def test_negative_create_with_same_name(self):
"""Attempt to create user group with a name of already existent entity.
@Feature: Usergroup
@Assert: User group is not created.
"""
user_group = make_usergroup()
with self.assertRaises(CLIFactoryError):
make_usergroup({'name': user_group['name']})
def test_negative_create_with_same_name(self):
"""Attempt to create user group with a name of already existent entity.
@id: b1eebf2f-a59e-43af-a980-ae73320b4311
@Assert: User group is not created.
"""
user_group = make_usergroup()
with self.assertRaises(CLIFactoryError):
make_usergroup({'name': user_group['name']})
def test_positive_create_with_usergroup_id(self):
"""Create new user group using another user group attached to the
initial group. Use user group id as a parameter
@Feature: Usergroup
@Assert: User group is created successfully.
"""
sub_user_group = make_usergroup()
user_group = make_usergroup({
'user-group-ids': sub_user_group['id']})
self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
def test_negative_create_with_same_name(self):
"""Attempt to create user group with a name of already existent entity.
:id: b1eebf2f-a59e-43af-a980-ae73320b4311
:expectedresults: User group is not created.
:CaseImportance: Critical
"""
user_group = make_usergroup()
with self.assertRaises(CLIFactoryError):
make_usergroup({'name': user_group['name']})
def test_negative_create_with_name(self):
"""Attempt to create user group with invalid name.
@Feature: Usergroup
@Assert: User group is not created.
"""
for name in invalid_values_list():
with self.subTest(name):
with self.assertRaises(CLIFactoryError):
make_usergroup({'name': name})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'name': name})
def test_positive_create_with_usergroup_id(self):
"""Create new user group using another user group attached to the
initial group. Use user group id as a parameter
:id: 04ee66e5-e721-431b-ac6d-c7413fdc6dc2
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
sub_user_group = make_usergroup()
user_group = make_usergroup({
'user-group-ids': sub_user_group['id']})
self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
def test_positive_create_with_usergroups(self):
"""Create new user group using multiple user groups attached to that
initial group. Use user groups name as a parameter
@Feature: Usergroup
@Assert: User group is created successfully and contains all expected
user groups
"""
sub_user_groups = [
make_usergroup()['name'] for _ in range(randint(3, 5))]
user_group = make_usergroup({'user-groups': sub_user_groups})
self.assertEqual(
sorted(sub_user_groups), sorted(user_group['user-groups']))
def test_positive_add_user_group_by_id(self):
"""Create two new user groups. Then add one user group to another by id
@Feature: Usergroup
@Assert: User group is added to another user group successfully.
"""
sub_user_group = make_usergroup()
user_group = make_usergroup()
UserGroup.add_user_group({
'id': user_group['id'],
'user-group-id': sub_user_group['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
def test_positive_create_with_usergroup_name(self):
"""Create new user group using another user group attached to the
initial group. Use user group name as a parameter
@Feature: Usergroup
@Assert: User group is created successfully.
"""
for name in valid_data_list():
with self.subTest(name):
sub_user_group = make_usergroup({'name': name})
user_group = make_usergroup({
'user-groups': sub_user_group['name']})
self.assertEqual(len(user_group['user-groups']), 1)
self.assertEqual(user_group['user-groups'][0], name)
def test_negative_create_with_name(self):
"""Attempt to create user group with invalid name.
:id: 79d2d28d-a0d9-42ab-ba88-c259a463533a
:expectedresults: User group is not created.
:CaseImportance: Critical
"""
for name in invalid_values_list():
with self.subTest(name):
with self.assertRaises(CLIFactoryError):
make_usergroup({'name': name})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'name': name})
def test_positive_create_with_usergroups(self):
"""Create new user group using multiple user groups attached to that
initial group. Use user groups name as a parameter
:id: ca6031f7-0998-444b-94be-f8a9e4a9f733
:expectedresults: User group is created successfully and contains all
expected user groups
:CaseImportance: Critical
"""
sub_user_groups = [
make_usergroup()['name'] for _ in range(randint(3, 5))]
user_group = make_usergroup({'user-groups': sub_user_groups})
self.assertEqual(
sorted(sub_user_groups), sorted(user_group['user-groups']))
def test_positive_create_with_usergroup_name(self):
"""Create new user group using another user group attached to the
initial group. Use user group name as a parameter
:id: 7bbe3af7-af36-4d13-a4ce-7ec5441b88bf
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
for name in valid_data_list():
with self.subTest(name):
sub_user_group = make_usergroup({'name': name})
user_group = make_usergroup({
'user-groups': sub_user_group['name']})
self.assertEqual(len(user_group['user-groups']), 1)
self.assertEqual(user_group['user-groups'][0], name)
def test_positive_remove_usergroup_by_name(self):
"""Create new user group using another user group attached to the
initial group. Then remove that attached user group by name
@Feature: Usergroup
@Assert: User group is removed from initial one successfully.
"""
sub_user_group = make_usergroup()
user_group = make_usergroup({'user-group-ids': sub_user_group['id']})
self.assertEqual(len(user_group['user-groups']), 1)
UserGroup.remove_user_group({
'id': user_group['id'],
'user-group': sub_user_group['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['user-groups']), 0)
def test_positive_add_user_group_by_id(self):
"""Create two new user groups. Then add one user group to another by id
@id: f041d325-93c0-4799-88d7-5ece65568266
@Assert: User group is added to another user group successfully.
@CaseLevel: Integration
"""
sub_user_group = make_usergroup()
user_group = make_usergroup()
UserGroup.add_user_group({
'id': user_group['id'],
'user-group-id': sub_user_group['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
def test_positive_add_user_group_by_name(self):
"""Create two new user groups. Then add one user group to another by
name
@id: de60c347-b440-45c6-8e79-19aa0d338099
@Assert: User group is added to another user group successfully.
@CaseLevel: Integration
"""
sub_user_group = make_usergroup()
user_group = make_usergroup()
UserGroup.add_user_group({
'id': user_group['id'],
'user-group': sub_user_group['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
def test_positive_remove_usergroup_by_id(self):
"""Create new user group using another user group attached to the
initial group. Then remove that attached user group by id
:id: e7e8ccb2-a93d-420d-b71e-218ffbb428b4
:expectedresults: User group is removed from initial one successfully.
:CaseLevel: Integration
"""
sub_user_group = make_usergroup()
user_group = make_usergroup({'user-group-ids': sub_user_group['id']})
self.assertEqual(len(user_group['user-groups']), 1)
UserGroup.remove_user_group({
'id': user_group['id'],
'user-group-id': sub_user_group['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['user-groups']), 0)
def test_positive_remove_usergroup_by_name(self):
"""Create new user group using another user group attached to the
initial group. Then remove that attached user group by name
:id: 45a070b5-60b1-4c8c-8171-9d63e0a55698
:expectedresults: User group is removed from initial one successfully.
:CaseLevel: Integration
"""
sub_user_group = make_usergroup()
user_group = make_usergroup({'user-group-ids': sub_user_group['id']})
self.assertEqual(len(user_group['user-groups']), 1)
UserGroup.remove_user_group({
'id': user_group['id'],
'user-group': sub_user_group['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['user-groups']), 0)
def test_positive_create_with_name(self):
"""Create new user group using different valid names
@id: 4cb19ecf-53f8-4804-8fbd-a028c02f13c6
@Assert: User group is created successfully.
"""
for name in valid_data_list():
with self.subTest(name):
user_group = make_usergroup({'name': name})
self.assertEqual(user_group['name'], name)
def test_positive_create_with_name(self):
"""Create new user group using different valid names
@Feature: Usergroup
@Assert: User group is created successfully.
"""
for name in valid_data_list():
with self.subTest(name):
user_group = make_usergroup({'name': name})
self.assertEqual(user_group['name'], name)
def test_positive_create_with_user_id(self):
"""Create new user group using valid user attached to that group. Use
user id as a parameter
@Feature: Usergroup
@Assert: User group is created successfully.
"""
user = make_user()
user_group = make_usergroup({'user-ids': user['id']})
self.assertEqual(user_group['users'][0], user['login'])
def test_positive_delete_by_id(self):
"""Create user group with valid data and then delete it using its ID
@id: b60b4da7-9d1b-487d-89e5-ebf3aa2218d6
@assert: User group is deleted successfully
"""
user_group = make_usergroup()
UserGroup.delete({'id': user_group['id']})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'id': user_group['id']})
def test_positive_create_with_role_id(self):
"""Create new user group using valid role attached to that group. Use
role id as a parameter
@Feature: Usergroup
@Assert: User group is created successfully.
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_delete_by_id(self):
"""Create user group with valid data and then delete it using its ID
@feature: Usergroup
@assert: User group is deleted successfully
"""
user_group = make_usergroup()
UserGroup.delete({'id': user_group['id']})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'id': user_group['id']})
def test_positive_create_with_roles(self):
"""Create new user group using multiple roles attached to that group.
Use roles name as a parameter
@Feature: Usergroup
@Assert: User group is created successfully and contains all expected
roles
"""
roles = [make_role()['name'] for _ in range(randint(3, 5))]
user_group = make_usergroup({'roles': roles})
self.assertEqual(sorted(roles), sorted(user_group['roles']))
def test_positive_create_with_users(self):
"""Create new user group using multiple users attached to that group.
Use users name as a parameter
@Feature: Usergroup
@Assert: User group is created successfully and contains all expected
users.
"""
users = [make_user()['login'] for _ in range(randint(3, 5))]
user_group = make_usergroup({'users': users})
self.assertEqual(sorted(users), sorted(user_group['users']))
def test_positive_delete_with_user_by_id(self):
"""Create new user group using valid user attached to that group. Then
delete that user group using id of that group as a parameter
@Feature: Usergroup
@Assert: User group is deleted successfully.
"""
user = make_user()
user_group = make_usergroup({'user-ids': user['id']})
UserGroup.delete({'id': user_group['id']})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'id': user_group['id']})
def test_positive_delete_by_name(self):
"""Create user group with valid name and then delete it using that name
@feature: Usergroup
@assert: User group is deleted successfully
"""
for name in valid_data_list():
with self.subTest(name):
user_group = make_usergroup({'name': name})
UserGroup.delete({'name': user_group['name']})
with self.assertRaises(CLIReturnCodeError):
UserGroup.info({'name': user_group['name']})
def test_positive_create_with_user_id(self):
"""Create new user group using valid user attached to that group. Use
user id as a parameter
:id: bacef0e3-31dd-4991-93f7-f54fbe64d0f0
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
user = make_user()
user_group = make_usergroup({'user-ids': user['id']})
self.assertEqual(user_group['users'][0], user['login'])
def test_positive_create_with_role_id(self):
"""Create new user group using valid role attached to that group. Use
role id as a parameter
:id: 8524a561-037c-4509-aaba-3213924a1cfe
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_create_with_name(self):
"""Create new user group using different valid names
:id: 4cb19ecf-53f8-4804-8fbd-a028c02f13c6
:expectedresults: User group is created successfully.
:CaseImportance: Critical
"""
for name in valid_data_list():
with self.subTest(name):
user_group = make_usergroup({'name': name})
self.assertEqual(user_group['name'], name)
def test_positive_remove_role_by_id(self):
"""Create new user group using valid role attached to that group. Then
remove that role from user group by id
:id: f086e7f0-4a24-4097-8ec6-3f698ac926ba
:expectedresults: Role is removed from user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(len(user_group['roles']), 1)
UserGroup.remove_role({
'id': user_group['id'],
'role-id': role['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
def test_positive_update_by_name(self):
"""Update existing user group with different valid names. Use name of
the user group as a parameter
:id: 3bee63ff-ae2a-4fa4-a5bd-58ec85358c19
:expectedresults: User group is update successfully.
:CaseImportance: Critical
"""
user_group = make_usergroup()
for new_name in valid_data_list():
with self.subTest(new_name):
UserGroup.update({
'name': user_group['name'],
'new-name': new_name,
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['name'], new_name)
def test_positive_update_by_id(self):
"""Update existing user group with different valid names. Use id of the
user group as a parameter
:id: bed911fe-da39-4798-a5d2-8a0467bfacc3
:expectedresults: User group is update successfully.
:CaseImportance: Critical
"""
user_group = make_usergroup()
for new_name in valid_data_list():
with self.subTest(new_name):
UserGroup.update({
'id': user_group['id'],
'new-name': new_name,
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(user_group['name'], new_name)
def test_positive_remove_role_by_name(self):
"""Create new user group using valid role attached to that group. Then
remove that role from user group by name
:id: 0a5fdeaf-a05f-4153-b2c8-c5f8745cbb80
:expectedresults: Role is removed from user group successfully.
:CaseLevel: Integration
"""
role = make_role()
user_group = make_usergroup({'role-ids': role['id']})
self.assertEqual(len(user_group['roles']), 1)
UserGroup.remove_role({
'id': user_group['id'],
'role': role['name'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['roles']), 0)
def test_positive_remove_user_by_name(self):
"""Create new user group using valid user attached to that group. Then
remove that user from user group by name
@id: e99b215b-05bb-4e7b-a11a-cd506d88df6c
@Assert: User is removed from user group successfully.
@CaseLevel: Integration
"""
user = make_user()
user_group = make_usergroup({'user-ids': user['id']})
self.assertEqual(len(user_group['users']), 1)
UserGroup.remove_user({
'id': user_group['id'],
'user': user['login'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['users']), 0)
def test_positive_remove_user_by_id(self):
"""Create new user group using valid user attached to that group. Then
remove that user from user group by id
@id: 9ae91110-88dd-4449-82c7-59f626fdd2be
@Assert: User is removed from user group successfully.
@CaseLevel: Integration
"""
user = make_user()
user_group = make_usergroup({'user-ids': user['id']})
self.assertEqual(len(user_group['users']), 1)
UserGroup.remove_user({
'id': user_group['id'],
'user-id': user['id'],
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertEqual(len(user_group['users']), 0)
def test_negative_update_by_id(self):
"""Attempt to update existing user group using different invalid names.
Use id of the user group as a parameter
:id: e5aecee1-7c4c-4ac5-aee2-a3190cbe956f
:expectedresults: User group is not updated.
:CaseImportance: Critical
"""
user_group = make_usergroup()
for new_name in invalid_values_list():
with self.subTest(new_name):
with self.assertRaises(CLIReturnCodeError):
UserGroup.update({
'id': user_group['id'],
'new-name': new_name,
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertNotEqual(user_group['name'], new_name)
def test_negative_update_by_name(self):
"""Attempt to update existing user group using different invalid names.
Use name of the user group as a parameter
:id: 32ad14cf-4ed8-4deb-b2fc-df4ed60efb78
:expectedresults: User group is not updated.
:CaseImportance: Critical
"""
user_group = make_usergroup()
for new_name in invalid_values_list():
with self.subTest(new_name):
with self.assertRaises(CLIReturnCodeError):
UserGroup.update({
'name': user_group['name'],
'new-name': new_name,
})
user_group = UserGroup.info({'id': user_group['id']})
self.assertNotEqual(user_group['name'], new_name)
def test_positive_create(self):
"""Create external user group using LDAP
:id: 812c701a-27c5-4c4e-a4f7-04bf7d887a7c
:expectedresults: User group is created successfully and assigned to
correct auth source
:CaseLevel: Integration
"""
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
self.auth['server']['id'],
'user-group-id':
user_group['id'],
'name':
'foobargroup'
})
self.assertEqual(ext_user_group['auth-source'],
self.auth['server']['name'])
def setUp(self):
"""Create new usergroup per each test"""
super(FreeIPAUserGroupTestCase, self).setUp()
self.user_group = make_usergroup()
def setUp(self):
"""Create new usergroup per each test"""
super(ActiveDirectoryUserGroupTestCase, self).setUp()
self.user_group = make_usergroup()
def test_usergroup_with_usergroup_sync(self, ipa_data):
"""Verify the usergroup-sync functionality in Ldap Auth Source
:id: 2b63e886-2c53-11ea-9da5-db3ae0527554
:expectedresults: external user-group sync works as expected automatically
based on user-sync
:CaseImportance: Medium
"""
self._clean_up_previous_ldap()
self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
'foobargroup', 'foreman_group')
member_username = '******'
member_group = 'foreman_group'
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source_name = gen_string('alpha')
auth_source = make_ldap_auth_source({
'name':
auth_source_name,
'onthefly-register':
'true',
'usergroup-sync':
'true',
'host':
ipa_data['ldap_ipa_hostname'],
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ldap_ipa_user_name,
'account-password':
ipa_data['ldap_ipa_user_passwd'],
'base-dn':
ipa_data['ipa_base_dn'],
'groups-base':
ipa_group_base_dn,
})
auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})
# Adding User in IPA UserGroup
self._add_user_in_IPA_usergroup(member_username, member_group)
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
auth_source['server']['id'],
'user-group-id':
user_group['id'],
'name':
member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
assert ext_user_group['auth-source'] == auth_source['server']['name']
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
result = Auth.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).status()
assert LOGEDIN_MSG.format(member_username) in result[0]['message']
list = Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert len(list) > 1
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 1
assert user_group['users'][0] == member_username
# Removing User in IPA UserGroup
self._remove_user_in_IPA_usergroup(member_username, member_group)
with pytest.raises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.value.message
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
def function_user_group():
"""Create new usergroup per each test"""
user_group = make_usergroup()
yield user_group
def setUp(self):
"""Create new usergroup per each test"""
super().setUp()
self.user_group = make_usergroup()
def test_usergroup_sync_with_refresh(self):
"""Verify the refresh functionality in Ldap Auth Source
:id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930
:expectedresults: external user-group sync works as expected as on-demand
sync based on refresh works
:CaseImportance: Medium
"""
self._clean_up_previous_ldap()
ldap_ipa_user_name = self.ldap_ipa_user_name
ipa_group_base_dn = self.ipa_group_base_dn.replace(
'foobargroup', 'foreman_group')
member_username = '******'
member_group = 'foreman_group'
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source_name = gen_string('alpha')
auth_source = make_ldap_auth_source({
'name':
auth_source_name,
'onthefly-register':
'true',
'usergroup-sync':
'false',
'host':
self.ldap_ipa_hostname,
'server-type':
LDAP_SERVER_TYPE['CLI']['ipa'],
'attr-login':
LDAP_ATTR['login'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ldap_ipa_user_name,
'account-password':
self.ldap_ipa_user_passwd,
'base-dn':
self.ipa_base_dn,
'groups-base':
ipa_group_base_dn,
})
auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})
# Adding User in IPA UserGroup
self._add_user_in_IPA_usergroup(member_username, member_group)
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
ext_user_group = make_usergroup_external({
'auth-source-id':
auth_source['server']['id'],
'user-group-id':
user_group['id'],
'name':
member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
assert ext_user_group['auth-source'] == auth_source['server']['name']
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
result = Auth.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).status()
assert LOGEDIN_MSG.format(member_username) in result[0]['message']
with self.assertRaises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.exception.message
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
list = Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert len(list) > 1
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 1
assert user_group['users'][0] == member_username
# Removing User in IPA UserGroup
self._remove_user_in_IPA_usergroup(member_username, member_group)
with self.assertNotRaises(CLIReturnCodeError):
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
user_group = UserGroup.info({'id': user_group['id']})
assert len(user_group['users']) == 0
with self.assertRaises(CLIReturnCodeError) as error:
Role.with_user(username=member_username,
password=self.ldap_ipa_user_passwd).list()
assert 'Missing one of the required permissions' in error.exception.message
def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data,
ldap_tear_down):
"""Verify the usergroup-sync functionality in AD Auth Source
:id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2
:customerscenario: true
:CaseImportance: Medium
:bz: 1901392
:parametrized: yes
:expectedresults: external user-group sync works as expected automatically
based on user-sync
"""
group_base_dn = ",".join(ad_data['group_base_dn'].split(',')[1:])
LOGEDIN_MSG = "Using configured credentials for user '{0}'."
auth_source = make_ldap_auth_source({
'name':
gen_string('alpha'),
'onthefly-register':
'true',
'host':
ad_data['ldap_hostname'],
'server-type':
LDAP_SERVER_TYPE['CLI']['ad'],
'attr-login':
LDAP_ATTR['login_ad'],
'attr-firstname':
LDAP_ATTR['firstname'],
'attr-lastname':
LDAP_ATTR['surname'],
'attr-mail':
LDAP_ATTR['mail'],
'account':
ad_data['ldap_user_name'],
'account-password':
ad_data['ldap_user_passwd'],
'base-dn':
ad_data['base_dn'],
'groups-base':
group_base_dn,
})
# assert auth_source['account']['groups-base'] == group_base_dn
viewer_role = Role.info({'name': 'Viewer'})
user_group = make_usergroup()
make_usergroup_external({
'auth-source-id': auth_source['server']['id'],
'user-group-id': user_group['id'],
'name': member_group,
})
UserGroup.add_role({
'id': user_group['id'],
'role-id': viewer_role['id']
})
user_group = UserGroup.info({'id': user_group['id']})
result = Auth.with_user(username=ad_data['ldap_user_name'],
password=ad_data['ldap_user_passwd']).status()
assert LOGEDIN_MSG.format(
ad_data['ldap_user_name']) in result[0]['message']
UserGroupExternal.refresh({
'user-group-id': user_group['id'],
'name': member_group
})
user_group = UserGroup.info({'id': user_group['id']})
list = Role.with_user(username=ad_data['ldap_user_name'],
password=ad_data['ldap_user_passwd']).list()
assert len(list) > 1