def test_user_enable_disable( session, # noqa: F811 graph, # noqa: F811 users, # noqa: F811 user_admin_perm_to_auditors, user_enable_perm_to_sre, http_client, base_url, ): username = u"*****@*****.**" old_groups = sorted(get_groups(graph, username)) headers_admin = {"X-Grouper-User": "******"} headers_enable = {"X-Grouper-User": "******"} body_preserve = urlencode({"preserve_membership": "true"}) body_base = urlencode({}) # disable user fe_url = url(base_url, "/users/{}/disable".format(username)) resp = yield http_client.fetch(fe_url, method="POST", headers=headers_admin, body=body_base) assert resp.code == 200 # Attempt to enable user, preserving groups, as user with `grouper.user.enable`. # Should fail due to lack of admin perm. fe_url = url(base_url, "/users/{}/enable".format(username)) with pytest.raises(HTTPError): resp = yield http_client.fetch( fe_url, method="POST", headers=headers_enable, body=body_preserve ) # enable user, PRESERVE groups, as a user with the correct admin permission fe_url = url(base_url, "/users/{}/enable".format(username)) resp = yield http_client.fetch( fe_url, method="POST", headers=headers_admin, body=body_preserve ) assert resp.code == 200 graph.update_from_db(session) assert old_groups == sorted(get_groups(graph, username)), "nothing should be removed" # disable user again fe_url = url(base_url, "/users/{}/disable".format(username)) resp = yield http_client.fetch(fe_url, method="POST", headers=headers_admin, body=body_base) assert resp.code == 200 # Attempt to enable user, PURGE groups. Should now succeed even with # only the `grouper.user.enable` perm. fe_url = url(base_url, "/users/{}/enable".format(username)) resp = yield http_client.fetch(fe_url, method="POST", headers=headers_enable, body=body_base) assert resp.code == 200 graph.update_from_db(session) assert len(get_groups(graph, username)) == 0, "all group membership should be removed"
def test_user_enable_disable( session, # noqa: F811 graph, # noqa: F811 users, # noqa: F811 user_admin_perm_to_auditors, user_enable_perm_to_sre, http_client, base_url, ): username = "******" old_groups = sorted(get_groups(graph, username)) headers_admin = {"X-Grouper-User": "******"} headers_enable = {"X-Grouper-User": "******"} body_preserve = urlencode({"preserve_membership": "true"}) body_base = urlencode({}) # disable user fe_url = url(base_url, "/users/{}/disable".format(username)) resp = yield http_client.fetch(fe_url, method="POST", headers=headers_admin, body=body_base) assert resp.code == 200 # Attempt to enable user, preserving groups, as user with `grouper.user.enable`. # Should fail due to lack of admin perm. fe_url = url(base_url, "/users/{}/enable".format(username)) with pytest.raises(HTTPError): resp = yield http_client.fetch( fe_url, method="POST", headers=headers_enable, body=body_preserve ) # enable user, PRESERVE groups, as a user with the correct admin permission fe_url = url(base_url, "/users/{}/enable".format(username)) resp = yield http_client.fetch( fe_url, method="POST", headers=headers_admin, body=body_preserve ) assert resp.code == 200 graph.update_from_db(session) assert old_groups == sorted(get_groups(graph, username)), "nothing should be removed" # disable user again fe_url = url(base_url, "/users/{}/disable".format(username)) resp = yield http_client.fetch(fe_url, method="POST", headers=headers_admin, body=body_base) assert resp.code == 200 # Attempt to enable user, PURGE groups. Should now succeed even with # only the `grouper.user.enable` perm. fe_url = url(base_url, "/users/{}/enable".format(username)) resp = yield http_client.fetch(fe_url, method="POST", headers=headers_enable, body=body_base) assert resp.code == 200 graph.update_from_db(session) assert len(get_groups(graph, username)) == 0, "all group membership should be removed"
def test_graph_desc_to_ances(session, graph, users, groups): # noqa: F811 """ Test adding members where all descendants already exist.""" setup_desc_to_ances(session, users, groups) session.commit() graph.update_from_db(session) assert get_users(graph, "team-sre") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "tech-ops") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "all-teams") == set( ["*****@*****.**", "*****@*****.**", "*****@*****.**"]) assert get_users(graph, "all-teams", cutoff=1) == set(["*****@*****.**"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops"]) assert get_groups(graph, "*****@*****.**") == set(["all-teams"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["all-teams"])
def test_graph_desc_to_ances(session, graph, users, groups): # noqa: F811 """ Test adding members where all descendants already exist.""" setup_desc_to_ances(session, users, groups) session.commit() graph.update_from_db(session) assert get_users(graph, "team-sre") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "tech-ops") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "all-teams") == set(["*****@*****.**", "*****@*****.**", "*****@*****.**"]) assert get_users(graph, "all-teams", cutoff=1) == set(["*****@*****.**"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"] ) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"] ) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops"]) assert get_groups(graph, "*****@*****.**") == set(["all-teams"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["all-teams"])
def test_graph_cycle_direct(session, graph, users, groups): # noqa: F811 """ Test adding members where all descendants already exist.""" add_member(groups["team-sre"], users["*****@*****.**"]) add_member(groups["tech-ops"], users["*****@*****.**"]) add_member(groups["team-sre"], groups["tech-ops"]) add_member(groups["tech-ops"], groups["team-sre"]) session.commit() graph.update_from_db(session) assert get_users(graph, "team-sre") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-sre", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "tech-ops") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "tech-ops", cutoff=1) == set(["*****@*****.**"]) assert get_groups(graph, "*****@*****.**") == set(["team-sre", "tech-ops"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre"]) assert get_groups(graph, "*****@*****.**") == set(["team-sre", "tech-ops"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["tech-ops"])
def test_graph_cycle_indirect(session, graph, users, groups): # noqa: F811 """ Test adding a member that will create a cycle. gary zay testuser | | | sre <----- tech-ops <----- team-infra <-- | | | | --------> all-teams -------------------- """ add_member(groups["team-sre"], users["*****@*****.**"]) add_member(groups["tech-ops"], users["*****@*****.**"]) add_member(groups["team-infra"], users["*****@*****.**"]) add_member(groups["team-sre"], groups["tech-ops"]) add_member(groups["tech-ops"], groups["team-infra"]) add_member(groups["team-infra"], groups["all-teams"]) add_member(groups["all-teams"], groups["team-sre"]) session.commit() graph.update_from_db(session) all_users = set(["*****@*****.**", "*****@*****.**", "*****@*****.**"]) all_groups = set(["team-sre", "all-teams", "tech-ops", "team-infra"]) assert get_users(graph, "team-sre") == all_users assert get_users(graph, "team-sre", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "tech-ops") == all_users assert get_users(graph, "tech-ops", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "team-infra") == all_users assert get_users(graph, "team-infra", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "all-teams") == all_users assert get_users(graph, "all-teams", cutoff=1) == set([]) assert get_groups(graph, "*****@*****.**") == all_groups assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre"]) assert get_groups(graph, "*****@*****.**") == all_groups assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["tech-ops"]) assert get_groups(graph, "*****@*****.**") == all_groups assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-infra"])
def test_graph_add_member_existing(session, graph, users, groups): # noqa: F811 """ Test adding members to an existing relationship.""" add_member(groups["team-sre"], users["*****@*****.**"], role="owner") add_member(groups["tech-ops"], users["*****@*****.**"], role="owner") add_member(groups["team-infra"], users["*****@*****.**"], role="owner") add_member(groups["team-infra"], groups["team-sre"]) add_member(groups["team-infra"], groups["tech-ops"]) add_member(groups["all-teams"], users["*****@*****.**"], role="owner") add_member(groups["all-teams"], groups["team-infra"]) add_member(groups["team-sre"], users["*****@*****.**"]) add_member(groups["tech-ops"], users["*****@*****.**"]) session.commit() graph.update_from_db(session) assert get_users(graph, "team-sre") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "tech-ops") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "all-teams") == set( ["*****@*****.**", "*****@*****.**", "*****@*****.**"]) assert get_users(graph, "all-teams", cutoff=1) == set(["*****@*****.**"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops"]) assert get_groups(graph, "*****@*****.**") == set(["all-teams"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["all-teams"])
def test_graph_add_member_existing(session, graph, users, groups): # noqa: F811 """ Test adding members to an existing relationship.""" add_member(groups["team-sre"], users["*****@*****.**"], role="owner") add_member(groups["tech-ops"], users["*****@*****.**"], role="owner") add_member(groups["team-infra"], users["*****@*****.**"], role="owner") add_member(groups["team-infra"], groups["team-sre"]) add_member(groups["team-infra"], groups["tech-ops"]) add_member(groups["all-teams"], users["*****@*****.**"], role="owner") add_member(groups["all-teams"], groups["team-infra"]) add_member(groups["team-sre"], users["*****@*****.**"]) add_member(groups["tech-ops"], users["*****@*****.**"]) session.commit() graph.update_from_db(session) assert get_users(graph, "team-sre") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "tech-ops") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra") == set(["*****@*****.**", "*****@*****.**"]) assert get_users(graph, "team-infra", cutoff=1) == set(["*****@*****.**"]) assert get_users(graph, "all-teams") == set(["*****@*****.**", "*****@*****.**", "*****@*****.**"]) assert get_users(graph, "all-teams", cutoff=1) == set(["*****@*****.**"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"] ) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops", "team-infra"]) assert get_groups(graph, "*****@*****.**") == set( ["team-sre", "all-teams", "tech-ops", "team-infra"] ) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["team-sre", "tech-ops"]) assert get_groups(graph, "*****@*****.**") == set(["all-teams"]) assert get_groups(graph, "*****@*****.**", cutoff=1) == set(["all-teams"])