def test_positive_create_with_ad(self, ldap_data, server_name):
"""Create/update/delete LDAP authentication with AD using names of different types
:id: 093f6abc-91e7-4449-b484-71e4a14ac808
:expectedresults: Whether creating/upating/deleting LDAP Auth with AD is successful.
:CaseImportance: Critical
"""
auth = make_ldap_auth_source(
{
'name': server_name,
'onthefly-register': 'true',
'host': ldap_data['ldap_hostname'],
'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
'attr-login': LDAP_ATTR['login_ad'],
'attr-firstname': LDAP_ATTR['firstname'],
'attr-lastname': LDAP_ATTR['surname'],
'attr-mail': LDAP_ATTR['mail'],
'account': ldap_data['ldap_user_name'],
'account-password': ldap_data['ldap_user_passwd'],
'base-dn': ldap_data['base_dn'],
'groups-base': ldap_data['group_base_dn'],
}
)
assert auth['server']['name'] == server_name
assert auth['server']['server'] == ldap_data['ldap_hostname']
assert auth['server']['server-type'] == LDAP_SERVER_TYPE['CLI']['ad']
new_name = gen_string('alpha')
LDAPAuthSource.update({'name': server_name, 'new-name': new_name})
updated_auth = LDAPAuthSource.info({'id': auth['server']['id']})
assert updated_auth['server']['name'] == new_name
LDAPAuthSource.delete({'name': new_name})
with pytest.raises(CLIReturnCodeError):
LDAPAuthSource.info({'name': new_name})
def setUpClass(cls):
"""Read settings and create LDAP auth source that can be re-used in
tests."""
super(FreeIPAUserGroupTestCase, cls).setUpClass()
cls.ldap_user_name = settings.ipa.username_ipa
cls.ldap_user_passwd = settings.ipa.password_ipa
cls.base_dn = settings.ipa.basedn_ipa
cls.group_base_dn = settings.ipa.grpbasedn_ipa
cls.ldap_hostname = settings.ipa.hostname_ipa
cls.auth = make_ldap_auth_source({
'name':
gen_string('alpha'),
'onthefly-register':
'true',
'host':
cls.ldap_hostname,
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
cls.ldap_user_name,
'account-password':
cls.ldap_user_passwd,
'base-dn':
cls.base_dn,
'groups-base':
cls.group_base_dn,
})
def test_positive_create_withad(self):
"""Create LDAP authentication with AD using names of different types
:id: 093f6abc-91e7-4449-b484-71e4a14ac808
:expectedresults: Whether creating LDAP Auth with AD is successful.
:CaseImportance: Critical
"""
for server_name in generate_strings_list():
with self.subTest(server_name):
auth = make_ldap_auth_source({
u'name': server_name,
u'onthefly-register': 'true',
u'host': self.ldap_hostname,
u'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
u'attr-login': LDAP_ATTR['login_ad'],
u'attr-firstname': LDAP_ATTR['firstname'],
u'attr-lastname': LDAP_ATTR['surname'],
u'attr-mail': LDAP_ATTR['mail'],
u'account': self.ldap_user_name,
u'account-password': self.ldap_user_passwd,
u'base-dn': self.base_dn,
u'groups-base': self.group_base_dn,
})
self.assertEqual(auth['server']['name'], server_name)
def test_positive_end_to_end_with_ipa(self, ipa_data, server_name):
"""CRUD LDAP authentication with FreeIPA
:id: 6cb54405-b579-4020-bf99-cb811a6aa28b
:expectedresults: Whether creating/updating/deleting LDAP Auth with FreeIPA is successful.
:CaseImportance: High
"""
auth = make_ldap_auth_source(
{
'name': server_name,
'onthefly-register': 'true',
'host': ipa_data['ldap_ipa_hostname'],
'server-type': LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login': LDAP_ATTR['login'],
'attr-firstname': LDAP_ATTR['firstname'],
'attr-lastname': LDAP_ATTR['surname'],
'attr-mail': LDAP_ATTR['mail'],
'account': ipa_data['ldap_ipa_user_name'],
'account-password': ipa_data['ldap_ipa_user_passwd'],
'base-dn': ipa_data['ipa_base_dn'],
'groups-base': ipa_data['ipa_group_base_dn'],
}
)
assert auth['server']['name'] == server_name
assert auth['server']['server'] == ipa_data['ldap_ipa_hostname']
assert auth['server']['server-type'] == LDAP_SERVER_TYPE['CLI']['ipa']
new_name = gen_string('alpha')
LDAPAuthSource.update({'name': server_name, 'new-name': new_name})
updated_auth = LDAPAuthSource.info({'id': auth['server']['id']})
assert updated_auth['server']['name'] == new_name
LDAPAuthSource.delete({'name': new_name})
with pytest.raises(CLIReturnCodeError):
LDAPAuthSource.info({'name': new_name})
def setUpClass(cls):
"""Read settings and create LDAP auth source that can be re-used in
tests."""
super(ActiveDirectoryUserGroupTestCase, cls).setUpClass()
cls.ldap_user_name = settings.ldap.username
cls.ldap_user_passwd = settings.ldap.password
cls.base_dn = settings.ldap.basedn
cls.group_base_dn = settings.ldap.grpbasedn
cls.ldap_hostname = settings.ldap.hostname
cls.auth = make_ldap_auth_source({
u'name':
gen_string('alpha'),
u'onthefly-register':
'true',
u'host':
cls.ldap_hostname,
u'server-type':
LDAP_SERVER_TYPE['CLI']['ad'],
u'attr-login':
LDAP_ATTR['login_ad'],
u'attr-firstname':
LDAP_ATTR['firstname'],
u'attr-lastname':
LDAP_ATTR['surname'],
u'attr-mail':
LDAP_ATTR['mail'],
u'account':
cls.ldap_user_name,
u'account-password':
cls.ldap_user_passwd,
u'base-dn':
cls.base_dn,
u'groups-base':
cls.group_base_dn,
})
def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data, ldap_tear_down):
"""Verify the usergroup-sync functionality in AD Auth Source
:id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2
:customerscenario: true
:CaseImportance: Medium
:bz: 1901392
:parametrized: yes
:expectedresults: external user-group sync works as expected automatically
based on user-sync
"""
ad_data = ad_data()
group_base_dn = ','.join(ad_data['group_base_dn'].split(',')[1:])
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source = make_ldap_auth_source(
{
'name': gen_string('alpha'),
'onthefly-register': 'true',
'host': ad_data['ldap_hostname'],
'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
'attr-login': LDAP_ATTR['login_ad'],
'attr-firstname': LDAP_ATTR['firstname'],
'attr-lastname': LDAP_ATTR['surname'],
'attr-mail': LDAP_ATTR['mail'],
'account': ad_data['ldap_user_name'],
'account-password': ad_data['ldap_user_passwd'],
'base-dn': ad_data['base_dn'],
'groups-base': group_base_dn,
}
)
# assert auth_source['account']['groups-base'] == group_base_dn
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
make_usergroup_external(
{
'auth-source-id': auth_source['server']['id'],
'user-group-id': user_group['id'],
'name': member_group,
}
)
UserGroup.add_role({'id': user_group['id'], 'role-id': viewer_role['id']})
user_group = UserGroup.info({'id': user_group['id']})
result = Auth.with_user(
username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
).status()
assert LOGEDIN_MSG.format(ad_data['ldap_user_name']) in result[0]['message']
UserGroupExternal.refresh({'user-group-id': user_group['id'], 'name': member_group})
user_group = UserGroup.info({'id': user_group['id']})
list = Role.with_user(
username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
).list()
assert len(list) > 1
def test_positive_end_to_end_withipa(self):
"""CRUD LDAP authentication with FreeIPA
:id: 6cb54405-b579-4020-bf99-cb811a6aa28b
:expectedresults: Whether creating/updating/deleting LDAP Auth with FreeIPA is successful.
:CaseImportance: High
"""
for server_name in generate_strings_list():
with self.subTest(server_name):
auth = make_ldap_auth_source({
'name':
server_name,
'onthefly-register':
'true',
'host':
self.ldap_ipa_hostname,
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
self.ldap_ipa_user_name,
'account-password':
self.ldap_ipa_user_passwd,
'base-dn':
self.ipa_base_dn,
'groups-base':
self.ipa_base_dn,
})
self.assertEqual(auth['server']['name'], server_name)
self.assertEqual(auth['server']['server'],
self.ldap_ipa_hostname)
self.assertEqual(auth['server']['server-type'],
LDAP_SERVER_TYPE['CLI']['ipa'])
new_name = gen_string('alpha')
LDAPAuthSource.update({
'name': server_name,
'new-name': new_name
})
updated_auth = LDAPAuthSource.info(
{'id': auth['server']['id']})
self.assertEqual(updated_auth['server']['name'], new_name)
LDAPAuthSource.delete({'name': new_name})
with self.assertRaises(CLIReturnCodeError):
LDAPAuthSource.info({'name': new_name})
def test_positive_create_withad(self):
"""Create/update/delete LDAP authentication with AD using names of different types
:id: 093f6abc-91e7-4449-b484-71e4a14ac808
:expectedresults: Whether creating/upating/deleting LDAP Auth with AD is successful.
:CaseImportance: Critical
"""
for server_name in generate_strings_list():
with self.subTest(server_name):
auth = make_ldap_auth_source({
u'name':
server_name,
u'onthefly-register':
'true',
u'host':
self.ldap_hostname,
u'server-type':
LDAP_SERVER_TYPE['CLI']['ad'],
u'attr-login':
LDAP_ATTR['login_ad'],
u'attr-firstname':
LDAP_ATTR['firstname'],
u'attr-lastname':
LDAP_ATTR['surname'],
u'attr-mail':
LDAP_ATTR['mail'],
u'account':
self.ldap_user_name,
u'account-password':
self.ldap_user_passwd,
u'base-dn':
self.base_dn,
u'groups-base':
self.group_base_dn,
})
self.assertEqual(auth['server']['name'], server_name)
self.assertEqual(auth['server']['server'], self.ldap_hostname)
self.assertEqual(auth['server']['server-type'],
LDAP_SERVER_TYPE['CLI']['ad'])
new_name = gen_string('alpha')
LDAPAuthSource.update({
u'name': server_name,
u'new-name': new_name
})
updated_auth = LDAPAuthSource.info(
{u'id': auth['server']['id']})
self.assertEqual(updated_auth['server']['name'], new_name)
LDAPAuthSource.delete({u'name': new_name})
with self.assertRaises(CLIReturnCodeError):
LDAPAuthSource.info({'name': new_name})
def test_positive_end_to_end_with_open_ldap(self, open_ldap_data,
server_name):
"""CRUD LDAP Operations with OpenLDAP
:id: f84db334-0189-11eb-846c-d46d6dd3b5b2
:parametrized: yes
:expectedresults: Whether creating/updating/deleting LDAP Auth with OpenLDAP is successful.
:CaseImportance: High
"""
auth = make_ldap_auth_source({
'name':
server_name,
'onthefly-register':
'true',
'host':
open_ldap_data.hostname,
'server-type':
LDAP_SERVER_TYPE['CLI']['posix'],
'attr-login':
LDAP_ATTR['login_ad'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
open_ldap_data.username,
'account-password':
open_ldap_data.password,
'base-dn':
open_ldap_data.base_dn,
})
assert auth['server']['name'] == server_name
assert auth['server']['server'] == open_ldap_data.hostname
assert auth['server']['server-type'] == LDAP_SERVER_TYPE['CLI'][
'posix']
new_name = gen_string('alpha')
LDAPAuthSource.update({'name': server_name, 'new-name': new_name})
updated_auth = LDAPAuthSource.info({'id': auth['server']['id']})
assert updated_auth['server']['name'] == new_name
LDAPAuthSource.delete({'name': new_name})
with pytest.raises(CLIReturnCodeError):
LDAPAuthSource.info({'name': new_name})
def test_positive_end_to_end_withipa(self):
"""CRUD LDAP authentication with FreeIPA
:id: 6cb54405-b579-4020-bf99-cb811a6aa28b
:expectedresults: Whether creating/updating/deleting LDAP Auth with FreeIPA is successful.
:CaseImportance: Critical
"""
for server_name in generate_strings_list():
with self.subTest(server_name):
auth = make_ldap_auth_source({
u'name': server_name,
u'onthefly-register': 'true',
u'host': self.ldap_ipa_hostname,
u'server-type': LDAP_SERVER_TYPE['CLI']['ipa'],
u'attr-login': LDAP_ATTR['login'],
u'attr-firstname': LDAP_ATTR['firstname'],
u'attr-lastname': LDAP_ATTR['surname'],
u'attr-mail': LDAP_ATTR['mail'],
u'account': self.ldap_ipa_user_name,
u'account-password': self.ldap_ipa_user_passwd,
u'base-dn': self.ipa_base_dn,
u'groups-base': self.ipa_base_dn,
})
self.assertEqual(auth['server']['name'], server_name)
self.assertEqual(auth['server']['server'], self.ldap_ipa_hostname)
self.assertEqual(auth['server']['server-type'], LDAP_SERVER_TYPE['CLI']['ipa'])
new_name = gen_string('alpha')
LDAPAuthSource.update({
u'name': server_name,
u'new-name': new_name
})
updated_auth = LDAPAuthSource.info({u'id': auth['server']['id']})
self.assertEqual(updated_auth['server']['name'], new_name)
LDAPAuthSource.delete({
u'name': new_name
})
with self.assertRaises(CLIReturnCodeError):
LDAPAuthSource.info({'name': new_name})
def setUpClass(cls):
"""Read settings and create LDAP auth source that can be re-used in
tests."""
super(ActiveDirectoryUserGroupTestCase, cls).setUpClass()
cls.ldap_user_name = settings.ldap.username
cls.ldap_user_passwd = settings.ldap.password
cls.base_dn = settings.ldap.basedn
cls.group_base_dn = settings.ldap.grpbasedn
cls.ldap_hostname = settings.ldap.hostname
cls.auth = make_ldap_auth_source({
u'name': gen_string('alpha'),
u'onthefly-register': 'true',
u'host': cls.ldap_hostname,
u'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
u'attr-login': LDAP_ATTR['login_ad'],
u'attr-firstname': LDAP_ATTR['firstname'],
u'attr-lastname': LDAP_ATTR['surname'],
u'attr-mail': LDAP_ATTR['mail'],
u'account': cls.ldap_user_name,
u'account-password': cls.ldap_user_passwd,
u'base-dn': cls.base_dn,
u'groups-base': cls.group_base_dn,
})
def test_usergroup_with_usergroup_sync(self, ipa_data):
"""Verify the usergroup-sync functionality in Ldap Auth Source
:id: 2b63e886-2c53-11ea-9da5-db3ae0527554
:expectedresults: external user-group sync works as expected automatically
based on user-sync
:CaseImportance: Medium
"""
self._clean_up_previous_ldap()
self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
'foobargroup', 'foreman_group')
member_username = '******'
member_group = 'foreman_group'
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source_name = gen_string('alpha')
auth_source = make_ldap_auth_source({
'name':
auth_source_name,
'onthefly-register':
'true',
'usergroup-sync':
'true',
'host':
ipa_data['ldap_ipa_hostname'],
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ldap_ipa_user_name,
'account-password':
ipa_data['ldap_ipa_user_passwd'],
'base-dn':
ipa_data['ipa_base_dn'],
'groups-base':
ipa_group_base_dn,
})
auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})
# Adding User in IPA UserGroup
self._add_user_in_IPA_usergroup(member_username, member_group)
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
auth_source['server']['id'],
'user-group-id':
user_group['id'],
'name':
member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
assert ext_user_group['auth-source'] == auth_source['server']['name']
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
result = Auth.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).status()
assert LOGEDIN_MSG.format(member_username) in result[0]['message']
list = Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert len(list) > 1
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 1
assert user_group['users'][0] == member_username
# Removing User in IPA UserGroup
self._remove_user_in_IPA_usergroup(member_username, member_group)
with pytest.raises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.value.message
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
def test_usergroup_sync_with_refresh(self):
"""Verify the refresh functionality in Ldap Auth Source
:id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930
:expectedresults: external user-group sync works as expected as on-demand
sync based on refresh works
:CaseImportance: Medium
"""
self._clean_up_previous_ldap()
ldap_ipa_user_name = self.ldap_ipa_user_name
ipa_group_base_dn = self.ipa_group_base_dn.replace(
'foobargroup', 'foreman_group')
member_username = '******'
member_group = 'foreman_group'
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source_name = gen_string('alpha')
auth_source = make_ldap_auth_source({
'name':
auth_source_name,
'onthefly-register':
'true',
'usergroup-sync':
'false',
'host':
self.ldap_ipa_hostname,
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ldap_ipa_user_name,
'account-password':
self.ldap_ipa_user_passwd,
'base-dn':
self.ipa_base_dn,
'groups-base':
ipa_group_base_dn,
})
auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})
# Adding User in IPA UserGroup
self._add_user_in_IPA_usergroup(member_username, member_group)
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
auth_source['server']['id'],
'user-group-id':
user_group['id'],
'name':
member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
assert ext_user_group['auth-source'] == auth_source['server']['name']
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
result = Auth.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).status()
assert LOGEDIN_MSG.format(member_username) in result[0]['message']
with self.assertRaises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.exception.message
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
list = Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert len(list) > 1
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 1
assert user_group['users'][0] == member_username
# Removing User in IPA UserGroup
self._remove_user_in_IPA_usergroup(member_username, member_group)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
with self.assertRaises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.exception.message
