def test_disabling_group_clears_audit(tmpdir: LocalPath, setup: SetupTest,
browser: Chrome) -> None:
future = datetime.utcnow() + timedelta(days=60)
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "some-group", role="owner")
setup.add_user_to_group("*****@*****.**", "some-group")
setup.create_permission("some-permission", audited=True)
setup.grant_permission_to_group("some-permission", "argument",
"some-group")
setup.add_user_to_group("*****@*****.**", "auditors")
setup.grant_permission_to_group(AUDIT_VIEWER, "", "auditors")
setup.grant_permission_to_group(AUDIT_MANAGER, "", "auditors")
setup.grant_permission_to_group(PERMISSION_AUDITOR, "", "auditors")
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(url(frontend_url, "/audits/create"))
create_page = AuditsCreatePage(browser)
create_page.set_end_date(future.strftime("%m/%d/%Y"))
create_page.submit()
browser.get(url(frontend_url, "/groups/some-group"))
group_page = GroupViewPage(browser)
assert group_page.subheading == "some-group AUDIT IN PROGRESS"
# Check that this created email reminder messages to the group owner. We have to refresh the
# session since otherwise SQLite may not see changes.
setup.reopen_database()
group = Group.get(setup.session, name="some-group")
assert group
expected_key = f"audit-{group.id}"
emails = setup.session.query(AsyncNotification).filter_by(
sent=False, email="*****@*****.**").all()
assert len(emails) > 0
assert all((e.key is None or e.key == expected_key for e in emails))
assert all(("Group Audit" in e.subject for e in emails))
# Now, disable the group, which should complete the audit.
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(url(frontend_url, "/groups/some-group"))
page = GroupViewPage(browser)
audit_modal = page.get_audit_modal()
audit_modal.click_close_button()
page.wait_until_audit_modal_clears()
page.click_disable_button()
modal = page.get_disable_modal()
modal.confirm()
assert page.subheading == "some-group (disabled)"
# And now all of the email messages should be marked sent except the immediate one (the one
# that wasn't created with async_send_email).
setup.reopen_database()
emails = setup.session.query(AsyncNotification).filter_by(
sent=False, email="*****@*****.**").all()
assert len(emails) == 1
assert emails[0].key is None
def test_service_account_lifecycle(async_server, browser): # noqa: F811
browser.get(url(async_server, "/groups/user-admins"))
page = GroupViewPage(browser)
page.click_add_service_account_button()
page = ServiceAccountCreatePage(browser)
page.set_name("my-special-service-account")
page.submit()
page = ServiceAccountViewPage(browser)
page.click_disable_button()
disable_modal = page.get_disable_modal()
disable_modal.confirm()
browser.get(url(async_server, "/users"))
page = UsersViewPage(browser)
page.click_show_disabled_users_button()
page.click_show_service_accounts_button()
user_row = page.find_user_row("[email protected] (service)")
user_row.click()
page = ServiceAccountViewPage(browser)
page.click_enable_button()
page = ServiceAccountEnablePage(browser)
page.select_owner("Group: user-admins")
page.submit()
def test_service_account_lifecycle(async_server, browser): # noqa: F811
browser.get(url(async_server, "/groups/user-admins"))
page = GroupViewPage(browser)
page.click_add_service_account_button()
page = ServiceAccountCreatePage(browser)
page.set_name("my-special-service-account")
page.submit()
page = ServiceAccountViewPage(browser)
page.click_disable_button()
disable_modal = page.get_disable_modal()
disable_modal.confirm()
browser.get(url(async_server, "/users"))
page = UsersViewPage(browser)
page.click_show_disabled_users_button()
page.click_show_service_accounts_button()
user_row = page.find_user_row(
"[email protected] (service)")
user_row.click()
page = ServiceAccountViewPage(browser)
page.click_enable_button()
page = ServiceAccountEnablePage(browser)
page.select_owner("Group: user-admins")
page.submit()
def test_disable(tmpdir: LocalPath, setup: SetupTest, browser: Chrome) -> None:
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "some-group", role="owner")
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(url(frontend_url, "/groups/some-group"))
page = GroupViewPage(browser)
page.click_disable_button()
modal = page.get_disable_modal()
modal.confirm()
assert page.subheading == "some-group (disabled)"