def test_positive_remove_role(self):
"""Remove role from User for all variations of role names
@id: 51b15516-da42-4149-8032-87baa93f9e56
@Assert: Role is removed
@BZ: 1138553
@CaseLevel: Integration
"""
user = make_user()
include_list = [gen_string("alphanumeric", 100)]
for role_name in valid_usernames_list() + include_list:
with self.subTest(role_name):
make_role({'name': role_name})
User.add_role({
'login': user['login'],
'role': role_name,
})
user = User.info({'id': user['id']})
self.assertIn(role_name, user['roles'])
User.remove_role({
'login': user['login'],
'role': role_name,
})
user = User.info({'id': user['id']})
self.assertNotIn(role_name, user['roles'])
def test_user_remove_role_1(self):
"""@Test: Remove role to User for all variations of role names
@Feature: User - Remove role
@Steps:
1. Create role and add it to the user . Try to remove the role
@Assert: Role is removed
@BZ: 1138553
"""
user = make_user()
include_list = [gen_string("alphanumeric", 100)]
for role_name in valid_usernames_list() + include_list:
with self.subTest(role_name):
make_role({'name': role_name})
self.__assert_exists(user)
UserObj.add_role({
'login': user['login'],
'role': role_name,
})
user = UserObj.info({'id': user['id']})
self.assertIn(role_name, user['roles'])
UserObj.remove_role({
'login': user['login'],
'role': role_name,
})
user = UserObj.info({'id': user['id']})
self.assertNotIn(role_name, user['roles'])
def test_positive_remove_role(self):
"""Remove role from User for all variations of role names
@Feature: User - Remove role
@Assert: Role is removed
@BZ: 1138553
"""
user = make_user()
include_list = [gen_string("alphanumeric", 100)]
for role_name in valid_usernames_list() + include_list:
with self.subTest(role_name):
make_role({'name': role_name})
User.add_role({
'login': user['login'],
'role': role_name,
})
user = User.info({'id': user['id']})
self.assertIn(role_name, user['roles'])
User.remove_role({
'login': user['login'],
'role': role_name,
})
user = User.info({'id': user['id']})
self.assertNotIn(role_name, user['roles'])
def test_positive_delete_role_1(self, data):
"""@Test: Delete roles after creating them
@Feature: Roles
@Assert: Assert deletion of roles
"""
try:
role = make_role({'name': data})
except CLIFactoryError as err:
self.fail(err)
self.assertEqual(
role['name'],
data, "Input and output name should be consistent")
# Delete it
result = Role.delete({'id': role['id']})
self.assertEqual(result.return_code, 0,
"Role was not deleted")
self.assertEqual(
len(result.stderr), 0, "No error was expected")
# Fetch it
result = Role.info({'id': role['id']})
self.assertNotEqual(result.return_code, 0,
"Role should not be found")
self.assertGreater(len(result.stderr), 0,
"Expected an error here")
def test_positive_update_role_1(self, data):
"""@Test: Update roles after creating them
@Feature: Roles
@Assert: Assert updation of roles
"""
name = gen_string('alpha', 15)
try:
role = make_role({'name': name})
except CLIFactoryError as err:
self.fail(err)
self.assertEqual(
role['name'],
data, "Input and output name should be consistent")
# Update it
result = Role.update({'id': role['id'],
'new-name': data})
self.assertEqual(result.return_code, 0,
"Role was not updated")
self.assertEqual(
len(result.stderr), 0, "No error was expected")
# Fetch it
result = Role.info({'id': role['id']})
self.assertEqual(result.return_code, 0,
"Role was not updated")
self.assertEqual(
len(result.stderr), 0, "No error was expected")
# Assert that name was updated
self.assertEqual(result.stdout['name'],
data,
"Names do not match")
def test_positive_create_with_permission(self):
"""Create new role with a set of permission
:id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a
:expectedresults: Role is created and has correct set of permissions
:CaseImportance: Critical
"""
role = make_role()
# Pick permissions by its resource type
permissions = [
permission['name']
for permission in Filter.available_permissions(
{'resource-type': 'Organization'})
]
# Assign filter to created role
make_filter({
'role-id': role['id'],
'permissions': permissions,
})
self.assertEqual(
Role.filters({'id': role['id']})[0]['permissions'],
permissions
)
def test_positive_automate_bz1426957(self):
"""Verify role is properly reflected on AD user.
:id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc
:expectedresults: Roles from usergroup is applied on AD user successfully.
:CaseLevel: Integration
:BZ: 1426957
"""
ext_user_group = make_usergroup_external({
'auth-source-id': self.auth['server']['id'],
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
ext_user_group['auth-source'], self.auth['server']['name']
)
role = make_role()
UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']})
with self.assertNotRaises(CLIReturnCodeError):
Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list()
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1],
role['name'])
User.delete({'login': self.ldap_user_name})
def test_user_remove_role_1(self, test_data):
"""@Test: Remove role to User for all variations of role names
@Feature: User - Remove role
@Steps:
1. Create role and add it to the user . Try to remove the role
@Assert: Role is removed
@BZ: 1138553
"""
user = make_user()
role = make_role(test_data)
self.__assert_exists(user)
UserObj.add_role({
'login': user['login'],
'role': role['name'],
})
user = UserObj.info({'id': user['id']})
self.assertIn(role['name'], user['roles'])
UserObj.remove_role({
'login': user['login'],
'role': role['name'],
})
user = UserObj.info({'id': user['id']})
self.assertNotIn(role['name'], user['roles'])
def test_positive_create_with_role_id(self):
"""Create new user group using valid role attached to that group. Use
role id as a parameter
@Feature: Usergroup
@Assert: User group is created successfully.
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_create_with_roles(self):
"""Create new user group using multiple roles attached to that group.
Use roles name as a parameter
@Feature: Usergroup
@Assert: User group is created successfully and contains all expected
roles
"""
roles = [make_role()['name'] for _ in range(randint(3, 5))]
user_group = make_usergroup({'roles': roles})
self.assertEqual(sorted(roles), sorted(user_group['roles']))
def test_positive_add_role(self):
"""Add role to User for all variations of role names
@id: 4df495b8-ed02-480e-a935-ffc0b6746e08
@Assert: Role is added to user
@BZ: 1138553
@CaseLevel: Integration
"""
user = make_user()
include_list = [gen_string("alphanumeric", 100)]
for role_name in valid_usernames_list() + include_list:
with self.subTest(role_name):
make_role({'name': role_name})
User.add_role({
'login': user['login'],
'role': role_name,
})
user = User.info({'id': user['id']})
self.assertIn(role_name, user['roles'])
def test_positive_create_with_name(self):
"""Create new roles with provided name
@id: 6883177c-6926-428c-92ab-9effbe1372ae
@Assert: Role is created and has correct name
@BZ: 1138553
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
def test_positive_create_with_name(self):
"""Create new roles with provided name
@Feature: Roles
@Assert: Role is created and has correct name
@BZ: 1138553
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
def test_positive_create_role_1(self):
"""@Test: Create new roles and assign to the custom user
@Feature: Roles
@Assert: Assert creation of roles
@BZ: 1138553
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
def test_positive_create_with_role_id(self):
"""Create new user group using valid role attached to that group. Use
role id as a parameter
:id: 8524a561-037c-4509-aaba-3213924a1cfe
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_list_filters_with_pagination(self):
"""Make sure filters list can be displayed with different items per
page value
:id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865
:BZ: 1428516
:expectedresults: `per-page` correctly sets amount of items displayed
per page, different `per-page` values divide a list into correct
number of pages
:CaseImportance: Critical
"""
role = make_role()
res_types = iter(PERMISSIONS.keys())
permissions = []
# Collect more than 20 different permissions
while len(permissions) <= 20:
permissions += [
permission['name']
for permission in Filter.available_permissions(
{'resource-type': next(res_types)})
]
# Create a filter for each permission
for perm in permissions:
make_filter({
'role': role['name'],
'permissions': perm,
})
# Test different `per-page` values
for per_page in (1, 5, 20):
with self.subTest(per_page):
# Verify the first page contains exactly the same items count
# as `per-page` value
filters = Role.filters({
'name': role['name'],
'per-page': per_page,
})
self.assertEqual(len(filters), per_page)
# Verify pagination and total amount of pages by checking the
# items count on the last page
last_page = (len(permissions) / per_page
+ int(len(permissions) % per_page != 0))
filters = Role.filters({
'name': role['name'],
'page': last_page,
'per-page': per_page,
})
self.assertEqual(
len(filters), len(permissions) % per_page or per_page)
def test_positive_delete_by_id(self):
"""Create a new role and then delete role by its ID
@id: 351780b4-697c-4f87-b989-dd9a9a2ad012
@Assert: Role is created and then deleted by its ID
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
Role.delete({'id': role['id']})
with self.assertRaises(CLIReturnCodeError):
Role.info({'id': role['id']})
def test_positive_delete_by_id(self):
"""Create a new role and then delete role by its ID
@id: 351780b4-697c-4f87-b989-dd9a9a2ad012
@Assert: Role is created and then deleted by its ID
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
Role.delete({'id': role['id']})
with self.assertRaises(CLIReturnCodeError):
Role.info({'id': role['id']})
def test_positive_create_with_roles(self):
"""Create new user group using multiple roles attached to that group.
Use roles name as a parameter
:id: b7113d49-b9ce-4603-a09d-5ab23fe2d568
:expectedresults: User group is created successfully and contains all
expected roles
:CaseImportance: Critical
"""
roles = [make_role()['name'] for _ in range(randint(3, 5))]
user_group = make_usergroup({'roles': roles})
self.assertEqual(sorted(roles), sorted(user_group['roles']))
def test_positive_delete_role_1(self):
"""@Test: Delete roles after creating them
@Feature: Roles
@Assert: Assert deletion of roles
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
Role.delete({'id': role['id']})
with self.assertRaises(CLIReturnCodeError):
Role.info({'id': role['id']})
def test_positive_create_with_role_name(self):
"""Create new user group using valid role attached to that group. Use
role name as a parameter
@Feature: Usergroup
@Assert: User group is created successfully.
"""
for role_name in valid_data_list():
with self.subTest(role_name):
role = make_role({'name': role_name})
user_group = make_usergroup({'roles': role['name']})
self.assertEqual(len(user_group['roles']), 1)
self.assertEqual(user_group['roles'][0], role_name)
def test_positive_create_with_name(self):
"""Create new roles with provided name
:id: 6883177c-6926-428c-92ab-9effbe1372ae
:expectedresults: Role is created and has correct name
:BZ: 1138553
:CaseImportance: Critical
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
def test_positive_create_role_1(self, data):
"""@Test: Create new roles and assign to the custom user
@Feature: Roles
@Assert: Assert creation of roles
"""
try:
role = make_role({'name': data})
except CLIFactoryError as err:
self.fail(err)
self.assertEqual(
role['name'],
data, "Input and output name should be consistent")
def test_positive_create_with_name(self):
"""Create new roles with provided name
:id: 6883177c-6926-428c-92ab-9effbe1372ae
:expectedresults: Role is created and has correct name
:BZ: 1138553
:CaseImportance: Critical
"""
for name in generate_strings_list(length=10):
with self.subTest(name):
role = make_role({'name': name})
self.assertEqual(role['name'], name)
def test_positive_update_role(self):
"""Create a filter and assign it to another role.
:id: 2950b3a1-2bce-447f-9df2-869b1d10eaf5
:expectedresults: Filter is created and assigned to new role.
:CaseImportance: Critical
"""
filter_ = make_filter({'role-id': self.role['id'], 'permissions': self.perms})
# Update with another role
new_role = make_role()
Filter.update({'id': filter_['id'], 'role-id': new_role['id']})
filter_ = Filter.info({'id': filter_['id']})
self.assertEqual(filter_['role'], new_role['name'])
def test_positive_create_role_1(self, data):
"""@Test: Create new roles and assign to the custom user
@Feature: Roles
@Assert: Assert creation of roles
"""
try:
role = make_role({'name': data})
except CLIFactoryError as err:
self.fail(err)
self.assertEqual(
role['name'],
data, "Input and output name should be consistent")
def test_positive_update_name(self):
"""Create new role and update its name
:id: 3ce1b337-fd52-4460-b8a8-df49c94ffed1
:expectedresults: Role is created and its name is updated
:CaseImportance: Critical
"""
role = make_role({'name': gen_string('alpha', 15)})
for new_name in generate_strings_list(length=10):
with self.subTest(new_name):
Role.update({'id': role['id'], 'new-name': new_name})
role = Role.info({'id': role['id']})
self.assertEqual(role['name'], new_name)
def test_positive_CRUD(self):
"""Create new user group with valid elements that attached group.
List the user group, update and delete it.
:id: bacef0e3-31dd-4991-93f7-f54fbe64d0f0
:expectedresults: User group is created, listed, updated and
deleted successfully.
:CaseImportance: Critical
"""
user = make_user()
ug_name = random.choice(list(valid_data_list().values()))
role_name = random.choice(list(valid_data_list().values()))
role = make_role({'name': role_name})
sub_user_group = make_usergroup()
# Create
user_group = make_usergroup({
'user-ids': user['id'],
'name': ug_name,
'role-ids': role['id'],
'user-group-ids': sub_user_group['id'],
})
self.assertEqual(user_group['name'], ug_name)
self.assertEqual(user_group['users'][0], user['login'])
self.assertEqual(len(user_group['roles']), 1)
self.assertEqual(user_group['roles'][0], role_name)
self.assertEqual(user_group['user-groups'][0]['usergroup'],
sub_user_group['name'])
# List
result_list = UserGroup.list(
{'search': 'name={0}'.format(user_group['name'])})
self.assertTrue(len(result_list) > 0)
self.assertTrue(UserGroup.exists(search=('name', user_group['name'])))
# Update
new_name = random.choice(list(valid_data_list().values()))
UserGroup.update({'id': user_group['id'], 'new-name': new_name})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['name'], new_name)
# Delete
UserGroup.delete({'name': user_group['name']})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'name': user_group['name']})
def test_positive_update_name(self):
"""Create new role and update its name
@id: 3ce1b337-fd52-4460-b8a8-df49c94ffed1
@Assert: Role is created and its name is updated
"""
role = make_role({'name': gen_string('alpha', 15)})
for new_name in generate_strings_list(length=10):
with self.subTest(new_name):
Role.update({
'id': role['id'],
'new-name': new_name,
})
role = Role.info({'id': role['id']})
self.assertEqual(role['name'], new_name)
def test_positive_create_with_role_name(self):
"""Create new user group using valid role attached to that group. Use
role name as a parameter
:id: 47fb3037-f48a-4f99-9a50-792b0fd77569
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
for role_name in valid_data_list():
with self.subTest(role_name):
role = make_role({'name': role_name})
user_group = make_usergroup({'roles': role['name']})
self.assertEqual(len(user_group['roles']), 1)
self.assertEqual(user_group['roles'][0], role_name)
def test_positive_add_role_by_name(self):
"""Create new user group and new role. Then add created role to user
group by name
@Feature: Usergroup
@Assert: Role is added to user group successfully.
"""
role = make_role()
user_group = make_usergroup()
UserGroup.add_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_update_role_1(self):
"""@Test: Update roles after creating them
@Feature: Roles
@Assert: Assert updating of roles
"""
role = make_role({'name': gen_string('alpha', 15)})
for new_name in generate_strings_list(length=10):
with self.subTest(new_name):
Role.update({
'id': role['id'],
'new-name': new_name,
})
role = Role.info({'id': role['id']})
self.assertEqual(role['name'], new_name)
def test_positive_update_name(self):
"""Create new role and update its name
@Feature: Roles
@Assert: Role is created and its name is updated
"""
role = make_role({'name': gen_string('alpha', 15)})
for new_name in generate_strings_list(length=10):
with self.subTest(new_name):
Role.update({
'id': role['id'],
'new-name': new_name,
})
role = Role.info({'id': role['id']})
self.assertEqual(role['name'], new_name)
def test_positive_update_name(self):
"""@Test: Create new role and update its name
@Feature: Roles
@Assert: Role is created and its name is updated
"""
role = make_role({'name': gen_string('alpha', 15)})
for new_name in generate_strings_list(length=10):
with self.subTest(new_name):
Role.update({
'id': role['id'],
'new-name': new_name,
})
role = Role.info({'id': role['id']})
self.assertEqual(role['name'], new_name)
def test_positive_create_with_role_name(self):
"""Create new user group using valid role attached to that group. Use
role name as a parameter
:id: 47fb3037-f48a-4f99-9a50-792b0fd77569
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
for role_name in valid_data_list():
with self.subTest(role_name):
role = make_role({'name': role_name})
user_group = make_usergroup({'roles': role['name']})
self.assertEqual(len(user_group['roles']), 1)
self.assertEqual(user_group['roles'][0], role_name)
def test_positive_add_role_by_name(self):
"""Create new user group and new role. Then add created role to user
group by name
@Feature: Usergroup
@Assert: Role is added to user group successfully.
"""
role = make_role()
user_group = make_usergroup()
UserGroup.add_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_list_filters_with_pagination(self):
"""Make sure filters list can be displayed with different items per
page value
:id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865
:BZ: 1428516
:expectedresults: `per-page` correctly sets amount of items displayed
per page, different `per-page` values divide a list into correct
number of pages
:CaseImportance: Critical
"""
role = make_role()
res_types = iter(PERMISSIONS.keys())
permissions = []
# Collect more than 20 different permissions
while len(permissions) <= 20:
permissions += [
permission['name']
for permission in Filter.available_permissions(
{"search": f"resource_type={next(res_types)}"})
]
# Create a filter for each permission
for perm in permissions:
make_filter({'role': role['name'], 'permissions': perm})
# Test different `per-page` values
for per_page in (1, 5, 20):
with self.subTest(per_page):
# Verify the first page contains exactly the same items count
# as `per-page` value
filters = Role.filters({
'name': role['name'],
'per-page': per_page
})
self.assertEqual(len(filters), per_page)
# Verify pagination and total amount of pages by checking the
# items count on the last page
last_page = ceil(len(permissions) / per_page)
filters = Role.filters({
'name': role['name'],
'page': last_page,
'per-page': per_page
})
self.assertEqual(len(filters),
len(permissions) % per_page or per_page)
def test_positive_CRUD():
"""Create new user group with valid elements that attached group.
List the user group, update and delete it.
:id: bacef0e3-31dd-4991-93f7-f54fbe64d0f0
:expectedresults: User group is created, listed, updated and
deleted successfully.
:CaseImportance: Critical
"""
user = make_user()
ug_name = random.choice(valid_usernames_list())
role_name = random.choice(valid_usernames_list())
role = make_role({'name': role_name})
sub_user_group = make_usergroup()
# Create
user_group = make_usergroup({
'user-ids': user['id'],
'name': ug_name,
'role-ids': role['id'],
'user-group-ids': sub_user_group['id'],
})
assert user_group['name'] == ug_name
assert user_group['users'][0] == user['login']
assert len(user_group['roles']) == 1
assert user_group['roles'][0] == role_name
assert user_group['user-groups'][0]['usergroup'] == sub_user_group['name']
# List
result_list = UserGroup.list(
{'search': 'name={}'.format(user_group['name'])})
assert len(result_list) > 0
assert UserGroup.exists(search=('name', user_group['name']))
# Update
new_name = random.choice(valid_usernames_list())
UserGroup.update({'id': user_group['id'], 'new-name': new_name})
user_group = UserGroup.info({'id': user_group['id']})
assert user_group['name'] == new_name
# Delete
UserGroup.delete({'name': user_group['name']})
with pytest.raises(CLIReturnCodeError):
UserGroup.info({'name': user_group['name']})
def test_positive_add_and_remove_elements(self):
"""Create new user group. Add and remove several element from the group.
:id: a4ce8724-d3c8-4c00-9421-aaa40394134d
:BZ: 1395229
:expectedresults: Elements are added to user group and then removed
successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup()
user = make_user()
sub_user_group = make_usergroup()
# Add elements by id
UserGroup.add_role({'id': user_group['id'], 'role-id': role['id']})
UserGroup.add_user({'id': user_group['id'], 'user-id': user['id']})
UserGroup.add_user_group({
'id': user_group['id'],
'user-group-id': sub_user_group['id']
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 1)
self.assertEqual(user_group['roles'][0], role['name'])
self.assertEqual(len(user_group['users']), 1)
self.assertEqual(user_group['users'][0], user['login'])
self.assertEqual(len(user_group['user-groups']), 1)
self.assertEqual(user_group['user-groups'][0]['usergroup'],
sub_user_group['name'])
# Remove elements by name
UserGroup.remove_role({'id': user_group['id'], 'role': role['name']})
UserGroup.remove_user({'id': user_group['id'], 'user': user['login']})
UserGroup.remove_user_group({
'id': user_group['id'],
'user-group': sub_user_group['name']
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
self.assertEqual(len(user_group['users']), 0)
self.assertEqual(len(user_group['user-groups']), 0)
def test_positive_remove_role_by_name(self):
"""Create new user group using valid role attached to that group. Then
remove that role from user group by name
@Feature: Usergroup
@Assert: Role is removed from user group successfully.
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(len(user_group['roles']), 1)
UserGroup.remove_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
def test_positive_remove_role_by_name(self):
"""Create new user group using valid role attached to that group. Then
remove that role from user group by name
@Feature: Usergroup
@Assert: Role is removed from user group successfully.
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(len(user_group['roles']), 1)
UserGroup.remove_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
def test_custom_personal_access_token_role(self, default_sat):
"""Personal access token for non admin user with custom role
:id: dcbd22df-2641-4d3e-a1ad-76f36642e31b
:steps:
1. Create role with PAT and View Users
2. Create non admin user and assign the role
3. Create PAT for the user and test with the end point
4. Revoke the token and then test for end point.
:expectedresults: Non admin user is able to view only the assigned entity
:CaseLevel: System
:CaseImportance: High
:BZ: 1974685, 1996048
"""
role = make_role()
permissions = [
permission['name']
for permission in Filter.available_permissions(
{'search': 'resource_type=PersonalAccessToken'}
)
]
permissions = ','.join(permissions)
make_filter({'role-id': role['id'], 'permissions': permissions})
make_filter({'role-id': role['id'], 'permissions': 'view_users'})
user = make_user()
User.add_role({'login': user['login'], 'role': role['name']})
token_name = gen_alphanumeric()
result = User.access_token(
action="create", options={'name': token_name, 'user-id': user['id']}
)
token_value = result[0]['message'].split(':')[-1]
command_output = default_sat.execute(
f'curl -k -u {user["login"]}:{token_value} {default_sat.url}/api/v2/users'
)
assert user['login'] in command_output.stdout
assert user['email'] in command_output.stdout
User.access_token(action="revoke", options={'name': token_name, 'user-id': user['id']})
command_output = default_sat.execute(
f'curl -k -u {user["login"]}:{token_value} {default_sat.url}/api/v2/users'
)
assert f'Unable to authenticate user {user["login"]}' in command_output.stdout
def test_positive_add_role_by_name(self):
"""Create new user group and new role. Then add created role to user
group by name
:id: 181bf2d5-0650-4fb0-890c-475eac3306a2
:expectedresults: Role is added to user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup()
UserGroup.add_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_create_with_filter(self):
"""Create new role with a filter
:id: 6c99ee25-4e58-496c-af42-f8ad2da6cf07
:expectedresults: Role is created and correct filter is assigned
:CaseImportance: Critical
"""
role = make_role()
# Pick permissions by its resource type
permissions = [
permission['name']
for permission in Filter.available_permissions({'resource-type': 'Organization'})
]
# Assign filter to created role
filter_ = make_filter({'role-id': role['id'], 'permissions': permissions})
self.assertEqual(role['name'], filter_['role'])
def test_positive_add_role_by_name(self):
"""Create new user group and new role. Then add created role to user
group by name
:id: 181bf2d5-0650-4fb0-890c-475eac3306a2
:expectedresults: Role is added to user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup()
UserGroup.add_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_add_role_by_id(self):
"""Create new user group and new role. Then add created role to user
group by id
:id: a4ce8724-d3c8-4c00-9421-aaa40394134d
:expectedresults: Role is added to user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup()
UserGroup.add_role({
'id': user_group['id'],
'role-id': role['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_create_with_permission(self):
"""Create new role with a set of permission
:id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a
:expectedresults: Role is created and has correct set of permissions
:CaseImportance: Critical
"""
role = make_role()
# Pick permissions by its resource type
permissions = [
permission['name']
for permission in Filter.available_permissions({"search": "resource_type=Organization"})
]
# Assign filter to created role
make_filter({'role-id': role['id'], 'permissions': permissions})
assert set(Role.filters({'id': role['id']})[0]['permissions']) == set(permissions)
def test_positive_add_role_by_id(self):
"""Create new user group and new role. Then add created role to user
group by id
:id: a4ce8724-d3c8-4c00-9421-aaa40394134d
:expectedresults: Role is added to user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup()
UserGroup.add_role({
'id': user_group['id'],
'role-id': role['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_remove_role_by_id(self):
"""Create new user group using valid role attached to that group. Then
remove that role from user group by id
:id: f086e7f0-4a24-4097-8ec6-3f698ac926ba
:expectedresults: Role is removed from user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(len(user_group['roles']), 1)
UserGroup.remove_role({
'id': user_group['id'],
'role-id': role['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
def test_positive_remove_role_by_name(self):
"""Create new user group using valid role attached to that group. Then
remove that role from user group by name
:id: 0a5fdeaf-a05f-4153-b2c8-c5f8745cbb80
:expectedresults: Role is removed from user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(len(user_group['roles']), 1)
UserGroup.remove_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
def test_positive_list_filters_by_id(self):
"""Create new role with a filter and list it by role id
:id: 6979ad8d-629b-481e-9d3a-8f3b3bca53f9
:expectedresults: Filter is listed for specified role
:CaseImportance: Critical
"""
role = make_role()
# Pick permissions by its resource type
permissions = [
permission['name']
for permission in Filter.available_permissions({"search": "resource_type=Organization"})
]
# Assign filter to created role
filter_ = make_filter({'role-id': role['id'], 'permissions': permissions})
assert role['name'] == filter_['role']
assert Role.filters({'id': role['id']})[0]['id'] == filter_['id']
def test_positive_list_filters_by_name(self):
"""Create new role with a filter and list it by role name
:id: bbcb3982-f484-4dde-a3ea-7145fd28ab1f
:expectedresults: Filter is listed for specified role
:CaseImportance: Critical
"""
role = make_role()
# Pick permissions by its resource type
permissions = [
permission['name']
for permission in Filter.available_permissions({"search": "resource_type=Organization"})
]
# Assign filter to created role
filter_ = make_filter({'role': role['name'], 'permissions': permissions})
assert role['name'] == filter_['role']
assert Role.filters({'name': role['name']})[0]['id'] == filter_['id']
def make_role_with_permissions(self):
"""Create new role with a filter"""
role = make_role()
res_types = iter(PERMISSIONS.keys())
permissions = []
# Collect more than 20 different permissions
while len(permissions) <= 20:
permissions += [
permission['name']
for permission in Filter.available_permissions(
{"search": f"resource_type={next(res_types)}"})
]
# Create a filter for each permission
for perm in permissions:
make_filter({'role': role['name'], 'permissions': perm})
return {
'role': role,
'permissions': permissions,
}
def test_positive_automate_bz1426957(ldap_auth_source, function_user_group):
"""Verify role is properly reflected on AD user.
:id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc
:parametrized: yes
:expectedresults: Roles from usergroup is applied on AD user successfully.
:customerscenario: true
:CaseLevel: Integration
:BZ: 1426957, 1667704
"""
ext_user_group = make_usergroup_external({
'auth-source-id':
ldap_auth_source[1].id,
'user-group-id':
function_user_group['id'],
'name':
'foobargroup',
})
assert ext_user_group['auth-source'] == ldap_auth_source[1].name
role = make_role()
UserGroup.add_role({
'id': function_user_group['id'],
'role-id': role['id']
})
Task.with_user(
username=ldap_auth_source[0]['ldap_user_name'],
password=ldap_auth_source[0]['ldap_user_passwd'],
).list()
UserGroupExternal.refresh({
'user-group-id': function_user_group['id'],
'name': 'foobargroup'
})
assert (role['name']
in User.info({'login': ldap_auth_source[0]['ldap_user_name']
})['user-groups'])
User.delete({'login': ldap_auth_source[0]['ldap_user_name']})
LDAPAuthSource.delete({'id': ldap_auth_source[1].id})
def test_positive_list_with_non_admin_user(self,
session_puppet_enabled_sat,
module_puppet):
"""List all the parameters for specific puppet class by id.
:id: 00fbf150-34fb-45d0-80e9-d5798d24a24f
:expectedresults: Parameters listed for specific Puppet class.
:BZ: 1391556
:CaseImportance: Medium
"""
password = gen_string('alpha')
required_user_permissions = {
'ForemanPuppet::Puppetclass': {
'permissions': ['view_puppetclasses']
},
'ForemanPuppet::PuppetclassLookupKey': {
'permissions': [
'view_external_parameters',
'create_external_parameters',
'edit_external_parameters',
'destroy_external_parameters',
]
},
}
user = make_user({'admin': '0', 'password': password})
role = make_role()
add_role_permissions(role['id'], required_user_permissions)
# Add the created and initiated role with permissions to user
session_puppet_enabled_sat.cli.User.add_role({
'id': user['id'],
'role-id': role['id']
})
sc_params = session_puppet_enabled_sat.cli.SmartClassParameter.with_user(
user['login'],
password).list({'puppet-class-id': module_puppet['class']['id']})
assert len(sc_params) > 0
# Check that only unique results are returned
assert len(sc_params) == len({scp['id'] for scp in sc_params})
def test_positive_crud_with_name(self, name, new_name):
"""Create new role with provided name, update name and delete role by ID
:id: f77b8e84-e964-4007-b12b-142949134d8b
:parametrized: yes
:expectedresults: Role is created and has correct name, its name is updated
and then deleted by ID
:BZ: 1138553
:CaseImportance: Critical
"""
role = make_role({'name': name})
assert role['name'] == name
Role.update({'id': role['id'], 'new-name': new_name})
role = Role.info({'id': role['id']})
assert role['name'] == new_name
Role.delete({'id': role['id']})
with pytest.raises(CLIReturnCodeError):
Role.info({'id': role['id']})
def test_positive_create_with_multiple_elements(self):
"""Create new user group using multiple users, roles and user
groups attached to that group.
:id: 3b0a3c3c-aab2-4e8a-b043-7462621c7333
:expectedresults: User group is created successfully and contains all
expected elements.
:CaseImportance: Critical
"""
count = 2
users = [make_user()['login'] for _ in range(count)]
roles = [make_role()['name'] for _ in range(count)]
sub_user_groups = [make_usergroup()['name'] for _ in range(count)]
user_group = make_usergroup(
{'users': users, 'roles': roles, 'user-groups': sub_user_groups}
)
self.assertEqual(sorted(users), sorted(user_group['users']))
self.assertEqual(sorted(roles), sorted(user_group['roles']))
self.assertEqual(
sorted(sub_user_groups), sorted([ug['usergroup'] for ug in user_group['user-groups']]),
)
def test_positive_create_with_permission(self):
"""Create new role with a set of permission
@id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a
@assert: Role is created and has correct set of permissions
"""
role = make_role()
# Pick permissions by its resource type
permissions = [
permission['name']
for permission in Filter.available_permissions(
{'resource-type': 'Organization'})
]
# Assign filter to created role
make_filter({
'role-id': role['id'],
'permissions': permissions,
})
self.assertEqual(
Role.filters({'id': role['id']})[0]['permissions'],
permissions
)
def test_positive_automate_bz1426957(self):
"""Verify role is properly reflected on AD user.
:id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc
:expectedresults: Roles from usergroup is applied on AD user successfully.
:CaseLevel: Integration
:BZ: 1426957, 1667704
"""
ext_user_group = make_usergroup_external({
'auth-source-id':
self.auth['server']['id'],
'user-group-id':
self.user_group['id'],
'name':
'foobargroup'
})
self.assertEqual(ext_user_group['auth-source'],
self.auth['server']['name'])
role = make_role()
UserGroup.add_role({
'id': self.user_group['id'],
'role-id': role['id']
})
with self.assertNotRaises(CLIReturnCodeError):
Task.with_user(username=self.ldap_user_name,
password=self.ldap_user_passwd).list()
UserGroupExternal.refresh({
'user-group-id': self.user_group['id'],
'name': 'foobargroup'
})
self.assertEqual(
User.info({'login': self.ldap_user_name})['user-groups'][1],
role['name'])
User.delete({'login': self.ldap_user_name})
def roles_helper():
"""Generator funcion which creates several Roles to be used on
tests
"""
for role_name in valid_usernames_list() + include_list:
yield make_role({'name': role_name})
