Exemplo n.º 1
0
    def test_positive_end_to_end_with_ipa(self, ipa_data, server_name):
        """CRUD LDAP authentication with FreeIPA

        :id: 6cb54405-b579-4020-bf99-cb811a6aa28b

        :expectedresults: Whether creating/updating/deleting LDAP Auth with FreeIPA is successful.

        :CaseImportance: High
        """
        auth = make_ldap_auth_source(
            {
                'name': server_name,
                'onthefly-register': 'true',
                'host': ipa_data['ldap_ipa_hostname'],
                'server-type': LDAP_SERVER_TYPE['CLI']['ipa'],
                'attr-login': LDAP_ATTR['login'],
                'attr-firstname': LDAP_ATTR['firstname'],
                'attr-lastname': LDAP_ATTR['surname'],
                'attr-mail': LDAP_ATTR['mail'],
                'account': ipa_data['ldap_ipa_user_name'],
                'account-password': ipa_data['ldap_ipa_user_passwd'],
                'base-dn': ipa_data['ipa_base_dn'],
                'groups-base': ipa_data['ipa_group_base_dn'],
            }
        )
        assert auth['server']['name'] == server_name
        assert auth['server']['server'] == ipa_data['ldap_ipa_hostname']
        assert auth['server']['server-type'] == LDAP_SERVER_TYPE['CLI']['ipa']
        new_name = gen_string('alpha')
        LDAPAuthSource.update({'name': server_name, 'new-name': new_name})
        updated_auth = LDAPAuthSource.info({'id': auth['server']['id']})
        assert updated_auth['server']['name'] == new_name
        LDAPAuthSource.delete({'name': new_name})
        with pytest.raises(CLIReturnCodeError):
            LDAPAuthSource.info({'name': new_name})
Exemplo n.º 2
0
    def test_positive_create_with_ad(self, ldap_data, server_name):
        """Create/update/delete LDAP authentication with AD using names of different types

        :id: 093f6abc-91e7-4449-b484-71e4a14ac808

        :expectedresults: Whether creating/upating/deleting LDAP Auth with AD is successful.

        :CaseImportance: Critical
        """
        auth = make_ldap_auth_source(
            {
                'name': server_name,
                'onthefly-register': 'true',
                'host': ldap_data['ldap_hostname'],
                'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
                'attr-login': LDAP_ATTR['login_ad'],
                'attr-firstname': LDAP_ATTR['firstname'],
                'attr-lastname': LDAP_ATTR['surname'],
                'attr-mail': LDAP_ATTR['mail'],
                'account': ldap_data['ldap_user_name'],
                'account-password': ldap_data['ldap_user_passwd'],
                'base-dn': ldap_data['base_dn'],
                'groups-base': ldap_data['group_base_dn'],
            }
        )
        assert auth['server']['name'] == server_name
        assert auth['server']['server'] == ldap_data['ldap_hostname']
        assert auth['server']['server-type'] == LDAP_SERVER_TYPE['CLI']['ad']
        new_name = gen_string('alpha')
        LDAPAuthSource.update({'name': server_name, 'new-name': new_name})
        updated_auth = LDAPAuthSource.info({'id': auth['server']['id']})
        assert updated_auth['server']['name'] == new_name
        LDAPAuthSource.delete({'name': new_name})
        with pytest.raises(CLIReturnCodeError):
            LDAPAuthSource.info({'name': new_name})
Exemplo n.º 3
0
def test_positive_automate_bz1426957(ldap_auth_source, function_user_group):
    """Verify role is properly reflected on AD user.

    :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc

    :parametrized: yes

    :expectedresults: Roles from usergroup is applied on AD user successfully.

    :customerscenario: true

    :CaseLevel: Integration

    :BZ: 1426957, 1667704
    """
    ext_user_group = make_usergroup_external({
        'auth-source-id':
        ldap_auth_source[1].id,
        'user-group-id':
        function_user_group['id'],
        'name':
        'foobargroup',
    })
    assert ext_user_group['auth-source'] == ldap_auth_source[1].name
    role = make_role()
    UserGroup.add_role({
        'id': function_user_group['id'],
        'role-id': role['id']
    })
    Task.with_user(
        username=ldap_auth_source[0]['ldap_user_name'],
        password=ldap_auth_source[0]['ldap_user_passwd'],
    ).list()
    UserGroupExternal.refresh({
        'user-group-id': function_user_group['id'],
        'name': 'foobargroup'
    })
    assert (role['name']
            in User.info({'login': ldap_auth_source[0]['ldap_user_name']
                          })['user-groups'])
    User.delete({'login': ldap_auth_source[0]['ldap_user_name']})
    LDAPAuthSource.delete({'id': ldap_auth_source[1].id})
Exemplo n.º 4
0
    def test_positive_end_to_end_withipa(self):
        """CRUD LDAP authentication with FreeIPA

        :id: 6cb54405-b579-4020-bf99-cb811a6aa28b

        :expectedresults: Whether creating/updating/deleting LDAP Auth with FreeIPA is successful.

        :CaseImportance: High
        """
        for server_name in generate_strings_list():
            with self.subTest(server_name):
                auth = make_ldap_auth_source({
                    'name':
                    server_name,
                    'onthefly-register':
                    'true',
                    'host':
                    self.ldap_ipa_hostname,
                    'server-type':
                    LDAP_SERVER_TYPE['CLI']['ipa'],
                    'attr-login':
                    LDAP_ATTR['login'],
                    'attr-firstname':
                    LDAP_ATTR['firstname'],
                    'attr-lastname':
                    LDAP_ATTR['surname'],
                    'attr-mail':
                    LDAP_ATTR['mail'],
                    'account':
                    self.ldap_ipa_user_name,
                    'account-password':
                    self.ldap_ipa_user_passwd,
                    'base-dn':
                    self.ipa_base_dn,
                    'groups-base':
                    self.ipa_base_dn,
                })
                self.assertEqual(auth['server']['name'], server_name)
                self.assertEqual(auth['server']['server'],
                                 self.ldap_ipa_hostname)
                self.assertEqual(auth['server']['server-type'],
                                 LDAP_SERVER_TYPE['CLI']['ipa'])
                new_name = gen_string('alpha')
                LDAPAuthSource.update({
                    'name': server_name,
                    'new-name': new_name
                })
                updated_auth = LDAPAuthSource.info(
                    {'id': auth['server']['id']})
                self.assertEqual(updated_auth['server']['name'], new_name)
                LDAPAuthSource.delete({'name': new_name})
                with self.assertRaises(CLIReturnCodeError):
                    LDAPAuthSource.info({'name': new_name})
Exemplo n.º 5
0
    def test_positive_create_withad(self):
        """Create/update/delete LDAP authentication with AD using names of different types

        :id: 093f6abc-91e7-4449-b484-71e4a14ac808

        :expectedresults: Whether creating/upating/deleting LDAP Auth with AD is successful.

        :CaseImportance: Critical
        """
        for server_name in generate_strings_list():
            with self.subTest(server_name):
                auth = make_ldap_auth_source({
                    u'name':
                    server_name,
                    u'onthefly-register':
                    'true',
                    u'host':
                    self.ldap_hostname,
                    u'server-type':
                    LDAP_SERVER_TYPE['CLI']['ad'],
                    u'attr-login':
                    LDAP_ATTR['login_ad'],
                    u'attr-firstname':
                    LDAP_ATTR['firstname'],
                    u'attr-lastname':
                    LDAP_ATTR['surname'],
                    u'attr-mail':
                    LDAP_ATTR['mail'],
                    u'account':
                    self.ldap_user_name,
                    u'account-password':
                    self.ldap_user_passwd,
                    u'base-dn':
                    self.base_dn,
                    u'groups-base':
                    self.group_base_dn,
                })
                self.assertEqual(auth['server']['name'], server_name)
                self.assertEqual(auth['server']['server'], self.ldap_hostname)
                self.assertEqual(auth['server']['server-type'],
                                 LDAP_SERVER_TYPE['CLI']['ad'])
                new_name = gen_string('alpha')
                LDAPAuthSource.update({
                    u'name': server_name,
                    u'new-name': new_name
                })
                updated_auth = LDAPAuthSource.info(
                    {u'id': auth['server']['id']})
                self.assertEqual(updated_auth['server']['name'], new_name)
                LDAPAuthSource.delete({u'name': new_name})
                with self.assertRaises(CLIReturnCodeError):
                    LDAPAuthSource.info({'name': new_name})
Exemplo n.º 6
0
    def test_positive_end_to_end_with_open_ldap(self, open_ldap_data,
                                                server_name):
        """CRUD LDAP Operations with OpenLDAP

        :id: f84db334-0189-11eb-846c-d46d6dd3b5b2

        :parametrized: yes

        :expectedresults: Whether creating/updating/deleting LDAP Auth with OpenLDAP is successful.

        :CaseImportance: High
        """
        auth = make_ldap_auth_source({
            'name':
            server_name,
            'onthefly-register':
            'true',
            'host':
            open_ldap_data.hostname,
            'server-type':
            LDAP_SERVER_TYPE['CLI']['posix'],
            'attr-login':
            LDAP_ATTR['login_ad'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            open_ldap_data.username,
            'account-password':
            open_ldap_data.password,
            'base-dn':
            open_ldap_data.base_dn,
        })
        assert auth['server']['name'] == server_name
        assert auth['server']['server'] == open_ldap_data.hostname
        assert auth['server']['server-type'] == LDAP_SERVER_TYPE['CLI'][
            'posix']
        new_name = gen_string('alpha')
        LDAPAuthSource.update({'name': server_name, 'new-name': new_name})
        updated_auth = LDAPAuthSource.info({'id': auth['server']['id']})
        assert updated_auth['server']['name'] == new_name
        LDAPAuthSource.delete({'name': new_name})
        with pytest.raises(CLIReturnCodeError):
            LDAPAuthSource.info({'name': new_name})
Exemplo n.º 7
0
    def test_positive_create_withad(self):
        """Create/update/delete LDAP authentication with AD using names of different types

        :id: 093f6abc-91e7-4449-b484-71e4a14ac808

        :expectedresults: Whether creating/upating/deleting LDAP Auth with AD is successful.

        :CaseImportance: Critical
        """
        for server_name in generate_strings_list():
            with self.subTest(server_name):
                auth = make_ldap_auth_source({
                    u'name': server_name,
                    u'onthefly-register': 'true',
                    u'host': self.ldap_hostname,
                    u'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
                    u'attr-login': LDAP_ATTR['login_ad'],
                    u'attr-firstname': LDAP_ATTR['firstname'],
                    u'attr-lastname': LDAP_ATTR['surname'],
                    u'attr-mail': LDAP_ATTR['mail'],
                    u'account': self.ldap_user_name,
                    u'account-password': self.ldap_user_passwd,
                    u'base-dn': self.base_dn,
                    u'groups-base': self.group_base_dn,
                })
                self.assertEqual(auth['server']['name'], server_name)
                self.assertEqual(auth['server']['server'], self.ldap_hostname)
                self.assertEqual(auth['server']['server-type'], LDAP_SERVER_TYPE['CLI']['ad'])
                new_name = gen_string('alpha')
                LDAPAuthSource.update({
                    u'name': server_name,
                    u'new-name': new_name
                })
                updated_auth = LDAPAuthSource.info({u'id': auth['server']['id']})
                self.assertEqual(updated_auth['server']['name'], new_name)
                LDAPAuthSource.delete({
                    u'name': new_name
                })
                with self.assertRaises(CLIReturnCodeError):
                    LDAPAuthSource.info({'name': new_name})
Exemplo n.º 8
0
    def test_positive_end_to_end_withipa(self):
        """CRUD LDAP authentication with FreeIPA

        :id: 6cb54405-b579-4020-bf99-cb811a6aa28b

        :expectedresults: Whether creating/updating/deleting LDAP Auth with FreeIPA is successful.

        :CaseImportance: Critical
        """
        for server_name in generate_strings_list():
            with self.subTest(server_name):
                auth = make_ldap_auth_source({
                    u'name': server_name,
                    u'onthefly-register': 'true',
                    u'host': self.ldap_ipa_hostname,
                    u'server-type': LDAP_SERVER_TYPE['CLI']['ipa'],
                    u'attr-login': LDAP_ATTR['login'],
                    u'attr-firstname': LDAP_ATTR['firstname'],
                    u'attr-lastname': LDAP_ATTR['surname'],
                    u'attr-mail': LDAP_ATTR['mail'],
                    u'account': self.ldap_ipa_user_name,
                    u'account-password': self.ldap_ipa_user_passwd,
                    u'base-dn': self.ipa_base_dn,
                    u'groups-base': self.ipa_base_dn,
                })
                self.assertEqual(auth['server']['name'], server_name)
                self.assertEqual(auth['server']['server'], self.ldap_ipa_hostname)
                self.assertEqual(auth['server']['server-type'], LDAP_SERVER_TYPE['CLI']['ipa'])
                new_name = gen_string('alpha')
                LDAPAuthSource.update({
                    u'name': server_name,
                    u'new-name': new_name
                })
                updated_auth = LDAPAuthSource.info({u'id': auth['server']['id']})
                self.assertEqual(updated_auth['server']['name'], new_name)
                LDAPAuthSource.delete({
                    u'name': new_name
                })
                with self.assertRaises(CLIReturnCodeError):
                    LDAPAuthSource.info({'name': new_name})
Exemplo n.º 9
0
 def tearDownClass(cls):
     """Delete the IPA auth-source afterwards"""
     LDAPAuthSource.delete({'id': cls.auth['server']['id']})
     super(FreeIPAUserGroupTestCase, cls).tearDownClass()
Exemplo n.º 10
0
 def tearDownClass(cls):
     """Delete the AD auth-source afterwards"""
     LDAPAuthSource.delete({'id': cls.auth['server']['id']})
     super(ActiveDirectoryUserGroupTestCase, cls).tearDownClass()
Exemplo n.º 11
0
    def test_usergroup_with_usergroup_sync(self, ipa_data):
        """Verify the usergroup-sync functionality in Ldap Auth Source

        :id: 2b63e886-2c53-11ea-9da5-db3ae0527554

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
        self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
        ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
        ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'true',
            'host':
            ipa_data['ldap_ipa_hostname'],
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            ipa_data['ldap_ipa_user_passwd'],
            'base-dn':
            ipa_data['ipa_base_dn'],
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with pytest.raises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.value.message
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
Exemplo n.º 12
0
    def test_usergroup_sync_with_refresh(self):
        """Verify the refresh functionality in Ldap Auth Source

        :id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930

        :expectedresults: external user-group sync works as expected as on-demand
            sync based on refresh works

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        ldap_ipa_user_name = self.ldap_ipa_user_name
        ipa_group_base_dn = self.ipa_group_base_dn.replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'false',
            'host':
            self.ldap_ipa_hostname,
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            self.ldap_ipa_user_passwd,
            'base-dn':
            self.ipa_base_dn,
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message
Exemplo n.º 13
0
 def tearDownClass(cls):
     """Delete the AD auth-source afterwards"""
     LDAPAuthSource.delete({'id': cls.auth['server']['id']})
     super().tearDownClass()