def test_add_role_member_outqueue():
"""Test adding a new member to a role.
Creates two test users and a role using the first user,
then adds the second user as member to role."""
user1_payload = {
"name": "Test Owner 0521201905",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test Member 0521201906",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "TestRole0521201902",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 3",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
start_depth = get_outbound_queue_depth()
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
proposal = assert_api_success(proposal_response)
# Logging in as role owner
credentials_payload = {
"id": user1_payload["username"],
"password": user1_payload["password"],
}
log_in(session, credentials_payload)
# Approve proposal as role owner
approval_response = approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
delete_role_by_name("TestRole0521201902")
delete_user_by_username("test0521201905")
delete_user_by_username("test0521201906")
def test_role_outq_insertion():
""" Test the insertion of a new fake role resource which is unique
into the outbound_queue table.
"""
user1_payload = {
"name": "Test Unique User",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
expected_result = True
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
role_payload = {
"name": "TestUniqueRole0501201903",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Unique Role 1",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_name = role_result["data"]["name"]
inserted_queue_item = peek_at_queue("outbound_queue", LDAP_DC)
LOGGER.info("Received queue entry %s from outbound queue...",
inserted_queue_item["id"])
successful_insert = bool(inserted_queue_item)
assert expected_result == successful_insert
delete_role_by_name("TestUniqueRole0501201903")
delete_user_by_username("testuniqueuser0501201901")
def test_add_role_task():
"""Test adding a new task to a role.
Creates a test user and a role, then creates
a task, to add to the role."""
user1_payload = {
"name": "Test Owner 2",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
with requests.Session() as session:
user_login(session, "testowner2", "123456")
task1_payload = {
"name": "TestTask1",
"administrators": user1_id,
"owners": user1_id,
"metadata": "",
}
task_response = create_test_task(session, task1_payload)
task_result = assert_api_success(task_response)
task_id = task_result["data"]["id"]
role_payload = {
"name": "TestRole0501201904",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 4",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": task_id,
"reason": "Integration test of adding a task.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/tasks".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user1_id
delete_role_by_name("TestRole0501201904")
delete_user_by_username("testowner2")
delete_task_by_name("TestTask1")
def test_update_manager():
""" Creates a user and then updates their manager
Manager is the second user created here."""
user1_payload = {
"name": "Test User 6",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test User 7",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
manager_payload = {
"id": user2_id,
"reason": "Integration test of adding role owner.",
"metadata": "",
}
response = session.put(
"http://rbac-server:8000/api/users/{}/manager".format(user1_id),
json=manager_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user2_id
# Logging in as role owner
credentials_payload = {
"id": user2_payload["username"],
"password": user2_payload["password"],
}
log_in(session, credentials_payload)
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["status"] == "CONFIRMED"
delete_user_by_username("testuser6")
delete_user_by_username("testuser7")
def test_add_task_owner():
"""Test adding an owner to a task.
Creates two test users and a task using the first user,
then adds the second user as task owner."""
user1_payload = {
"name": "Test User 10",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test User 11",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
task1_payload = {
"name": "TestTask3",
"administrators": user1_id,
"owners": user1_id,
"metadata": "",
}
task_response = create_test_task(session, task1_payload)
task_result = assert_api_success(task_response)
task_id = task_result["data"]["id"]
owner_payload = {
"id": user2_id,
"reason": "Integration test of adding task owner.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/tasks/{}/owners".format(task_id),
json=owner_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user1_id
delete_task_by_name("TestTask3")
delete_user_by_username("testuser10")
delete_user_by_username("testuser11")
def test_add_role_admin():
"""Test adding an admin to a role.
Creates two test users and a role with user1 as owner/admin,
then adds the second user as role admin."""
user1_payload = {
"name": "Test User 1",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test User 2",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "TestRole0501201901",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 1",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding role admin.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/admins".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user1_id
delete_role_by_name("TestRole0501201901")
delete_user_by_username("testuser1")
delete_user_by_username("testuser2")
def test_update_manager_outqueue():
""" Creates a user and then updates their manager
Manager is the second user created here."""
user1_payload = {
"name": "Test User 0521201901",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test User 0521201902",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
start_depth = get_outbound_queue_depth()
manager_payload = {
"id": user2_id,
"reason": "Integration test of adding role owner.",
"metadata": "",
}
response = session.put(
"http://rbac-server:8000/api/users/{}/manager".format(user1_id),
json=manager_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
proposal = assert_api_success(proposal_response)
# Logging in as role owner
credentials_payload = {
"id": user2_payload["username"],
"password": user2_payload["password"],
}
log_in(session, credentials_payload)
# Approve proposal as role owner
approval_response = approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
delete_user_by_username("test0521201901")
delete_user_by_username("test0521201902")
def get(self, proposal_id, user):
""" Get a proposal """
url = self.url(proposal_id)
response = requests.get(url=url,
headers={"Authorization": user["token"]})
result = assert_api_success(response)
assert "data" in result
return result["data"]
def update(self, proposal, approver, status, reason):
""" Update a proposal """
url = self.url(proposal["id"])
data = {"status": status, "reason": reason}
response = requests.patch(url=url,
headers={"Authorization": approver["token"]},
json=data)
result = assert_api_success(response)
return result
def test_role_outq_insertion():
""" Test the insertion of a new fake role resource which is unique
into the outbound_queue table.
This test will only run if ENABLE_NEXT_BASE_USE is set to 1.
"""
user1_payload = {
"name": "Test Unique User",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
role_payload = {
"name": "TestUniqueRole0501201903",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Unique Role 1",
}
role_response = create_test_role(session, role_payload)
assert_api_success(role_response)
outbound_queue_data = {"members": [], "remote_id": ""}
expected_payload = {
"data": outbound_queue_data,
"data_type": "group",
"provider_id": "NEXT-created",
"status": "UNCONFIRMED",
"action": "",
}
outbound_entry = get_outbound_queue_entry(outbound_queue_data)
outbound_entry[0].pop("timestamp")
outbound_entry[0].pop("id")
assert outbound_entry[0] == expected_payload
delete_role_by_name("TestUniqueRole0501201903")
delete_user_by_username("testuniqueuser0501201901")
def test_api_user_login():
""" Test user login with good data
"""
url = helper.api.user.create.auth_url
user = helper.api.user.create.current
data = {"id": user["username"], "password": user["password"]}
response = requests.post(url=url, headers=None, json=data)
result = assert_api_success(response)
assert result["data"]
assert result["data"]["message"] == "Authorization successful"
assert isinstance(result["data"]["user_id"], str)
assert isinstance(result["token"], str)
def test_update_manager():
""" Creates a user and then updates their manager as nextAdmin"""
user1_payload = {
"name": "Test User 9",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
next_admin = create_next_admin(session)
admin_id = next_admin.json()["data"]["next_id"]
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
with requests.Session() as session:
user_login(session, "testuser9", "123456")
manager_payload = {
"id": user1_id,
"reason": "Integration test of updating manager.",
"metadata": "",
}
next_admin_role = get_role_by_name("NextAdmins")
failed_response = update_manager(session, admin_id, manager_payload)
assert failed_response.json() == {
"code": 400,
"message": "Proposal opener is not a Next Admin.",
}
add_role_member(session, next_admin_role[0]["role_id"],
{"id": user1_id})
with requests.session() as session:
create_next_admin(session)
response = update_manager(session, admin_id, manager_payload)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
assert_api_success(proposal_response)
delete_user_by_username("testuser6")
delete_user_by_username("testuser7")
def test_api_user_signup_good(data):
""" Test user signup with good data
"""
url = helper.api.user.create.url
response = requests.post(url=url, headers=None, json=data)
result = assert_api_success(response)
assert result["data"]
assert result["data"]["message"] == "Authorization successful"
assert isinstance(result["data"]["user"], dict)
assert result["data"]["user"]["email"] == data["email"]
assert result["data"]["user"]["username"] == data["username"]
assert result["data"]["user"]["name"] == data["name"]
assert "password" not in result["data"]["user"]
def authenticated(self, user=None):
""" Provides newly created test user with authentication token
"""
if not user:
user = self.new()
api_wait() # temporary, see config
data = {"id": user["username"], "password": user["password"]}
response = requests.post(url=self.auth_url, headers=None, json=data)
result = assert_api_success(response)
assert result["data"]["message"] == "Authorization successful"
user["user_id"] = result["data"]["user_id"]
user["token"] = result["token"]
return user
def test_role_outq_insertion():
""" Test the insertion of a new fake role resource which is unique
into the outbound_queue table."""
user1_payload = {
"name": "Test Unique User",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
expected_result = True
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
role_payload = {
"name": "TestUniqueRole0501201903",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Unique Role 1",
}
role_response = create_test_role(session, role_payload)
assert_api_success(role_response)
inserted_queue_item = peek_at_q_unfiltered("outbound_queue")
LOGGER.info("Received queue entry %s from outbound queue...",
inserted_queue_item["id"])
successful_insert = bool(inserted_queue_item)
assert expected_result == successful_insert
# Check status of new outbound_entry
role_entry = get_role("TestUniqueRole0501201903")
outbound_queue_data = prepare_outbound_queue_data(
role_entry[0], "role")
outbound_entry = get_outbound_queue_entry(outbound_queue_data)
assert outbound_entry[0]["status"] == "UNCONFIRMED"
delete_role_by_name("TestUniqueRole0501201903")
delete_user_by_username("testuniqueuser0501201901")
def new(self, manager_id=None):
""" Provides a created test user
"""
data = {
"name": self.name(),
"username": self.username(),
"email": self.email(),
"password": self.password(),
"manager": manager_id,
}
response = requests.post(url=self.url, headers=None, json=data)
result = assert_api_success(response)
assert result["data"]["message"] == "Authorization successful"
return data
def test_api_user_get_self():
""" Test a user getting their self
"""
user = helper.api.user.current
url = helper.api.user.get_url(next_id=user["next_id"])
# assert assert_api_get_requires_auth(url)
time.sleep(5)
response = requests.get(url=url, headers={"Authorization": user["token"]})
result = assert_api_success(response)
assert result["data"]["email"] == user["email"]
assert result["data"]["name"] == user["name"]
def test_add_role_member():
"""Test adding a new member to a role.
Creates two test users and a role using the first user,
then adds the second user as member to role."""
user1_payload = {
"name": "Test Owner 1",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test Member",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
create_next_admin(session)
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "TestRole0501201903",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 3",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["assigned_approver"][0] == user1_id
# Logging in as role owner
user_login(session, user1_payload["username"], user1_payload["password"])
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
proposal_response = get_proposal_with_retry(session, result["proposal_id"])
proposal = assert_api_success(proposal_response)
assert proposal["data"]["status"] == "CONFIRMED"
delete_role_by_name("TestRole0501201903")
delete_user_by_username("testowner")
delete_user_by_username("testmemeber")
def test_api_users_get_all():
""" Test getting all users with default page settings. Test that:
1. URL requires authorization
2. Returns a list of data
3. Returns at least one record
"""
user = helper.api.user.current
url = helper.api.user.list_url
# assert assert_api_get_requires_auth(url)
response = requests.get(url=url, headers={"Authorization": user["token"]})
result = assert_api_success(response)
assert isinstance(result["data"], list)
assert result["paging"]["total"] > 0
def test_api_create_user_with_manager(data):
""" Test creating a user
"""
url = helper.api.user.create.url
data["manager"] = helper.api.user.current["user_id"]
response = requests.post(url=url, headers=None, json=data)
result = assert_api_success(response)
assert result["data"]
assert result["data"]["message"] == "Authorization successful"
assert isinstance(result["data"]["user"], dict)
assert result["data"]["user"]["email"] == data["email"]
assert result["data"]["user"]["username"] == data["username"]
assert result["data"]["user"]["name"] == data["name"]
assert "password" not in result["data"]["user"]
assert result["data"]["user"]["manager"] == data["manager"]
def test_api_user_get_other():
""" Test a user getting another user's data
"""
other = helper.api.user.current
user = helper.api.user.current2
url = helper.api.user.get_url(next_id=other["next_id"])
# assert assert_api_get_requires_auth(url)
api_wait() # temporary, see config
response = requests.get(url=url, headers={"Authorization": user["token"]})
result = assert_api_success(response)
assert result["data"]["email"] == other["email"]
assert result["data"]["name"] == other["name"]
def new(self, user):
""" Create a test role, assigned to user current if no user is supplied """
if not user:
user = helper.user.current
data = {
"name": self.name(),
"owners": [user["next_id"]],
"administrators": [user["next_id"]],
}
response = requests.post(url=self.url,
headers={"Authorization": user["token"]},
json=data)
result = assert_api_success(response)
assert result["data"]["name"] == data["name"]
assert result["data"]["owners"] == data["owners"]
return result["data"]
def new(self):
"""A user creates an add role member proposal
to add themselves as an member to a role"""
owner = helper.user.current
role = helper.role.new(user=owner)
user = helper.user.current2
url = self.url(role_id=role["id"])
data = {"id": user["next_id"]}
api_wait() # temporary, see config
response = requests.post(
url=url, headers={"Authorization": user["token"]}, json=data
)
result = assert_api_success(response)
assert "proposal_id" in result
api_wait() # temporary, see config
proposal = helper.proposal.get(result["proposal_id"], owner)
return proposal, owner
def authenticated(self, user=None):
""" Provides newly created test user with authentication token
"""
if not user:
user = self.new()
time.sleep(5)
data = {
"id": user["username"],
"password": user["password"],
"auth_source": "next",
}
response = requests.post(url=self.auth_url, headers=None, json=data)
result = assert_api_success(response)
assert result["data"]["message"] == "Authorization successful"
user["next_id"] = result["data"]["next_id"]
user["token"] = result["token"]
return user
def test_api_create_role():
""" Test creating a role
"""
url = helper.api.role.create.url
user = helper.api.user.current
data = {
"name": helper.api.role.name(),
"owners": [user["next_id"]],
"administrators": [user["next_id"]],
"description": helper.api.role.description(),
}
assert assert_api_post_requires_auth(url=url, json=data)
response = requests.post(url=url,
headers={"Authorization": user["token"]},
json=data)
result = assert_api_success(response)
assert result["data"]
assert result["data"]["name"] == data["name"]
assert result["data"]["owners"] == data["owners"]
assert result["data"]["administrators"] == data["administrators"]
assert result["data"]["description"] == data["description"]
def test_user_relationship_api():
""" Test to check that user relationship API is not throwing
an index out of range error if user dont have any manager.
Creates a test user without manager and calls the user
relationship api for testing whether it is causing any
index out of range error or not."""
user1_payload = {
"name": "kiran kumar",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
response = session.get("http://rbac-server:8000/api/users/" +
user1_id + "/relationships")
assert response.json()["data"]["managers"] == []
delete_user_by_username("kkumar36")
def test_api_propose_role_member():
""" Test a user proposing to add themselves to a role
"""
owner = helper.api.user.current
role = helper.api.role.create.new(user=owner)
user = helper.api.user.current2
url = helper.api.role.member.propose.url(role_id=role["id"])
data = {"id": user["next_id"]}
assert assert_api_post_requires_auth(url=url, json=data)
response = requests.post(url=url,
headers={"Authorization": user["token"]},
json=data)
result = assert_api_success(response)
assert result["proposal_id"]
time.sleep(0.5) # temporary until API refactored to return the proposal
proposal = helper.api.proposal.get(result["proposal_id"], owner)
assert proposal["id"] == result["proposal_id"]
assert proposal["status"] == "OPEN"
assert proposal["type"] == "ADD_ROLE_MEMBER"
assert proposal["object"] == role["id"]
assert proposal["target"] == user["next_id"]
assert proposal["opener"] == user["next_id"]
def test_add_role_member_ldap():
""" Test adding a new member to a role in LDAP-only mode.
Creates two test users and a role using the first user,
then adds the second user as member to role. This test will
only run if ENABLE_LDAP_SYNC is set to 1.
"""
user1_payload = {
"name": "Michael Scott",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Jim Halpert",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
start_depth = get_outbound_queue_depth()
create_next_admin(session)
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "Michael_Scott_Paper_Company",
"owners": user1_id,
"administrators": user1_id,
"description": "Infinite ideas await....",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
assert_api_success(proposal_response)
# Logging in as role owner
user_login(session, user1_payload["username"],
user1_payload["password"])
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
# NOTE: members field contains an empty string because in NEXT
# mode all user's remote_ids are set to an empty string
outbound_queue_data = {
"description": "Infinite ideas await....",
"name": "Michael_Scott_Paper_Company",
"group_types": -2147483646,
"members": [""],
"owners": "",
"remote_id":
"CN=Michael_Scott_Paper_Company," + ENV("GROUP_BASE_DN"),
}
expected_payload = {
"data": outbound_queue_data,
"data_type": "group",
"provider_id": ENV("LDAP_DC"),
"status": "UNCONFIRMED",
"action": "",
}
# Check outbound_queue entry is formatted correctly
outbound_entry = get_outbound_queue_entry(outbound_queue_data)
outbound_entry[0].pop("timestamp")
outbound_entry[0].pop("id")
assert outbound_entry[0] == expected_payload
delete_role_by_name("Michael_Scott_Paper_Company")
delete_user_by_username("jimh062619")
delete_user_by_username("michaels062619")
def test_add_role_member_outqueue():
""" Test adding a new member to a role in NEXT-only mode.
Creates two test users and a role using the first user,
then adds the second user as member to role. This test will
only run if ENABLE_NEXT_BASE_USE is set to 1.
"""
user1_payload = {
"name": "Test Owner 0521201905",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test Member 0521201906",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
start_depth = get_outbound_queue_depth()
create_next_admin(session)
user_response1 = create_test_user(session, user1_payload)
user1_result = assert_api_success(user_response1)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
role_payload = {
"name": "TestRole0521201902",
"owners": user1_id,
"administrators": user1_id,
"description": "Test Role 3",
}
role_response = create_test_role(session, role_payload)
role_result = assert_api_success(role_response)
role_id = role_result["data"]["id"]
role_update_payload = {
"id": user2_id,
"reason": "Integration test of adding a member.",
"metadata": "",
}
response = session.post(
"http://rbac-server:8000/api/roles/{}/members".format(role_id),
json=role_update_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
assert_api_success(proposal_response)
# Logging in as role owner
user_login(session, user1_payload["username"],
user1_payload["password"])
# Approve proposal as role owner
approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
# NOTE: members field contains an empty string because in NEXT
# mode all user's remote_ids are set to an empty string
outbound_queue_data = {"members": [""], "remote_id": ""}
expected_payload = {
"data": outbound_queue_data,
"data_type": "group",
"provider_id": "NEXT-created",
"status": "UNCONFIRMED",
"action": "",
}
# Check outbound_queue entry is formatted correctly
outbound_entry = get_outbound_queue_entry(outbound_queue_data)
outbound_entry[0].pop("timestamp")
outbound_entry[0].pop("id")
assert outbound_entry[0] == expected_payload
delete_role_by_name("TestRole0521201902")
delete_user_by_username("test0521201905")
delete_user_by_username("test0521201906")
def test_update_manager_outqueue():
""" Creates a user and then updates their manager
Manager is the second user created here."""
# TODO: Rewrite this test after data gets sent to outbound_queue
# after a user has their manager updated.
user1_payload = {
"name": "Test User 0521201901",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user2_payload = {
"name": "Test User 0521201902",
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
with requests.Session() as session:
user1_response = create_test_user(session, user1_payload)
user1_result = assert_api_success(user1_response)
user1_id = user1_result["data"]["user"]["id"]
user2_response = create_test_user(session, user2_payload)
user2_result = assert_api_success(user2_response)
user2_id = user2_result["data"]["user"]["id"]
start_depth = get_outbound_queue_depth()
next_admins = {
"name": "NextAdmins",
"owners": [user2_id],
"administrators": [user2_id],
}
role_response = create_test_role(session, next_admins)
add_role_member(session,
role_response.json()["data"]["id"], {"id": user2_id})
manager_payload = {
"id": user2_id,
"reason": "Integration test of adding role owner.",
"metadata": "",
}
response = session.put(
"http://rbac-server:8000/api/users/{}/manager".format(user1_id),
json=manager_payload,
)
result = assert_api_success(response)
proposal_response = get_proposal_with_retry(session,
result["proposal_id"])
proposal = assert_api_success(proposal_response)
# Logging in as role owner
credentials_payload = {
"id": user2_payload["username"],
"password": user2_payload["password"],
}
log_in(session, credentials_payload)
# Approve proposal as role owner
approval_response = approve_proposal(session, result["proposal_id"])
end_depth = get_outbound_queue_depth()
assert end_depth > start_depth
# TODO: Add tests to check for UNCONFIRMED outbound_queue entry status
# when a user's manager gets updated.
delete_user_by_username("test0521201901")
delete_user_by_username("test0521201902")
delete_role_by_name("NextAdmins")
