Exemplo n.º 1
0
    def test_positive_delete_role_1(self, data):
        """@Test: Delete roles after creating them

        @Feature: Roles

        @Assert: Assert deletion of roles

        """
        try:
            role = make_role({'name': data})
        except CLIFactoryError as err:
            self.fail(err)
        self.assertEqual(
            role['name'],
            data, "Input and output name should be consistent")

        # Delete it
        result = Role.delete({'id': role['id']})
        self.assertEqual(result.return_code, 0,
                         "Role was not deleted")
        self.assertEqual(
            len(result.stderr), 0, "No error was expected")

        # Fetch it
        result = Role.info({'id': role['id']})
        self.assertNotEqual(result.return_code, 0,
                            "Role should not be found")
        self.assertGreater(len(result.stderr), 0,
                           "Expected an error here")
Exemplo n.º 2
0
    def test_positive_delete_role_1(self, data):
        """@Test: Delete roles after creating them

        @Feature: Roles

        @Assert: Assert deletion of roles

        """
        try:
            role = make_role({'name': data})
        except CLIFactoryError as err:
            self.fail(err)
        self.assertEqual(
            role['name'],
            data, "Input and output name should be consistent")

        # Delete it
        result = Role.delete({'id': role['id']})
        self.assertEqual(result.return_code, 0,
                         "Role was not deleted")
        self.assertEqual(
            len(result.stderr), 0, "No error was expected")

        # Fetch it
        result = Role.info({'id': role['id']})
        self.assertNotEqual(result.return_code, 0,
                            "Role should not be found")
        self.assertGreater(len(result.stderr), 0,
                           "Expected an error here")
Exemplo n.º 3
0
    def test_rhsso_login_using_hammer(self, enable_external_auth_rhsso,
                                      rhsso_setting_setup,
                                      rh_sso_hammer_auth_setup):
        """verify the hammer auth login using RHSSO auth source

        :id: 56c09a1a-d0e5-11ea-9024-d46d6dd3b5b2

        :expectedresults: hammer auth login should be suceessful for a rhsso user

        :CaseImportance: High
        """
        result = AuthLogin.oauth({
            'oidc-token-endpoint':
            get_oidc_token_endpoint(),
            'oidc-client-id':
            get_oidc_client_id(),
            'username':
            settings.rhsso.rhsso_user,
            'password':
            settings.rhsso.password,
        })
        assert f"Successfully logged in as '{settings.rhsso.rhsso_user}'." == result[
            0]['message']
        result = Auth.with_user(username=settings.rhsso.rhsso_user,
                                password=settings.rhsso.password).status()
        assert (
            f"Session exists, currently logged in as '{settings.rhsso.rhsso_user}'."
            == result[0]['message'])
        task_list = Task.with_user(username=settings.rhsso.rhsso_user,
                                   password=settings.rhsso.password).list()
        assert len(task_list) >= 0
        with pytest.raises(CLIReturnCodeError) as error:
            Role.with_user(username=settings.rhsso.rhsso_user,
                           password=settings.rhsso.password).list()
        assert 'Missing one of the required permissions' in error.value.message
Exemplo n.º 4
0
    def test_positive_list_filters_with_pagination(self, make_role_with_permissions, per_page):
        """Make sure filters list can be displayed with different items per
        page value

        :id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865

        :BZ: 1428516

        :expectedresults: `per-page` correctly sets amount of items displayed
            per page, different `per-page` values divide a list into correct
            number of pages

        :CaseImportance: Critical

        :parametrized: yes
        """
        # Verify the first page contains exactly the same items count
        # as `per-page` value
        filters = Role.filters(
            {'name': make_role_with_permissions['role']['name'], 'per-page': per_page}
        )
        assert len(filters) == per_page
        # Verify pagination and total amount of pages by checking the
        # items count on the last page
        last_page = ceil(len(make_role_with_permissions['permissions']) / per_page)
        filters = Role.filters(
            {
                'name': make_role_with_permissions['role']['name'],
                'page': last_page,
                'per-page': per_page,
            }
        )
        assert len(filters) == (
            len(make_role_with_permissions['permissions']) % per_page or per_page
        )
Exemplo n.º 5
0
    def test_positive_update_role_1(self, data):
        """@Test: Update roles after creating them

        @Feature: Roles

        @Assert: Assert updation of roles

        """
        name = gen_string('alpha', 15)
        try:
            role = make_role({'name': name})
        except CLIFactoryError as err:
            self.fail(err)
        self.assertEqual(
            role['name'],
            data, "Input and output name should be consistent")

        # Update it
        result = Role.update({'id': role['id'],
                              'new-name': data})
        self.assertEqual(result.return_code, 0,
                         "Role was not updated")
        self.assertEqual(
            len(result.stderr), 0, "No error was expected")

        # Fetch it
        result = Role.info({'id': role['id']})
        self.assertEqual(result.return_code, 0,
                         "Role was not updated")
        self.assertEqual(
            len(result.stderr), 0, "No error was expected")
        # Assert that name was updated
        self.assertEqual(result.stdout['name'],
                         data,
                         "Names do not match")
Exemplo n.º 6
0
    def test_positive_update_role_1(self, data):
        """@Test: Update roles after creating them

        @Feature: Roles

        @Assert: Assert updation of roles

        """
        name = gen_string('alpha', 15)
        try:
            role = make_role({'name': name})
        except CLIFactoryError as err:
            self.fail(err)
        self.assertEqual(
            role['name'],
            data, "Input and output name should be consistent")

        # Update it
        result = Role.update({'id': role['id'],
                              'new-name': data})
        self.assertEqual(result.return_code, 0,
                         "Role was not updated")
        self.assertEqual(
            len(result.stderr), 0, "No error was expected")

        # Fetch it
        result = Role.info({'id': role['id']})
        self.assertEqual(result.return_code, 0,
                         "Role was not updated")
        self.assertEqual(
            len(result.stderr), 0, "No error was expected")
        # Assert that name was updated
        self.assertEqual(result.stdout['name'],
                         data,
                         "Names do not match")
Exemplo n.º 7
0
    def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data, ldap_tear_down):
        """Verify the usergroup-sync functionality in AD Auth Source

        :id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2

        :customerscenario: true

        :CaseImportance: Medium

        :bz: 1901392

        :parametrized: yes

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync
        """
        ad_data = ad_data()
        group_base_dn = ','.join(ad_data['group_base_dn'].split(',')[1:])
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source = make_ldap_auth_source(
            {
                'name': gen_string('alpha'),
                'onthefly-register': 'true',
                'host': ad_data['ldap_hostname'],
                'server-type': LDAP_SERVER_TYPE['CLI']['ad'],
                'attr-login': LDAP_ATTR['login_ad'],
                'attr-firstname': LDAP_ATTR['firstname'],
                'attr-lastname': LDAP_ATTR['surname'],
                'attr-mail': LDAP_ATTR['mail'],
                'account': ad_data['ldap_user_name'],
                'account-password': ad_data['ldap_user_passwd'],
                'base-dn': ad_data['base_dn'],
                'groups-base': group_base_dn,
            }
        )
        # assert auth_source['account']['groups-base'] == group_base_dn
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        make_usergroup_external(
            {
                'auth-source-id': auth_source['server']['id'],
                'user-group-id': user_group['id'],
                'name': member_group,
            }
        )
        UserGroup.add_role({'id': user_group['id'], 'role-id': viewer_role['id']})
        user_group = UserGroup.info({'id': user_group['id']})
        result = Auth.with_user(
            username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
        ).status()
        assert LOGEDIN_MSG.format(ad_data['ldap_user_name']) in result[0]['message']
        UserGroupExternal.refresh({'user-group-id': user_group['id'], 'name': member_group})
        user_group = UserGroup.info({'id': user_group['id']})
        list = Role.with_user(
            username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd']
        ).list()
        assert len(list) > 1
Exemplo n.º 8
0
    def test_positive_list_filters_with_pagination(self):
        """Make sure filters list can be displayed with different items per
        page value

        :id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865

        :BZ: 1428516

        :expectedresults: `per-page` correctly sets amount of items displayed
            per page, different `per-page` values divide a list into correct
            number of pages

        :CaseImportance: Critical
        """
        role = make_role()
        res_types = iter(PERMISSIONS.keys())
        permissions = []
        # Collect more than 20 different permissions
        while len(permissions) <= 20:
            permissions += [
                permission['name']
                for permission in Filter.available_permissions(
                    {'resource-type': next(res_types)})
            ]
        # Create a filter for each permission
        for perm in permissions:
            make_filter({
                'role': role['name'],
                'permissions': perm,
            })
        # Test different `per-page` values
        for per_page in (1, 5, 20):
            with self.subTest(per_page):
                # Verify the first page contains exactly the same items count
                # as `per-page` value
                filters = Role.filters({
                    'name': role['name'],
                    'per-page': per_page,
                })
                self.assertEqual(len(filters), per_page)
                # Verify pagination and total amount of pages by checking the
                # items count on the last page
                last_page = (len(permissions) / per_page +
                             int(len(permissions) % per_page != 0))
                filters = Role.filters({
                    'name': role['name'],
                    'page': last_page,
                    'per-page': per_page,
                })
                self.assertEqual(len(filters),
                                 len(permissions) % per_page or per_page)
Exemplo n.º 9
0
    def test_positive_list_filters_with_pagination(self):
        """Make sure filters list can be displayed with different items per
        page value

        :id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865

        :BZ: 1428516

        :expectedresults: `per-page` correctly sets amount of items displayed
            per page, different `per-page` values divide a list into correct
            number of pages

        :CaseImportance: Critical
        """
        role = make_role()
        res_types = iter(PERMISSIONS.keys())
        permissions = []
        # Collect more than 20 different permissions
        while len(permissions) <= 20:
            permissions += [
                permission['name']
                for permission in Filter.available_permissions(
                    {'resource-type': next(res_types)})
            ]
        # Create a filter for each permission
        for perm in permissions:
            make_filter({
                'role': role['name'],
                'permissions': perm,
            })
        # Test different `per-page` values
        for per_page in (1, 5, 20):
            with self.subTest(per_page):
                # Verify the first page contains exactly the same items count
                # as `per-page` value
                filters = Role.filters({
                    'name': role['name'],
                    'per-page': per_page,
                })
                self.assertEqual(len(filters), per_page)
                # Verify pagination and total amount of pages by checking the
                # items count on the last page
                last_page = (len(permissions) / per_page
                             + int(len(permissions) % per_page != 0))
                filters = Role.filters({
                    'name': role['name'],
                    'page': last_page,
                    'per-page': per_page,
                })
                self.assertEqual(
                    len(filters), len(permissions) % per_page or per_page)
Exemplo n.º 10
0
    def test_positive_delete_by_id(self):
        """Create a new role and then delete role by its ID

        @id: 351780b4-697c-4f87-b989-dd9a9a2ad012

        @Assert: Role is created and then deleted by its ID
        """
        for name in generate_strings_list(length=10):
            with self.subTest(name):
                role = make_role({'name': name})
                self.assertEqual(role['name'], name)
                Role.delete({'id': role['id']})
                with self.assertRaises(CLIReturnCodeError):
                    Role.info({'id': role['id']})
Exemplo n.º 11
0
    def test_positive_delete_role_1(self):
        """@Test: Delete roles after creating them

        @Feature: Roles

        @Assert: Assert deletion of roles
        """
        for name in generate_strings_list(length=10):
            with self.subTest(name):
                role = make_role({'name': name})
                self.assertEqual(role['name'], name)
                Role.delete({'id': role['id']})
                with self.assertRaises(CLIReturnCodeError):
                    Role.info({'id': role['id']})
Exemplo n.º 12
0
    def test_negative_list_filters_without_parameters(self):
        """Try to list filter without specifying role id or name

        :id: 56cafbe0-d1cb-413e-8eac-0e01a3590fd2

        :expectedresults: Proper error message is shown instead of SQL error

        :CaseImportance: Critical

        :BZ: 1296782
        """
        with self.assertRaises(CLIReturnCodeError) as err:
            with self.assertNotRaises(CLIDataBaseError):
                Role.filters()
        self.assertRegex(err.exception.msg, 'At least one of options .* is required')
Exemplo n.º 13
0
    def test_positive_update_name(self):
        """Create new role and update its name

        :id: 3ce1b337-fd52-4460-b8a8-df49c94ffed1

        :expectedresults: Role is created and its name is updated

        :CaseImportance: Critical
        """
        role = make_role({'name': gen_string('alpha', 15)})
        for new_name in generate_strings_list(length=10):
            with self.subTest(new_name):
                Role.update({'id': role['id'], 'new-name': new_name})
                role = Role.info({'id': role['id']})
                self.assertEqual(role['name'], new_name)
Exemplo n.º 14
0
    def test_positive_update_name(self):
        """@Test: Create new role and update its name

        @Feature: Roles

        @Assert: Role is created and its name is updated
        """
        role = make_role({'name': gen_string('alpha', 15)})
        for new_name in generate_strings_list(length=10):
            with self.subTest(new_name):
                Role.update({
                    'id': role['id'],
                    'new-name': new_name,
                })
                role = Role.info({'id': role['id']})
                self.assertEqual(role['name'], new_name)
Exemplo n.º 15
0
    def test_positive_update_name(self):
        """Create new role and update its name

        @id: 3ce1b337-fd52-4460-b8a8-df49c94ffed1

        @Assert: Role is created and its name is updated
        """
        role = make_role({'name': gen_string('alpha', 15)})
        for new_name in generate_strings_list(length=10):
            with self.subTest(new_name):
                Role.update({
                    'id': role['id'],
                    'new-name': new_name,
                })
                role = Role.info({'id': role['id']})
                self.assertEqual(role['name'], new_name)
Exemplo n.º 16
0
    def test_positive_create_with_permission(self):
        """Create new role with a set of permission

        :id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a

        :expectedresults: Role is created and has correct set of permissions

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(
            Role.filters({'id': role['id']})[0]['permissions'],
            permissions
        )
Exemplo n.º 17
0
    def test_positive_update_role_1(self):
        """@Test: Update roles after creating them

        @Feature: Roles

        @Assert: Assert updating of roles
        """
        role = make_role({'name': gen_string('alpha', 15)})
        for new_name in generate_strings_list(length=10):
            with self.subTest(new_name):
                Role.update({
                    'id': role['id'],
                    'new-name': new_name,
                })
                role = Role.info({'id': role['id']})
                self.assertEqual(role['name'], new_name)
Exemplo n.º 18
0
    def test_negative_list_filters_without_parameters(self):
        """Try to list filter without specifying role id or name

        :id: 56cafbe0-d1cb-413e-8eac-0e01a3590fd2

        :expectedresults: Proper error message is shown instead of SQL error

        :CaseImportance: Critical

        :BZ: 1296782
        """
        with self.assertRaises(CLIReturnCodeError) as err:
            with self.assertNotRaises(CLIDataBaseError):
                Role.filters()
        self.assertRegex(
            err.exception.msg, 'At least one of options .* is required')
Exemplo n.º 19
0
    def test_positive_create_with_permission(self):
        """Create new role with a set of permission

        :id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a

        :expectedresults: Role is created and has correct set of permissions

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(
            Role.filters({'id': role['id']})[0]['permissions'],
            permissions
        )
Exemplo n.º 20
0
    def test_positive_update_name(self):
        """Create new role and update its name

        @Feature: Roles

        @Assert: Role is created and its name is updated
        """
        role = make_role({'name': gen_string('alpha', 15)})
        for new_name in generate_strings_list(length=10):
            with self.subTest(new_name):
                Role.update({
                    'id': role['id'],
                    'new-name': new_name,
                })
                role = Role.info({'id': role['id']})
                self.assertEqual(role['name'], new_name)
Exemplo n.º 21
0
    def test_negative_list_filters_without_parameters(self):
        """Try to list filter without specifying role id or name

        :id: 56cafbe0-d1cb-413e-8eac-0e01a3590fd2

        :expectedresults: Proper error message is shown instead of SQL error

        :CaseImportance: Critical

        :BZ: 1296782
        """
        with pytest.raises(CLIReturnCodeError) as err:
            try:
                Role.filters()
            except CLIDataBaseError as err:
                pytest.fail(err)
        assert re.search('At least one of options .* is required', err.value.msg)
Exemplo n.º 22
0
 def create_test_user_viewer_role(cls):
     """Create's a user with Viewer role"""
     cls.login = gen_string('alpha')
     cls.password = gen_string('alpha')
     user = make_user({'login': cls.login, 'password': cls.password, 'admin': False})
     role = Role.info({'name': 'Viewer'})
     User.add_role({'login': user['login'], 'role-id': role['id']})
     return cls.login, cls.password
Exemplo n.º 23
0
    def test_positive_delete_role(self):
        """Create a filter and delete the role it points at.

        :id: e2adb6a4-e408-4912-a32d-2bf2c43187d9

        :expectedresults: The filter cannot be fetched.

        :CaseImportance: Critical
        """
        filter_ = make_filter({'role-id': self.role['id'], 'permissions': self.perms})

        # A filter depends on a role. Deleting a role implicitly deletes the
        # filter pointing at it.
        Role.delete({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Role.info({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
Exemplo n.º 24
0
    def test_positive_delete_role(self):
        """Create a filter and delete the role it points at.

        @id: e2adb6a4-e408-4912-a32d-2bf2c43187d9

        @Assert: The filter cannot be fetched.
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })

        # A filter depends on a role. Deleting a role implicitly deletes the
        # filter pointing at it.
        Role.delete({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Role.info({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
Exemplo n.º 25
0
 def create_test_user_viewer_role(cls):
     """Create's a user with Viewer role"""
     cls.login = gen_string('alpha')
     cls.password = gen_string('alpha')
     user = make_user({
         'login': cls.login,
         'password': cls.password,
         'admin': False
     })
     role = Role.info({'name': 'Viewer'})
     User.add_role({
         'login': user['login'],
         'role-id': role['id'],
     })
     return cls.login, cls.password
Exemplo n.º 26
0
    def test_positive_list_filters_by_id(self):
        """Create new role with a filter and list it by role id

        :id: 6979ad8d-629b-481e-9d3a-8f3b3bca53f9

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions({"search": "resource_type=Organization"})
        ]
        # Assign filter to created role
        filter_ = make_filter({'role-id': role['id'], 'permissions': permissions})
        assert role['name'] == filter_['role']
        assert Role.filters({'id': role['id']})[0]['id'] == filter_['id']
Exemplo n.º 27
0
    def test_positive_list_filters_by_name(self):
        """Create new role with a filter and list it by role name

        :id: bbcb3982-f484-4dde-a3ea-7145fd28ab1f

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions({"search": "resource_type=Organization"})
        ]
        # Assign filter to created role
        filter_ = make_filter({'role': role['name'], 'permissions': permissions})
        assert role['name'] == filter_['role']
        assert Role.filters({'name': role['name']})[0]['id'] == filter_['id']
Exemplo n.º 28
0
    def setUpClass(cls):
        """
        Initializes class attribute ``dct_roles`` with several random roles
        saved on sat. roles is a dict so keys are role's id respective value is
        the role itself
        """

        super(UserWithCleanUpTestCase, cls).setUpClass()
        settings.configure()
        include_list = [gen_string("alphanumeric", 100)]

        def roles_helper():
            """Generator funcion which creates several Roles to be used on
            tests
            """
            for role_name in valid_usernames_list() + include_list:
                yield make_role({'name': role_name})

        cls.stubbed_roles = {role['id']: role for role in roles_helper()}
        cls.all_roles = {role['id']: role for role in Role.list()}
Exemplo n.º 29
0
    def setUpClass(cls):
        """
        Initializes class attribute ``dct_roles`` with several random roles
        saved on sat. roles is a dict so keys are role's id respective value is
        the role itself
        """

        super(UserWithCleanUpTestCase, cls).setUpClass()
        settings.configure()
        include_list = [gen_string("alphanumeric", 100)]

        def roles_helper():
            """Generator funcion which creates several Roles to be used on
            tests
            """
            for role_name in valid_usernames_list() + include_list:
                yield make_role({'name': role_name})

        cls.stubbed_roles = {role['id']: role for role in roles_helper()}
        cls.all_roles = {role['id']: role for role in Role.list()}
Exemplo n.º 30
0
    def test_positive_delete_cloned_builtin(self):
        """Clone a builtin role and attempt to delete it

        :id: 1fd9c636-596a-4cb2-b100-de19238042cc

        :BZ: 1426672

        :expectedresults: role was successfully deleted

        :CaseImportance: Critical

        """
        role_list = Role.list({'search': f'name=\\"{choice(ROLES)}\\"'})
        assert len(role_list) == 1
        cloned_role = Role.clone({'id': role_list[0]['id'], 'new-name': gen_string('alphanumeric')})
        Role.delete({'id': cloned_role['id']})
        with pytest.raises(CLIReturnCodeError):
            Role.info({'id': cloned_role['id']})
Exemplo n.º 31
0
    def test_positive_crud_with_name(self, name, new_name):
        """Create new role with provided name, update name and delete role by ID

        :id: f77b8e84-e964-4007-b12b-142949134d8b

        :parametrized: yes

        :expectedresults: Role is created and has correct name, its name is updated
            and then deleted by ID

        :BZ: 1138553

        :CaseImportance: Critical
        """
        role = make_role({'name': name})
        assert role['name'] == name
        Role.update({'id': role['id'], 'new-name': new_name})
        role = Role.info({'id': role['id']})
        assert role['name'] == new_name
        Role.delete({'id': role['id']})
        with pytest.raises(CLIReturnCodeError):
            Role.info({'id': role['id']})
Exemplo n.º 32
0
    def test_positive_list_filters_by_name(self):
        """Create new role with a filter and list it by role name

        :id: bbcb3982-f484-4dde-a3ea-7145fd28ab1f

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        filter_ = make_filter({
            'role': role['name'],
            'permissions': permissions,
        })
        self.assertEqual(role['name'], filter_['role'])
        self.assertEqual(
            Role.filters({'name': role['name']})[0]['id'], filter_['id'])
Exemplo n.º 33
0
    def test_positive_list_filters_by_id(self):
        """Create new role with a filter and list it by role id

        :id: 6979ad8d-629b-481e-9d3a-8f3b3bca53f9

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        filter_ = make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(role['name'], filter_['role'])
        self.assertEqual(
            Role.filters({'id': role['id']})[0]['id'], filter_['id'])
Exemplo n.º 34
0
    def test_positive_delete_cloned_builtin(self):
        """Clone a builtin role and attempt to delete it

        :id: 1fd9c636-596a-4cb2-b100-de19238042cc

        :BZ: 1426672

        :expectedresults: role was successfully deleted

        :CaseImportance: Critical

        """
        role_list = Role.list({
            'search': 'name=\\"{}\\"'.format(choice(ROLES))})
        self.assertEqual(len(role_list), 1)
        cloned_role = Role.clone({
            'id': role_list[0]['id'],
            'new-name': gen_string('alphanumeric'),
        })
        Role.delete({'id': cloned_role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Role.info({'id': cloned_role['id']})
Exemplo n.º 35
0
 def tearDownClass(cls):
     """Remove all roles created during tests"""
     super(UserWithCleanUpTestCase, cls).tearDownClass()
     for role_id in cls.stubbed_roles:
         Role.delete({'id': role_id})
Exemplo n.º 36
0
    def test_usergroup_with_usergroup_sync(self, ipa_data):
        """Verify the usergroup-sync functionality in Ldap Auth Source

        :id: 2b63e886-2c53-11ea-9da5-db3ae0527554

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
        self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
        ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
        ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'true',
            'host':
            ipa_data['ldap_ipa_hostname'],
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            ipa_data['ldap_ipa_user_passwd'],
            'base-dn':
            ipa_data['ipa_base_dn'],
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with pytest.raises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.value.message
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
Exemplo n.º 37
0
 def tearDownClass(cls):
     """Remove all roles created during tests"""
     super(UserWithCleanUpTestCase, cls).tearDownClass()
     for role_id in cls.stubbed_roles:
         Role.delete({'id': role_id})
Exemplo n.º 38
0
 def tearDownClass(cls):
     """Remove all roles created during tests"""
     super().tearDownClass()
     for role_id in cls.stubbed_roles:
         Role.delete({'id': role_id})
Exemplo n.º 39
0
    def test_system_admin_role_end_to_end(self):
        """Test System admin role with a end to end workflow

        :id: da6b3549-d1cf-44fc-869f-08d15d407fa2

        :steps:

            1. Create a System admin role user1
            2. Login with the user1 and change global settings
                "Out of sync interval" to 31
            3. Create user2 with system admin role
            4. Login with user2 to create a Organization
            5. Clone a Org-admin role
            6. Edit the Architecture Filter and search name  =  x86_64
            7. Create a User with Cloned Org admin
            8. Login with user.

        :expectedresults:

            1. User should be assigned with System Admin role.
            2. User with sys admin role should be able to update settings
            3. User with sys admin role should be able to create users and
                assign Organizations to them.
            4. System Admin role should be able to create Organization admins
            5. User with sys admin role should be able to edit filters on roles

        :CaseLevel: System
        """
        org = make_org()
        location = make_location()
        common_pass = gen_string('alpha')
        role = Role.info({'name': 'System admin'})
        system_admin_1 = make_user(
            {
                'password': common_pass,
                'organization-ids': org['id'],
                'location-ids': location['id'],
            }
        )
        User.add_role({'id': system_admin_1['id'], 'role-id': role['id']})
        Settings.with_user(username=system_admin_1['login'], password=common_pass).set(
            {'name': "outofsync_interval", 'value': "32"}
        )
        sync_time = Settings.list({'search': 'name=outofsync_interval'})[0]
        # Asserts if the setting was updated successfully
        assert '32' == sync_time['value']

        # Create another System Admin user using the first one
        system_admin = User.with_user(
            username=system_admin_1['login'], password=common_pass
        ).create(
            {
                'auth-source-id': 1,
                'firstname': gen_string('alpha'),
                'lastname': gen_string('alpha'),
                'login': gen_string('alpha'),
                'mail': '{}@example.com'.format(gen_string('alpha')),
                'password': common_pass,
                'organizations': org['name'],
                'role-ids': role['id'],
                'locations': location['name'],
            }
        )
        # Create the Org Admin user
        org_role = Role.with_user(username=system_admin['login'], password=common_pass).clone(
            {
                'name': 'Organization admin',
                'new-name': gen_string('alpha'),
                'organization-ids': org['id'],
                'location-ids': location['id'],
            }
        )
        org_admin = User.with_user(username=system_admin['login'], password=common_pass).create(
            {
                'auth-source-id': 1,
                'firstname': gen_string('alpha'),
                'lastname': gen_string('alpha'),
                'login': gen_string('alpha'),
                'mail': '{}@example.com'.format(gen_string('alpha')),
                'password': common_pass,
                'organizations': org['name'],
                'role-ids': org_role['id'],
                'location-ids': location['id'],
            }
        )
        # Assert if the cloning was successful
        assert org_role['id'] is not None
        org_role_filters = Role.filters({'id': org_role['id']})
        search_filter = None
        for arch_filter in org_role_filters:
            if arch_filter['resource-type'] == 'Architecture':
                search_filter = arch_filter
                break
        Filter.with_user(username=system_admin['login'], password=common_pass).update(
            {'role-id': org_role['id'], 'id': arch_filter['id'], 'search': 'name=x86_64'}
        )
        # Asserts if the filter is updated
        assert 'name=x86_64' in Filter.info({'id': search_filter['id']}).values()
        org_admin = User.with_user(username=system_admin['login'], password=common_pass).info(
            {'id': org_admin['id']}
        )
        # Asserts Created Org Admin
        assert org_role['name'] in org_admin['roles']
        assert org['name'] in org_admin['organizations']
Exemplo n.º 40
0
    def test_system_admin_role_end_to_end(self):
        """Test System admin role with a end to end workflow

        :id: da6b3549-d1cf-44fc-869f-08d15d407fa2

        :steps:

            1. Create a System admin role user1
            2. Login with the user1 and change global settings
                "Out of sync interval" to 31
            3. Create user2 with system admin role
            4. Login with user2 to create a Organization
            5. Clone a Org-admin role
            6. Edit the Architecture Filter and search name  =  x86_64
            7. Create a User with Cloned Org admin
            8. Login with user.

        :expectedresults:

            1. User should be assigned with System Admin role.
            2. User with sys admin role should be able to update settings
            3. User with sys admin role should be able to create users and
                assign Organizations to them.
            4. System Admin role should be able to create Organization admins
            5. User with sys admin role should be able to edit filters on roles

        :CaseLevel: System
        """
        org = make_org()
        location = make_location()
        common_pass = gen_string('alpha')
        role = Role.info({'name': 'System admin'})
        system_admin_1 = make_user({
            'password': common_pass,
            'organization-ids': org['id'],
            'location-ids': location['id']
            })
        User.add_role({
            'id': system_admin_1['id'],
            'role-id': role['id']
            })
        Settings.with_user(
            username=system_admin_1['login'],
            password=common_pass).set({
                'name': "outofsync_interval",
                'value': "32"
                })
        sync_time = Settings.list({
            'search': 'name=outofsync_interval'
            })[0]
        # Asserts if the setting was updated successfully
        self.assertEqual('32', sync_time['value'])

        # Create another System Admin user using the first one
        system_admin = User.with_user(
                username=system_admin_1['login'],
                password=common_pass).create({
                    u'auth-source-id': 1,
                    u'firstname': gen_string('alpha'),
                    u'lastname': gen_string('alpha'),
                    u'login': gen_string('alpha'),
                    u'mail': '{0}@example.com'.format(gen_string('alpha')),
                    u'password': common_pass,
                    u'organizations': org['name'],
                    u'role-ids': role['id'],
                    u'locations': location['name']
                    })
        # Create the Org Admin user
        org_role = Role.with_user(
            username=system_admin['login'],
            password=common_pass).clone({
                'name': 'Organization admin',
                'new-name': gen_string('alpha'),
                'organization-ids': org['id'],
                'location-ids': location['id']
                })
        org_admin = User.with_user(
                username=system_admin['login'],
                password=common_pass).create({
                    u'auth-source-id': 1,
                    u'firstname': gen_string('alpha'),
                    u'lastname': gen_string('alpha'),
                    u'login': gen_string('alpha'),
                    u'mail': '{0}@example.com'.format(gen_string('alpha')),
                    u'password': common_pass,
                    u'organizations': org['name'],
                    u'role-ids': org_role['id'],
                    u'location-ids': location['id']
                    })
        # Assert if the cloning was successful
        self.assertIsNotNone(org_role['id'])
        org_role_filters = Role.filters({'id': org_role['id']})
        search_filter = None
        for arch_filter in org_role_filters:
            if arch_filter['resource-type'] == 'Architecture':
                search_filter = arch_filter
                break
        Filter.with_user(
            username=system_admin['login'],
            password=common_pass).update({
                'role-id': org_role['id'],
                'id': arch_filter['id'],
                'search': 'name=x86_64'
                })
        # Asserts if the filter is updated
        self.assertIn('name=x86_64',
                      Filter.info({
                          'id': search_filter['id']
                            }).values()
                      )
        org_admin = User.with_user(
            username=system_admin['login'],
            password=common_pass).info({'id': org_admin['id']})
        # Asserts Created Org Admin
        self.assertIn(org_role['name'], org_admin['roles'])
        self.assertIn(org['name'], org_admin['organizations'])
Exemplo n.º 41
0
    def test_usergroup_sync_with_refresh(self):
        """Verify the refresh functionality in Ldap Auth Source

        :id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930

        :expectedresults: external user-group sync works as expected as on-demand
            sync based on refresh works

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        ldap_ipa_user_name = self.ldap_ipa_user_name
        ipa_group_base_dn = self.ipa_group_base_dn.replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'false',
            'host':
            self.ldap_ipa_hostname,
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            self.ldap_ipa_user_passwd,
            'base-dn':
            self.ipa_base_dn,
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message