def test_permission_edit(appliance, request, product_features, action): """ Ensures that changes in permissions are enforced on next login """ product_features = version.pick(product_features) request.addfinalizer(appliance.server.login_admin()) role_name = fauxfactory.gen_alphanumeric() role = Role( name=role_name, vm_restriction=None, product_features=[(['Everything'], False)] + # role_features [(k, True) for k in product_features]) role.create() group = new_group(role=role.name) group.create() user = new_user(group=group) user.create() with user: try: action() except Exception: pytest.fail('Incorrect permissions set') appliance.server.login_admin() role.update({ 'product_features': [(['Everything'], True)] + [(k, False) for k in product_features] }) with user: try: with error.expected(Exception): action() except error.UnexpectedSuccessException: pytest.Fails('Permissions have not been updated')
def _mk_role(name=None, vm_restriction=None, product_features=None): """Create a thunk that returns a Role object to be used for perm testing. name=None will generate a random name """ name = name or fauxfactory.gen_alphanumeric() return lambda: Role(name=name, vm_restriction=vm_restriction, product_features=product_features)
def role(): """ Returns role object used in test module """ role = Role(name='role{}'.format(fauxfactory.gen_alphanumeric()), vm_restriction='None') role.create() yield role role.delete()
def test_delete_default_roles(): flash_msg = version.pick({ '5.6': ("Role \"{}\": Error during delete: Cannot delete record " "because of dependent entitlements"), '5.5': ("Role \"{}\": Error during \'destroy\': Cannot delete record " "because of dependent miq_groups")}) role = Role(name='EvmRole-approver') with error.expected(flash_msg.format(role.name)): role.delete()
def test_delete_default_roles(): """Test that CFME prevents a user from deleting a default role when selecting it from the Access Control EVM Role checklist Steps: * Login as Administrator user * Navigate to Configuration -> Role * Try editing the group EvmRole-approver """ role = Role(name='EvmRole-approver') with pytest.raises(RBACOperationBlocked): role.delete()
def test_edit_default_roles(): """Test that CFME prevents a user from editing a default role when selecting it from the Access Control EVM Role checklist Steps: * Login as Administrator user * Navigate to Configuration -> Role * Try editing the group EvmRole-auditor """ role = Role(name='EvmRole-auditor') newrole_name = "{}-{}".format(role.name, fauxfactory.gen_alphanumeric()) role_updates = {'name': newrole_name} with pytest.raises(RBACOperationBlocked): role.update(role_updates)
def test_permission_edit(appliance, request, product_features, action): """ Ensures that changes in permissions are enforced on next login Args: appliance: cfme appliance fixture request: pytest request fixture product_features: product features to set for test role action: reference to a function to execute under the test user context """ product_features = version.pick(product_features) request.addfinalizer(appliance.server.login_admin) role_name = fauxfactory.gen_alphanumeric() role = Role( name=role_name, vm_restriction=None, product_features=[(['Everything'], False)] + # role_features [(k, True) for k in product_features]) role.create() group_description = 'grp{}'.format(fauxfactory.gen_alphanumeric()) group = group_collection(appliance).create(description=group_description, role=role.name) user = new_user(group=group) user.create() with user: try: action() except Exception: pytest.fail('Incorrect permissions set') appliance.server.login_admin() role.update({ 'product_features': [(['Everything'], True)] + [(k, False) for k in product_features] }) with user: try: with error.expected(Exception): action() except error.UnexpectedSuccessException: pytest.Fails('Permissions have not been updated')
def new_role(): return Role( name='rol{}'.format(fauxfactory.gen_alphanumeric()), vm_restriction='None')
def test_rolename_required_error_validation(): role = Role( name=None, vm_restriction='Only User Owned') with error.expected("Name can't be blank"): role.create()
def new_role(): return Role( name='rol' + fauxfactory.gen_alphanumeric(), vm_restriction='None')
def test_edit_default_roles(): role = Role(name='EvmRole-auditor') navigate_to(role, 'Edit') flash.assert_message_match( "Read Only Role \"{}\" can not be edited".format(role.name))