_contenthost) result = rhel7_contenthost.run( f'yum install -y {FAKE_1_CUSTOM_PACKAGE}') assert result.status == 0 hostname = rhel7_contenthost.hostname # Check UI for values assert session.host.search(hostname)[0]['Name'] == hostname hosts_values = session.dashboard.read('HostConfigurationStatus') assert hosts_values['total_count'] == 1 errata_values = session.dashboard.read('LatestErrata')['erratas'] assert len(errata_values) == 1 assert errata_values[0]['Type'] == 'security' assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_update_external_user_roles( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Assure that user has roles/can access feature areas for additional roles assigned outside any roles assigned by his group :id: a487f7d6-22f2-4e42-b34f-8d984f721c83 :setup: Assign roles to UserGroup and configure external UserGroup subsequently assign specified roles to the user(s). roles that are not part of the larger UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Assign some more roles to a User(which is part of external AD UserGroup) at the User level. 5. Login to sat6 with the above AD user and attempt to access areas assigned specifically to user. :expectedresults: User can access not only those feature areas in his UserGroup but those additional feature areas / roles assigned specifically to user :CaseLevel: Integration """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() katello_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']} create_role_permissions(foreman_role, foreman_permissions) create_role_permissions(katello_role, katello_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: ldapsession.location.create({'name': location_name}) assert ldapsession.location.search(location_name)[0]['Name'] == location_name current_user = ldapsession.location.read(location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.user.update( ldap_data['ldap_user_name'], {'roles.resources.assigned': [katello_role.name]}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read(ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']
def test_positive_add_katello_role_with_org( session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name, module_org): """Associate katello roles to User Group with org set. [belonging to external AD User Group.] :id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6 :setup: LDAP Auth Source should be created with Organization associated. :Steps: 1. Create an UserGroup. 2. Assign some katello roles to UserGroup. 3. Create and associate an External AD UserGroup. :expectedresults: Whether a User belonging to User Group is able to access katello entities as per roles, with the associated org in LDAP Auth source page as the context set. :CaseLevel: Integration """ auth_source_name = 'LDAP-' + auth_source.name ak_name = gen_string('alpha') user_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'], 'Location': ['assign_locations'], 'Organization': ['assign_organizations'], } katello_role = entities.Role().create() create_role_permissions(katello_role, user_permissions) different_org = entities.Organization().create() with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [katello_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') if bz_bug_is_open(1652938): try: ldapsession.activationkey.search('') except NoSuchElementException: ldapsession.browser.refresh() ldapsession.activationkey.create({'name': ak_name}) # Since it's not possible to fetch assigned organization via UI directly, # verify AK can be found in right org, can't be found in wrong one and # double check via API if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() results = session.activationkey.search(ak_name) assert results[0]['Name'] == ak_name session.organization.select(different_org.name) assert not session.activationkey.search(ak_name) ak = entities.ActivationKey(organization=module_org).search( query={'search': 'name={}'.format(ak_name)})[0].read() assert ak.organization.id == module_org.id
def test_positive_check_permissions_affect_create_procedure(test_name, module_loc): """Verify whether user permissions affect what entities can be selected when host is created :id: 4502f99d-86fb-4655-a9dc-b2612cf849c6 :customerscenario: true :expectedresults: user with specific permissions can choose only entities for create host procedure that he has access to :BZ: 1293716 :CaseLevel: System """ # Create new organization org = entities.Organization().create() # Create two lifecycle environments lc_env = entities.LifecycleEnvironment(organization=org).create() filter_lc_env = entities.LifecycleEnvironment(organization=org).create() # Create two content views and promote them to one lifecycle # environment which will be used in filter cv = entities.ContentView(organization=org).create() filter_cv = entities.ContentView(organization=org).create() for content_view in [cv, filter_cv]: content_view.publish() content_view = content_view.read() promote(content_view.version[0], filter_lc_env.id) # Create two host groups hg = entities.HostGroup(organization=[org]).create() filter_hg = entities.HostGroup(organization=[org]).create() # Create new role role = entities.Role().create() # Create lifecycle environment permissions and select one specific # environment user will have access to create_role_permissions( role, { 'Katello::KTEnvironment': [ 'promote_or_remove_content_views_to_environments', 'view_lifecycle_environments' ] }, # allow access only to the mentioned here environment search='name = {0}'.format(filter_lc_env.name) ) # Add necessary permissions for content view as we did for lce create_role_permissions( role, { 'Katello::ContentView': [ 'promote_or_remove_content_views', 'view_content_views', 'publish_content_views', ] }, # allow access only to the mentioned here cv search='name = {0}'.format(filter_cv.name) ) # Add necessary permissions for hosts as we did for lce create_role_permissions( role, {'Host': ['create_hosts', 'view_hosts']}, # allow access only to the mentioned here host group search='hostgroup_fullname = {0}'.format(filter_hg.name) ) # Add necessary permissions for host groups as we did for lce create_role_permissions( role, {'Hostgroup': ['view_hostgroups']}, # allow access only to the mentioned here host group search='name = {0}'.format(filter_hg.name) ) # Add permissions for Organization and Location create_role_permissions( role, { 'Organization': PERMISSIONS['Organization'], 'Location': PERMISSIONS['Location'], }, ) # Create new user with a configured role user_password = gen_string('alpha') user = entities.User( role=[role], admin=False, password=user_password, organization=[org], location=[module_loc], default_organization=org, default_location=module_loc, ).create() host_fields = [ { 'name': 'host.hostgroup', 'unexpected_value': hg.name, 'expected_value': filter_hg.name, }, { 'name': 'host.lce', 'unexpected_value': lc_env.name, 'expected_value': filter_lc_env.name, }, { 'name': 'host.content_view', 'unexpected_value': cv.name, 'expected_value': filter_cv.name, # content view selection needs the right lce to be selected 'other_fields_values': {'host.lce': filter_lc_env.name} }, ] with Session(test_name, user=user.login, password=user_password) as session: for host_field in host_fields: with pytest.raises(NoSuchElementException) as context: values = {host_field['name']: host_field['unexpected_value']} values.update(host_field.get('other_fields_values', {})) session.host.helper.read_create_view(values) error_message = str(context.value) assert host_field['unexpected_value'] in error_message # After the NoSuchElementException from FilteredDropdown, airgun is not able to # navigate to other locations, Note in normal situation we should send Escape key to # browser. session.browser.refresh() values = {host_field['name']: host_field['expected_value']} values.update(host_field.get('other_fields_values', {})) create_values = session.host.helper.read_create_view(values, host_field['name']) tab_name, field_name = host_field['name'].split('.') assert create_values[tab_name][field_name] == host_field['expected_value']
def test_positive_update_external_user_roles(session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name): """Assure that user has roles/can access feature areas for additional roles assigned outside any roles assigned by his group :id: a487f7d6-22f2-4e42-b34f-8d984f721c83 :setup: Assign roles to UserGroup and configure external UserGroup subsequently assign specified roles to the user(s). roles that are not part of the larger UserGroup :steps: 1. Create an UserGroup. 2. Assign some roles to UserGroup. 3. Create an External AD UserGroup as per the UserGroup name in AD. 4. Assign some more roles to a User(which is part of external AD UserGroup) at the User level. 5. Login to sat6 with the above AD user and attempt to access areas assigned specifically to user. :expectedresults: User can access not only those feature areas in his UserGroup but those additional feature areas / roles assigned specifically to user :CaseLevel: Integration """ ak_name = gen_string('alpha') auth_source_name = 'LDAP-' + auth_source.name location_name = gen_string('alpha') foreman_role = entities.Role().create() katello_role = entities.Role().create() foreman_permissions = {'Location': PERMISSIONS['Location']} katello_permissions = { 'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'] } create_role_permissions(foreman_role, foreman_permissions) create_role_permissions(katello_role, katello_permissions) with session: session.usergroup.create({ 'usergroup.name': ldap_usergroup_name, 'roles.resources.assigned': [foreman_role.name], 'external_groups.name': EXTERNAL_GROUP_NAME, 'external_groups.auth_source': auth_source_name, }) assert session.usergroup.search( ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as ldapsession: ldapsession.location.create({'name': location_name}) assert ldapsession.location.search( location_name)[0]['Name'] == location_name current_user = ldapsession.location.read( location_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name'] session.user.update(ldap_data['ldap_user_name'], {'roles.resources.assigned': [katello_role.name]}) with Session( test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd'], ) as session: with raises(NavigationTriesExceeded): ldapsession.architecture.search('') if bz_bug_is_open(1652938): try: session.activationkey.search('') except NoSuchElementException: session.browser.refresh() session.activationkey.create({'name': ak_name}) assert session.activationkey.search(ak_name)[0]['Name'] == ak_name current_user = session.activationkey.read( ak_name, 'current_user')['current_user'] assert current_user == ldap_data['ldap_user_name']