def policy_creation_should_fail(admin_client: ADCMClient, role: Role, adcm_object: AnyADCMObject, user: User): """Try to create policy based on given role and expect creation to fail""" with allure.step(f'Create policy based on role "{role.display_name}" and expect it to fail'): policy_name = f'Test role {random_string(5)}' with pytest.raises(ErrorMessage) as e: admin_client.policy_create(name=policy_name, role=role, objects=[adcm_object], user=[user]) BAD_REQUEST.equal(e, f'Role with type "{role.type}" could not be used in policy')
def create_action_policy( client: ADCMClient, adcm_object: Union[AnyADCMObject, List[AnyADCMObject]], *business_roles: BusinessRole, user=None, group=None, ) -> Policy: """Create policy based on business roles""" if not (user or group): raise ValueError( "Either user or group should be provided to create policy") user = user or [] group = group or [] child_roles = [{ 'id': client.role(name=role.role_name).id } for role in business_roles] role_name = f"Test Action Role {random_string(6)}" action_parent_role = client.role_create(name=role_name, display_name=role_name, child=child_roles) return client.policy_create( name=f"Test Action Policy {role_name[-6:]}", role=action_parent_role, objects=adcm_object if isinstance(adcm_object, list) else [adcm_object], user=user if isinstance(user, list) else [user], group=group if isinstance(group, list) else [group], )
def test_remove_policy(user_policy, user_sdk: ADCMClient, sdk_client_fs: ADCMClient): """Test that "Remove policy" role is ok""" BusinessRoles.CreateCustomRoles.value.method_call(sdk_client_fs) custom_role = sdk_client_fs.role(name="Custom role") user = sdk_client_fs.user(username="******") is_allowed(user_sdk, BusinessRoles.ViewPolicies) is_denied(user_sdk, BusinessRoles.CreatePolicy, role=custom_role, user=[user]) custom_policy = user_sdk.policy(id=sdk_client_fs.policy_create( name="Test policy", objects=[], role=custom_role, user=[user]).id) is_denied(custom_policy, BusinessRoles.EditPolicy) is_allowed(custom_policy, BusinessRoles.RemovePolicy) delete_policy(user_policy) sdk_client_fs.policy_create(name="Test policy", objects=[], role=custom_role, user=[user]) is_denied(user_sdk, BusinessRoles.ViewPolicies)
def grant_role(self, client: ADCMClient, user: User, role: RbacRoles, *objects: AnyADCMObject) -> Policy: """Grant RBAC default role to a user""" with allure.step(f'Grant role "{role.value}" to user {user.username}'): return client.policy_create( name=f'{user.username} is {role.value}', role=client.role(name=role.value), objects=objects, user=[user] )
def policy_creation_should_succeeded(admin_client: ADCMClient, role: Role, adcm_object: AnyADCMObject, user: User): """Try to create policy based on give role and expect creation to succeed""" with allure.step(f'Create policy based on role "{role.display_name}" and expect it to succeeded'): policy_name = f'Test role {random_string(5)}' with catch_failed(ErrorMessage, 'Policy should be created'): admin_client.policy_create(name=policy_name, role=role, objects=[adcm_object], user=[user])