def test_non_admin_user_creation():
"""Test user creation by a non-admin user"""
with requests.Session() as session:
create_next_admin(session)
user = {
"name": "new user",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
create_test_user(session, user)
with requests.session() as session2:
user_login(session2, "new_user", "123456")
user = {
"name": "next user",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
response = create_test_user(session2, user)
assert response.json() == {
"code": 401,
"message": "Unauthorized: No authentication token provided",
}
def test_add_role_owner():
"""Test adding an owner to a role.
Creates two test users and a role with user1 as owner/admin,
then adds the second user as role owner."""
user1_payload = {
"name": "Test User 3",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test User 4",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "TestRole0501201902",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 2",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding role owner.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/owners".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user1_id
# Logging in as role owner
user_login(session, user1_payload["username"], user1_payload["password"])
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["status"] == "CONFIRMED"
delete_role_by_name("TestRole0501201902")
delete_user_by_username("testuser3")
delete_user_by_username("testuser4")
def test_add_role_task():
"""Test adding a new task to a role.
Creates a test user and a role, then creates
a task, to add to the role."""
user1_payload = {
"name": "Test Owner 2",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
with requests.Session() as session:
user_login(session, "testowner2", "123456")
task1_payload = {
"name": "TestTask1",
"administrators": user1_id,
"owners": user1_id,
"metadata": "",
}
task_response = create_test_task(session, task1_payload)
task_result = assert_api_success(task_response)
task_id = task_result["data"]["id"]
role_payload = {
"name": "TestRole0501201904",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 4",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": task_id,
"reason": "Integration test of adding a task.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/tasks".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user1_id
delete_role_by_name("TestRole0501201904")
delete_user_by_username("testowner2")
delete_task_by_name("TestTask1")
def test_role_owner_and_mem():
"""Create a new fake role and try to add yourself to role you created"""
with requests.Session() as session:
# create test user
user_payload = {
"name": "Susan S",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
create_next_admin(session)
user_response = create_test_user(session, user_payload)
assert user_response.status_code == 200, (
"Error creating user: %s" % user_response.json()
)
with requests.Session() as session:
user_login(session, "susans2224", "12345678")
# create test role
user_id = user_response.json()["data"]["user"]["id"]
role_resource = {
"name": "Office_Assistant",
"owners": user_id,
"administrators": user_id,
}
role_response = session.post(
"http://rbac-server:8000/api/roles", json=role_resource
)
assert role_response.status_code == 200, (
"Error creating role: %s" % role_response.json()
)
# Wait for role in rethinkdb
role_id = role_response.json()["data"]["id"]
is_role_in_db = wait_for_role_in_db(role_id)
assert (
is_role_in_db is True
), "Couldn't find role in rethinkdb, maximum attempts exceeded."
# create a membership proposal to test autoapproval
response = add_role_member(session, role_id, {"id": user_id})
assert (
response.json()["message"]
== "Owner is the requester. Proposal is autoapproved."
)
# clean up
delete_user_by_username("susans2224")
delete_role_by_name("Office_Assistant")
def test_approve_update_manager(user, approver, expected_status_code):
""" Tests four UpdateUserManager proposal approval scenarios:
1. NextAdmin approves the proposal
2. A random user tries to approve the proposal
3. New manager (related_id of proposal) tries to approve the proposal
4. Manager of NextAdmin tries to approve the proposal
Args:
user: (dict) User object that will be added to the role. Dict should
contain the following field:
{
next_id: str
}
approver: (dict) User object of the approver. Dict should contain the
following fields:
{
username: str
password: str
}
expected_status_code: (int) Expected HTTP response code (either 200 or 401)
"""
user_id = user["next_id"]
update_user_payload = {"id": TEST_USERS[2]["next_id"]}
with requests.Session() as session:
# Create UpdateUserManager proposal
create_next_admin(session)
response = update_manager(session, user_id, update_user_payload)
LOGGER.info(response)
proposal_id = response.json()["proposal_id"]
proposal_exists = wait_for_resource_in_db(
"proposals", "proposal_id", proposal_id
)
if proposal_exists:
# Attempt to approve the UpdateUserManager proposal
if approver != "next_admin":
log_in_payload = {
"id": approver["username"],
"password": approver["password"],
}
user_login(session, log_in_payload["id"], log_in_payload["password"])
approval_response = approve_proposal(session, proposal_id)
assert (
approval_response.status_code == expected_status_code
), "An error occurred while approving UpdateUserManager proposal: {}".format(
approval_response.json()
)
async def test_proposal_approvers_list(test_role_owner, test_requestor, test_role):
"""Test the additions of a role owner's managers to the proposal approvers
list through the proposal API.
Args:
role_owner:
str: The next_id of the user that owns the role.
requestor:
str: the next_id of the user requesting membership in the role.
role:
str: the role_id of the role that a user is requesting to join.
"""
with requests.Session() as session:
# make sure the role is in rethink
role_status = is_role_ready(test_role["name"])
# authenticate
assert role_status is True, "Test resources were not put in rethinkDB."
response = user_login(
session, test_role_owner["username"], test_role_owner["password"]
)
assert (
response.status_code == 200
), "Failed to authenticate as role owner. {}".format(response.json())
# create proposal to add Sixth User to the test_role as a role member`
user_id = test_requestor["next_id"]
role_id = test_role["role_id"]
payload = {"id": user_id}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id), json=payload
)
assert (
response.status_code == 200
), "An error occured while creating a role member proposal. {}".format(
response.json()
)
proposal_id = response.json()["proposal_id"]
# call fetch_managers on the role owner
manager_chain = fetch_manager_chain(test_role_owner["next_id"])
# get approvers list for the add member proposal
response = session.get(
"http://rbac-server:8000/api/proposals/{}".format(proposal_id)
)
assert (
response.status_code == 200
), "An error occured while getting the proposal approvers list. {}".format(
response.json()
)
approver_list = response.json()["data"]["approvers"]
# assert that the role owner and all returned managers are in the
# proposal approver list
are_managers_approvers = set(manager_chain).issubset(set(approver_list))
assert (
are_managers_approvers is True
), "Missing role_owner's managers in proposal approvers list:\n{}\n{}".format(
manager_chain, approver_list
)
def test_add_role_owner(user, approver, expected_status_code):
""" Tests three AddRoleOwner proposal approval scenarios:
1. Role owner approves the proposal
2. A random user tries to approve the proposal
3. Role owner's manager approves the proposal
Args:
user: (dict) User object that will be added to the role. Dict should
contain the following field:
{
next_id: str
}
approver: (dict) User object of the approver. Dict should contain the
following fields:
{
username: str
password: str
}
expected_status_code: (int) Expected HTTP response code (either 200 or 401)
"""
log_in_payload = {"id": approver["username"], "password": approver["password"]}
add_role_member_payload = {"id": user["next_id"]}
role_id = TEST_ROLES[0]["role_id"]
with requests.Session() as session:
# Create AddRoleOwner proposal
user_login(session, log_in_payload["id"], log_in_payload["password"])
response = add_role_owner(session, role_id, add_role_member_payload)
proposal_id = response.json()["proposal_id"]
proposal_exists = wait_for_resource_in_db(
"proposals", "proposal_id", proposal_id
)
if proposal_exists:
# Attempt to approve the AddRoleOwner proposal
approval_response = approve_proposal(session, proposal_id)
assert (
approval_response.status_code == expected_status_code
), "An error occurred while approving AddRoleOwner proposal: {}".format(
approval_response.json()
)
def test_update_user():
"""Test that an admin user can update an existing user's information"""
user = {
"name": "nadia six",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
env = Env()
with requests.session() as session:
user_login(session, env("NEXT_ADMIN_USER"), env("NEXT_ADMIN_PASS"))
created_user = create_test_user(session, user)
update_payload = {
"next_id": created_user.json()["data"]["user"]["id"],
"name": "nadia changed",
"username": "******",
"email": "*****@*****.**",
}
update_response = session.put(
"http://*****:*****@test.com",
}
password_response = session2.put(
"http://rbac-server:8000/api/users/update", json=update_payload)
assert password_response.status_code == 403
assert (password_response.json()["message"] ==
"You are not a NEXT Administrator.")
def test_update_manager():
""" Creates a user and then updates their manager as nextAdmin"""
user1_payload = {
"name": "Test User 9",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
next_admin = create_next_admin(session)
admin_id = next_admin.json()["data"]["next_id"]
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
with requests.Session() as session:
user_login(session, "testuser9", "123456")
manager_payload = {
"id": user1_id,
"reason": "Integration test of updating manager.",
"metadata": "",
}
next_admin_role = get_role_by_name("NextAdmins")
failed_response = update_manager(session, admin_id, manager_payload)
assert failed_response.json() == {
"code": 400,
"message": "Proposal opener is not a Next Admin.",
}
add_role_member(session, next_admin_role[0]["role_id"],
{"id": user1_id})
with requests.session() as session:
create_next_admin(session)
response = update_manager(session, admin_id, manager_payload)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
assert_api_success(proposal_response)
delete_user_by_username("testuser6")
delete_user_by_username("testuser7")
def test_add_role_member_outqueue():
""" Test adding a new member to a role in NEXT-only mode.
Creates two test users and a role using the first user,
then adds the second user as member to role. This test will
only run if ENABLE_NEXT_BASE_USE is set to 1.
"""
user1_payload = {
"name": "Test Owner 0521201905",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test Member 0521201906",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
start_depth = get_outbound_queue_depth()
create_next_admin(session)
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "TestRole0521201902",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 3",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
assert_api_success(proposal_response)
# Logging in as role owner
user_login(session, user1_payload["username"],
user1_payload["password"])
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
# NOTE: members field contains an empty string because in NEXT
# mode all user's remote_ids are set to an empty string
outbound_queue_data = {"members": [""], "remote_id": ""}
expected_payload = {
"data": outbound_queue_data,
"data_type": "group",
"provider_id": "NEXT-created",
"status": "UNCONFIRMED",
"action": "",
}
# Check outbound_queue entry is formatted correctly
outbound_entry = get_outbound_queue_entry(outbound_queue_data)
outbound_entry[0].pop("timestamp")
outbound_entry[0].pop("id")
assert outbound_entry[0] == expected_payload
delete_role_by_name("TestRole0521201902")
delete_user_by_username("test0521201905")
delete_user_by_username("test0521201906")
def test_add_role_member_ldap():
""" Test adding a new member to a role in LDAP-only mode.
Creates two test users and a role using the first user,
then adds the second user as member to role. This test will
only run if ENABLE_LDAP_SYNC is set to 1.
"""
user1_payload = {
"name": "Michael Scott",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Jim Halpert",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
start_depth = get_outbound_queue_depth()
create_next_admin(session)
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "Michael_Scott_Paper_Company",
"owners": user1_id,
"administrators": user1_id,
"description": "Infinite ideas await....",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
assert_api_success(proposal_response)
# Logging in as role owner
user_login(session, user1_payload["username"],
user1_payload["password"])
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
# NOTE: members field contains an empty string because in NEXT
# mode all user's remote_ids are set to an empty string
outbound_queue_data = {
"description": "Infinite ideas await....",
"name": "Michael_Scott_Paper_Company",
"group_types": -2147483646,
"members": [""],
"owners": "",
"remote_id":
"CN=Michael_Scott_Paper_Company," + ENV("GROUP_BASE_DN"),
}
expected_payload = {
"data": outbound_queue_data,
"data_type": "group",
"provider_id": ENV("LDAP_DC"),
"status": "UNCONFIRMED",
"action": "",
}
# Check outbound_queue entry is formatted correctly
outbound_entry = get_outbound_queue_entry(outbound_queue_data)
outbound_entry[0].pop("timestamp")
outbound_entry[0].pop("id")
assert outbound_entry[0] == expected_payload
delete_role_by_name("Michael_Scott_Paper_Company")
delete_user_by_username("jimh062619")
delete_user_by_username("michaels062619")
def test_reject_users_proposals():
"""Test that a user's proposals are rejected when they are deleted."""
user_to_delete = {
"name": "nadia two",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user = {
"name": "nadia three",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
response1 = create_test_user(session, user_to_delete)
response2 = create_test_user(session, user)
role_payload_1 = {
"name": "NadiaRole1",
"owners": response1.json()["data"]["user"]["id"],
"administrators": response1.json()["data"]["user"]["id"],
"description": "Nadia Role 1",
}
role_response1 = create_test_role(session, role_payload_1)
print(role_response1)
proposal_1 = add_role_member(
session,
role_response1.json()["data"]["id"],
{"id": response2.json()["data"]["user"]["id"]},
)
print(proposal_1)
next_id = response1.json()["data"]["user"]["id"]
conn = connect_to_db()
user_exists = (r.table("users").filter({
"next_id": next_id
}).coerce_to("array").run(conn))
assert user_exists
with requests.Session() as session:
user_login(session, "nadia3", "test11")
deletion = session.delete("http://rbac-server:8000/api/users/" +
next_id)
time.sleep(5)
assert deletion.json() == {
"message": "User {} successfully deleted".format(next_id),
"deleted": 1,
}
conn = connect_to_db()
user_exists = (r.table("users").filter({
"next_id": next_id
}).coerce_to("array").run(conn))
assert not user_exists
proposal_1_result = (r.db("rbac").table("proposals").filter({
"proposal_id":
proposal_1.json()["proposal_id"]
}).coerce_to("array").run(conn))
conn.close()
assert proposal_1_result[0]["status"] == "REJECTED"
def test_user_delete_api():
"""Test that user has been removed from database when users delete api is hit"""
user = {
"name": "nadia one",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
response = create_test_user(session, user)
next_id = response.json()["data"]["user"]["id"]
wait_for_resource_in_db("users", "next_id", next_id)
with requests.Session() as session:
user_login(session, "nadia1", "test11")
role_payload = {
"name": "test_role",
"owners": [next_id],
"administrators": [next_id],
"description": "This is a test Role",
}
role_resp = create_test_role(session, role_payload)
role_id = role_resp.json()["data"]["id"]
pack = {
"name": "michael pack one",
"owners": [next_id],
"roles": [],
"description": "Michael's test pack",
}
pack_response = create_test_pack(session, pack)
add_role_member_payload = {
"id": next_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
add_role_member(session, role_id, add_role_member_payload)
wait_for_resource_in_db("role_members", "role_id", role_id)
conn = connect_to_db()
user_exists = (r.table("users").filter({
"next_id": next_id
}).coerce_to("array").run(conn))
role_owner_exists = (r.table("role_owners").filter({
"identifiers": [next_id],
"role_id":
role_id
}).coerce_to("array").run(conn))
role_member_exists = (r.table("role_members").filter({
"identifiers": [next_id],
"role_id":
role_id
}).coerce_to("array").run(conn))
assert user_exists
assert role_owner_exists
assert role_member_exists
assert get_user_mapping_entry(next_id)
assert get_auth_entry(next_id)
assert get_user_metadata_entry(next_id)
assert check_user_is_pack_owner(
pack_id=pack_response.json()["data"]["pack_id"], next_id=next_id)
role_admin_is_user = (r.db("rbac").table("role_admins").filter({
"related_id":
next_id
}).coerce_to("array").run(conn))
role_admin = role_admin_is_user[0]["identifiers"][0]
assert role_admin == next_id
deletion = session.delete("http://rbac-server:8000/api/users/" +
next_id)
time.sleep(5)
assert deletion.json() == {
"message": "User {} successfully deleted".format(next_id),
"deleted": 1,
}
role_admin_user = (r.db("rbac").table("role_admins").filter({
"related_id":
next_id
}).coerce_to("array").run(conn))
role_owners = (
r.db("rbac").table("role_owners").filter(lambda doc: doc[
"identifiers"].contains(next_id)).coerce_to("array").run(conn))
role_members = (
r.db("rbac").table("role_members").filter(lambda doc: doc[
"identifiers"].contains(next_id)).coerce_to("array").run(conn))
delete_role_by_name("test_role")
conn.close()
assert role_admin_user == []
assert role_members == []
assert role_owners == []
assert get_deleted_user_entries(next_id) == []
assert get_pack_owners_by_user(next_id) == []
delete_pack_by_name("michael pack one")
def test_delete_role_with_proposals():
"""
Test the delete roll api
Create a test user for auth
Create a test user for role membership
Create a test role
Propose adding the second user as a member
Deletes the test role
Check that the membership proposal was autorejected
"""
with requests.Session() as session:
# Create test user
role_owner = {
"name": "Fin Pirate",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
create_next_admin(session)
user_response = create_test_user(session, role_owner)
assert user_response.status_code == 200, (
"Error creating user: %s" % user_response.json()
)
role_owner["next_id"] = user_response.json()["data"]["user"]["id"]
# Create test user
new_member = {
"name": "Frank Pirate",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user_response = create_test_user(session, new_member)
assert user_response.status_code == 200, (
"Error creating user: %s" % user_response.json()
)
new_member["next_id"] = user_response.json()["data"]["user"]["id"]
# Auth as role_owner
auth_response = user_login(
session, role_owner["username"], role_owner["password"]
)
assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % (
role_owner["username"],
auth_response.json(),
)
# Create test role
role_resource = {
"name": "Men of Low Moral Fiber",
"owners": role_owner["next_id"],
"administrators": role_owner["next_id"],
}
role_response = session.post(
"http://rbac-server:8000/api/roles", json=role_resource
)
assert role_response.status_code == 200, (
"Error creating role: %s" % role_response.json()
)
# Wait for role in db
role_id = role_response.json()["data"]["id"]
is_role_in_db = wait_for_role_in_db(role_id)
assert (
is_role_in_db is True
), "Couldn't find role in rethinkdb, maximum attempts exceeded."
# Auth as new_member
auth_response = user_login(
session, new_member["username"], new_member["password"]
)
assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % (
new_member["username"],
auth_response.json(),
)
# Add role member
role_update_payload = {
"id": new_member["next_id"],
"reason": "Integration test of membership proposal removal on role deletion.",
"metadata": "",
}
member_response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
assert member_response.status_code == 200, (
"Error adding role member: %s" % member_response.json()
)
# Auth as role_owner
auth_response = user_login(
session, role_owner["username"], role_owner["password"]
)
assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % (
role_owner["username"],
auth_response.json(),
)
# Delete test role
delete_role_response = session.delete(
"http://rbac-server:8000/api/roles/%s" % role_id
)
assert delete_role_response.status_code == 200, (
"Error deleting role: %s" % delete_role_response.json()
)
# Check for open role member proposals
are_proposals_rejected = wait_for_prpsl_rjctn_in_db(role_id)
assert are_proposals_rejected is True
# clean up
delete_user_by_username("fin1")
delete_user_by_username("frank1")
def test_delete_role_with_members():
"""
Test the delete roll api
Create a test user for auth
Create a test role
Add the first user as a member of the role
Deletes the test role
Check that the role member object was deleted
"""
with requests.Session() as session:
# Create test user
user_payload = {
"name": "Walt the Dog",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
create_next_admin(session)
user_response = create_test_user(session, user_payload)
assert user_response.status_code == 200, (
"Error creating user: %s" % user_response.json()
)
user_id = user_response.json()["data"]["user"]["id"]
with requests.Session() as session:
user_login(session, "walt1", "12345678")
# Create test role
role_resource = {
"name": "Phatt Island Jail",
"owners": user_id,
"administrators": user_id,
}
role_response = session.post(
"http://rbac-server:8000/api/roles", json=role_resource
)
assert role_response.status_code == 200, (
"Error creating role: %s" % role_response.json()
)
# Wait for role in db
role_id = role_response.json()["data"]["id"]
is_role_in_db = wait_for_role_in_db(role_id)
assert (
is_role_in_db is True
), "Couldn't find role in rethinkdb, maximum attempts exceeded."
# Add role member
role_update_payload = {
"id": user_id,
"reason": "Integration test of member removal on role deletion.",
"metadata": "",
}
member_response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
assert member_response.status_code == 200, (
"Error adding role member: %s" % member_response.json()
)
# Wait for member in rethinkdb
is_member_in_db = wait_for_resource_in_db("role_members", "related_id", user_id)
assert (
is_member_in_db is True,
), "Couldn't find member in rethinkdb, maximum attempts exceeded."
# Delete test role
delete_role_response = session.delete(
"http://rbac-server:8000/api/roles/%s" % role_id
)
assert delete_role_response.status_code == 200, (
"Error deleting role: %s" % delete_role_response.json()
)
# Check for role members
are_members_removed = wait_for_resource_removal_in_db(
"role_members", "role_id", role_id
)
assert are_members_removed is True
# clean up
delete_user_by_username("walt1")
