def test_forbidden_actions(sdk_client_fs: ADCMClient): """ Check that forbidden caller-context combinations fail as actions and don't affect any ADCM objects """ name = "first" with allure.step(f'Check forbidden from cluster "{name}" context actions'): cluster = sdk_client_fs.cluster(name=name) for forbidden_action in ('change_service', 'change_component'): with check_config_changed(sdk_client_fs): run_cluster_action_and_assert_result(cluster, forbidden_action, status='failed') with allure.step(f'Check forbidden from service "{name}" context actions'): service = cluster.service(name=name) with check_config_changed(sdk_client_fs): run_service_action_and_assert_result(service, 'change_component', status='failed') with allure.step( f'Check forbidden from provider "{name}" context actions'): provider = sdk_client_fs.provider(name=name) with check_config_changed(sdk_client_fs): run_provider_action_and_assert_result(provider, 'change_host', status='failed') first_host, second_host, *_ = provider.host_list() with check_config_changed(sdk_client_fs): run_host_action_and_assert_result( first_host, 'change_host_from_provider', status='failed', config={'host_id': second_host.id})
def test_change_child_role(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user loses access if change policy role """ cluster_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) policy = create_policy(sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[user], groups=[]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) with allure.step( "Change role from 'View configuration' to 'View imports'"): role = sdk_client_fs.role_create( name="Another role", display_name="Another role", child=[{ "id": sdk_client_fs.role( name=BusinessRoles.ViewImports.value.role_name).id }], ) policy.update(role={"id": role.id}) is_allowed(cluster, BusinessRoles.ViewImports) is_denied(cluster, BusinessRoles.ViewClusterConfigurations)
def test_forbidden_multi_state_set_actions(sdk_client_fs: ADCMClient): """ Check that forbidden caller-context combinations fail as actions and don't affect any ADCM objects """ name = "first" with allure.step(f'Check forbidden from cluster "{name}" context actions'): cluster = sdk_client_fs.cluster(name=name) # missing is used because it should fail for misconfiguration reasons, not because state not set for forbidden_action in ('set_service', 'set_component', 'unset_service_missing', 'unset_component_missing'): with check_objects_multi_state_changed(sdk_client_fs): run_cluster_action_and_assert_result(cluster, forbidden_action, status='failed') with allure.step(f'Check forbidden from service "{name}" context actions'): service = cluster.service(name=name) for forbidden_action in ('set_component', 'unset_component_missing'): with check_objects_multi_state_changed(sdk_client_fs): run_service_action_and_assert_result(service, forbidden_action, status='failed') with allure.step( f'Check forbidden from provider "{name}" context actions'): provider = sdk_client_fs.provider(name=name) for forbidden_action in ('set_host', 'unset_host_missing'): with check_objects_multi_state_changed(sdk_client_fs): run_provider_action_and_assert_result(provider, forbidden_action, status='failed')
def _check_hc_map_is_correct(self, adcm_client: ADCMClient): """Check that hc map is correct after adcm_hc action""" actual_hc_map = { (hc['host'], hc['service_name'], hc['component']) for hc in adcm_client.cluster(name=CLUSTER_NAME).hostcomponent() } assert ( actual_hc_map == self.EXPECTED_HC_MAP ), f"Host-Component map isn't the same as expected. Got: {actual_hc_map}. Expected: {self.EXPECTED_HC_MAP}"
def get_cluster_related_object( client: ADCMClient, cluster: str = 'first', service: Optional[str] = None, component: Optional[str] = None) -> ClusterRelatedObject: """ Get function to get one of ADCM cluster objects: - Cluster (when all args are None) - Service (when only service argument is not None) - Component (when both arguments are not None) """ if service is None and component is None: return client.cluster(name=cluster) if service and component is None: return client.cluster(name=cluster).service(name=service) if service and component: return client.cluster(name=cluster).service(name=service).component( name=component) raise ValueError( 'You can provide either only "service" argument or both "service" and "component" argument' )
def test_remove_user_from_policy(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user loses access if user removed from policy user list """ cluster_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) policy = create_policy(sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[user], groups=[]) is_allowed(cluster, BusinessRoles.ViewComponentConfigurations) with allure.step("Remove user from policy"): policy.update(user=[{"id": sdk_client_fs.user(username="******").id}]) is_denied(cluster, BusinessRoles.ViewClusterConfigurations)
def test_remove_user_from_group(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user loses access if user removed from group with policy """ cluster_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) group = sdk_client_fs.group_create("test_group", user=[{"id": user.id}]) create_policy(sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[], groups=[group]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) with allure.step("Remove user from group"): group.update(user=[]) is_denied(cluster, BusinessRoles.ViewClusterConfigurations)
def test_remove_user_from_policy_but_still_in_group(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user is still have access if user removed from policy but is in group """ cluster_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) group = sdk_client_fs.group_create("test_group", user=[{"id": user.id}]) policy = create_policy(sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[user], groups=[group]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) with allure.step("Remove user from policy"): policy.update(user=[{"id": sdk_client_fs.user(username="******").id}]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations)
def test_upgrade_application_bundle(user_policy, user_sdk: ADCMClient, prepare_objects, sdk_client_fs, user): """Test that Upgrade application bundle role is ok""" cluster, *_, provider, _ = as_user_objects(user_sdk, *prepare_objects) cluster_via_admin, *_ = prepare_objects second_cluster = user_sdk.cluster( id=cluster_via_admin.bundle().cluster_create(name="Second cluster").id) is_allowed(cluster, BR.UpgradeClusterBundle) is_denied(provider, BR.UpgradeClusterBundle) is_denied(second_cluster, BR.UpgradeClusterBundle) new_policy = create_policy(sdk_client_fs, BR.UpgradeClusterBundle, objects=[second_cluster], users=[user], groups=[]) delete_policy(new_policy) is_denied(second_cluster, BR.UpgradeClusterBundle)
def test_remove_another_object_from_policy(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user is still have access if object removed from policy but exists high-level object """ cluster_via_admin, service_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) service = user_sdk.service(id=service_via_admin.id) policy = create_policy(sdk_client_fs, CLUSTER_VIEW_CONFIG_ROLES, objects=[cluster, service], users=[user], groups=[]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) is_allowed(service, BusinessRoles.ViewServiceConfigurations) with allure.step("Remove object from policy"): policy.update(object=[{"id": cluster.id, "type": "cluster"}]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) is_allowed(service, BusinessRoles.ViewServiceConfigurations)
def test_save_groups(ui_config, sdk_client_fs: ADCMClient): """Test save config with groups""" app_fields = ui_config.get_app_fields() for textbox in app_fields: if "field_for_group_without_options:" in textbox.text: input_element = textbox.find_element(*Common.mat_input_element) ui_config.clear_element(input_element) time.sleep(2) input_element.send_keys("new value") break ui_config.save_configuration() service = sdk_client_fs.cluster(name="group_ui_options_test").service(name="group_ui_options_test") config = service.config() with allure.step('Check that configuration was saved'): assert ( config['group_ui_options_disabled']['field_for_group_without_options'] == 'new value' ), "New configuration value wasn't applied" assert len(config.keys()) == 12 for group in INVISIBLE_GROUPS: assert group in config.keys(), "Invisible group should be present in config object"
def test_save_groups(group_elements, ui_config, sdk_client_fs: ADCMClient): """Click save configuration button and check that configuration was saved """ app_fields = ui_config.get_app_fields() for textbox in app_fields: if "field_for_group_without_options:" in textbox.text: input_element = textbox.find_element(*Common.mat_input_element) ui_config.clear_element(input_element) time.sleep(2) input_element.send_keys("shalalala") break ui_config.save_configuration() service = sdk_client_fs.cluster(name="group_ui_options_test").service( name="group_ui_options_test") config = service.config() assert config['group_ui_options_disabled']['field_for_group_without_options'] == 'shalalala', \ config['group_ui_options_disabled']['field_for_group_without_options'] assert len(config.keys()) == 12 for group in INVISIBLE_GROUPS: assert group in config.keys(), config
def test_remove_policy_but_exists_same_policy(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user is still have access if removed policy, but we still have another policy with the same rights """ cluster_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) create_policy(sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[user], groups=[]) second_policy = create_policy(sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[user], groups=[]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) with allure.step("Remove second policy"): second_policy.delete() is_allowed(cluster, BusinessRoles.ViewClusterConfigurations)
def test_forbidden_state_set_actions(sdk_client_fs: ADCMClient): """ Check that forbidden caller-context combinations fail as actions and don't affect any ADCM objects """ name = "first" first_first_fqdn = "first-first" first_second_fqdn = "first-second" with allure.step(f'Check forbidden from cluster "{name}" context actions'): cluster = sdk_client_fs.cluster(name=name) for forbidden_action in ('set_service', 'set_component'): with check_objects_state_changed(sdk_client_fs): run_cluster_action_and_assert_result(cluster, forbidden_action, status='failed') with allure.step(f'Check forbidden from service "{name}" context actions'): service = cluster.service(name=name) with check_objects_state_changed(sdk_client_fs): run_service_action_and_assert_result(service, 'set_component', status='failed') with allure.step( f'Check forbidden from provider "{name}" context actions'): provider = sdk_client_fs.provider(name=name) with check_objects_state_changed(sdk_client_fs): run_provider_action_and_assert_result(provider, 'set_host', status='failed') with allure.step( f'Check forbidden from host "{first_first_fqdn}" context actions'): host_first = sdk_client_fs.host(fqdn=first_first_fqdn) host_second = sdk_client_fs.host(fqdn=first_second_fqdn) with check_objects_state_changed(sdk_client_fs): run_host_action_and_assert_result( host_first, 'set_host_from_provider', config={'host_id': host_second.id}, status='failed')
def test_remove_object_from_policy(user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user loses access if object changed from policy """ cluster_via_admin, service_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) service = user_sdk.service(id=service_via_admin.id) policy = create_policy( sdk_client_fs, [ BusinessRoles.ViewClusterConfigurations, BusinessRoles.ViewServiceConfigurations ], objects=[cluster], users=[user], groups=[], ) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) with allure.step("Change policy object from cluster to service"): policy.update(object=[{"id": service_via_admin.id, "type": "service"}]) is_denied(cluster, BusinessRoles.ViewClusterConfigurations) is_allowed(service, BusinessRoles.ViewClusterConfigurations)
def test_remove_group_with_user_but_still_in_another_group( user_sdk: ADCMClient, user, prepare_objects, sdk_client_fs): """ Test that user is still have access if removed group with user but user is in another group """ cluster_via_admin, *_ = prepare_objects cluster = user_sdk.cluster(id=cluster_via_admin.id) group = sdk_client_fs.group_create("test_group", user=[{"id": user.id}]) another_group = sdk_client_fs.group_create("another_group", user=[{ "id": user.id }]) policy = create_policy( sdk_client_fs, BusinessRoles.ViewClusterConfigurations, objects=[cluster], users=[], groups=[group, another_group], ) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations) with allure.step("Remove user from group"): policy.update(group=[{"id": another_group.id}]) is_allowed(cluster, BusinessRoles.ViewClusterConfigurations)
def _get_cluster(self, adcm_client: ADCMClient) -> Cluster: """Get cluster object""" return adcm_client.cluster(name=CLUSTER_NAME)
def test_cluster_state_after_multijob(sdk_client_ms: ADCMClient, cluster): with allure.step('Run action: multi'): cluster.action_run(name="multi").wait() with allure.step('Check cluster state'): assert sdk_client_ms.cluster(name=cluster.name).state == cluster.name
def _check_that_cluster_exists(sdk_client_fs: ADCMClient, cluster: Cluster) -> None: assert len(sdk_client_fs.cluster_list()) == 1, "Only one cluster expected to be" with catch_failed(ObjectNotFound, "Previously created cluster not found"): sdk_client_fs.cluster(name=cluster.name)