示例#1
0
    def test_negative_create_with_same_name(self):
        """Attempt to create user group with a name of already existent entity.

        @Feature: Usergroup

        @Assert: User group is not created.
        """
        user_group = make_usergroup()
        with self.assertRaises(CLIFactoryError):
            make_usergroup({'name': user_group['name']})
示例#2
0
    def test_negative_create_with_same_name(self):
        """Attempt to create user group with a name of already existent entity.

        @id: b1eebf2f-a59e-43af-a980-ae73320b4311

        @Assert: User group is not created.
        """
        user_group = make_usergroup()
        with self.assertRaises(CLIFactoryError):
            make_usergroup({'name': user_group['name']})
示例#3
0
    def test_positive_create_with_usergroup_id(self):
        """Create new user group using another user group attached to the
        initial group. Use user group id as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully.
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup({
            'user-group-ids': sub_user_group['id']})
        self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
示例#4
0
    def test_negative_create_with_same_name(self):
        """Attempt to create user group with a name of already existent entity.

        :id: b1eebf2f-a59e-43af-a980-ae73320b4311

        :expectedresults: User group is not created.

        :CaseImportance: Critical
        """
        user_group = make_usergroup()
        with self.assertRaises(CLIFactoryError):
            make_usergroup({'name': user_group['name']})
示例#5
0
    def test_negative_create_with_name(self):
        """Attempt to create user group with invalid name.

        @Feature: Usergroup

        @Assert: User group is not created.
        """
        for name in invalid_values_list():
            with self.subTest(name):
                with self.assertRaises(CLIFactoryError):
                    make_usergroup({'name': name})
                with self.assertRaises(CLIReturnCodeError):
                    UserGroup.info({'name': name})
示例#6
0
    def test_positive_create_with_usergroup_id(self):
        """Create new user group using another user group attached to the
        initial group. Use user group id as a parameter

        :id: 04ee66e5-e721-431b-ac6d-c7413fdc6dc2

        :expectedresults: User group is created successfully.

        :CaseImportance: Critical
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup({
            'user-group-ids': sub_user_group['id']})
        self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
示例#7
0
    def test_positive_create_with_usergroups(self):
        """Create new user group using multiple user groups attached to that
        initial group. Use user groups name as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully and contains all expected
        user groups
        """
        sub_user_groups = [
            make_usergroup()['name'] for _ in range(randint(3, 5))]
        user_group = make_usergroup({'user-groups': sub_user_groups})
        self.assertEqual(
            sorted(sub_user_groups), sorted(user_group['user-groups']))
示例#8
0
    def test_positive_add_user_group_by_id(self):
        """Create two new user groups. Then add one user group to another by id

        @Feature: Usergroup

        @Assert: User group is added to another user group successfully.
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup()
        UserGroup.add_user_group({
            'id': user_group['id'],
            'user-group-id': sub_user_group['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
示例#9
0
    def test_positive_create_with_usergroup_name(self):
        """Create new user group using another user group attached to the
        initial group. Use user group name as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully.
        """
        for name in valid_data_list():
            with self.subTest(name):
                sub_user_group = make_usergroup({'name': name})
                user_group = make_usergroup({
                    'user-groups': sub_user_group['name']})
                self.assertEqual(len(user_group['user-groups']), 1)
                self.assertEqual(user_group['user-groups'][0], name)
示例#10
0
    def test_negative_create_with_name(self):
        """Attempt to create user group with invalid name.

        :id: 79d2d28d-a0d9-42ab-ba88-c259a463533a

        :expectedresults: User group is not created.

        :CaseImportance: Critical
        """
        for name in invalid_values_list():
            with self.subTest(name):
                with self.assertRaises(CLIFactoryError):
                    make_usergroup({'name': name})
                with self.assertRaises(CLIReturnCodeError):
                    UserGroup.info({'name': name})
示例#11
0
    def test_positive_create_with_usergroups(self):
        """Create new user group using multiple user groups attached to that
        initial group. Use user groups name as a parameter

        :id: ca6031f7-0998-444b-94be-f8a9e4a9f733

        :expectedresults: User group is created successfully and contains all
            expected user groups

        :CaseImportance: Critical
        """
        sub_user_groups = [
            make_usergroup()['name'] for _ in range(randint(3, 5))]
        user_group = make_usergroup({'user-groups': sub_user_groups})
        self.assertEqual(
            sorted(sub_user_groups), sorted(user_group['user-groups']))
示例#12
0
    def test_positive_create_with_usergroup_name(self):
        """Create new user group using another user group attached to the
        initial group. Use user group name as a parameter

        :id: 7bbe3af7-af36-4d13-a4ce-7ec5441b88bf

        :expectedresults: User group is created successfully.

        :CaseImportance: Critical
        """
        for name in valid_data_list():
            with self.subTest(name):
                sub_user_group = make_usergroup({'name': name})
                user_group = make_usergroup({
                    'user-groups': sub_user_group['name']})
                self.assertEqual(len(user_group['user-groups']), 1)
                self.assertEqual(user_group['user-groups'][0], name)
示例#13
0
    def test_positive_remove_usergroup_by_name(self):
        """Create new user group using another user group attached to the
        initial group. Then remove that attached user group by name

        @Feature: Usergroup

        @Assert: User group is removed from initial one successfully.
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup({'user-group-ids': sub_user_group['id']})
        self.assertEqual(len(user_group['user-groups']), 1)
        UserGroup.remove_user_group({
            'id': user_group['id'],
            'user-group': sub_user_group['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['user-groups']), 0)
示例#14
0
    def test_positive_add_user_group_by_id(self):
        """Create two new user groups. Then add one user group to another by id

        @id: f041d325-93c0-4799-88d7-5ece65568266

        @Assert: User group is added to another user group successfully.

        @CaseLevel: Integration
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup()
        UserGroup.add_user_group({
            'id': user_group['id'],
            'user-group-id': sub_user_group['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
示例#15
0
    def test_positive_add_user_group_by_name(self):
        """Create two new user groups. Then add one user group to another by
        name

        @id: de60c347-b440-45c6-8e79-19aa0d338099

        @Assert: User group is added to another user group successfully.

        @CaseLevel: Integration
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup()
        UserGroup.add_user_group({
            'id': user_group['id'],
            'user-group': sub_user_group['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(user_group['user-groups'][0], sub_user_group['name'])
示例#16
0
    def test_positive_remove_usergroup_by_id(self):
        """Create new user group using another user group attached to the
        initial group. Then remove that attached user group by id

        :id: e7e8ccb2-a93d-420d-b71e-218ffbb428b4

        :expectedresults: User group is removed from initial one successfully.

        :CaseLevel: Integration
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup({'user-group-ids': sub_user_group['id']})
        self.assertEqual(len(user_group['user-groups']), 1)
        UserGroup.remove_user_group({
            'id': user_group['id'],
            'user-group-id': sub_user_group['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['user-groups']), 0)
示例#17
0
    def test_positive_remove_usergroup_by_name(self):
        """Create new user group using another user group attached to the
        initial group. Then remove that attached user group by name

        :id: 45a070b5-60b1-4c8c-8171-9d63e0a55698

        :expectedresults: User group is removed from initial one successfully.

        :CaseLevel: Integration
        """
        sub_user_group = make_usergroup()
        user_group = make_usergroup({'user-group-ids': sub_user_group['id']})
        self.assertEqual(len(user_group['user-groups']), 1)
        UserGroup.remove_user_group({
            'id': user_group['id'],
            'user-group': sub_user_group['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['user-groups']), 0)
示例#18
0
    def test_positive_create_with_name(self):
        """Create new user group using different valid names

        @id: 4cb19ecf-53f8-4804-8fbd-a028c02f13c6

        @Assert: User group is created successfully.
        """
        for name in valid_data_list():
            with self.subTest(name):
                user_group = make_usergroup({'name': name})
                self.assertEqual(user_group['name'], name)
示例#19
0
    def test_positive_create_with_name(self):
        """Create new user group using different valid names

        @Feature: Usergroup

        @Assert: User group is created successfully.
        """
        for name in valid_data_list():
            with self.subTest(name):
                user_group = make_usergroup({'name': name})
                self.assertEqual(user_group['name'], name)
示例#20
0
    def test_positive_create_with_user_id(self):
        """Create new user group using valid user attached to that group. Use
        user id as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully.
        """
        user = make_user()
        user_group = make_usergroup({'user-ids': user['id']})
        self.assertEqual(user_group['users'][0], user['login'])
示例#21
0
    def test_positive_delete_by_id(self):
        """Create user group with valid data and then delete it using its ID

        @id: b60b4da7-9d1b-487d-89e5-ebf3aa2218d6

        @assert: User group is deleted successfully
        """
        user_group = make_usergroup()
        UserGroup.delete({'id': user_group['id']})
        with self.assertRaises(CLIReturnCodeError):
            UserGroup.info({'id': user_group['id']})
示例#22
0
    def test_positive_create_with_role_id(self):
        """Create new user group using valid role attached to that group. Use
        role id as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully.
        """
        role = make_role()
        user_group = make_usergroup({'role-ids': role['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
示例#23
0
    def test_positive_delete_by_id(self):
        """Create user group with valid data and then delete it using its ID

        @feature: Usergroup

        @assert: User group is deleted successfully
        """
        user_group = make_usergroup()
        UserGroup.delete({'id': user_group['id']})
        with self.assertRaises(CLIReturnCodeError):
            UserGroup.info({'id': user_group['id']})
示例#24
0
    def test_positive_create_with_roles(self):
        """Create new user group using multiple roles attached to that group.
        Use roles name as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully and contains all expected
        roles
        """
        roles = [make_role()['name'] for _ in range(randint(3, 5))]
        user_group = make_usergroup({'roles': roles})
        self.assertEqual(sorted(roles), sorted(user_group['roles']))
示例#25
0
    def test_positive_create_with_users(self):
        """Create new user group using multiple users attached to that group.
        Use users name as a parameter

        @Feature: Usergroup

        @Assert: User group is created successfully and contains all expected
        users.
        """
        users = [make_user()['login'] for _ in range(randint(3, 5))]
        user_group = make_usergroup({'users': users})
        self.assertEqual(sorted(users), sorted(user_group['users']))
示例#26
0
    def test_positive_delete_with_user_by_id(self):
        """Create new user group using valid user attached to that group. Then
        delete that user group using id of that group as a parameter

        @Feature: Usergroup

        @Assert: User group is deleted successfully.
        """
        user = make_user()
        user_group = make_usergroup({'user-ids': user['id']})
        UserGroup.delete({'id': user_group['id']})
        with self.assertRaises(CLIReturnCodeError):
            UserGroup.info({'id': user_group['id']})
示例#27
0
    def test_positive_delete_by_name(self):
        """Create user group with valid name and then delete it using that name

        @feature: Usergroup

        @assert: User group is deleted successfully
        """
        for name in valid_data_list():
            with self.subTest(name):
                user_group = make_usergroup({'name': name})
                UserGroup.delete({'name': user_group['name']})
                with self.assertRaises(CLIReturnCodeError):
                    UserGroup.info({'name': user_group['name']})
示例#28
0
    def test_positive_create_with_user_id(self):
        """Create new user group using valid user attached to that group. Use
        user id as a parameter

        :id: bacef0e3-31dd-4991-93f7-f54fbe64d0f0

        :expectedresults: User group is created successfully.

        :CaseImportance: Critical
        """
        user = make_user()
        user_group = make_usergroup({'user-ids': user['id']})
        self.assertEqual(user_group['users'][0], user['login'])
示例#29
0
    def test_positive_create_with_role_id(self):
        """Create new user group using valid role attached to that group. Use
        role id as a parameter

        :id: 8524a561-037c-4509-aaba-3213924a1cfe

        :expectedresults: User group is created successfully.

        :CaseImportance: Critical
        """
        role = make_role()
        user_group = make_usergroup({'role-ids': role['id']})
        self.assertEqual(user_group['roles'][0], role['name'])
示例#30
0
    def test_positive_create_with_name(self):
        """Create new user group using different valid names

        :id: 4cb19ecf-53f8-4804-8fbd-a028c02f13c6

        :expectedresults: User group is created successfully.

        :CaseImportance: Critical
        """
        for name in valid_data_list():
            with self.subTest(name):
                user_group = make_usergroup({'name': name})
                self.assertEqual(user_group['name'], name)
示例#31
0
    def test_positive_remove_role_by_id(self):
        """Create new user group using valid role attached to that group. Then
        remove that role from user group by id

        :id: f086e7f0-4a24-4097-8ec6-3f698ac926ba

        :expectedresults: Role is removed from user group successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup({'role-ids': role['id']})
        self.assertEqual(len(user_group['roles']), 1)
        UserGroup.remove_role({
            'id': user_group['id'],
            'role-id': role['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['roles']), 0)
示例#32
0
    def test_positive_update_by_name(self):
        """Update existing user group with different valid names. Use name of
        the user group as a parameter

        :id: 3bee63ff-ae2a-4fa4-a5bd-58ec85358c19

        :expectedresults: User group is update successfully.

        :CaseImportance: Critical
        """
        user_group = make_usergroup()
        for new_name in valid_data_list():
            with self.subTest(new_name):
                UserGroup.update({
                    'name': user_group['name'],
                    'new-name': new_name,
                })
                user_group = UserGroup.info({'id': user_group['id']})
                self.assertEqual(user_group['name'], new_name)
示例#33
0
    def test_positive_update_by_id(self):
        """Update existing user group with different valid names. Use id of the
        user group as a parameter

        :id: bed911fe-da39-4798-a5d2-8a0467bfacc3

        :expectedresults: User group is update successfully.

        :CaseImportance: Critical
        """
        user_group = make_usergroup()
        for new_name in valid_data_list():
            with self.subTest(new_name):
                UserGroup.update({
                    'id': user_group['id'],
                    'new-name': new_name,
                })
                user_group = UserGroup.info({'id': user_group['id']})
                self.assertEqual(user_group['name'], new_name)
示例#34
0
    def test_positive_remove_role_by_name(self):
        """Create new user group using valid role attached to that group. Then
        remove that role from user group by name

        :id: 0a5fdeaf-a05f-4153-b2c8-c5f8745cbb80

        :expectedresults: Role is removed from user group successfully.

        :CaseLevel: Integration
        """
        role = make_role()
        user_group = make_usergroup({'role-ids': role['id']})
        self.assertEqual(len(user_group['roles']), 1)
        UserGroup.remove_role({
            'id': user_group['id'],
            'role': role['name'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['roles']), 0)
示例#35
0
    def test_positive_remove_user_by_name(self):
        """Create new user group using valid user attached to that group. Then
        remove that user from user group by name

        @id: e99b215b-05bb-4e7b-a11a-cd506d88df6c

        @Assert: User is removed from user group successfully.

        @CaseLevel: Integration
        """
        user = make_user()
        user_group = make_usergroup({'user-ids': user['id']})
        self.assertEqual(len(user_group['users']), 1)
        UserGroup.remove_user({
            'id': user_group['id'],
            'user': user['login'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['users']), 0)
示例#36
0
    def test_positive_remove_user_by_id(self):
        """Create new user group using valid user attached to that group. Then
        remove that user from user group by id

        @id: 9ae91110-88dd-4449-82c7-59f626fdd2be

        @Assert: User is removed from user group successfully.

        @CaseLevel: Integration
        """
        user = make_user()
        user_group = make_usergroup({'user-ids': user['id']})
        self.assertEqual(len(user_group['users']), 1)
        UserGroup.remove_user({
            'id': user_group['id'],
            'user-id': user['id'],
        })
        user_group = UserGroup.info({'id': user_group['id']})
        self.assertEqual(len(user_group['users']), 0)
示例#37
0
    def test_negative_update_by_id(self):
        """Attempt to update existing user group using different invalid names.
        Use id of the user group as a parameter

        :id: e5aecee1-7c4c-4ac5-aee2-a3190cbe956f

        :expectedresults: User group is not updated.

        :CaseImportance: Critical
        """
        user_group = make_usergroup()
        for new_name in invalid_values_list():
            with self.subTest(new_name):
                with self.assertRaises(CLIReturnCodeError):
                    UserGroup.update({
                        'id': user_group['id'],
                        'new-name': new_name,
                    })
                user_group = UserGroup.info({'id': user_group['id']})
                self.assertNotEqual(user_group['name'], new_name)
示例#38
0
    def test_negative_update_by_name(self):
        """Attempt to update existing user group using different invalid names.
        Use name of the user group as a parameter

        :id: 32ad14cf-4ed8-4deb-b2fc-df4ed60efb78

        :expectedresults: User group is not updated.

        :CaseImportance: Critical
        """
        user_group = make_usergroup()
        for new_name in invalid_values_list():
            with self.subTest(new_name):
                with self.assertRaises(CLIReturnCodeError):
                    UserGroup.update({
                        'name': user_group['name'],
                        'new-name': new_name,
                    })
                user_group = UserGroup.info({'id': user_group['id']})
                self.assertNotEqual(user_group['name'], new_name)
示例#39
0
    def test_positive_create(self):
        """Create external user group using LDAP

        :id: 812c701a-27c5-4c4e-a4f7-04bf7d887a7c

        :expectedresults: User group is created successfully and assigned to
            correct auth source

        :CaseLevel: Integration
        """
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            self.auth['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            'foobargroup'
        })
        self.assertEqual(ext_user_group['auth-source'],
                         self.auth['server']['name'])
示例#40
0
 def setUp(self):
     """Create new usergroup per each test"""
     super(FreeIPAUserGroupTestCase, self).setUp()
     self.user_group = make_usergroup()
示例#41
0
 def setUp(self):
     """Create new usergroup per each test"""
     super(ActiveDirectoryUserGroupTestCase, self).setUp()
     self.user_group = make_usergroup()
示例#42
0
    def test_usergroup_with_usergroup_sync(self, ipa_data):
        """Verify the usergroup-sync functionality in Ldap Auth Source

        :id: 2b63e886-2c53-11ea-9da5-db3ae0527554

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname']
        self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd']
        ldap_ipa_user_name = ipa_data['ldap_ipa_user_name']
        ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'true',
            'host':
            ipa_data['ldap_ipa_hostname'],
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            ipa_data['ldap_ipa_user_passwd'],
            'base-dn':
            ipa_data['ipa_base_dn'],
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with pytest.raises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.value.message
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
示例#43
0
def function_user_group():
    """Create new usergroup per each test"""
    user_group = make_usergroup()
    yield user_group
示例#44
0
 def setUp(self):
     """Create new usergroup per each test"""
     super().setUp()
     self.user_group = make_usergroup()
示例#45
0
    def test_usergroup_sync_with_refresh(self):
        """Verify the refresh functionality in Ldap Auth Source

        :id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930

        :expectedresults: external user-group sync works as expected as on-demand
            sync based on refresh works

        :CaseImportance: Medium
        """
        self._clean_up_previous_ldap()
        ldap_ipa_user_name = self.ldap_ipa_user_name
        ipa_group_base_dn = self.ipa_group_base_dn.replace(
            'foobargroup', 'foreman_group')
        member_username = '******'
        member_group = 'foreman_group'
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source_name = gen_string('alpha')
        auth_source = make_ldap_auth_source({
            'name':
            auth_source_name,
            'onthefly-register':
            'true',
            'usergroup-sync':
            'false',
            'host':
            self.ldap_ipa_hostname,
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ipa'],
            'attr-login':
            LDAP_ATTR['login'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ldap_ipa_user_name,
            'account-password':
            self.ldap_ipa_user_passwd,
            'base-dn':
            self.ipa_base_dn,
            'groups-base':
            ipa_group_base_dn,
        })
        auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']})

        # Adding User in IPA UserGroup
        self._add_user_in_IPA_usergroup(member_username, member_group)
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        ext_user_group = make_usergroup_external({
            'auth-source-id':
            auth_source['server']['id'],
            'user-group-id':
            user_group['id'],
            'name':
            member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        assert ext_user_group['auth-source'] == auth_source['server']['name']
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        result = Auth.with_user(username=member_username,
                                password=self.ldap_ipa_user_passwd).status()
        assert LOGEDIN_MSG.format(member_username) in result[0]['message']
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        list = Role.with_user(username=member_username,
                              password=self.ldap_ipa_user_passwd).list()
        assert len(list) > 1
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 1
        assert user_group['users'][0] == member_username

        # Removing User in IPA UserGroup
        self._remove_user_in_IPA_usergroup(member_username, member_group)
        with self.assertNotRaises(CLIReturnCodeError):
            UserGroupExternal.refresh({
                'user-group-id': user_group['id'],
                'name': member_group
            })
        user_group = UserGroup.info({'id': user_group['id']})
        assert len(user_group['users']) == 0
        with self.assertRaises(CLIReturnCodeError) as error:
            Role.with_user(username=member_username,
                           password=self.ldap_ipa_user_passwd).list()
        assert 'Missing one of the required permissions' in error.exception.message
示例#46
0
    def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data,
                                                ldap_tear_down):
        """Verify the usergroup-sync functionality in AD Auth Source

        :id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2

        :customerscenario: true

        :CaseImportance: Medium

        :bz: 1901392

        :parametrized: yes

        :expectedresults: external user-group sync works as expected automatically
            based on user-sync
        """
        group_base_dn = ",".join(ad_data['group_base_dn'].split(',')[1:])
        LOGEDIN_MSG = "Using configured credentials for user '{0}'."
        auth_source = make_ldap_auth_source({
            'name':
            gen_string('alpha'),
            'onthefly-register':
            'true',
            'host':
            ad_data['ldap_hostname'],
            'server-type':
            LDAP_SERVER_TYPE['CLI']['ad'],
            'attr-login':
            LDAP_ATTR['login_ad'],
            'attr-firstname':
            LDAP_ATTR['firstname'],
            'attr-lastname':
            LDAP_ATTR['surname'],
            'attr-mail':
            LDAP_ATTR['mail'],
            'account':
            ad_data['ldap_user_name'],
            'account-password':
            ad_data['ldap_user_passwd'],
            'base-dn':
            ad_data['base_dn'],
            'groups-base':
            group_base_dn,
        })
        # assert auth_source['account']['groups-base'] == group_base_dn
        viewer_role = Role.info({'name': 'Viewer'})
        user_group = make_usergroup()
        make_usergroup_external({
            'auth-source-id': auth_source['server']['id'],
            'user-group-id': user_group['id'],
            'name': member_group,
        })
        UserGroup.add_role({
            'id': user_group['id'],
            'role-id': viewer_role['id']
        })
        user_group = UserGroup.info({'id': user_group['id']})
        result = Auth.with_user(username=ad_data['ldap_user_name'],
                                password=ad_data['ldap_user_passwd']).status()
        assert LOGEDIN_MSG.format(
            ad_data['ldap_user_name']) in result[0]['message']
        UserGroupExternal.refresh({
            'user-group-id': user_group['id'],
            'name': member_group
        })
        user_group = UserGroup.info({'id': user_group['id']})
        list = Role.with_user(username=ad_data['ldap_user_name'],
                              password=ad_data['ldap_user_passwd']).list()
        assert len(list) > 1