def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data, ldap_tear_down):
"""Verify the usergroup-sync functionality in AD Auth Source
:id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2
:customerscenario: true
:CaseImportance: Medium
:bz: 1901392
:parametrized: yes
:expectedresults: external user-group sync works as expected automatically
based on user-sync
"""
ad_data = ad_data()
group_base_dn = ','.join(ad_data['group_base_dn'].split(',')[1:])
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source = make_ldap_auth_source(
{
'name': gen_string('alpha'),
'onthefly-register': 'true',
'host': ad_data['ldap_hostname'],
'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
'attr-login': LDAP_ATTR['login_ad'],
'attr-firstname': LDAP_ATTR['firstname'],
'attr-lastname': LDAP_ATTR['surname'],
'attr-mail': LDAP_ATTR['mail'],
'account': ad_data['ldap_user_name'],
'account-password': ad_data['ldap_user_passwd'],
'base-dn': ad_data['base_dn'],
'groups-base': group_base_dn,
}
)
# assert auth_source['account']['groups-base'] == group_base_dn
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
make_usergroup_external(
{
'auth-source-id': auth_source['server']['id'],
'user-group-id': user_group['id'],
'name': member_group,
}
)
UserGroup.add_role({'id': user_group['id'], 'role-id': viewer_role['id']})
user_group = UserGroup.info({'id': user_group['id']})
result = Auth.with_user(
username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
).status()
assert LOGEDIN_MSG.format(ad_data['ldap_user_name']) in result[0]['message']
UserGroupExternal.refresh({'user-group-id': user_group['id'], 'name': member_group})
user_group = UserGroup.info({'id': user_group['id']})
list = Role.with_user(
username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
).list()
assert len(list) > 1
def test_positive_automate_bz1426957(ldap_auth_source, function_user_group):
"""Verify role is properly reflected on AD user.
:id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc
:expectedresults: Roles from usergroup is applied on AD user successfully.
:CaseLevel: Integration
:BZ: 1426957, 1667704
"""
ext_user_group = make_usergroup_external({
'auth-source-id':
ldap_auth_source['id'],
'user-group-id':
function_user_group['id'],
'name':
'foobargroup',
})
assert ext_user_group['auth-source'] == ldap_auth_source['ldap_hostname']
role = make_role()
UserGroup.add_role({
'id': function_user_group['id'],
'role-id': role['id']
})
Task.with_user(username=ldap_auth_source['user_name'],
password=ldap_auth_source['user_password']).list()
UserGroupExternal.refresh({
'user-group-id': function_user_group['id'],
'name': 'foobargroup'
})
assert role['name'] in User.info({'login': ldap_auth_source['user_name']
})['user-groups']
User.delete({'login': ldap_auth_source['user_name']})
def test_positive_automate_bz1426957(self):
"""Verify role is properly reflected on AD user.
:id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc
:expectedresults: Roles from usergroup is applied on AD user successfully.
:CaseLevel: Integration
:BZ: 1426957, 1667704
"""
ext_user_group = make_usergroup_external(
{
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup',
}
)
self.assertEqual(ext_user_group['auth-source'], self.auth['server']['name'])
role = make_role()
UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']})
with self.assertNotRaises(CLIReturnCodeError):
Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list()
UserGroupExternal.refresh(
{'user-group-id': self.user_group['id'], 'name': 'foobargroup'}
)
self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1], role['name'])
User.delete({'login': self.ldap_user_name})
def test_positive_refresh_external_usergroup(self):
"""Refresh external user group with AD LDAP
:id: 1a3eb8ae-addb-406b-ac84-d8cec77c60a9
:expectedresults: User group is refreshed successfully.
:CaseLevel: Integration
"""
ext_user_group = make_usergroup_external({
'auth-source-id':
self.auth['server']['id'],
'user-group-id':
self.user_group['id'],
'name':
'foobargroup'
})
self.assertEqual(ext_user_group['auth-source'],
self.auth['server']['name'])
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
def test_positive_automate_bz1426957(self):
"""Verify role is properly reflected on AD user.
:id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc
:expectedresults: Roles from usergroup is applied on AD user successfully.
:CaseLevel: Integration
:BZ: 1426957
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
role = make_role()
UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']})
with self.assertNotRaises(CLIReturnCodeError):
Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list()
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1],
role['name'])
User.delete({'login': self.ldap_user_name})
def test_positive_create_and_refresh_external_usergroup_with_local_user(
self):
"""Create and Refresh external user group with FreeIPA LDAP. Verify Local user
association from user-group with external group with FreeIPA LDAP
:id: bd6152e3-51ac-4e84-b084-8bab1c4eb583
:expectedresults: User group is created successfully and assigned to correct auth
source. User group is refreshed successfully. Local user is associated from
user group with external group.
:CaseLevel: Integration
:BZ: 1412209
"""
ext_user_group = make_usergroup_external({
'auth-source-id':
self.auth['server']['id'],
'user-group-id':
self.user_group['id'],
'name':
'foobargroup',
})
self.assertEqual(ext_user_group['auth-source'],
self.auth['server']['name'])
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
user = make_user()
UserGroup.add_user({
'user': user['login'],
'id': self.user_group['id']
})
self.assertEqual(
User.info({'login': user['login']})['user-groups'][0]['usergroup'],
self.user_group['name'],
)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
print(User.info({'login': user['login']}))
self.assertEqual(
User.info({'login': user['login']})['user-groups'][0]['usergroup'],
self.user_group['name'],
)
def test_positive_create_and_refresh_external_usergroup_with_local_user(
self):
"""Create and refresh external user group with AD LDAP. Verify Local user
association from user-group with external group with AD LDAP
:id: 7431979c-aea8-4984-bb7d-185f5b7c3109
:expectedresults: User group is created and refreshed successfully.
Local user is associated from user-group with external group.
:CaseLevel: Integration
:BZ: 1412209
"""
ext_user_group = make_usergroup_external({
'auth-source-id':
self.auth['server']['id'],
'user-group-id':
self.user_group['id'],
'name':
'foobargroup',
})
self.assertEqual(ext_user_group['auth-source'],
self.auth['server']['name'])
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
user = make_user()
UserGroup.add_user({
'user': user['login'],
'id': self.user_group['id']
})
self.assertEqual(
User.info({'login': user['login']})['user-groups'][0]['usergroup'],
self.user_group['name'],
)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
User.info({'login': user['login']})['user-groups'][0]['usergroup'],
self.user_group['name'],
)
def test_positive_create(self):
"""Create external user group using FreeIPA LDAP
:id: cc14b7a2-2fb5-4063-b76a-14d204e54d76
:expectedresults: User group is created successfully and assigned to
correct auth source
:CaseLevel: Integration
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
def test_positive_create(self):
"""Create external user group using LDAP
:id: 812c701a-27c5-4c4e-a4f7-04bf7d887a7c
:expectedresults: User group is created successfully and assigned to
correct auth source
:CaseLevel: Integration
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
def test_positive_local_user_with_external_usergroup(self):
"""Verify Local user association from user-group with external group with AD LDAP
:id: 7431979c-aea8-4984-bb7d-185f5b7c3109
:expectedresults: Local user is associated from user-group with external group.
:CaseLevel: Integration
:BZ: 1412209
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
user = make_user()
UserGroup.add_user({
'user': user['login'],
'id': self.user_group['id']
})
print(User.info({'login': user['login']}))
self.assertEqual(
User.info({'login': user['login']})['user-groups'][0]['usergroup'],
self.user_group['name']
)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
print(User.info({'login': user['login']}))
self.assertEqual(
User.info({'login': user['login']})['user-groups'][0]['usergroup'],
self.user_group['name']
)
def test_positive_refresh_external_usergroup(self):
"""Refresh external user group with FreeIPA LDAP
:id: c63e86ea-bbed-4fae-b4c7-8c1f47969240
:expectedresults: User group is refreshed successfully.
:CaseLevel: Integration
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
def test_positive_refresh_external_usergroup(self):
"""Refresh external user group with AD LDAP
:id: 1a3eb8ae-addb-406b-ac84-d8cec77c60a9
:expectedresults: User group is refreshed successfully.
:CaseLevel: Integration
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
def test_usergroup_with_usergroup_sync(self, ipa_data):
"""Verify the usergroup-sync functionality in Ldap Auth Source
:id: 2b63e886-2c53-11ea-9da5-db3ae0527554
:expectedresults: external user-group sync works as expected automatically
based on user-sync
:CaseImportance: Medium
"""
self._clean_up_previous_ldap()
self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
'foobargroup', 'foreman_group')
member_username = '******'
member_group = 'foreman_group'
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source_name = gen_string('alpha')
auth_source = make_ldap_auth_source({
'name':
auth_source_name,
'onthefly-register':
'true',
'usergroup-sync':
'true',
'host':
ipa_data['ldap_ipa_hostname'],
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ldap_ipa_user_name,
'account-password':
ipa_data['ldap_ipa_user_passwd'],
'base-dn':
ipa_data['ipa_base_dn'],
'groups-base':
ipa_group_base_dn,
})
auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})
# Adding User in IPA UserGroup
self._add_user_in_IPA_usergroup(member_username, member_group)
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
auth_source['server']['id'],
'user-group-id':
user_group['id'],
'name':
member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
assert ext_user_group['auth-source'] == auth_source['server']['name']
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
result = Auth.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).status()
assert LOGEDIN_MSG.format(member_username) in result[0]['message']
list = Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert len(list) > 1
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 1
assert user_group['users'][0] == member_username
# Removing User in IPA UserGroup
self._remove_user_in_IPA_usergroup(member_username, member_group)
with pytest.raises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.value.message
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
def test_usergroup_sync_with_refresh(self):
"""Verify the refresh functionality in Ldap Auth Source
:id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930
:expectedresults: external user-group sync works as expected as on-demand
sync based on refresh works
:CaseImportance: Medium
"""
self._clean_up_previous_ldap()
ldap_ipa_user_name = self.ldap_ipa_user_name
ipa_group_base_dn = self.ipa_group_base_dn.replace(
'foobargroup', 'foreman_group')
member_username = '******'
member_group = 'foreman_group'
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source_name = gen_string('alpha')
auth_source = make_ldap_auth_source({
'name':
auth_source_name,
'onthefly-register':
'true',
'usergroup-sync':
'false',
'host':
self.ldap_ipa_hostname,
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ldap_ipa_user_name,
'account-password':
self.ldap_ipa_user_passwd,
'base-dn':
self.ipa_base_dn,
'groups-base':
ipa_group_base_dn,
})
auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})
# Adding User in IPA UserGroup
self._add_user_in_IPA_usergroup(member_username, member_group)
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
auth_source['server']['id'],
'user-group-id':
user_group['id'],
'name':
member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
assert ext_user_group['auth-source'] == auth_source['server']['name']
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
result = Auth.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).status()
assert LOGEDIN_MSG.format(member_username) in result[0]['message']
with self.assertRaises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.exception.message
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
list = Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert len(list) > 1
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 1
assert user_group['users'][0] == member_username
# Removing User in IPA UserGroup
self._remove_user_in_IPA_usergroup(member_username, member_group)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
with self.assertRaises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.exception.message
