示例#1
0
    def test_positive_update_permissions(self):
        """Create a filter and update its permissions.

        @id: 3d6a52d8-2f8f-4f97-a155-9b52888af16e

        @Assert: Permissions updated.
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })
        new_perms = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'User'})
            ]
        Filter.update({
            'id': filter_['id'],
            'permissions': new_perms
        })
        filter_ = Filter.info({'id': filter_['id']})
        self.assertEqual(
            set(filter_['permissions'].split(", ")),
            set(new_perms)
        )
示例#2
0
    def test_positive_update_permissions(self):
        """Create a filter and update its permissions.

        :id: 3d6a52d8-2f8f-4f97-a155-9b52888af16e

        :expectedresults: Permissions updated.

        :CaseImportance: Critical
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })
        new_perms = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'User'})
            ]
        Filter.update({
            'id': filter_['id'],
            'permissions': new_perms
        })
        filter_ = Filter.info({'id': filter_['id']})
        self.assertEqual(
            set(filter_['permissions'].split(", ")),
            set(new_perms)
        )
示例#3
0
    def test_positive_update_org_loc(self):
        """Create a filter and assign it to another organization and location.

         @id: 9bb59109-9701-4ef3-95c6-81f387d372da

         @Assert: Filter is created and assigned to new org and loc.
         """
        org = make_org()
        loc = make_location()
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
            'organization-ids': org['id'],
            'location-ids': loc['id']
        })
        # Update org and loc
        new_org = make_org()
        new_loc = make_location()
        Filter.update({
            'id': filter_['id'],
            'permissions': self.perms,
            'organization-ids': new_org['id'],
            'location-ids': new_loc['id']
        })
        filter_ = Filter.info({'id': filter_['id']})
        # We expect here only one organization and location
        self.assertEqual(filter_['organizations'][0], new_org['name'])
        self.assertEqual(filter_['locations'][0], new_loc['name'])
示例#4
0
def test_positive_update_org_loc(module_perms, function_role):
    """Create a filter and assign it to another organization and location.

    :id: 9bb59109-9701-4ef3-95c6-81f387d372da

    :expectedresults: Filter is created and assigned to new org and loc.

    :BZ: 1401469

    :CaseImportance: Critical
    """
    org = make_org()
    loc = make_location()
    filter_ = make_filter({
        'role-id': function_role['id'],
        'permissions': module_perms,
        'organization-ids': org['id'],
        'location-ids': loc['id'],
        'override': 1,
    })
    # Update org and loc
    new_org = make_org()
    new_loc = make_location()
    Filter.update({
        'id': filter_['id'],
        'permissions': module_perms,
        'organization-ids': new_org['id'],
        'location-ids': new_loc['id'],
        'override': 1,
    })
    filter_ = Filter.info({'id': filter_['id']})
    # We expect here only one organization and location
    assert filter_['organizations'][0] == new_org['name']
    assert filter_['locations'][0] == new_loc['name']
示例#5
0
    def test_positive_update_org_loc(self):
        """Create a filter and assign it to another organization and location.

         @id: 9bb59109-9701-4ef3-95c6-81f387d372da

         @Assert: Filter is created and assigned to new org and loc.
         """
        org = make_org()
        loc = make_location()
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
            'organization-ids': org['id'],
            'location-ids': loc['id']
        })
        # Update org and loc
        new_org = make_org()
        new_loc = make_location()
        Filter.update({
            'id': filter_['id'],
            'permissions': self.perms,
            'organization-ids': new_org['id'],
            'location-ids': new_loc['id']
        })
        filter_ = Filter.info({'id': filter_['id']})
        # We expect here only one organization and location
        self.assertEqual(filter_['organizations'][0], new_org['name'])
        self.assertEqual(filter_['locations'][0], new_loc['name'])
示例#6
0
 def class_rexinfra_user(self, module_org):
     """Creates a user with all Remote Execution related permissions"""
     password = gen_string('alpha')
     rexinfra = gen_string('alpha')
     make_user({
         'login': rexinfra,
         'password': password,
         'organization-ids': module_org.id
     })
     role = make_role({'organization-ids': module_org.id})
     invocation_permissions = [
         permission['name'] for permission in Filter.available_permissions(
             {'search': 'resource_type=JobInvocation'})
     ]
     template_permissions = [
         permission['name'] for permission in Filter.available_permissions(
             {'search': 'resource_type=JobTemplate'})
     ]
     permissions = ','.join(invocation_permissions)
     make_filter({'role-id': role['id'], 'permissions': permissions})
     permissions = ','.join(template_permissions)
     # needs execute_jobs_on_infrastructure_host permission
     make_filter({'role-id': role['id'], 'permissions': permissions})
     User.add_role({'login': rexinfra, 'role': role['name']})
     User.add_role({'login': rexinfra, 'role': 'Remote Execution Manager'})
     yield (rexinfra, password)
示例#7
0
    def test_positive_delete(self):
        """Create a filter and delete it afterwards.

        :id: 97d1093c-0d49-454b-86f6-f5be87b32775

        :expectedresults: The deleted filter cannot be fetched.

        :CaseImportance: Critical
        """
        filter_ = make_filter({'role-id': self.role['id'], 'permissions': self.perms})
        Filter.delete({'id': filter_['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
示例#8
0
    def test_positive_delete(self):
        """Create a filter and delete it afterwards.

        @id: 97d1093c-0d49-454b-86f6-f5be87b32775

        @Assert: The deleted filter cannot be fetched.
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })
        Filter.delete({'id': filter_['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
示例#9
0
    def test_positive_delete(self):
        """Create a filter and delete it afterwards.

        @id: 97d1093c-0d49-454b-86f6-f5be87b32775

        @Assert: The deleted filter cannot be fetched.
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })
        Filter.delete({'id': filter_['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
示例#10
0
    def test_positive_update_role(self):
        """Create a filter and assign it to another role.

        :id: 2950b3a1-2bce-447f-9df2-869b1d10eaf5

        :expectedresults: Filter is created and assigned to new role.

        :CaseImportance: Critical
        """
        filter_ = make_filter({'role-id': self.role['id'], 'permissions': self.perms})
        # Update with another role
        new_role = make_role()
        Filter.update({'id': filter_['id'], 'role-id': new_role['id']})
        filter_ = Filter.info({'id': filter_['id']})
        self.assertEqual(filter_['role'], new_role['name'])
示例#11
0
    def test_positive_create_with_permission(self):
        """Create new role with a set of permission

        :id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a

        :expectedresults: Role is created and has correct set of permissions

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(
            Role.filters({'id': role['id']})[0]['permissions'],
            permissions
        )
示例#12
0
 def setUpClass(cls):
     """Search for Organization permissions. Set ``cls.perms``."""
     super().setUpClass()
     cls.perms = [
         permission['name']
         for permission in Filter.available_permissions({"search": "resource_type=User"})
     ]
示例#13
0
 def setUpClass(cls):
     """Search for Organization permissions. Set ``cls.perms``."""
     super(FilterTestCase, cls).setUpClass()
     cls.perms = [
         permission['name'] for permission in Filter.available_permissions(
             {'resource-type': 'User'})
     ]
示例#14
0
def module_perms():
    """Search for provisioning template permissions. Set ``cls.ct_perms``."""
    perms = [
        permission['name'] for permission in Filter.available_permissions(
            {"search": "resource_type=User"})
    ]
    return perms
示例#15
0
    def test_positive_create_with_permission(self):
        """Create new role with a set of permission

        :id: 7cb2b2e2-ad4d-41e9-b6b2-c0366eb09b9a

        :expectedresults: Role is created and has correct set of permissions

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(
            Role.filters({'id': role['id']})[0]['permissions'],
            permissions
        )
示例#16
0
 def setUpClass(cls):
     """Search for Organization permissions. Set ``cls.perms``."""
     super(FilterTestCase, cls).setUpClass()
     cls.perms = [
         permission['name']
         for permission in Filter.available_permissions(
             {'resource-type': 'User'})
         ]
示例#17
0
    def test_positive_delete_role(self):
        """Create a filter and delete the role it points at.

        :id: e2adb6a4-e408-4912-a32d-2bf2c43187d9

        :expectedresults: The filter cannot be fetched.

        :CaseImportance: Critical
        """
        filter_ = make_filter({'role-id': self.role['id'], 'permissions': self.perms})

        # A filter depends on a role. Deleting a role implicitly deletes the
        # filter pointing at it.
        Role.delete({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Role.info({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
示例#18
0
    def test_positive_delete_role(self):
        """Create a filter and delete the role it points at.

        @id: e2adb6a4-e408-4912-a32d-2bf2c43187d9

        @Assert: The filter cannot be fetched.
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })

        # A filter depends on a role. Deleting a role implicitly deletes the
        # filter pointing at it.
        Role.delete({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Role.info({'id': self.role['id']})
        with self.assertRaises(CLIReturnCodeError):
            Filter.info({'id': filter_['id']})
示例#19
0
    def test_positive_update_role(self):
        """Create a filter and assign it to another role.

        @id: 2950b3a1-2bce-447f-9df2-869b1d10eaf5

        @Assert: Filter is created and assigned to new role.
        """
        filter_ = make_filter({
            'role-id': self.role['id'],
            'permissions': self.perms,
        })
        # Update with another role
        new_role = make_role()
        Filter.update({
            'id': filter_['id'],
            'role-id': new_role['id'],
        })
        filter_ = Filter.info({'id': filter_['id']})
        self.assertEqual(filter_['role'], new_role['name'])
示例#20
0
def test_positive_update_permissions(module_perms, function_role):
    """Create a filter and update its permissions.

    :id: 3d6a52d8-2f8f-4f97-a155-9b52888af16e

    :expectedresults: Permissions updated.

    :CaseImportance: Critical
    """
    filter_ = make_filter({
        'role-id': function_role['id'],
        'permissions': module_perms
    })
    new_perms = [
        permission['name'] for permission in Filter.available_permissions(
            {"search": "resource_type=User"})
    ]
    Filter.update({'id': filter_['id'], 'permissions': new_perms})
    filter_ = Filter.info({'id': filter_['id']})
    assert set(filter_['permissions'].split(", ")) == set(new_perms)
示例#21
0
    def test_positive_list_filters_with_pagination(self):
        """Make sure filters list can be displayed with different items per
        page value

        :id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865

        :BZ: 1428516

        :expectedresults: `per-page` correctly sets amount of items displayed
            per page, different `per-page` values divide a list into correct
            number of pages

        :CaseImportance: Critical
        """
        role = make_role()
        res_types = iter(PERMISSIONS.keys())
        permissions = []
        # Collect more than 20 different permissions
        while len(permissions) <= 20:
            permissions += [
                permission['name']
                for permission in Filter.available_permissions(
                    {'resource-type': next(res_types)})
            ]
        # Create a filter for each permission
        for perm in permissions:
            make_filter({
                'role': role['name'],
                'permissions': perm,
            })
        # Test different `per-page` values
        for per_page in (1, 5, 20):
            with self.subTest(per_page):
                # Verify the first page contains exactly the same items count
                # as `per-page` value
                filters = Role.filters({
                    'name': role['name'],
                    'per-page': per_page,
                })
                self.assertEqual(len(filters), per_page)
                # Verify pagination and total amount of pages by checking the
                # items count on the last page
                last_page = (len(permissions) / per_page +
                             int(len(permissions) % per_page != 0))
                filters = Role.filters({
                    'name': role['name'],
                    'page': last_page,
                    'per-page': per_page,
                })
                self.assertEqual(len(filters),
                                 len(permissions) % per_page or per_page)
示例#22
0
    def test_positive_list_filters_with_pagination(self):
        """Make sure filters list can be displayed with different items per
        page value

        :id: b9c7c6c1-70c2-4d7f-8d36-fa8613acc865

        :BZ: 1428516

        :expectedresults: `per-page` correctly sets amount of items displayed
            per page, different `per-page` values divide a list into correct
            number of pages

        :CaseImportance: Critical
        """
        role = make_role()
        res_types = iter(PERMISSIONS.keys())
        permissions = []
        # Collect more than 20 different permissions
        while len(permissions) <= 20:
            permissions += [
                permission['name']
                for permission in Filter.available_permissions(
                    {'resource-type': next(res_types)})
            ]
        # Create a filter for each permission
        for perm in permissions:
            make_filter({
                'role': role['name'],
                'permissions': perm,
            })
        # Test different `per-page` values
        for per_page in (1, 5, 20):
            with self.subTest(per_page):
                # Verify the first page contains exactly the same items count
                # as `per-page` value
                filters = Role.filters({
                    'name': role['name'],
                    'per-page': per_page,
                })
                self.assertEqual(len(filters), per_page)
                # Verify pagination and total amount of pages by checking the
                # items count on the last page
                last_page = (len(permissions) / per_page
                             + int(len(permissions) % per_page != 0))
                filters = Role.filters({
                    'name': role['name'],
                    'page': last_page,
                    'per-page': per_page,
                })
                self.assertEqual(
                    len(filters), len(permissions) % per_page or per_page)
示例#23
0
    def test_custom_personal_access_token_role(self, default_sat):
        """Personal access token for non admin user with custom role

        :id: dcbd22df-2641-4d3e-a1ad-76f36642e31b

        :steps:
            1. Create role with PAT and View Users
            2. Create non admin user and assign the role
            3. Create PAT for the user and test with the end point
            4. Revoke the token and then test for end point.

        :expectedresults: Non admin user is able to view only the assigned entity

        :CaseLevel: System

        :CaseImportance: High

        :BZ: 1974685, 1996048
        """
        role = make_role()
        permissions = [
            permission['name'] for permission in Filter.available_permissions(
                {'search': 'resource_type=PersonalAccessToken'})
        ]
        permissions = ','.join(permissions)
        make_filter({'role-id': role['id'], 'permissions': permissions})
        make_filter({'role-id': role['id'], 'permissions': 'view_users'})
        user = make_user()
        User.add_role({'login': user['login'], 'role': role['name']})
        token_name = gen_alphanumeric()
        result = User.access_token(action="create",
                                   options={
                                       'name': token_name,
                                       'user-id': user['id']
                                   })
        token_value = result[0]['message'].split(':')[-1]
        command_output = default_sat.execute(
            f'curl -k -u {user["login"]}:{token_value} {default_sat.url}/api/v2/users'
        )
        assert user['login'] in command_output.stdout
        assert user['email'] in command_output.stdout
        User.access_token(action="revoke",
                          options={
                              'name': token_name,
                              'user-id': user['id']
                          })
        command_output = default_sat.execute(
            f'curl -k -u {user["login"]}:{token_value} {default_sat.url}/api/v2/users'
        )
        assert f'Unable to authenticate user {user["login"]}' in command_output.stdout
示例#24
0
    def test_positive_create_with_filter(self):
        """Create new role with a filter

        :id: 6c99ee25-4e58-496c-af42-f8ad2da6cf07

        :expectedresults: Role is created and correct filter is assigned

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions({'resource-type': 'Organization'})
        ]
        # Assign filter to created role
        filter_ = make_filter({'role-id': role['id'], 'permissions': permissions})
        self.assertEqual(role['name'], filter_['role'])
示例#25
0
    def test_positive_list_filters_by_id(self):
        """Create new role with a filter and list it by role id

        :id: 6979ad8d-629b-481e-9d3a-8f3b3bca53f9

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions({"search": "resource_type=Organization"})
        ]
        # Assign filter to created role
        filter_ = make_filter({'role-id': role['id'], 'permissions': permissions})
        assert role['name'] == filter_['role']
        assert Role.filters({'id': role['id']})[0]['id'] == filter_['id']
示例#26
0
    def test_positive_list_filters_by_name(self):
        """Create new role with a filter and list it by role name

        :id: bbcb3982-f484-4dde-a3ea-7145fd28ab1f

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions({"search": "resource_type=Organization"})
        ]
        # Assign filter to created role
        filter_ = make_filter({'role': role['name'], 'permissions': permissions})
        assert role['name'] == filter_['role']
        assert Role.filters({'name': role['name']})[0]['id'] == filter_['id']
示例#27
0
 def make_role_with_permissions(self):
     """Create new role with a filter"""
     role = make_role()
     res_types = iter(PERMISSIONS.keys())
     permissions = []
     # Collect more than 20 different permissions
     while len(permissions) <= 20:
         permissions += [
             permission['name']
             for permission in Filter.available_permissions(
                 {"search": f"resource_type={next(res_types)}"})
         ]
     # Create a filter for each permission
     for perm in permissions:
         make_filter({'role': role['name'], 'permissions': perm})
     return {
         'role': role,
         'permissions': permissions,
     }
示例#28
0
    def test_positive_create_with_filter(self):
        """Create new role with a filter

        @id: 6c99ee25-4e58-496c-af42-f8ad2da6cf07

        @assert: Role is created and correct filter is assigned
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        filter_ = make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(role['name'], filter_['role'])
示例#29
0
    def test_positive_list_filters_by_id(self):
        """Create new role with a filter and list it by role id

        :id: 6979ad8d-629b-481e-9d3a-8f3b3bca53f9

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        filter_ = make_filter({
            'role-id': role['id'],
            'permissions': permissions,
        })
        self.assertEqual(role['name'], filter_['role'])
        self.assertEqual(
            Role.filters({'id': role['id']})[0]['id'], filter_['id'])
示例#30
0
    def test_positive_list_filters_by_name(self):
        """Create new role with a filter and list it by role name

        :id: bbcb3982-f484-4dde-a3ea-7145fd28ab1f

        :expectedresults: Filter is listed for specified role

        :CaseImportance: Critical
        """
        role = make_role()
        # Pick permissions by its resource type
        permissions = [
            permission['name']
            for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
            ]
        # Assign filter to created role
        filter_ = make_filter({
            'role': role['name'],
            'permissions': permissions,
        })
        self.assertEqual(role['name'], filter_['role'])
        self.assertEqual(
            Role.filters({'name': role['name']})[0]['id'], filter_['id'])
示例#31
0
def test_negative_nonauthor_of_report_cant_download_it():
    """The resulting report should only be downloadable by
       the user that generated it or admin. Check.

    :id: a4bc77db-146e-4871-a42e-e93887464986

    :setup: Installed Satellite, user that can list running tasks

    :steps:

        1. hammer -u u1 -p p1 report-template schedule
        2. hammer -u u2 -p p2 report-template report-data

    :expectedresults: Report can't be downloaded. Error.
    """
    uname_viewer = gen_alpha()
    uname_viewer2 = gen_alpha()
    password = gen_alpha()

    loc = Location.info({'name': DEFAULT_LOC})
    org = Org.info({'name': DEFAULT_ORG})

    user1 = make_user({
        'login': uname_viewer,
        'password': password,
        'organization-ids': org['id'],
        'location-ids': loc['id'],
    })

    user2 = make_user({
        'login': uname_viewer2,
        'password': password,
        'organization-ids': org['id'],
        'location-ids': loc['id'],
    })

    role = make_role()
    # Pick permissions by its resource type
    permissions_org = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=Organization'})
    ]
    permissions_loc = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=Location'})
    ]
    permissions_rt = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=ReportTemplate'})
    ]
    permissions_pt = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=ProvisioningTemplate'})
    ]
    permissions_jt = [
        permission['name'] for permission in Filter.available_permissions(
            {'search': 'resource_type=JobTemplate'})
    ]
    # Assign filters to created role
    for perm in [
            permissions_org, permissions_loc, permissions_rt, permissions_pt,
            permissions_jt
    ]:
        make_filter({'role-id': role['id'], 'permissions': perm})
    User.add_role({'login': user1['login'], 'role-id': role['id']})
    User.add_role({'login': user2['login'], 'role-id': role['id']})

    name = gen_alpha()
    content = gen_alpha()

    report_template = ReportTemplate.with_user(username=user1['login'],
                                               password=password).create({
                                                   'name':
                                                   name,
                                                   'organization-id':
                                                   org['id'],
                                                   'location-id':
                                                   loc['id'],
                                                   'file':
                                                   content
                                               })

    schedule = ReportTemplate.with_user(username=user1['login'],
                                        password=password).schedule(
                                            {'name': report_template['name']})
    job_id = schedule.split('Job ID: ', 1)[1].strip()

    report_data = ReportTemplate.with_user(username=user1['login'],
                                           password=password).report_data({
                                               'id':
                                               report_template['name'],
                                               'job-id':
                                               job_id
                                           })

    assert content in report_data
    with pytest.raises(CLIReturnCodeError):
        ReportTemplate.with_user(username=user2['login'],
                                 password=password).report_data({
                                     'id':
                                     report_template['name'],
                                     'job-id':
                                     job_id
                                 })
示例#32
0
    def test_system_admin_role_end_to_end(self):
        """Test System admin role with a end to end workflow

        :id: da6b3549-d1cf-44fc-869f-08d15d407fa2

        :steps:

            1. Create a System admin role user1
            2. Login with the user1 and change global settings
                "Out of sync interval" to 31
            3. Create user2 with system admin role
            4. Login with user2 to create a Organization
            5. Clone a Org-admin role
            6. Edit the Architecture Filter and search name  =  x86_64
            7. Create a User with Cloned Org admin
            8. Login with user.

        :expectedresults:

            1. User should be assigned with System Admin role.
            2. User with sys admin role should be able to update settings
            3. User with sys admin role should be able to create users and
                assign Organizations to them.
            4. System Admin role should be able to create Organization admins
            5. User with sys admin role should be able to edit filters on roles

        :CaseLevel: System
        """
        org = make_org()
        location = make_location()
        common_pass = gen_string('alpha')
        role = Role.info({'name': 'System admin'})
        system_admin_1 = make_user({
            'password': common_pass,
            'organization-ids': org['id'],
            'location-ids': location['id']
            })
        User.add_role({
            'id': system_admin_1['id'],
            'role-id': role['id']
            })
        Settings.with_user(
            username=system_admin_1['login'],
            password=common_pass).set({
                'name': "outofsync_interval",
                'value': "32"
                })
        sync_time = Settings.list({
            'search': 'name=outofsync_interval'
            })[0]
        # Asserts if the setting was updated successfully
        self.assertEqual('32', sync_time['value'])

        # Create another System Admin user using the first one
        system_admin = User.with_user(
                username=system_admin_1['login'],
                password=common_pass).create({
                    u'auth-source-id': 1,
                    u'firstname': gen_string('alpha'),
                    u'lastname': gen_string('alpha'),
                    u'login': gen_string('alpha'),
                    u'mail': '{0}@example.com'.format(gen_string('alpha')),
                    u'password': common_pass,
                    u'organizations': org['name'],
                    u'role-ids': role['id'],
                    u'locations': location['name']
                    })
        # Create the Org Admin user
        org_role = Role.with_user(
            username=system_admin['login'],
            password=common_pass).clone({
                'name': 'Organization admin',
                'new-name': gen_string('alpha'),
                'organization-ids': org['id'],
                'location-ids': location['id']
                })
        org_admin = User.with_user(
                username=system_admin['login'],
                password=common_pass).create({
                    u'auth-source-id': 1,
                    u'firstname': gen_string('alpha'),
                    u'lastname': gen_string('alpha'),
                    u'login': gen_string('alpha'),
                    u'mail': '{0}@example.com'.format(gen_string('alpha')),
                    u'password': common_pass,
                    u'organizations': org['name'],
                    u'role-ids': org_role['id'],
                    u'location-ids': location['id']
                    })
        # Assert if the cloning was successful
        self.assertIsNotNone(org_role['id'])
        org_role_filters = Role.filters({'id': org_role['id']})
        search_filter = None
        for arch_filter in org_role_filters:
            if arch_filter['resource-type'] == 'Architecture':
                search_filter = arch_filter
                break
        Filter.with_user(
            username=system_admin['login'],
            password=common_pass).update({
                'role-id': org_role['id'],
                'id': arch_filter['id'],
                'search': 'name=x86_64'
                })
        # Asserts if the filter is updated
        self.assertIn('name=x86_64',
                      Filter.info({
                          'id': search_filter['id']
                            }).values()
                      )
        org_admin = User.with_user(
            username=system_admin['login'],
            password=common_pass).info({'id': org_admin['id']})
        # Asserts Created Org Admin
        self.assertIn(org_role['name'], org_admin['roles'])
        self.assertIn(org['name'], org_admin['organizations'])
示例#33
0
    def test_system_admin_role_end_to_end(self):
        """Test System admin role with a end to end workflow

        :id: da6b3549-d1cf-44fc-869f-08d15d407fa2

        :steps:

            1. Create a System admin role user1
            2. Login with the user1 and change global settings
                "Out of sync interval" to 31
            3. Create user2 with system admin role
            4. Login with user2 to create a Organization
            5. Clone a Org-admin role
            6. Edit the Architecture Filter and search name  =  x86_64
            7. Create a User with Cloned Org admin
            8. Login with user.

        :expectedresults:

            1. User should be assigned with System Admin role.
            2. User with sys admin role should be able to update settings
            3. User with sys admin role should be able to create users and
                assign Organizations to them.
            4. System Admin role should be able to create Organization admins
            5. User with sys admin role should be able to edit filters on roles

        :CaseLevel: System
        """
        org = make_org()
        location = make_location()
        common_pass = gen_string('alpha')
        role = Role.info({'name': 'System admin'})
        system_admin_1 = make_user(
            {
                'password': common_pass,
                'organization-ids': org['id'],
                'location-ids': location['id'],
            }
        )
        User.add_role({'id': system_admin_1['id'], 'role-id': role['id']})
        Settings.with_user(username=system_admin_1['login'], password=common_pass).set(
            {'name': "outofsync_interval", 'value': "32"}
        )
        sync_time = Settings.list({'search': 'name=outofsync_interval'})[0]
        # Asserts if the setting was updated successfully
        assert '32' == sync_time['value']

        # Create another System Admin user using the first one
        system_admin = User.with_user(
            username=system_admin_1['login'], password=common_pass
        ).create(
            {
                'auth-source-id': 1,
                'firstname': gen_string('alpha'),
                'lastname': gen_string('alpha'),
                'login': gen_string('alpha'),
                'mail': '{}@example.com'.format(gen_string('alpha')),
                'password': common_pass,
                'organizations': org['name'],
                'role-ids': role['id'],
                'locations': location['name'],
            }
        )
        # Create the Org Admin user
        org_role = Role.with_user(username=system_admin['login'], password=common_pass).clone(
            {
                'name': 'Organization admin',
                'new-name': gen_string('alpha'),
                'organization-ids': org['id'],
                'location-ids': location['id'],
            }
        )
        org_admin = User.with_user(username=system_admin['login'], password=common_pass).create(
            {
                'auth-source-id': 1,
                'firstname': gen_string('alpha'),
                'lastname': gen_string('alpha'),
                'login': gen_string('alpha'),
                'mail': '{}@example.com'.format(gen_string('alpha')),
                'password': common_pass,
                'organizations': org['name'],
                'role-ids': org_role['id'],
                'location-ids': location['id'],
            }
        )
        # Assert if the cloning was successful
        assert org_role['id'] is not None
        org_role_filters = Role.filters({'id': org_role['id']})
        search_filter = None
        for arch_filter in org_role_filters:
            if arch_filter['resource-type'] == 'Architecture':
                search_filter = arch_filter
                break
        Filter.with_user(username=system_admin['login'], password=common_pass).update(
            {'role-id': org_role['id'], 'id': arch_filter['id'], 'search': 'name=x86_64'}
        )
        # Asserts if the filter is updated
        assert 'name=x86_64' in Filter.info({'id': search_filter['id']}).values()
        org_admin = User.with_user(username=system_admin['login'], password=common_pass).info(
            {'id': org_admin['id']}
        )
        # Asserts Created Org Admin
        assert org_role['name'] in org_admin['roles']
        assert org['name'] in org_admin['organizations']
示例#34
0
    def test_negative_nonauthor_of_report_cant_download_it(self):
        """The resulting report should only be downloadable by
           the user that generated it or admin. Check.

        :id: a4bc77db-146e-4871-a42e-e93887464986

        :setup: Installed Satellite, user that can list running tasks

        :steps:

            1. hammer -u u1 -p p1 report-template schedule
            2. hammer -u u2 -p p2 report-template report-data

        :expectedresults: Report can't be downloaded. Error.

        :CaseImportance: High
        """
        uname_viewer = gen_string('alpha')
        uname_viewer2 = gen_string('alpha')
        password = gen_string('alpha')

        loc = Location.info({'name': DEFAULT_LOC})
        org = Org.info({'name': DEFAULT_ORG})

        user1 = make_user({
            'login': uname_viewer,
            'password': password,
            'organization-ids': org['id'],
            'location-ids': loc['id'],
        })

        user2 = make_user({
            'login': uname_viewer2,
            'password': password,
            'organization-ids': org['id'],
            'location-ids': loc['id'],
        })

        role = make_role()
        # Pick permissions by its resource type
        permissions_org = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'Organization'})
        ]
        permissions_loc = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'Location'})
        ]
        permissions_rt = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'ReportTemplate'})
        ]
        permissions_pt = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'ProvisioningTemplate'})
        ]
        permissions_jt = [
            permission['name'] for permission in Filter.available_permissions(
                {'resource-type': 'JobTemplate'})
        ]
        # Assign filters to created role
        make_filter({'role-id': role['id'], 'permissions': permissions_org})
        make_filter({'role-id': role['id'], 'permissions': permissions_loc})
        make_filter({'role-id': role['id'], 'permissions': permissions_rt})
        make_filter({'role-id': role['id'], 'permissions': permissions_pt})
        make_filter({'role-id': role['id'], 'permissions': permissions_jt})
        User.add_role({'login': user1['login'], 'role-id': role['id']})
        User.add_role({'login': user2['login'], 'role-id': role['id']})

        name = gen_string('alpha')
        content = gen_string('alpha')

        report_template = ReportTemplate.with_user(username=user1['login'],
                                                   password=password).create({
                                                       'name':
                                                       name,
                                                       'organization-id':
                                                       org['id'],
                                                       'location-id':
                                                       loc['id'],
                                                       'file':
                                                       content
                                                   })

        schedule = ReportTemplate.with_user(username=user1['login'],
                                            password=password).schedule({
                                                'name':
                                                report_template['name']
                                            })

        report_data = ReportTemplate.with_user(username=user1['login'],
                                               password=password).report_data({
                                                   'id':
                                                   report_template['name'],
                                                   'job-id':
                                                   schedule[0].split(
                                                       "Job ID: ", 1)[1]
                                               })

        self.assertIn(content, report_data)
        with self.assertRaises(CLIReturnCodeError):
            ReportTemplate.with_user(username=user2['login'],
                                     password=password).report_data({
                                         'id':
                                         report_template['name'],
                                         'job-id':
                                         schedule[0].split("Job ID: ", 1)[1]
                                     })
示例#35
0
def test_positive_user_permission(products_with_repos):
    """Show errata only if the User has permissions to view them

    :id: f350c13b-8cf9-4aa5-8c3a-1c48397ea514

    :Setup:

        1. Create two products with one repo each. Sync them.
        2. Make sure that they both have errata.
        3. Create a user with view access on one product and not on the
           other.

    :Steps: erratum list --organization-id=<orgid>

    :expectedresults: Check that the new user is able to see errata for one
        product only.

    :BZ: 1403947
    """
    user_password = gen_string('alphanumeric')
    user_name = gen_string('alphanumeric')

    product = products_with_repos[3]
    org = product.organization

    # get the available permissions
    permissions = Filter.available_permissions()
    user_required_permissions_names = ['view_products']
    # get the user required permissions ids
    user_required_permissions_ids = [
        permission['id'] for permission in permissions
        if permission['name'] in user_required_permissions_names
    ]
    assert len(user_required_permissions_ids) > 0

    # create a role
    role = make_role({'organization-ids': org.id})

    # create a filter with the required permissions for role with product
    # one only
    make_filter({
        'permission-ids': user_required_permissions_ids,
        'role-id': role['id'],
        'search': f"name = {product.name}",
    })

    # create a new user and assign him the created role permissions
    user = make_user({
        'admin': False,
        'login': user_name,
        'password': user_password,
        'organization-ids': [org.id],
        'default-organization-id': org.id,
    })
    User.add_role({'id': user['id'], 'role-id': role['id']})

    # make sure the user is not admin and has only the permissions assigned
    user = User.info({'id': user['id']})
    assert user['admin'] == 'no'
    assert set(user['roles']) == {role['name']}

    # try to get organization info
    # get the info as admin user first
    org_info = Org.info({'id': org.id})
    assert str(org.id) == org_info['id']
    assert org.name == org_info['name']

    # get the organization info as the created user
    with pytest.raises(CLIReturnCodeError) as context:
        Org.with_user(user_name, user_password).info({'id': org.id})
    assert 'Missing one of the required permissions: view_organizations' in context.value.stderr

    # try to get the erratum products list by organization id only
    # ensure that all products erratum are accessible by admin user
    admin_org_errata_ids = [
        errata['errata-id']
        for errata in Erratum.list({'organization-id': org.id})
    ]
    assert REPOS_WITH_ERRATA[2]['errata_id'] in admin_org_errata_ids
    assert REPOS_WITH_ERRATA[3]['errata_id'] in admin_org_errata_ids

    assert len(admin_org_errata_ids) == (REPOS_WITH_ERRATA[2]['errata_count'] +
                                         REPOS_WITH_ERRATA[3]['errata_count'])

    # ensure that the created user see only the erratum product that was
    # assigned in permissions
    user_org_errata_ids = [
        errata['errata-id'] for errata in Erratum.with_user(
            user_name, user_password).list({'organization-id': org.id})
    ]
    assert len(user_org_errata_ids) == REPOS_WITH_ERRATA[3]['errata_count']
    assert REPOS_WITH_ERRATA[3]['errata_id'] in user_org_errata_ids
    assert REPOS_WITH_ERRATA[2]['errata_id'] not in user_org_errata_ids