def test_positive_automate_bz1426957(self): """Verify role is properly reflected on AD user. :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc :expectedresults: Roles from usergroup is applied on AD user successfully. :CaseLevel: Integration :BZ: 1426957, 1667704 """ ext_user_group = make_usergroup_external( { 'auth-source-id': self.auth['server']['id'], 'user-group-id': self.user_group['id'], 'name': 'foobargroup', } ) self.assertEqual(ext_user_group['auth-source'], self.auth['server']['name']) role = make_role() UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']}) with self.assertNotRaises(CLIReturnCodeError): Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list() UserGroupExternal.refresh( {'user-group-id': self.user_group['id'], 'name': 'foobargroup'} ) self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1], role['name']) User.delete({'login': self.ldap_user_name})
def test_positive_automate_bz1426957(ldap_auth_source, function_user_group): """Verify role is properly reflected on AD user. :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc :expectedresults: Roles from usergroup is applied on AD user successfully. :CaseLevel: Integration :BZ: 1426957, 1667704 """ ext_user_group = make_usergroup_external({ 'auth-source-id': ldap_auth_source['id'], 'user-group-id': function_user_group['id'], 'name': 'foobargroup', }) assert ext_user_group['auth-source'] == ldap_auth_source['ldap_hostname'] role = make_role() UserGroup.add_role({ 'id': function_user_group['id'], 'role-id': role['id'] }) Task.with_user(username=ldap_auth_source['user_name'], password=ldap_auth_source['user_password']).list() UserGroupExternal.refresh({ 'user-group-id': function_user_group['id'], 'name': 'foobargroup' }) assert role['name'] in User.info({'login': ldap_auth_source['user_name'] })['user-groups'] User.delete({'login': ldap_auth_source['user_name']})
def test_positive_automate_bz1426957(self): """Verify role is properly reflected on AD user. :id: 1c1209a6-5bb8-489c-a151-bb2fce4dbbfc :expectedresults: Roles from usergroup is applied on AD user successfully. :CaseLevel: Integration :BZ: 1426957 """ ext_user_group = make_usergroup_external({ 'auth-source-id': self.auth['server']['id'], 'user-group-id': self.user_group['id'], 'name': 'foobargroup' }) self.assertEqual( ext_user_group['auth-source'], self.auth['server']['name'] ) role = make_role() UserGroup.add_role({'id': self.user_group['id'], 'role-id': role['id']}) with self.assertNotRaises(CLIReturnCodeError): Task.with_user(username=self.ldap_user_name, password=self.ldap_user_passwd).list() UserGroupExternal.refresh({ 'user-group-id': self.user_group['id'], 'name': 'foobargroup' }) self.assertEqual(User.info({'login': self.ldap_user_name})['user-groups'][1], role['name']) User.delete({'login': self.ldap_user_name})
def test_positive_refresh_usergroup_with_ad(self, member_group, ad_data, ldap_tear_down): """Verify the usergroup-sync functionality in AD Auth Source :id: 2e913e76-49c3-11eb-b4c6-d46d6dd3b5b2 :customerscenario: true :CaseImportance: Medium :bz: 1901392 :parametrized: yes :expectedresults: external user-group sync works as expected automatically based on user-sync """ ad_data = ad_data() group_base_dn = ','.join(ad_data['group_base_dn'].split(',')[1:]) LOGEDIN_MSG = "Using configured credentials for user '{0}'." auth_source = make_ldap_auth_source( { 'name': gen_string('alpha'), 'onthefly-register': 'true', 'host': ad_data['ldap_hostname'], 'server-type': LDAP_SERVER_TYPE['CLI']['ad'], 'attr-login': LDAP_ATTR['login_ad'], 'attr-firstname': LDAP_ATTR['firstname'], 'attr-lastname': LDAP_ATTR['surname'], 'attr-mail': LDAP_ATTR['mail'], 'account': ad_data['ldap_user_name'], 'account-password': ad_data['ldap_user_passwd'], 'base-dn': ad_data['base_dn'], 'groups-base': group_base_dn, } ) # assert auth_source['account']['groups-base'] == group_base_dn viewer_role = Role.info({'name': 'Viewer'}) user_group = make_usergroup() make_usergroup_external( { 'auth-source-id': auth_source['server']['id'], 'user-group-id': user_group['id'], 'name': member_group, } ) UserGroup.add_role({'id': user_group['id'], 'role-id': viewer_role['id']}) user_group = UserGroup.info({'id': user_group['id']}) result = Auth.with_user( username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd'] ).status() assert LOGEDIN_MSG.format(ad_data['ldap_user_name']) in result[0]['message'] UserGroupExternal.refresh({'user-group-id': user_group['id'], 'name': member_group}) user_group = UserGroup.info({'id': user_group['id']}) list = Role.with_user( username=ad_data['ldap_user_name'], password=ad_data['ldap_user_passwd'] ).list() assert len(list) > 1
def test_positive_add_role_by_name(self): """Create new user group and new role. Then add created role to user group by name @Feature: Usergroup @Assert: Role is added to user group successfully. """ role = make_role() user_group = make_usergroup() UserGroup.add_role({ 'id': user_group['id'], 'role': role['name'], }) user_group = UserGroup.info({'id': user_group['id']}) self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_add_and_remove_elements(self): """Create new user group. Add and remove several element from the group. :id: a4ce8724-d3c8-4c00-9421-aaa40394134d :BZ: 1395229 :expectedresults: Elements are added to user group and then removed successfully. :CaseLevel: Integration """ role = make_role() user_group = make_usergroup() user = make_user() sub_user_group = make_usergroup() # Add elements by id UserGroup.add_role({'id': user_group['id'], 'role-id': role['id']}) UserGroup.add_user({'id': user_group['id'], 'user-id': user['id']}) UserGroup.add_user_group({ 'id': user_group['id'], 'user-group-id': sub_user_group['id'] }) user_group = UserGroup.info({'id': user_group['id']}) self.assertEqual(len(user_group['roles']), 1) self.assertEqual(user_group['roles'][0], role['name']) self.assertEqual(len(user_group['users']), 1) self.assertEqual(user_group['users'][0], user['login']) self.assertEqual(len(user_group['user-groups']), 1) self.assertEqual(user_group['user-groups'][0]['usergroup'], sub_user_group['name']) # Remove elements by name UserGroup.remove_role({'id': user_group['id'], 'role': role['name']}) UserGroup.remove_user({'id': user_group['id'], 'user': user['login']}) UserGroup.remove_user_group({ 'id': user_group['id'], 'user-group': sub_user_group['name'] }) user_group = UserGroup.info({'id': user_group['id']}) self.assertEqual(len(user_group['roles']), 0) self.assertEqual(len(user_group['users']), 0) self.assertEqual(len(user_group['user-groups']), 0)
def test_positive_add_role_by_name(self): """Create new user group and new role. Then add created role to user group by name :id: 181bf2d5-0650-4fb0-890c-475eac3306a2 :expectedresults: Role is added to user group successfully. :CaseLevel: Integration """ role = make_role() user_group = make_usergroup() UserGroup.add_role({ 'id': user_group['id'], 'role': role['name'], }) user_group = UserGroup.info({'id': user_group['id']}) self.assertEqual(user_group['roles'][0], role['name'])
def test_positive_add_role_by_id(self): """Create new user group and new role. Then add created role to user group by id :id: a4ce8724-d3c8-4c00-9421-aaa40394134d :expectedresults: Role is added to user group successfully. :CaseLevel: Integration """ role = make_role() user_group = make_usergroup() UserGroup.add_role({ 'id': user_group['id'], 'role-id': role['id'], }) user_group = UserGroup.info({'id': user_group['id']}) self.assertEqual(user_group['roles'][0], role['name'])
def test_usergroup_with_usergroup_sync(self, ipa_data): """Verify the usergroup-sync functionality in Ldap Auth Source :id: 2b63e886-2c53-11ea-9da5-db3ae0527554 :expectedresults: external user-group sync works as expected automatically based on user-sync :CaseImportance: Medium """ self._clean_up_previous_ldap() self.ldap_ipa_hostname = ipa_data['ldap_ipa_hostname'] self.ldap_ipa_user_passwd = ipa_data['ldap_ipa_user_passwd'] ldap_ipa_user_name = ipa_data['ldap_ipa_user_name'] ipa_group_base_dn = ipa_data['ipa_group_base_dn'].replace( 'foobargroup', 'foreman_group') member_username = '******' member_group = 'foreman_group' LOGEDIN_MSG = "Using configured credentials for user '{0}'." auth_source_name = gen_string('alpha') auth_source = make_ldap_auth_source({ 'name': auth_source_name, 'onthefly-register': 'true', 'usergroup-sync': 'true', 'host': ipa_data['ldap_ipa_hostname'], 'server-type': LDAP_SERVER_TYPE['CLI']['ipa'], 'attr-login': LDAP_ATTR['login'], 'attr-firstname': LDAP_ATTR['firstname'], 'attr-lastname': LDAP_ATTR['surname'], 'attr-mail': LDAP_ATTR['mail'], 'account': ldap_ipa_user_name, 'account-password': ipa_data['ldap_ipa_user_passwd'], 'base-dn': ipa_data['ipa_base_dn'], 'groups-base': ipa_group_base_dn, }) auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']}) # Adding User in IPA UserGroup self._add_user_in_IPA_usergroup(member_username, member_group) viewer_role = Role.info({'name': 'Viewer'}) user_group = make_usergroup() ext_user_group = make_usergroup_external({ 'auth-source-id': auth_source['server']['id'], 'user-group-id': user_group['id'], 'name': member_group, }) UserGroup.add_role({ 'id': user_group['id'], 'role-id': viewer_role['id'] }) assert ext_user_group['auth-source'] == auth_source['server']['name'] user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0 result = Auth.with_user(username=member_username, password=self.ldap_ipa_user_passwd).status() assert LOGEDIN_MSG.format(member_username) in result[0]['message'] list = Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert len(list) > 1 user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 1 assert user_group['users'][0] == member_username # Removing User in IPA UserGroup self._remove_user_in_IPA_usergroup(member_username, member_group) with pytest.raises(CLIReturnCodeError) as error: Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert 'Missing one of the required permissions' in error.value.message user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0
def test_usergroup_sync_with_refresh(self): """Verify the refresh functionality in Ldap Auth Source :id: c905eb80-2bd0-11ea-abc3-ddb7dbb3c930 :expectedresults: external user-group sync works as expected as on-demand sync based on refresh works :CaseImportance: Medium """ self._clean_up_previous_ldap() ldap_ipa_user_name = self.ldap_ipa_user_name ipa_group_base_dn = self.ipa_group_base_dn.replace( 'foobargroup', 'foreman_group') member_username = '******' member_group = 'foreman_group' LOGEDIN_MSG = "Using configured credentials for user '{0}'." auth_source_name = gen_string('alpha') auth_source = make_ldap_auth_source({ 'name': auth_source_name, 'onthefly-register': 'true', 'usergroup-sync': 'false', 'host': self.ldap_ipa_hostname, 'server-type': LDAP_SERVER_TYPE['CLI']['ipa'], 'attr-login': LDAP_ATTR['login'], 'attr-firstname': LDAP_ATTR['firstname'], 'attr-lastname': LDAP_ATTR['surname'], 'attr-mail': LDAP_ATTR['mail'], 'account': ldap_ipa_user_name, 'account-password': self.ldap_ipa_user_passwd, 'base-dn': self.ipa_base_dn, 'groups-base': ipa_group_base_dn, }) auth_source = LDAPAuthSource.info({'id': auth_source['server']['id']}) # Adding User in IPA UserGroup self._add_user_in_IPA_usergroup(member_username, member_group) viewer_role = Role.info({'name': 'Viewer'}) user_group = make_usergroup() ext_user_group = make_usergroup_external({ 'auth-source-id': auth_source['server']['id'], 'user-group-id': user_group['id'], 'name': member_group, }) UserGroup.add_role({ 'id': user_group['id'], 'role-id': viewer_role['id'] }) assert ext_user_group['auth-source'] == auth_source['server']['name'] user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0 result = Auth.with_user(username=member_username, password=self.ldap_ipa_user_passwd).status() assert LOGEDIN_MSG.format(member_username) in result[0]['message'] with self.assertRaises(CLIReturnCodeError) as error: Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert 'Missing one of the required permissions' in error.exception.message with self.assertNotRaises(CLIReturnCodeError): UserGroupExternal.refresh({ 'user-group-id': user_group['id'], 'name': member_group }) list = Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert len(list) > 1 user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 1 assert user_group['users'][0] == member_username # Removing User in IPA UserGroup self._remove_user_in_IPA_usergroup(member_username, member_group) with self.assertNotRaises(CLIReturnCodeError): UserGroupExternal.refresh({ 'user-group-id': user_group['id'], 'name': member_group }) user_group = UserGroup.info({'id': user_group['id']}) assert len(user_group['users']) == 0 with self.assertRaises(CLIReturnCodeError) as error: Role.with_user(username=member_username, password=self.ldap_ipa_user_passwd).list() assert 'Missing one of the required permissions' in error.exception.message