def test_remove_systems_from_pool(self): pool_name = data_setup.unique_name(u'mypool%s') with session.begin(): s1 = data_setup.create_system() s2 = data_setup.create_system() s3 = data_setup.create_system() s4 = data_setup.create_system() pool = data_setup.create_system_pool(name=pool_name, systems=[s1, s2, s3]) run_client([ 'bkr', 'pool-remove', '--pool', pool_name, '--system', s1.fqdn, '--system', s2.fqdn ]) with session.begin(): session.refresh(pool) self.assertIn(s3, pool.systems) # remove system from a pool of which it is not a member of try: run_client([ 'bkr', 'pool-remove', '--pool', pool_name, '--system', s4.fqdn ]) self.fail('Must fail') except ClientError as e: self.assertIn('System %s is not in pool %s' % (s4.fqdn, pool_name), e.stderr_output)
def test_group_remove_should_not_remove_system_pool(self): with session.begin(): user = data_setup.create_user(password='******') group = data_setup.create_group(owner=user) pool = data_setup.create_system_pool(owning_group=group) b = self.browser login(b, user=user.user_name, password='******') b.get(get_server_base() + 'groups/') b.find_element_by_xpath("//input[@name='group.text']").clear() b.find_element_by_xpath("//input[@name='group.text']").send_keys(group.group_name) b.find_element_by_id('Search').submit() delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" % group.group_name, delete_text='Delete Group') self.assertEqual( b.find_element_by_class_name('flash').text, '%s deleted' % group.display_name) with session.begin(): session.refresh(pool) self.assertFalse(pool.owning_group) self.assertEquals(pool.owning_user, user) self.assertEquals(pool.activity[-1].action, u'Changed') self.assertEquals(pool.activity[-1].field_name, u'Owner') self.assertEquals(pool.activity[-1].old_value, 'Group %s' % group.group_name) self.assertEquals(pool.activity[-1].new_value, user.user_name) self.assertEquals(pool.activity[-1].service, u'WEBUI')
def test_removing_group_removes_admin(self): with session.begin(): self.system.group_assocs.append( SystemGroup(group=self.group, admin=True)) self.assert_(self.system.can_admin(self.user_in_group)) b = self.browser self.delete_group_from_system(b) with session.begin(): session.refresh(self.system) self.assert_(not self.system.can_admin(self.user_in_group))
def test_can_release_system(self): with session.begin(): system = data_setup.create_system(status=SystemStatus.manual) user = data_setup.create_user() system.reserve_manually("TESTING", user=user) self.assertEqual(system.user, user) run_client(["bkr", "system-release", system.fqdn]) with session.begin(): session.refresh(system) self.assertEqual(system.user, None)
def test_can_release_system(self): with session.begin(): system = data_setup.create_system(status=SystemStatus.manual) user = data_setup.create_user() system.reserve_manually(u'TESTING', user=user) self.assertEqual(system.user, user) run_client(['bkr', 'system-release', system.fqdn]) with session.begin(): session.refresh(system) self.assertEqual(system.user, None)
def test_add_systems_to_pool(self): pool_name = data_setup.unique_name(u'mypool%s') with session.begin(): pool = data_setup.create_system_pool(name=pool_name) s1 = data_setup.create_system() s2 = data_setup.create_system() run_client(['bkr', 'pool-add', '--pool', pool_name, '--system', s1.fqdn, '--system', s2.fqdn]) with session.begin(): session.refresh(pool) self.assertItemsEqual([s1, s2], pool.systems)
def test_change_hypervisor(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to KVM run_client(['bkr', 'system-modify', '--host-hypervisor=KVM', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.hypervisor, Hypervisor.by_name(u'KVM')) # set back to none (bare metal) run_client(['bkr', 'system-modify', '--host-hypervisor=', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.hypervisor, None)
def test_change_hypervisor(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to KVM run_client( ['bkr', 'system-modify', '--host-hypervisor=KVM', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.hypervisor, Hypervisor.by_name(u'KVM')) # set back to none (bare metal) run_client(['bkr', 'system-modify', '--host-hypervisor=', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.hypervisor, None)
def test_clearing_alias_stores_null(self): with session.begin(): data_setup.create_distro_tree(osmajor=u'YellowSpaceshipLinux2') osmajor = OSMajor.by_name(u'YellowSpaceshipLinux2') osmajor.alias = u'YSL2' b = self.browser go_to_edit_osmajor(b, 'YellowSpaceshipLinux2') b.find_element_by_xpath('//input[@id="form_alias"]').clear() b.find_element_by_xpath('//button[text()="Edit OSMajor"]').submit() self.assertEquals(b.find_element_by_class_name('flash').text, 'Changes saved for YellowSpaceshipLinux2') with session.begin(): session.refresh(osmajor) self.assertEquals(osmajor.alias, None) # not ''
def test_cannot_update_system_pool_with_empty_name(self): """Verify that updating a system pool with an empty name returns an error.""" self.assertTrue(self.pool.name, "Cannot run test with empty pool name in fixture") s = requests.Session() send_login(s, self.owner, 'theowner') response = patch_json(get_server_base() + 'pools/%s/' % self.pool.name, session=s, data={'name': ''}) self.assertEqual(400, response.status_code) self.assertEqual('Pool name cannot be empty', response.text) with session.begin(): session.refresh(self.pool) self.assertTrue(self.pool.name)
def test_change_power_id(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 'dummyvm' run_client(['bkr', 'system-modify', '--power-id=dummyvm', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_id, u'dummyvm') # set to 'vm-dummy' run_client( ['bkr', 'system-modify', '--power-id=vm-dummy', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_id, u'vm-dummy')
def test_change_release_action(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 'LeaveOn' run_client( ['bkr', 'system-modify', '--release-action=LeaveOn', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.release_action, ReleaseAction.leave_on) # set to 'PowerOff' run_client( ['bkr', 'system-modify', '--release-action=PowerOff', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.release_action, ReleaseAction.power_off)
def test_clearing_alias_stores_null(self): with session.begin(): data_setup.create_distro_tree(osmajor=u'YellowSpaceshipLinux2') osmajor = OSMajor.by_name(u'YellowSpaceshipLinux2') osmajor.alias = u'YSL2' b = self.browser go_to_edit_osmajor(b, 'YellowSpaceshipLinux2') b.find_element_by_xpath('//input[@id="form_alias"]').clear() b.find_element_by_xpath('//button[text()="Edit OSMajor"]').submit() self.assertEquals( b.find_element_by_class_name('flash').text, 'Changes saved for YellowSpaceshipLinux2') with session.begin(): session.refresh(osmajor) self.assertEquals(osmajor.alias, None) # not ''
def test_add_system(self): with session.begin(): system = data_setup.create_system() pool = data_setup.create_system_pool() b = self.browser login(b) self.go_to_pool_edit(system_pool=pool, tab='Systems') b.find_element_by_name('system').send_keys(system.fqdn) b.find_element_by_class_name('pool-add-system-form').submit() self.assertEquals(b.find_element_by_xpath('//div[@id="systems"]' '/div/ul[@class="list-group pool-systems-list"]' '/li/a').text, system.fqdn) with session.begin(): session.refresh(pool) self.assertIn(system, pool.systems)
def test_remove_system(self): with session.begin(): system = data_setup.create_system() pool = data_setup.create_system_pool() pool.systems.append(system) b = self.browser login(b) self.go_to_pool_edit(system_pool=pool, tab='Systems') b.find_element_by_link_text(system.fqdn) # remove b.find_element_by_xpath('//li[contains(a/text(), "%s")]/button' % system.fqdn).click() b.find_element_by_xpath('//div[@id="systems" and ' 'not(./div/ul/li)]') with session.begin(): session.refresh(pool) self.assertNotIn(system, pool.systems)
def test_change_power_user(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 'dummyuser' run_client( ['bkr', 'system-modify', '--power-user=dummyuser', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_user, u'dummyuser') # set back to default value user = u'%s_power_user' % system.fqdn run_client( ['bkr', 'system-modify', '--power-user=%s' % user, system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_user, user)
def test_change_power_quiescent(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 10 run_client([ 'bkr', 'system-modify', '--power-quiescent-period=10', system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_quiescent_period, 10) # set to 5 run_client([ 'bkr', 'system-modify', '--power-quiescent-period=5', system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_quiescent_period, 5)
def test_add_system(self): with session.begin(): system = data_setup.create_system() pool = data_setup.create_system_pool() b = self.browser login(b) self.go_to_pool_edit(system_pool=pool, tab='Systems') b.find_element_by_name('system').send_keys(system.fqdn) b.find_element_by_class_name('pool-add-system-form').submit() self.assertEquals( b.find_element_by_xpath( '//div[@id="systems"]' '/div/ul[@class="list-group pool-systems-list"]' '/li/a').text, system.fqdn) with session.begin(): session.refresh(pool) self.assertIn(system, pool.systems)
def test_change_power_type(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 'apc_snmp_then_etherwake' run_client([ 'bkr', 'system-modify', '--power-type=apc_snmp_then_etherwake', system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_type, PowerType.by_name(u'apc_snmp_then_etherwake')) # set back to ilo run_client(['bkr', 'system-modify', '--power-type=ilo', system.fqdn]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_type, PowerType.by_name(u'ilo'))
def test_cannot_update_with_empty_name(self): """Verifies that the pool cannot be updated with an empty name.""" self.assertTrue(self.pool.name, "Cannot run test with empty pool name in fixture") b = self.browser login(b) self.go_to_pool_edit(system_pool=self.pool) b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click() modal = b.find_element_by_class_name('modal') modal.find_element_by_name('name').clear() modal.find_element_by_xpath('.//button[text()="Save changes"]').click() self.assertTrue(modal.find_element_by_css_selector('input[name="name"]:required:invalid')) # verify that the pool's name is not modified and the name not empty due # to the validation error with session.begin(): session.refresh(self.pool) self.assertTrue(self.pool.name)
def test_register_recipe_log(self): self.server.auth.login_password(self.lc.user.user_name, 'logmein') self.server.recipes.register_file('http://myserver/log.txt', self.recipe.id, '/', 'log.txt', '') with session.begin(): session.refresh(self.recipe) self.assertEquals(len(self.recipe.logs), 1, self.recipe.logs) self.assertEquals(self.recipe.logs[0].path, u'/') self.assertEquals(self.recipe.logs[0].filename, u'log.txt') self.assertEquals(self.recipe.logs[0].server, u'http://myserver/log.txt') # Register it again with a different URL self.server.recipes.register_file('http://elsewhere/log.txt', self.recipe.id, '/', 'log.txt', '') with session.begin(): session.refresh(self.recipe) self.assertEquals(len(self.recipe.logs), 1, self.recipe.logs) self.assertEquals(self.recipe.logs[0].path, u'/') self.assertEquals(self.recipe.logs[0].filename, u'log.txt') self.assertEquals(self.recipe.logs[0].server, u'http://elsewhere/log.txt')
def test_change_power_address(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 'dummyaddress' run_client([ 'bkr', 'system-modify', '--power-address=dummyaddress', system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_address, u'dummyaddress') # set back to default value address = u'%s_power_address' % system.fqdn run_client([ 'bkr', 'system-modify', '--power-address=%s' % address, system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_address, address)
def test_remove_systems_pool_privileges(self): pool_name = data_setup.unique_name('mypool%s') with session.begin(): system_owner = data_setup.create_user(password='******') pool_owner = data_setup.create_user(password='******') random_user = data_setup.create_user(password='******') s1 = data_setup.create_system(owner=system_owner) s2 = data_setup.create_system(owner=system_owner) s3 = data_setup.create_system(owner=system_owner) pool = data_setup.create_system_pool(name=pool_name, owning_user=pool_owner, systems=[s1, s2, s3] ) run_client(['bkr', 'pool-remove', '--pool', pool_name, '--system', s1.fqdn], config=create_client_config( username=system_owner.user_name, password='******')) with session.begin(): session.refresh(pool) self.assertNotIn(s1, pool.systems) run_client(['bkr', 'pool-remove', '--pool', pool_name, '--system', s2.fqdn], config=create_client_config( username=pool_owner.user_name, password='******')) with session.begin(): session.refresh(pool) self.assertNotIn(s2, pool.systems) try: run_client(['bkr', 'pool-remove', '--pool', pool_name, '--system', s3.fqdn], config=create_client_config( username=random_user.user_name, password='******')) self.fail('Must fail') except ClientError as e: self.assertIn('You do not have permission to modify system %s' 'or remove systems from pool %s' % (s3.fqdn, pool_name), e.stderr_output)
def test_start_and_complete_task(self): # This simulates the traditional beah style where the task comes from # the task library, and its name and version are already known. We just # set it to Running and then to Completed. task_url = '%srecipes/%s/tasks/%s/' % ( self.get_proxy_url(), self.recipe.id, self.recipe.tasks[1].id) response = requests.patch(task_url, data=dict(status='Running')) self.assertEquals(response.status_code, 200) self.assertEquals(response.json()['status'], 'Running') with session.begin(): task = self.recipe.tasks[1] session.refresh(task) self.assertEquals(task.status, TaskStatus.running) response = requests.patch(task_url, data=dict(status='Completed')) self.assertEquals(response.status_code, 200) self.assertEquals(response.json()['status'], 'Completed') with session.begin(): session.expire_all() task = self.recipe.tasks[1] self.assertEquals(task.status, TaskStatus.completed)
def test_start_and_complete_task(self): # This simulates the traditional beah style where the task comes from # the task library, and its name and version are already known. We just # set it to Running and then to Completed. task_url = '%srecipes/%s/tasks/%s/' % (self.get_proxy_url(), self.recipe.id, self.recipe.tasks[1].id) response = requests.patch(task_url, data=dict(status='Running')) self.assertEquals(response.status_code, 200) self.assertEquals(response.json()['status'], 'Running') with session.begin(): task = self.recipe.tasks[1] session.refresh(task) self.assertEquals(task.status, TaskStatus.running) response = requests.patch(task_url, data=dict(status='Completed')) self.assertEquals(response.status_code, 200) self.assertEquals(response.json()['status'], 'Completed') with session.begin(): session.expire_all() task = self.recipe.tasks[1] self.assertEquals(task.status, TaskStatus.completed)
def test_change_power_password(self): with session.begin(): system = data_setup.create_system(hypervisor=None) # set to 'dummypassword' run_client([ 'bkr', 'system-modify', '--power-password=dummypassword', system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_passwd, u'dummypassword') # set back to default value password = u'%s_power_password' % system.fqdn run_client([ 'bkr', 'system-modify', '--power-password=%s' % password, system.fqdn ]) with session.begin(): session.refresh(system) self.assertEquals(system.power.power_passwd, password)
def test_remove_systems_pool_privileges(self): pool_name = data_setup.unique_name(u'mypool%s') with session.begin(): system_owner = data_setup.create_user(password=u'password') pool_owner = data_setup.create_user(password=u'password') random_user = data_setup.create_user(password=u'password') s1 = data_setup.create_system(owner=system_owner) s2 = data_setup.create_system(owner=system_owner) s3 = data_setup.create_system(owner=system_owner) pool = data_setup.create_system_pool(name=pool_name, owning_user=pool_owner, systems=[s1, s2, s3]) run_client( ['bkr', 'pool-remove', '--pool', pool_name, '--system', s1.fqdn], config=create_client_config(username=system_owner.user_name, password='******')) with session.begin(): session.refresh(pool) self.assertNotIn(s1, pool.systems) run_client( ['bkr', 'pool-remove', '--pool', pool_name, '--system', s2.fqdn], config=create_client_config(username=pool_owner.user_name, password='******')) with session.begin(): session.refresh(pool) self.assertNotIn(s2, pool.systems) try: run_client([ 'bkr', 'pool-remove', '--pool', pool_name, '--system', s3.fqdn ], config=create_client_config( username=random_user.user_name, password='******')) self.fail('Must fail') except ClientError as e: self.assertIn( 'You do not have permission to modify system %s' 'or remove systems from pool %s' % (s3.fqdn, pool_name), e.stderr_output)
def test_update_pool(self): with session.begin(): pool = data_setup.create_system_pool() group = data_setup.create_group() b = self.browser login(b) self.go_to_pool_edit(system_pool=pool) b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click() modal = b.find_element_by_class_name('modal') modal.find_element_by_name('description').clear() modal.find_element_by_name('description').send_keys('newdescription') BootstrapSelect(modal.find_element_by_name('owner_type'))\ .select_by_visible_text('Group') modal.find_element_by_name('group_name').clear() modal.find_element_by_name('group_name').send_keys(group.group_name) modal.find_element_by_xpath('.//button[text()="Save changes"]').click() b.find_element_by_xpath('//body[not(.//div[@id="modal"])]') with session.begin(): session.refresh(pool) self.assertEqual(pool.description, 'newdescription') self.assertEqual(pool.owner, group)
def test_update_pool(self): with session.begin(): pool = data_setup.create_system_pool() group = data_setup.create_group() b = self.browser login(b) self.go_to_pool_edit(system_pool=pool) b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click() modal = b.find_element_by_class_name('modal') modal.find_element_by_name('description').clear() modal.find_element_by_name('description').send_keys('newdescription') BootstrapSelect(modal.find_element_by_name('owner_type'))\ .select_by_visible_text('Group') modal.find_element_by_name('group_name').clear() modal.find_element_by_name('group_name').send_keys(group.group_name) modal.find_element_by_xpath('.//button[text()="Save changes"]').click() b.find_element_by_xpath( '//body[not(.//div[contains(@class, "modal")])]') with session.begin(): session.refresh(pool) self.assertEqual(pool.description, 'newdescription') self.assertEqual(pool.owner, group)
def test_cannot_update_with_empty_name(self): """Verifies that the pool cannot be updated with an empty name.""" self.assertTrue(self.pool.name, "Cannot run test with empty pool name in fixture") b = self.browser login(b) self.go_to_pool_edit(system_pool=self.pool) b.find_element_by_xpath('.//button[contains(text(), "Edit")]').click() modal = b.find_element_by_class_name('modal') modal.find_element_by_name('name').clear() modal.find_element_by_xpath('.//button[text()="Save changes"]').click() self.assertTrue( modal.find_element_by_css_selector( 'input[name="name"]:required:invalid')) # verify that the pool's name is not modified and the name not empty due # to the validation error with session.begin(): session.refresh(self.pool) self.assertTrue(self.pool.name)
def test_grant_policy_pool(self): with session.begin(): pool = data_setup.create_system_pool() user = data_setup.create_user() group = data_setup.create_group() group.add_member(user) user1 = data_setup.create_user() # group run_client(['bkr', 'policy-grant', '--pool', pool.name, '--permission', 'edit_system', '--group', group.group_name]) with session.begin(): session.refresh(pool) self.assertTrue(pool.access_policy.grants( user, SystemPermission.edit_system)) # non-existent group try: run_client(['bkr', 'policy-grant', '--pool', pool.name, '--permission', 'edit_system', '--group', 'idontexist']) self.fail('Must fail or die') except ClientError as e: self.assertIn("Group 'idontexist' does not exist", e.stderr_output) # Everybody edit_system run_client(['bkr', 'policy-grant', '--pool', pool.name, '--permission', 'edit_system', '--everybody']) with session.begin(): session.refresh(pool) self.assertTrue(pool.access_policy.grants( user1, SystemPermission.edit_system)) # test_multiple_permissions_and_targets with session.begin(): user = data_setup.create_user() group = data_setup.create_group() user1 = data_setup.create_user() group.add_member(user1) run_client(['bkr', 'policy-grant', '--pool', pool.name, '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) with session.begin(): session.refresh(pool) self.assertTrue(pool.access_policy.grants( user, SystemPermission.view_power)) self.assertTrue(pool.access_policy.grants( user, SystemPermission.reserve)) self.assertTrue(pool.access_policy.grants( user1, SystemPermission.view_power)) self.assertTrue(pool.access_policy.grants( user1, SystemPermission.reserve)) # non-existent pool try: run_client(['bkr', 'policy-grant', '--pool', 'idontexist', '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) except ClientError as e: self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_remove_systems_from_pool(self): pool_name = data_setup.unique_name('mypool%s') with session.begin(): s1 = data_setup.create_system() s2 = data_setup.create_system() s3 = data_setup.create_system() s4 = data_setup.create_system() pool = data_setup.create_system_pool(name=pool_name, systems=[s1, s2, s3]) run_client(['bkr', 'pool-remove', '--pool', pool_name, '--system', s1.fqdn, '--system', s2.fqdn]) with session.begin(): session.refresh(pool) self.assertIn(s3, pool.systems) # remove system from a pool of which it is not a member of try: run_client(['bkr', 'pool-remove', '--pool', pool_name, '--system', s4.fqdn]) self.fail('Must fail') except ClientError as e: self.assertIn('System %s is not in pool %s' % (s4.fqdn, pool_name), e.stderr_output)
def test_revoke_policy_pool(self): with session.begin(): pool = data_setup.create_system_pool() user = data_setup.create_user() user1 = data_setup.create_user() group = data_setup.create_group() group.users.append(user1) pol = pool.access_policy pol.add_rule(SystemPermission.reserve, user=user) pol.add_rule(SystemPermission.view_power, user=user) pol.add_rule(SystemPermission.reserve, group=group) pol.add_rule(SystemPermission.view_power, group=group) # revoke edit_system from group run_client([ 'bkr', 'policy-revoke', '--pool', pool.name, '--permission', 'view_power', '--group', group.group_name ]) with session.begin(): session.refresh(pool) self.assertFalse( pool.access_policy.grants(user1, SystemPermission.edit_system)) # test_multiple_permissions_and_targets run_client(['bkr', 'policy-revoke', '--pool', pool.name, '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) with session.begin(): session.refresh(pool) self.assertFalse( pool.access_policy.grants(user, SystemPermission.view_power)) self.assertFalse( pool.access_policy.grants(user, SystemPermission.reserve)) self.assertFalse( pool.access_policy.grants(user1, SystemPermission.view_power)) self.assertFalse( pool.access_policy.grants(user1, SystemPermission.reserve)) # this should still exist with session.begin(): session.refresh(pool) self.assertTrue( pool.access_policy.grants(user, SystemPermission.view)) # non-existent pool try: run_client(['bkr', 'policy-revoke', '--pool', 'idontexist', '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) except ClientError as e: self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_revoke_policy_pool(self): with session.begin(): pool = data_setup.create_system_pool() user = data_setup.create_user() user1 = data_setup.create_user() group = data_setup.create_group() group.users.append(user1) pol = pool.access_policy pol.add_rule(SystemPermission.reserve, user=user) pol.add_rule(SystemPermission.view_power, user=user) pol.add_rule(SystemPermission.reserve, group=group) pol.add_rule(SystemPermission.view_power, group=group) # revoke edit_system from group run_client(['bkr', 'policy-revoke', '--pool', pool.name, '--permission', 'view_power', '--group', group.group_name]) with session.begin(): session.refresh(pool) self.assertFalse(pool.access_policy.grants( user1, SystemPermission.edit_system)) # test_multiple_permissions_and_targets run_client(['bkr', 'policy-revoke', '--pool', pool.name, '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) with session.begin(): session.refresh(pool) self.assertFalse(pool.access_policy.grants( user, SystemPermission.view_power)) self.assertFalse(pool.access_policy.grants( user, SystemPermission.reserve)) self.assertFalse(pool.access_policy.grants( user1, SystemPermission.view_power)) self.assertFalse(pool.access_policy.grants( user1, SystemPermission.reserve)) # this should still exist with session.begin(): session.refresh(pool) self.assertTrue(pool.access_policy.grants( user, SystemPermission.view)) # non-existent pool try: run_client(['bkr', 'policy-revoke', '--pool', 'idontexist', '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) except ClientError as e: self.assertIn("System pool idontexist does not exist", e.stderr_output)
def test_group_has_access_policy_rule_remove(self): with session.begin(): user = data_setup.create_user(password='******') system = data_setup.create_system(owner=user, shared=False) system.custom_access_policy = SystemAccessPolicy() group = data_setup.create_group(owner=user) p = system.custom_access_policy p.add_rule(permission=SystemPermission.edit_system, group=group) p.add_rule(permission=SystemPermission.edit_policy, group=group) b = self.browser login(b, user=user.user_name, password='******') # check current rules self.assertEquals(len(p.rules), 2) self.assert_(p.rules[0].user is None) self.assertEquals(p.rules[0].group, group) self.assert_(p.rules[1].user is None) self.assertEquals(p.rules[1].group, group) # save current rules for later use access_policy_rule_1 = repr(p.rules[0]) access_policy_rule_2 = repr(p.rules[1]) # delete the group b.get(get_server_base() + 'groups/mine') delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" % group.group_name, delete_text='Delete Group') self.assertEqual( b.find_element_by_class_name('flash').text, '%s deleted' % group.display_name) # check if the access policy rule has been removed session.refresh(p) self.assertEquals(len(p.rules), 0) # Check whether the rules deleted have been recorded in the # Activity table b.get(get_server_base() + 'activity/') b.find_element_by_link_text('Show Search Options').click() b.find_element_by_xpath( "//select[@id='activitysearch_0_table']/option[@value='Action']" ).click() b.find_element_by_xpath( "//select[@id='activitysearch_0_operation']/option[@value='is']" ).click() b.find_element_by_xpath( "//input[@id='activitysearch_0_value']").send_keys('Removed') b.find_element_by_link_text('Add').click() b.find_element_by_xpath( "//select[@id='activitysearch_1_table']/option[@value='Property']" ).click() b.find_element_by_xpath( "//select[@id='activitysearch_1_operation']/option[@value='is']" ).click() b.find_element_by_xpath("//input[@id='activitysearch_1_value']" ).send_keys('Access Policy Rule') b.find_element_by_id('searchform').submit() self.assert_( is_activity_row_present(b, via='WEBUI', action='Removed', object_='System: %s' % system.fqdn, property_='Access Policy Rule', old_value=access_policy_rule_1, new_value='')) self.assert_( is_activity_row_present(b, via='WEBUI', action='Removed', object_='System: %s' % system.fqdn, property_='Access Policy Rule', old_value=access_policy_rule_2, new_value=''))
def test_group_has_access_policy_rule_remove(self): with session.begin(): user = data_setup.create_user(password='******') system = data_setup.create_system(owner=user, shared=False) system.custom_access_policy = SystemAccessPolicy() group = data_setup.create_group(owner=user) p = system.custom_access_policy p.add_rule(permission=SystemPermission.edit_system, group=group) p.add_rule(permission=SystemPermission.edit_policy, group=group) b = self.browser login(b, user=user.user_name, password='******') # check current rules self.assertEquals(len(p.rules), 2) self.assert_(p.rules[0].user is None) self.assertEquals(p.rules[0].group, group) self.assert_(p.rules[1].user is None) self.assertEquals(p.rules[1].group, group) # save current rules for later use access_policy_rule_1 = repr(p.rules[0]) access_policy_rule_2 = repr(p.rules[1]) # delete the group b.get(get_server_base() + 'groups/mine') delete_and_confirm(b, "//tr[td/a[normalize-space(text())='%s']]" % group.group_name, delete_text='Delete Group') self.assertEqual( b.find_element_by_class_name('flash').text, '%s deleted' % group.display_name) # check if the access policy rule has been removed session.refresh(p) self.assertEquals(len(p.rules), 0) # Check whether the rules deleted have been recorded in the # Activity table b.get(get_server_base() + 'activity/') b.find_element_by_link_text('Show Search Options').click() b.find_element_by_xpath("//select[@id='activitysearch_0_table']/option[@value='Action']").click() b.find_element_by_xpath("//select[@id='activitysearch_0_operation']/option[@value='is']").click() b.find_element_by_xpath("//input[@id='activitysearch_0_value']").send_keys('Removed') b.find_element_by_link_text('Add').click() b.find_element_by_xpath("//select[@id='activitysearch_1_table']/option[@value='Property']").click() b.find_element_by_xpath("//select[@id='activitysearch_1_operation']/option[@value='is']").click() b.find_element_by_xpath("//input[@id='activitysearch_1_value']").send_keys('Access Policy Rule') b.find_element_by_id('searchform').submit() self.assert_(is_activity_row_present(b,via='WEBUI', action='Removed', object_ = 'System: %s' % system.fqdn, property_='Access Policy Rule', old_value=access_policy_rule_1, new_value='')) self.assert_(is_activity_row_present(b,via='WEBUI', action='Removed', object_ = 'System: %s' % system.fqdn, property_='Access Policy Rule', old_value=access_policy_rule_2, new_value=''))
def test_grant_policy_pool(self): with session.begin(): pool = data_setup.create_system_pool() user = data_setup.create_user() group = data_setup.create_group() group.add_member(user) user1 = data_setup.create_user() # group run_client([ 'bkr', 'policy-grant', '--pool', pool.name, '--permission', 'edit_system', '--group', group.group_name ]) with session.begin(): session.refresh(pool) self.assertTrue( pool.access_policy.grants(user, SystemPermission.edit_system)) # non-existent group try: run_client([ 'bkr', 'policy-grant', '--pool', pool.name, '--permission', 'edit_system', '--group', 'idontexist' ]) self.fail('Must fail or die') except ClientError as e: self.assertIn("Group 'idontexist' does not exist", e.stderr_output) # Everybody edit_system run_client([ 'bkr', 'policy-grant', '--pool', pool.name, '--permission', 'edit_system', '--everybody' ]) with session.begin(): session.refresh(pool) self.assertTrue( pool.access_policy.grants(user1, SystemPermission.edit_system)) # test_multiple_permissions_and_targets with session.begin(): user = data_setup.create_user() group = data_setup.create_group() user1 = data_setup.create_user() group.add_member(user1) run_client(['bkr', 'policy-grant', '--pool', pool.name, '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) with session.begin(): session.refresh(pool) self.assertTrue( pool.access_policy.grants(user, SystemPermission.view_power)) self.assertTrue( pool.access_policy.grants(user, SystemPermission.reserve)) self.assertTrue( pool.access_policy.grants(user1, SystemPermission.view_power)) self.assertTrue( pool.access_policy.grants(user1, SystemPermission.reserve)) # non-existent pool try: run_client(['bkr', 'policy-grant', '--pool', 'idontexist', '--permission=reserve', '--permission=view_power', \ '--user', user.user_name, '--group', group.group_name]) except ClientError as e: self.assertIn("System pool idontexist does not exist", e.stderr_output)