def test_positive_login_ad_user_basic_roles(session, test_name, ldap_data,
ldap_user_name, auth_source):
"""Login with LDAP - AD for user with roles/rights
:id: ef202e94-8e5d-4333-a4bc-e573b03ebfc8
:setup: assure properly functioning AD server for authentication
:steps: Login to server with an AD user.
:expectedresults: Log in to foreman UI successfully and can access
appropriate functional areas in UI
:CaseLevel: Integration
"""
name = gen_string('alpha')
role = entities.Role().create()
permissions = {'Architecture': PERMISSIONS['Architecture']}
create_role_permissions(role, permissions)
with session:
session.user.update(ldap_data['ldap_user_name'],
{'roles.resources.assigned': [role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.usergroup.search('')
ldapsession.architecture.create({'name': name})
assert ldapsession.architecture.search(name)[0]['Name'] == name
def test_positive_access_with_non_admin_user_without_manifest(test_name):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has no manifest uploaded.
:id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6
:expectedresults: Subscription page is rendered properly without errors
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
role = entities.Role(organization=[org]).create()
create_role_permissions(
role,
{'Katello::Subscription': ['view_subscriptions']}
)
user_password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=user_password,
organization=[org],
default_organization=org,
).create()
with Session(test_name, user=user.login, password=user_password) as session:
assert not session.subscription.search('')
assert not session.subscription.has_manifest
def test_positive_access_with_non_admin_user_with_manifest(self):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has a manifest uploaded.
:id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4
:expectedresults: Subscription page is rendered properly without errors
and the default subscription is visible
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
self.upload_manifest(org.id, manifests.clone())
role = entities.Role().create()
create_role_permissions(
role,
{'Katello::Subscription': ['view_subscriptions']}
)
password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=password,
organization=[org],
default_organization=org,
).create()
with Session(self, user.login, password):
self.subscriptions.navigate_to_entity()
self.assertFalse(self.browser.current_url.endswith('katello/403'))
self.assertIsNotNone(
self.subscriptions.search(DEFAULT_SUBSCRIPTION_NAME))
def test_positive_access_with_non_admin_user_without_manifest(self):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has no manifest uploaded.
:id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6
:expectedresults: Subscription page is rendered properly without errors
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
role = entities.Role().create()
create_role_permissions(
role, {'Katello::Subscription': ['view_subscriptions']})
password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=password,
organization=[org],
default_organization=org,
).create()
with Session(self, user.login, password):
self.subscriptions.navigate_to_entity()
self.assertIsNotNone(
self.subscriptions.wait_until_element(
locators['subs.page_title']))
self.assertFalse(self.browser.current_url.endswith('katello/403'))
def test_positive_access_with_non_admin_user_with_manifest(test_name):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has a manifest uploaded.
:id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4
:expectedresults: Subscription page is rendered properly without errors
and the default subscription is visible
:BZ: 1417082, 1651981
:customerscenario: true
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
manifests.upload_manifest_locked(org.id)
role = entities.Role(organization=[org]).create()
create_role_permissions(role,
{'Katello::Subscription': ['view_subscriptions']})
user_password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=user_password,
organization=[org],
default_organization=org,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
assert (session.subscription.search(
f'name = "{DEFAULT_SUBSCRIPTION_NAME}"')[0]['Name'] ==
DEFAULT_SUBSCRIPTION_NAME)
def test_positive_add_host_collection_non_admin(module_org, test_name):
"""Test that host collection can be associated to Activation Keys by
non-admin user.
:id: 417f0b36-fd49-4414-87ab-6f72a09696f2
:expectedresults: Activation key is created, added host collection is
listed
:BZ: 1473212
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
hc = entities.HostCollection(organization=module_org).create()
# Create non-admin user with specified permissions
roles = [entities.Role().create()]
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'],
}
viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0]
roles.append(viewer_role)
create_role_permissions(roles[0], user_permissions)
password = gen_string('alphanumeric')
user = entities.User(
admin=False, role=roles, password=password, organization=[module_org]
).create()
with Session(test_name, user=user.login, password=password) as session:
session.activationkey.create({'name': ak_name, 'lce': {ENVIRONMENT: True}})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
session.activationkey.add_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name, widget_names='host_collections')
assert ak['host_collections']['resources']['assigned'][0]['Name'] == hc.name
def test_positive_access_with_non_admin_user_without_manifest(test_name):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has no manifest uploaded.
:id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6
:expectedresults: Subscription page is rendered properly without errors
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
role = entities.Role(organization=[org]).create()
create_role_permissions(role,
{'Katello::Subscription': ['view_subscriptions']})
user_password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=user_password,
organization=[org],
default_organization=org,
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
assert not session.subscription.search('')
assert not session.subscription.has_manifest
def test_positive_access_with_non_admin_user_with_manifest(self):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has a manifest uploaded.
:id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4
:expectedresults: Subscription page is rendered properly without errors
and the default subscription is visible
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
self.upload_manifest(org.id, manifests.clone())
role = entities.Role().create()
create_role_permissions(
role, {'Katello::Subscription': ['view_subscriptions']})
password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=password,
organization=[org],
default_organization=org,
).create()
with Session(self, user.login, password):
self.subscriptions.navigate_to_entity()
self.assertFalse(self.browser.current_url.endswith('katello/403'))
self.assertIsNotNone(
self.subscriptions.search(DEFAULT_SUBSCRIPTION_NAME))
def test_positive_access_with_non_admin_user_without_manifest(self):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has no manifest uploaded.
:id: dab9dc15-39a8-4105-b7ff-ecef909dc6e6
:expectedresults: Subscription page is rendered properly without errors
:BZ: 1417082
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
role = entities.Role().create()
create_role_permissions(
role,
{'Katello::Subscription': ['view_subscriptions']}
)
password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=password,
organization=[org],
default_organization=org,
).create()
with Session(self, user.login, password):
self.subscriptions.navigate_to_entity()
self.assertIsNotNone(self.subscriptions.wait_until_element(
locators['subs.page_title']))
self.assertFalse(self.browser.current_url.endswith('katello/403'))
def test_positive_add_katello_role_with_org(session, ldap_data, ldap_user_name,
test_name, auth_source,
ldap_usergroup_name, module_org):
"""Associate katello roles to User Group with org set.
[belonging to external AD User Group.]
:id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6
:setup: LDAP Auth Source should be created with Organization associated.
:Steps:
1. Create an UserGroup.
2. Assign some katello roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles, with the associated org
in LDAP Auth source page as the context set.
"""
auth_source_name = 'LDAP-' + auth_source.name
ak_name = gen_string('alpha')
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
different_org = entities.Organization().create()
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name,
EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.activationkey.create({'name': ak_name})
results = session.activationkey.search(ak_name)
assert results[0]['Name'] == ak_name
session.organization.select(different_org.name)
assert not session.activationkey.search(ak_name)[0]['Name'] == ak_name
ak = entities.ActivationKey(organization=module_org).search(
query={'search': 'name={}'.format(ak_name)})[0].read()
assert ak.organization.id == module_org.id
def test_positive_add_foreman_role_with_org_loc(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name,
module_org, module_loc):
"""Associate foreman roles to User Group with org and loc set.
[belonging to external AD User Group.]
:id: b39d7b2a-6d78-4c35-969a-37c8317ce64f
:setup: LDAP Auth Source should be created with Org and Location
Associated.
:Steps:
1. Create an UserGroup.
2. Assign some foreman roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access foreman entities as per roles, with the associated org and
loc in LDAP Auth source page as the context set.
:CaseLevel: Integration
"""
auth_source_name = 'LDAP-' + auth_source.name
name = gen_string('alpha')
user_permissions = {
'Hostgroup': PERMISSIONS['Hostgroup'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
foreman_role = entities.Role().create()
create_role_permissions(foreman_role, user_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
if bz_bug_is_open(1652938):
try:
ldapsession.hostgroup.search('')
except NoSuchElementException:
ldapsession.browser.refresh()
ldapsession.hostgroup.create({'host_group.name': name})
hostgroup = session.hostgroup.read(name, ['organizations', 'locations'])
assert len(hostgroup['organizations']['resources']['assigned']) == 1
assert module_org.name in hostgroup['organizations']['resources']['assigned']
assert len(hostgroup['locations']['resources']['assigned']) == 1
assert module_loc.name in hostgroup['locations']['resources']['assigned']
def test_positive_add_katello_role(session, ldap_data, ldap_user_name,
test_name, auth_source,
ldap_usergroup_name):
"""Associate katello roles to User Group.
[belonging to external AD User Group.]
:id: aa5e3bf4-cb42-43a4-93ea-a2eea54b847a
:Steps:
1. Create an UserGroup.
2. Assign some foreman roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles.
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']
}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name,
EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
with raises(NavigationTriesExceeded):
session.architecture.search('')
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(
ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_update_external_roles(
test_name, session, auth_source, ldap_usergroup_name, ldap_tear_down, ldap_data
):
"""Added AD UserGroup roles get pushed down to user
:id: f3ca1aae-5461-4af3-a508-82679bb6afed
:setup: assign additional roles to the UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Assign additional roles to the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User has access to all NEW functional areas that are
assigned to aforementioned UserGroup.
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create(
{
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
}
)
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
with Session(
test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]}
)
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(test_name, ldap_data['ldap_user_name'], ldap_data['ldap_user_passwd']) as session:
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_delete_external_roles(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Deleted AD UserGroup roles get pushed down to user
:id: 479bc8fe-f6a3-4c89-8c7e-3d997315383f
:setup: delete roles from an AD UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Unassign some of the existing roles of the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User no longer has access to all deleted functional
areas that were assigned to aforementioned UserGroup.
:CaseLevel: Integration
"""
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
create_role_permissions(foreman_role, foreman_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name, {'roles.resources.unassigned': [foreman_role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.location.create({'name': gen_string('alpha')})
def test_positive_create_as_non_admin_user(module_org, test_name):
"""Create a repository as a non admin user
:id: 582949c4-b95f-4d64-b7f0-fb80b3d2bd7e
:expectedresults: Repository successfully created
:BZ: 1426393
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
repo_name = gen_string('alpha')
user_permissions = {
None: ['access_dashboard'],
'Katello::Product': [
'view_products',
'create_products',
'edit_products',
'destroy_products',
'sync_products',
'export_products',
],
}
role = entities.Role().create()
create_role_permissions(role, user_permissions)
entities.User(
login=user_login,
password=user_password,
role=[role],
admin=False,
default_organization=module_org,
organization=[module_org],
).create()
product = entities.Product(organization=module_org).create()
with Session(test_name, user=user_login,
password=user_password) as session:
# ensure that the created user is not a global admin user
# check administer->organizations page
with raises(NavigationTriesExceeded):
session.organization.create({
'name': gen_string('alpha'),
'label': gen_string('alpha')
})
session.repository.create(
product.name,
{
'name': repo_name,
'repo_type': REPO_TYPE['yum'],
'repo_content.upstream_url': FAKE_1_YUM_REPO,
},
)
assert session.repository.search(product.name,
repo_name)[0]['Name'] == repo_name
def test_positive_create_as_non_admin_user(module_org, test_name):
"""Create a repository as a non admin user
:id: 582949c4-b95f-4d64-b7f0-fb80b3d2bd7e
:expectedresults: Repository successfully created
:BZ: 1426393
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
repo_name = gen_string('alpha')
user_permissions = {
None: ['access_dashboard'],
'Katello::Product': [
'view_products',
'create_products',
'edit_products',
'destroy_products',
'sync_products',
'export_products',
],
}
role = entities.Role().create()
create_role_permissions(role, user_permissions)
entities.User(
login=user_login,
password=user_password,
role=[role],
admin=False,
default_organization=module_org,
organization=[module_org],
).create()
product = entities.Product(organization=module_org).create()
with Session(
test_name, user=user_login, password=user_password) as session:
# ensure that the created user is not a global admin user
# check administer->organizations page
with raises(NavigationTriesExceeded):
session.organization.create({
'name': gen_string('alpha'),
'label': gen_string('alpha'),
})
session.repository.create(
product.name,
{
'name': repo_name,
'repo_type': REPO_TYPE['yum'],
'repo_content.upstream_url': FAKE_1_YUM_REPO,
}
)
assert session.repository.search(
product.name, repo_name)[0]['Name'] == repo_name
def test_negative_remove_parameter_non_admin_user(test_name, module_org,
module_loc):
"""Attempt to remove host parameter as a non-admin user with
insufficient permissions
:BZ: 1317868
:id: 78fd230e-2ec4-4158-823b-ddbadd5e232f
:customerscenario: true
:expectedresults: user with insufficient permissions is unable to
remove host parameter, 'Remove' link is not visible for him
:CaseLevel: System
"""
user_password = gen_string('alpha')
parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')}
role = entities.Role(organization=[module_org]).create()
create_role_permissions(
role, {
'Parameter': ['view_params'],
'Host': PERMISSIONS['Host'],
'Operatingsystem': ['view_operatingsystems'],
})
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[module_org],
location=[module_loc],
default_organization=module_org,
default_location=module_loc,
).create()
host = entities.Host(
content_facet_attributes={
'content_view_id': module_org.default_content_view.id,
'lifecycle_environment_id': module_org.library.id,
},
location=module_loc,
organization=module_org,
host_parameters_attributes=[parameter],
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
values = session.host.read(host.name, 'parameters')
assert values['parameters']['host_params'][0] == parameter
with pytest.raises(NoSuchElementException) as context:
session.host.update(host.name, {'parameters.host_params': []})
assert 'Remove Parameter' in str(context.value)
def test_negative_remove_parameter_non_admin_user(test_name, module_org, module_loc):
"""Attempt to remove host parameter as a non-admin user with
insufficient permissions
:BZ: 1317868
:id: 78fd230e-2ec4-4158-823b-ddbadd5e232f
:customerscenario: true
:expectedresults: user with insufficient permissions is unable to
remove host parameter, 'Remove' link is not visible for him
:CaseLevel: System
"""
user_password = gen_string('alpha')
parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')}
role = entities.Role(organization=[module_org]).create()
create_role_permissions(
role,
{
'Parameter': ['view_params'],
'Host': PERMISSIONS['Host'],
'Operatingsystem': ['view_operatingsystems'],
}
)
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[module_org],
location=[module_loc],
default_organization=module_org,
default_location=module_loc,
).create()
host = entities.Host(
content_facet_attributes={
'content_view_id': module_org.default_content_view.id,
'lifecycle_environment_id': module_org.library.id,
},
location=module_loc,
organization=module_org,
host_parameters_attributes=[parameter],
).create()
with Session(test_name, user=user.login, password=user_password) as session:
values = session.host.read(host.name, 'parameters')
assert values['parameters']['host_params'][0] == parameter
with pytest.raises(NoSuchElementException) as context:
session.host.update(host.name, {'parameters.host_params': []})
assert 'Remove Parameter' in str(context.value)
def test_positive_add_katello_role(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Associate katello roles to User Group.
[belonging to external AD User Group.]
:id: aa5e3bf4-cb42-43a4-93ea-a2eea54b847a
:Steps:
1. Create an UserGroup.
2. Assign some foreman roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles.
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
user_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
with raises(NavigationTriesExceeded):
session.architecture.search('')
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_remove_host_collection_non_admin(module_org, test_name):
"""Test that host collection can be removed from Activation Keys by
non-admin user.
:id: 187456ec-5690-4524-9701-8bdb74c7912a
:expectedresults: Activation key is created, removed host collection is not
listed
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
hc = entities.HostCollection(organization=module_org).create()
# Create non-admin user with specified permissions
roles = [entities.Role().create()]
user_permissions = {
'Katello::ActivationKey':
constants.PERMISSIONS['Katello::ActivationKey'],
'Katello::HostCollection':
constants.PERMISSIONS['Katello::HostCollection'],
}
viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0]
roles.append(viewer_role)
create_role_permissions(roles[0], user_permissions)
password = gen_string('alphanumeric')
user = entities.User(admin=False,
role=roles,
password=password,
organization=[module_org]).create()
with Session(test_name, user=user.login, password=password) as session:
session.activationkey.create({
'name': ak_name,
'lce': {
constants.ENVIRONMENT: True
}
})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
session.activationkey.add_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name,
widget_names='host_collections')
assert ak['host_collections']['resources']['assigned'][0][
'Name'] == hc.name
# remove Host Collection
session.activationkey.remove_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name,
widget_names='host_collections')
assert not ak['host_collections']['resources']['assigned']
def test_positive_remove_parameter_non_admin_user(test_name, module_org,
module_loc):
"""Remove a host parameter as a non-admin user with enough permissions
:id: 598111c1-fdb6-42e9-8c28-fae999b5d112
:expectedresults: user with sufficient permissions may remove host
parameter
:CaseLevel: System
"""
user_password = gen_string('alpha')
parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')}
role = entities.Role(organization=[module_org]).create()
create_role_permissions(
role, {
'Parameter': PERMISSIONS['Parameter'],
'Host': PERMISSIONS['Host'],
'Operatingsystem': ['view_operatingsystems'],
})
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[module_org],
location=[module_loc],
default_organization=module_org,
default_location=module_loc,
).create()
host = entities.Host(
content_facet_attributes={
'content_view_id': module_org.default_content_view.id,
'lifecycle_environment_id': module_org.library.id,
},
location=module_loc,
organization=module_org,
host_parameters_attributes=[parameter],
).create()
with Session(test_name, user=user.login,
password=user_password) as session:
values = session.host.read(host.name, 'parameters')
assert values['parameters']['host_params'][0] == parameter
session.host.update(host.name, {'parameters.host_params': []})
values = session.host.read(host.name, 'parameters')
assert not values['parameters']['host_params']
def test_positive_remove_parameter_non_admin_user(test_name, module_org, module_loc):
"""Remove a host parameter as a non-admin user with enough permissions
:id: 598111c1-fdb6-42e9-8c28-fae999b5d112
:expectedresults: user with sufficient permissions may remove host
parameter
:CaseLevel: System
"""
user_password = gen_string('alpha')
parameter = {'name': gen_string('alpha'), 'value': gen_string('alpha')}
role = entities.Role(organization=[module_org]).create()
create_role_permissions(
role,
{
'Parameter': PERMISSIONS['Parameter'],
'Host': PERMISSIONS['Host'],
'Operatingsystem': ['view_operatingsystems'],
}
)
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[module_org],
location=[module_loc],
default_organization=module_org,
default_location=module_loc,
).create()
host = entities.Host(
content_facet_attributes={
'content_view_id': module_org.default_content_view.id,
'lifecycle_environment_id': module_org.library.id,
},
location=module_loc,
organization=module_org,
host_parameters_attributes=[parameter],
).create()
with Session(test_name, user=user.login, password=user_password) as session:
values = session.host.read(host.name, 'parameters')
assert values['parameters']['host_params'][0] == parameter
session.host.update(host.name, {'parameters.host_params': []})
values = session.host.read(host.name, 'parameters')
assert not values['parameters']['host_params']
def test_positive_search_with_non_admin_user(self):
"""Search for specific smart class parameter using non admin user
:id: 79bd4071-1baa-44af-91dd-1e093445af29
:expectedresults: Specified smart class parameter can be found in the
system
:BZ: 1391556
:CaseLevel: Integration
"""
sc_param = self.sc_params_list.pop()
username = gen_string('alpha')
password = gen_string('alpha')
required_user_permissions = {
'Puppetclass': [
'view_puppetclasses',
],
'PuppetclassLookupKey': [
'view_external_parameters',
'create_external_parameters',
'edit_external_parameters',
'destroy_external_parameters',
],
}
role = entities.Role().create()
create_role_permissions(role, required_user_permissions)
entities.User(
login=username,
password=password,
role=[role],
admin=False
).create()
# assert that the user is not an admin one and cannot read the current
# role info (note: view_roles is not in the required permissions)
cfg = get_nailgun_config()
cfg.auth = (username, password)
with self.assertRaises(HTTPError) as context:
entities.Role(cfg, id=role.id).read()
self.assertIn(
'403 Client Error: Forbidden', context.exception.message)
with Session(self.browser, username, password):
self.assertIsNotNone(self.sc_parameters.search(sc_param.parameter))
def test_positive_remove_host_collection_non_admin(module_org, test_name):
"""Test that host collection can be removed from Activation Keys by
non-admin user.
:id: 187456ec-5690-4524-9701-8bdb74c7912a
:expectedresults: Activation key is created, removed host collection is not
listed
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
hc = entities.HostCollection(organization=module_org).create()
# Create non-admin user with specified permissions
roles = [entities.Role().create()]
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'],
}
viewer_role = entities.Role().search(
query={'search': 'name="Viewer"'})[0]
roles.append(viewer_role)
create_role_permissions(roles[0], user_permissions)
password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=roles,
password=password,
organization=[module_org],
).create()
with Session(test_name, user=user.login, password=password) as session:
session.activationkey.create({
'name': ak_name,
'lce': {ENVIRONMENT: True},
})
assert session.activationkey.search(ak_name) == ak_name
session.activationkey.add_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name)
assert ak[
'host_collections']['resources']['assigned'][0]['Name'] == hc.name
# remove Host Collection
session.activationkey.remove_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name)
assert not ak['host_collections']['resources']['assigned']
def test_positive_search_with_non_admin_user(test_name, sc_params_list):
"""Search for specific smart class parameter using non admin user
:id: 79bd4071-1baa-44af-91dd-1e093445af29
:expectedresults: Specified smart class parameter can be found in the
system
:BZ: 1391556
:CaseLevel: Integration
"""
sc_param = sc_params_list.pop()
username = gen_string('alpha')
password = gen_string('alpha')
required_user_permissions = {
'Puppetclass': [
'view_puppetclasses',
],
'PuppetclassLookupKey': [
'view_external_parameters',
'create_external_parameters',
'edit_external_parameters',
'destroy_external_parameters',
],
}
role = entities.Role().create()
create_role_permissions(role, required_user_permissions)
entities.User(
login=username,
password=password,
role=[role],
admin=False
).create()
# assert that the user is not an admin one and cannot read the current
# role info (note: view_roles is not in the required permissions)
cfg = get_nailgun_config()
cfg.auth = (username, password)
with raises(HTTPError) as context:
entities.Role(cfg, id=role.id).read()
assert '403 Client Error: Forbidden' in str(context.value)
with Session(test_name, user=username, password=password) as session:
assert session.sc_parameter.search(
sc_param.parameter)[0]['Parameter'] == sc_param.parameter
def test_positive_create_product_with_limited_user_permission(
session, target_sat, test_name, module_org, module_location):
"""A user with all permissions in Product and Repositories should be able to
create a new product
:id: 534a16f9-2d66-4fa1-aa5b-560f00eb4f67
:expectedresults: User successfully creates new product
:customerscenario: true
:CaseLevel: Component
:CaseImportance: High
:BZ: 1771937
"""
username = gen_string('alpha')
password = gen_string('alpha')
product_name = gen_string('alpha')
product_label = gen_string('alpha')
product_description = gen_string('alpha')
role = target_sat.api.Role().create()
# Calling Products and Repositoy to get all the permissions in it
create_role_permissions(
role, {'Katello::Product': PERMISSIONS['Katello::Product']})
target_sat.api.User(
default_organization=module_org,
organization=[module_org],
firstname='sample',
lastname='test',
role=[role],
login=username,
password=password,
mail='*****@*****.**',
).create()
with Session(test_name, username, password) as newsession:
newsession.product.create({
'name': product_name,
'label': product_label,
'description': product_description
})
assert newsession.product.search(
product_name)[0]['Name'] == product_name
def test_positive_add_host_collection_non_admin(module_org, test_name):
"""Test that host collection can be associated to Activation Keys by
non-admin user.
:id: 417f0b36-fd49-4414-87ab-6f72a09696f2
:expectedresults: Activation key is created, added host collection is
listed
:BZ: 1473212
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
hc = entities.HostCollection(organization=module_org).create()
# Create non-admin user with specified permissions
roles = [entities.Role().create()]
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Katello::HostCollection': PERMISSIONS['Katello::HostCollection'],
}
viewer_role = entities.Role().search(query={'search': 'name="Viewer"'})[0]
roles.append(viewer_role)
create_role_permissions(roles[0], user_permissions)
password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=roles,
password=password,
organization=[module_org],
).create()
with Session(test_name, user=user.login, password=password) as session:
session.activationkey.create({
'name': ak_name,
'lce': {ENVIRONMENT: True},
})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
session.activationkey.add_host_collection(ak_name, hc.name)
ak = session.activationkey.read(ak_name)
assert ak[
'host_collections']['resources']['assigned'][0]['Name'] == hc.name
def test_positive_create_role_filter(session, module_org):
"""Update a role with new filter and check that corresponding event
appeared in the audit log
:id: 74679c0d-7ef1-4ab1-8282-9377c6cabb9f
:customerscenario: true
:expectedresults: audit log has an entry for a new filter that was
added to the role
:BZ: 1425977, 1701118, 1701132
:CaseAutomation: Automated
:CaseLevel: Integration
:CaseImportance: Medium
"""
role = entities.Role(organization=[module_org]).create()
with session:
session.organization.select(org_name=ANY_CONTEXT['org'])
values = session.audit.search(
f'type=role and organization={module_org.name}')
assert values['action_type'] == 'create'
assert values['resource_type'] == 'ROLE'
assert values['resource_name'] == role.name
create_role_permissions(
role,
{'Architecture': ['view_architectures', 'edit_architectures']})
values = session.audit.search('type=filter')
assert values['action_type'] == 'added'
assert values['resource_type'] == 'Filter'
assert values['resource_name'] == '{} and {} / {}'.format(
'view_architectures', 'edit_architectures', role.name)
assert len(values['action_summary']) == 1
assert values['action_summary'][0][
'column0'] == 'Added {} and {} to {}'.format(
'view_architectures', 'edit_architectures', role.name)
def test_positive_access_with_non_admin_user_with_manifest(test_name):
"""Access subscription page with user that has only view_subscriptions
permission and organization that has a manifest uploaded.
:id: 9184fcf6-36be-42c8-984c-3c5d7834b3b4
:expectedresults: Subscription page is rendered properly without errors
and the default subscription is visible
:BZ: 1417082, 1651981
:customerscenario: true
:CaseLevel: Integration
:CaseImportance: Critical
"""
org = entities.Organization().create()
manifests.upload_manifest_locked(org.id)
role = entities.Role(organization=[org]).create()
create_role_permissions(
role,
{'Katello::Subscription': ['view_subscriptions']}
)
user_password = gen_string('alphanumeric')
user = entities.User(
admin=False,
role=[role],
password=user_password,
organization=[org],
default_organization=org,
).create()
with Session(test_name, user=user.login, password=user_password) as session:
assert (session.subscription.search(
'name = "{0}"'.format(DEFAULT_SUBSCRIPTION_NAME))[0]['Name']
== DEFAULT_SUBSCRIPTION_NAME)
def test_positive_custom_user_view_lce(self):
"""As a custom user attempt to view a lifecycle environment created
by admin user
:id: 768b647b-c530-4eca-9caa-38cf8622f36d
:BZ: 1420511
:Steps:
As an admin user:
1. Create an additional lifecycle environments other than Library
2. Create a user without administrator privileges
3. Create a role with the the following permissions:
* (Miscellaneous): access_dashboard
* Lifecycle Environment:
* edit_lifecycle_environments
* promote_or_remove_content_views_to_environment
* view_lifecycle_environments
* Location: view_locations
* Organization: view_organizations
4. Assign the created role to the custom user
As a custom user:
1. Log in
2. Navigate to Content -> Lifecycle Environments
:expectedresults: The additional lifecycle environment is viewable and
accessible by the custom user.
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
env_name = gen_string('alpha')
user_login = gen_string('alpha')
user_password = gen_string('alpha')
org = entities.Organization().create()
role = entities.Role(name=role_name).create()
permissions_types_names = {
None: ['access_dashboard'],
'Organization': ['view_organizations'],
'Location': ['view_locations'],
'Katello::KTEnvironment': [
'view_lifecycle_environments',
'edit_lifecycle_environments',
'promote_or_remove_content_views_to_environments'
]
}
create_role_permissions(role, permissions_types_names)
entities.User(
default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password
).create()
# create a life cycle environment as admin user and ensure it's visible
with Session(self.browser) as session:
make_lifecycle_environment(
session, org=org.name, name=env_name)
self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
# ensure the created user also can find the created life cycle
# environment link
with Session(self.browser, user=user_login, password=user_password):
# to ensure that the created user has only the assigned
# permissions, check that hosts menu tab does not exist
self.assertIsNone(
self.content_views.wait_until_element(
menu_locators['menu.hosts'], timeout=1)
)
# assert that the created user is not a global admin user
# check administer->users page
with self.assertRaises(UINoSuchElementError):
session.nav.go_to_users()
# assert that the user can view the lvce created by admin user
self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
def test_positive_custom_user_view_lce(session, test_name):
"""As a custom user attempt to view a lifecycle environment created
by admin user
:id: 768b647b-c530-4eca-9caa-38cf8622f36d
:BZ: 1420511
:Steps:
As an admin user:
1. Create an additional lifecycle environments other than Library
2. Create a user without administrator privileges
3. Create a role with the the following permissions:
* (Miscellaneous): access_dashboard
* Lifecycle Environment:
* edit_lifecycle_environments
* promote_or_remove_content_views_to_environment
* view_lifecycle_environments
* Location: view_locations
* Organization: view_organizations
4. Assign the created role to the custom user
As a custom user:
1. Log in
2. Navigate to Content -> Lifecycle Environments
:expectedresults: The additional lifecycle environment is viewable and
accessible by the custom user.
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
lce_name = gen_string('alpha')
user_login = gen_string('alpha')
user_password = gen_string('alpha')
org = entities.Organization().create()
role = entities.Role(name=role_name).create()
permissions_types_names = {
None: ['access_dashboard'],
'Organization': ['view_organizations'],
'Location': ['view_locations'],
'Katello::KTEnvironment': [
'view_lifecycle_environments', 'edit_lifecycle_environments',
'promote_or_remove_content_views_to_environments'
]
}
create_role_permissions(role, permissions_types_names)
entities.User(default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password).create()
# create a life cycle environment as admin user and ensure it's visible
with session:
session.organization.select(org.name)
session.lifecycleenvironment.create(values={'name': lce_name})
lce_values = session.lifecycleenvironment.read_all()
assert lce_name in lce_values['lce']
# ensure the created user also can find the created lifecycle environment link
with Session(test_name, user_login, user_password) as non_admin_session:
# to ensure that the created user has only the assigned
# permissions, check that hosts menu tab does not exist
with raises(NavigationTriesExceeded):
assert not non_admin_session.host.read_all()
# assert that the user can view the lvce created by admin user
lce_values = non_admin_session.lifecycleenvironment.read_all()
assert lce_name in lce_values['lce']
def test_positive_create_as_non_admin_user_with_cv_published(
module_org, test_name):
"""Create a repository as a non admin user in a product that already
contain a repository that is used in a published content view.
:id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f
:expectedresults: New repository successfully created by non admin user
:BZ: 1447829
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
repo_name = gen_string('alpha')
user_permissions = {
None: ['access_dashboard'],
'Katello::Product': [
'view_products',
'create_products',
'edit_products',
'destroy_products',
'sync_products',
'export_products',
],
}
role = entities.Role().create()
create_role_permissions(role, user_permissions)
entities.User(
login=user_login,
password=user_password,
role=[role],
admin=False,
default_organization=module_org,
organization=[module_org],
).create()
prod = entities.Product(organization=module_org).create()
repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create()
repo.sync()
content_view = entities.ContentView(organization=module_org).create()
content_view.repository = [repo]
content_view = content_view.update(['repository'])
content_view.publish()
with Session(test_name, user_login, user_password) as session:
# ensure that the created user is not a global admin user
# check administer->users page
with raises(NavigationTriesExceeded):
pswd = gen_string('alphanumeric')
session.user.create({
'user.login': gen_string('alphanumeric'),
'user.auth': 'INTERNAL',
'user.password': pswd,
'user.confirm': pswd,
})
# ensure that the created user has only the assigned permissions
# check that host collections menu tab does not exist
with raises(NavigationTriesExceeded):
session.hostcollection.create({'name': gen_string('alphanumeric')})
session.repository.create(
prod.name, {
'name': repo_name,
'repo_type': REPO_TYPE['yum'],
'repo_content.upstream_url': FAKE_1_YUM_REPO,
})
assert session.repository.search(prod.name,
repo.name)[0]['Name'] == repo.name
def test_positive_custom_user_view_lce(session, test_name):
"""As a custom user attempt to view a lifecycle environment created
by admin user
:id: 768b647b-c530-4eca-9caa-38cf8622f36d
:BZ: 1420511
:Steps:
As an admin user:
1. Create an additional lifecycle environments other than Library
2. Create a user without administrator privileges
3. Create a role with the the following permissions:
* (Miscellaneous): access_dashboard
* Lifecycle Environment:
* edit_lifecycle_environments
* promote_or_remove_content_views_to_environment
* view_lifecycle_environments
* Location: view_locations
* Organization: view_organizations
4. Assign the created role to the custom user
As a custom user:
1. Log in
2. Navigate to Content -> Lifecycle Environments
:expectedresults: The additional lifecycle environment is viewable and
accessible by the custom user.
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
lce_name = gen_string('alpha')
user_login = gen_string('alpha')
user_password = gen_string('alpha')
org = entities.Organization().create()
role = entities.Role(name=role_name).create()
permissions_types_names = {
None: ['access_dashboard'],
'Organization': ['view_organizations'],
'Location': ['view_locations'],
'Katello::KTEnvironment': [
'view_lifecycle_environments',
'edit_lifecycle_environments',
'promote_or_remove_content_views_to_environments'
]
}
create_role_permissions(role, permissions_types_names)
entities.User(
default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password
).create()
# create a life cycle environment as admin user and ensure it's visible
with session:
session.organization.select(org.name)
session.lifecycleenvironment.create(values={'name': lce_name})
lce_values = session.lifecycleenvironment.read_all()
assert lce_name in lce_values['lce']
# ensure the created user also can find the created lifecycle environment link
with Session(test_name, user_login, user_password) as non_admin_session:
# to ensure that the created user has only the assigned
# permissions, check that hosts menu tab does not exist
with raises(NavigationTriesExceeded):
assert not non_admin_session.host.read_all()
# assert that the user can view the lvce created by admin user
lce_values = non_admin_session.lifecycleenvironment.read_all()
assert lce_name in lce_values['lce']
def test_positive_check_permissions_affect_create_procedure(
test_name, module_loc):
"""Verify whether user permissions affect what entities can be selected
when host is created
:id: 4502f99d-86fb-4655-a9dc-b2612cf849c6
:customerscenario: true
:expectedresults: user with specific permissions can choose only
entities for create host procedure that he has access to
:BZ: 1293716
:CaseLevel: System
"""
# Create new organization
org = entities.Organization().create()
# Create two lifecycle environments
lc_env = entities.LifecycleEnvironment(organization=org).create()
filter_lc_env = entities.LifecycleEnvironment(organization=org).create()
# Create two content views and promote them to one lifecycle
# environment which will be used in filter
cv = entities.ContentView(organization=org).create()
filter_cv = entities.ContentView(organization=org).create()
for content_view in [cv, filter_cv]:
content_view.publish()
content_view = content_view.read()
promote(content_view.version[0], filter_lc_env.id)
# Create two host groups
hg = entities.HostGroup(organization=[org]).create()
filter_hg = entities.HostGroup(organization=[org]).create()
# Create new role
role = entities.Role().create()
# Create lifecycle environment permissions and select one specific
# environment user will have access to
create_role_permissions(
role,
{
'Katello::KTEnvironment': [
'promote_or_remove_content_views_to_environments',
'view_lifecycle_environments'
]
},
# allow access only to the mentioned here environment
search='name = {0}'.format(filter_lc_env.name))
# Add necessary permissions for content view as we did for lce
create_role_permissions(
role,
{
'Katello::ContentView': [
'promote_or_remove_content_views',
'view_content_views',
'publish_content_views',
]
},
# allow access only to the mentioned here cv
search='name = {0}'.format(filter_cv.name))
# Add necessary permissions for hosts as we did for lce
create_role_permissions(
role,
{'Host': ['create_hosts', 'view_hosts']},
# allow access only to the mentioned here host group
search='hostgroup_fullname = {0}'.format(filter_hg.name))
# Add necessary permissions for host groups as we did for lce
create_role_permissions(
role,
{'Hostgroup': ['view_hostgroups']},
# allow access only to the mentioned here host group
search='name = {0}'.format(filter_hg.name))
# Add permissions for Organization and Location
create_role_permissions(
role,
{
'Organization': PERMISSIONS['Organization'],
'Location': PERMISSIONS['Location'],
},
)
# Create new user with a configured role
user_password = gen_string('alpha')
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[org],
location=[module_loc],
default_organization=org,
default_location=module_loc,
).create()
host_fields = [
{
'name': 'host.hostgroup',
'unexpected_value': hg.name,
'expected_value': filter_hg.name,
},
{
'name': 'host.lce',
'unexpected_value': lc_env.name,
'expected_value': filter_lc_env.name,
},
{
'name': 'host.content_view',
'unexpected_value': cv.name,
'expected_value': filter_cv.name,
# content view selection needs the right lce to be selected
'other_fields_values': {
'host.lce': filter_lc_env.name
}
},
]
with Session(test_name, user=user.login,
password=user_password) as session:
for host_field in host_fields:
with pytest.raises(NoSuchElementException) as context:
values = {host_field['name']: host_field['unexpected_value']}
values.update(host_field.get('other_fields_values', {}))
session.host.helper.read_create_view(values)
error_message = str(context.value)
assert host_field['unexpected_value'] in error_message
# After the NoSuchElementException from FilteredDropdown, airgun is not able to
# navigate to other locations, Note in normal situation we should send Escape key to
# browser.
session.browser.refresh()
values = {host_field['name']: host_field['expected_value']}
values.update(host_field.get('other_fields_values', {}))
create_values = session.host.helper.read_create_view(
values, host_field['name'])
tab_name, field_name = host_field['name'].split('.')
assert create_values[tab_name][field_name] == host_field[
'expected_value']
def test_positive_create_as_non_admin_user_with_cv_published(
module_org, test_name):
"""Create a repository as a non admin user in a product that already
contain a repository that is used in a published content view.
:id: 407864eb-50b8-4bc8-bbc7-0e6f8136d89f
:expectedresults: New repository successfully created by non admin user
:BZ: 1447829
:CaseLevel: Integration
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
repo_name = gen_string('alpha')
user_permissions = {
None: ['access_dashboard'],
'Katello::Product': [
'view_products',
'create_products',
'edit_products',
'destroy_products',
'sync_products',
'export_products',
],
}
role = entities.Role().create()
create_role_permissions(role, user_permissions)
entities.User(
login=user_login,
password=user_password,
role=[role],
admin=False,
default_organization=module_org,
organization=[module_org],
).create()
prod = entities.Product(organization=module_org).create()
repo = entities.Repository(product=prod, url=FAKE_2_YUM_REPO).create()
repo.sync()
content_view = entities.ContentView(organization=module_org).create()
content_view.repository = [repo]
content_view = content_view.update(['repository'])
content_view.publish()
with Session(test_name, user_login, user_password) as session:
# ensure that the created user is not a global admin user
# check administer->users page
with raises(NavigationTriesExceeded):
pswd = gen_string('alphanumeric')
session.user.create({
'user.login': gen_string('alphanumeric'),
'user.auth': 'INTERNAL',
'user.password': pswd,
'user.confirm': pswd,
})
# ensure that the created user has only the assigned permissions
# check that host collections menu tab does not exist
with raises(NavigationTriesExceeded):
session.hostcollection.create({'name': gen_string('alphanumeric')})
session.repository.create(
prod.name,
{
'name': repo_name,
'repo_type': REPO_TYPE['yum'],
'repo_content.upstream_url': FAKE_1_YUM_REPO,
}
)
assert session.repository.search(
prod.name, repo.name)[0]['Name'] == repo.name
def test_positive_user_access_with_host_filter(test_name, module_loc):
"""Check if user with necessary host permissions can access dashboard
and required widgets are rendered with proper values
:id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d
:Steps:
1. Specify proper filter with permission for your role
2. Create new user and assign role to it
3. Login into application using this new user
4. Check dashboard and widgets on it
5. Register new content host to populate some values into dashboard widgets
:expectedresults: Dashboard and Errata Widget rendered without errors and
contain proper values
:BZ: 1417114
:CaseLevel: System
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
org = entities.Organization().create()
lce = entities.LifecycleEnvironment(organization=org).create()
# create a role with necessary permissions
role = entities.Role().create()
user_permissions = {
'Organization': ['view_organizations'],
'Location': ['view_locations'],
None: ['access_dashboard'],
'Host': ['view_hosts'],
}
create_role_permissions(role, user_permissions)
# create a user and assign the above created role
entities.User(
default_organization=org,
organization=[org],
default_location=module_loc,
location=[module_loc],
role=[role],
login=user_login,
password=user_password
).create()
with Session(test_name, user=user_login, password=user_password) as session:
assert session.dashboard.read('HostConfigurationStatus')['total_count'] == 0
assert len(session.dashboard.read('LatestErrata')) == 0
repos_collection = RepositoryCollection(
distro=DISTRO_RHEL7,
repositories=[
SatelliteToolsRepository(),
YumRepository(url=FAKE_6_YUM_REPO),
]
)
repos_collection.setup_content(org.id, lce.id)
with VirtualMachine(distro=repos_collection.distro) as client:
repos_collection.setup_virtual_machine(client)
result = client.run('yum install -y {0}'.format(FAKE_1_CUSTOM_PACKAGE))
assert result.return_code == 0
hostname = client.hostname
# Check UI for values
assert session.host.search(hostname)[0]['Name'] == hostname
hosts_values = session.dashboard.read('HostConfigurationStatus')
assert hosts_values['total_count'] == 1
errata_values = session.dashboard.read('LatestErrata')['erratas']
assert len(errata_values) == 1
assert errata_values[0]['Type'] == 'security'
assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_update_external_roles(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Added AD UserGroup roles get pushed down to user
:id: f3ca1aae-5461-4af3-a508-82679bb6afed
:setup: assign additional roles to the UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Login to sat6 with the AD user.
5. Assign additional roles to the UserGroup.
6. Login to sat6 with LDAP user that is part of aforementioned
UserGroup.
:expectedresults: User has access to all NEW functional areas that are
assigned to aforementioned UserGroup.
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.usergroup.update(
ldap_usergroup_name, {'roles.resources.assigned': [katello_role.name]})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_custom_user_view_lce(self):
"""As a custom user attempt to view a lifecycle environment created
by admin user
:id: 768b647b-c530-4eca-9caa-38cf8622f36d
:BZ: 1420511
:Steps:
As an admin user:
1. Create an additional lifecycle environments other than Library
2. Create a user without administrator privileges
3. Create a role with the the following permissions:
* (Miscellaneous): access_dashboard
* Lifecycle Environment:
* edit_lifecycle_environments
* promote_or_remove_content_views_to_environment
* view_lifecycle_environments
* Location: view_locations
* Organization: view_organizations
4. Assign the created role to the custom user
As a custom user:
1. Log in
2. Navigate to Content -> Lifecycle Environments
:expectedresults: The additional lifecycle environment is viewable and
accessible by the custom user.
:CaseLevel: Integration
"""
role_name = gen_string('alpha')
env_name = gen_string('alpha')
user_login = gen_string('alpha')
user_password = gen_string('alpha')
org = entities.Organization().create()
role = entities.Role(name=role_name).create()
permissions_types_names = {
None: ['access_dashboard'],
'Organization': ['view_organizations'],
'Location': ['view_locations'],
'Katello::KTEnvironment': [
'view_lifecycle_environments', 'edit_lifecycle_environments',
'promote_or_remove_content_views_to_environments'
]
}
create_role_permissions(role, permissions_types_names)
entities.User(default_organization=org,
organization=[org],
role=[role],
login=user_login,
password=user_password).create()
# create a life cycle environment as admin user and ensure it's visible
with Session(self.browser) as session:
make_lifecycle_environment(session, org=org.name, name=env_name)
self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
# ensure the created user also can find the created life cycle
# environment link
with Session(self.browser, user=user_login, password=user_password):
# to ensure that the created user has only the assigned
# permissions, check that hosts menu tab does not exist
self.assertIsNone(
self.content_views.wait_until_element(
menu_locators['menu.hosts'], timeout=1))
# assert that the created user is not a global admin user
# check administer->users page
with self.assertRaises(UINoSuchElementError):
session.nav.go_to_users()
# assert that the user can view the lvce created by admin user
self.assertIsNotNone(self.lifecycleenvironment.search(env_name))
def test_positive_user_access_with_host_filter(test_name, module_loc,
rhel7_contenthost):
"""Check if user with necessary host permissions can access dashboard
and required widgets are rendered with proper values
:id: 24b4b371-cba0-4bc8-bc6a-294c62e0586d
:Steps:
1. Specify proper filter with permission for your role
2. Create new user and assign role to it
3. Login into application using this new user
4. Check dashboard and widgets on it
5. Register new content host to populate some values into dashboard widgets
:expectedresults: Dashboard and Errata Widget rendered without errors and
contain proper values
:BZ: 1417114
:CaseLevel: System
"""
user_login = gen_string('alpha')
user_password = gen_string('alphanumeric')
org = entities.Organization().create()
lce = entities.LifecycleEnvironment(organization=org).create()
# create a role with necessary permissions
role = entities.Role().create()
user_permissions = {
'Organization': ['view_organizations'],
'Location': ['view_locations'],
None: ['access_dashboard'],
'Host': ['view_hosts'],
}
create_role_permissions(role, user_permissions)
# create a user and assign the above created role
entities.User(
default_organization=org,
organization=[org],
default_location=module_loc,
location=[module_loc],
role=[role],
login=user_login,
password=user_password,
).create()
with Session(test_name, user=user_login,
password=user_password) as session:
assert session.dashboard.read(
'HostConfigurationStatus')['total_count'] == 0
assert len(session.dashboard.read('LatestErrata')) == 0
repos_collection = RepositoryCollection(
distro=DISTRO_RHEL7,
repositories=[
SatelliteToolsRepository(),
YumRepository(url=FAKE_6_YUM_REPO)
],
)
repos_collection.setup_content(org.id, lce.id, upload_manifest=True)
repos_collection.setup_virtual_machine(rhel7_contenthost)
result = rhel7_contenthost.run(
f'yum install -y {FAKE_1_CUSTOM_PACKAGE}')
assert result.status == 0
hostname = rhel7_contenthost.hostname
# Check UI for values
assert session.host.search(hostname)[0]['Name'] == hostname
hosts_values = session.dashboard.read('HostConfigurationStatus')
assert hosts_values['total_count'] == 1
errata_values = session.dashboard.read('LatestErrata')['erratas']
assert len(errata_values) == 1
assert errata_values[0]['Type'] == 'security'
assert FAKE_2_ERRATA_ID in errata_values[0]['Errata']
def test_positive_update_external_user_roles(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name):
"""Assure that user has roles/can access feature areas for
additional roles assigned outside any roles assigned by his group
:id: a487f7d6-22f2-4e42-b34f-8d984f721c83
:setup: Assign roles to UserGroup and configure external UserGroup
subsequently assign specified roles to the user(s). roles that are
not part of the larger UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Assign some more roles to a User(which is part of external AD
UserGroup) at the User level.
5. Login to sat6 with the above AD user and attempt to access areas
assigned specifically to user.
:expectedresults: User can access not only those feature areas in his
UserGroup but those additional feature areas / roles assigned
specifically to user
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.user.update(
ldap_data['ldap_user_name'], {'roles.resources.assigned': [katello_role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
def test_positive_add_katello_role_with_org(
session, ldap_data, ldap_user_name, test_name, auth_source, ldap_usergroup_name,
module_org):
"""Associate katello roles to User Group with org set.
[belonging to external AD User Group.]
:id: a2ebd4de-eb0a-47da-81e8-00942eedcbf6
:setup: LDAP Auth Source should be created with Organization associated.
:Steps:
1. Create an UserGroup.
2. Assign some katello roles to UserGroup.
3. Create and associate an External AD UserGroup.
:expectedresults: Whether a User belonging to User Group is able to
access katello entities as per roles, with the associated org
in LDAP Auth source page as the context set.
:CaseLevel: Integration
"""
auth_source_name = 'LDAP-' + auth_source.name
ak_name = gen_string('alpha')
user_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey'],
'Location': ['assign_locations'],
'Organization': ['assign_organizations'],
}
katello_role = entities.Role().create()
create_role_permissions(katello_role, user_permissions)
different_org = entities.Organization().create()
with session:
session.usergroup.create({
'usergroup.name': ldap_usergroup_name,
'roles.resources.assigned': [katello_role.name],
'external_groups.name': EXTERNAL_GROUP_NAME,
'external_groups.auth_source': auth_source_name,
})
assert session.usergroup.search(ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'], {'user.auth': auth_source_name})
session.usergroup.refresh_external_group(ldap_usergroup_name, EXTERNAL_GROUP_NAME)
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
if bz_bug_is_open(1652938):
try:
ldapsession.activationkey.search('')
except NoSuchElementException:
ldapsession.browser.refresh()
ldapsession.activationkey.create({'name': ak_name})
# Since it's not possible to fetch assigned organization via UI directly,
# verify AK can be found in right org, can't be found in wrong one and
# double check via API
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
results = session.activationkey.search(ak_name)
assert results[0]['Name'] == ak_name
session.organization.select(different_org.name)
assert not session.activationkey.search(ak_name)
ak = entities.ActivationKey(organization=module_org).search(
query={'search': 'name={}'.format(ak_name)})[0].read()
assert ak.organization.id == module_org.id
def test_positive_check_permissions_affect_create_procedure(test_name, module_loc):
"""Verify whether user permissions affect what entities can be selected
when host is created
:id: 4502f99d-86fb-4655-a9dc-b2612cf849c6
:customerscenario: true
:expectedresults: user with specific permissions can choose only
entities for create host procedure that he has access to
:BZ: 1293716
:CaseLevel: System
"""
# Create new organization
org = entities.Organization().create()
# Create two lifecycle environments
lc_env = entities.LifecycleEnvironment(organization=org).create()
filter_lc_env = entities.LifecycleEnvironment(organization=org).create()
# Create two content views and promote them to one lifecycle
# environment which will be used in filter
cv = entities.ContentView(organization=org).create()
filter_cv = entities.ContentView(organization=org).create()
for content_view in [cv, filter_cv]:
content_view.publish()
content_view = content_view.read()
promote(content_view.version[0], filter_lc_env.id)
# Create two host groups
hg = entities.HostGroup(organization=[org]).create()
filter_hg = entities.HostGroup(organization=[org]).create()
# Create new role
role = entities.Role().create()
# Create lifecycle environment permissions and select one specific
# environment user will have access to
create_role_permissions(
role,
{
'Katello::KTEnvironment': [
'promote_or_remove_content_views_to_environments',
'view_lifecycle_environments'
]
},
# allow access only to the mentioned here environment
search='name = {0}'.format(filter_lc_env.name)
)
# Add necessary permissions for content view as we did for lce
create_role_permissions(
role,
{
'Katello::ContentView': [
'promote_or_remove_content_views',
'view_content_views',
'publish_content_views',
]
},
# allow access only to the mentioned here cv
search='name = {0}'.format(filter_cv.name)
)
# Add necessary permissions for hosts as we did for lce
create_role_permissions(
role,
{'Host': ['create_hosts', 'view_hosts']},
# allow access only to the mentioned here host group
search='hostgroup_fullname = {0}'.format(filter_hg.name)
)
# Add necessary permissions for host groups as we did for lce
create_role_permissions(
role,
{'Hostgroup': ['view_hostgroups']},
# allow access only to the mentioned here host group
search='name = {0}'.format(filter_hg.name)
)
# Add permissions for Organization and Location
create_role_permissions(
role,
{
'Organization': PERMISSIONS['Organization'],
'Location': PERMISSIONS['Location'],
},
)
# Create new user with a configured role
user_password = gen_string('alpha')
user = entities.User(
role=[role],
admin=False,
password=user_password,
organization=[org],
location=[module_loc],
default_organization=org,
default_location=module_loc,
).create()
host_fields = [
{
'name': 'host.hostgroup',
'unexpected_value': hg.name,
'expected_value': filter_hg.name,
},
{
'name': 'host.lce',
'unexpected_value': lc_env.name,
'expected_value': filter_lc_env.name,
},
{
'name': 'host.content_view',
'unexpected_value': cv.name,
'expected_value': filter_cv.name,
# content view selection needs the right lce to be selected
'other_fields_values': {'host.lce': filter_lc_env.name}
},
]
with Session(test_name, user=user.login, password=user_password) as session:
for host_field in host_fields:
with pytest.raises(NoSuchElementException) as context:
values = {host_field['name']: host_field['unexpected_value']}
values.update(host_field.get('other_fields_values', {}))
session.host.helper.read_create_view(values)
error_message = str(context.value)
assert host_field['unexpected_value'] in error_message
# After the NoSuchElementException from FilteredDropdown, airgun is not able to
# navigate to other locations, Note in normal situation we should send Escape key to
# browser.
session.browser.refresh()
values = {host_field['name']: host_field['expected_value']}
values.update(host_field.get('other_fields_values', {}))
create_values = session.host.helper.read_create_view(values, host_field['name'])
tab_name, field_name = host_field['name'].split('.')
assert create_values[tab_name][field_name] == host_field['expected_value']
def test_positive_update_external_user_roles(session, ldap_data,
ldap_user_name, test_name,
auth_source, ldap_usergroup_name):
"""Assure that user has roles/can access feature areas for
additional roles assigned outside any roles assigned by his group
:id: a487f7d6-22f2-4e42-b34f-8d984f721c83
:setup: Assign roles to UserGroup and configure external UserGroup
subsequently assign specified roles to the user(s). roles that are
not part of the larger UserGroup
:steps:
1. Create an UserGroup.
2. Assign some roles to UserGroup.
3. Create an External AD UserGroup as per the UserGroup name in AD.
4. Assign some more roles to a User(which is part of external AD
UserGroup) at the User level.
5. Login to sat6 with the above AD user and attempt to access areas
assigned specifically to user.
:expectedresults: User can access not only those feature areas in his
UserGroup but those additional feature areas / roles assigned
specifically to user
:CaseLevel: Integration
"""
ak_name = gen_string('alpha')
auth_source_name = 'LDAP-' + auth_source.name
location_name = gen_string('alpha')
foreman_role = entities.Role().create()
katello_role = entities.Role().create()
foreman_permissions = {'Location': PERMISSIONS['Location']}
katello_permissions = {
'Katello::ActivationKey': PERMISSIONS['Katello::ActivationKey']
}
create_role_permissions(foreman_role, foreman_permissions)
create_role_permissions(katello_role, katello_permissions)
with session:
session.usergroup.create({
'usergroup.name':
ldap_usergroup_name,
'roles.resources.assigned': [foreman_role.name],
'external_groups.name':
EXTERNAL_GROUP_NAME,
'external_groups.auth_source':
auth_source_name,
})
assert session.usergroup.search(
ldap_usergroup_name)[0]['Name'] == ldap_usergroup_name
session.user.update(ldap_data['ldap_user_name'],
{'user.auth': auth_source_name})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as ldapsession:
ldapsession.location.create({'name': location_name})
assert ldapsession.location.search(
location_name)[0]['Name'] == location_name
current_user = ldapsession.location.read(
location_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']
session.user.update(ldap_data['ldap_user_name'],
{'roles.resources.assigned': [katello_role.name]})
with Session(
test_name,
ldap_data['ldap_user_name'],
ldap_data['ldap_user_passwd'],
) as session:
with raises(NavigationTriesExceeded):
ldapsession.architecture.search('')
if bz_bug_is_open(1652938):
try:
session.activationkey.search('')
except NoSuchElementException:
session.browser.refresh()
session.activationkey.create({'name': ak_name})
assert session.activationkey.search(ak_name)[0]['Name'] == ak_name
current_user = session.activationkey.read(
ak_name, 'current_user')['current_user']
assert current_user == ldap_data['ldap_user_name']