def test_multi_grp_usr(self): #ldapGroupBase().update_ldap_config_nested_grp(self.master,10) self.sleep(3) if len(self.group_roles) == 1: grp = [] for i in range(self.group_no): grp.append(self.group_roles[0]) self.group_roles = grp grp_list, usr_list = ldapGroupBase().create_ldap_grp_user( self.group_no, self.user_no, self.group_roles, self.master, external=self.auth_type in ["ExternalGroup", "ExternalUser"]) self.addToUserList(usr_list) self.addToGroupList(grp_list) self.rest.invalidate_ldap_cache() self.sleep(30) for i in range(0, int(self.group_no)): for usr in usr_list[i]: result = ldapGroupBase().check_permission( usr, self.master, external=self.auth_type in ["ExternalUser", "ExternalGroup"]) if 'admin' in self.group_roles[i]: self.assertTrue(result) elif 'cluster_admin' in self.group_roles[i]: self.assertFalse(result)
def test_rem_grp_local_usr(self): remove_usr = self.input.param('remove_usr').split(':') remove_grp = self.input.param('remove_grp').split(':') for i in range(0, len(remove_usr)): ldapGroupBase().remove_int_user_role(remove_usr[i], remove_grp[i], self.master) self.sleep(3) for user in self.user_list: ldapGroupBase().get_user_detail(user, self.master)
def test_nested_grp_ind_level(self): ldapGroupBase().update_ldap_config_nested_grp(self.master) self.sleep(10) new_role = self.input.param('new_role').split(':') first_group, last_group, first_user, last_user, listOfUsers, listOfGrps = \ ldapGroupBase().create_nested_grp(self.group_prefix, self.user_prefix, self.nested_level, self.master) self.sleep(3) self.addToUserList(listOfUsers) self.addToGroupList(listOfGrps) group_dn = 'cn=' + last_group + ',' + self.LDAP_GROUP_DN self.sleep(3) # ldapGroupBase().check_permission(last_user[0], self.master) ldapGroupBase().add_role_group(last_group, self.group_roles[0], group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(10) # ldapGroupBase().check_permission(last_user[0] ,self.master) level_no = random.randrange(1, self.nested_level) group_dn = 'cn=' + self.group_prefix + str( level_no) + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(self.group_prefix + str(level_no), new_role[0], group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(10) result = ldapGroupBase().check_permission( self.user_prefix + str(level_no), self.master) self.assertTrue(result) result = ldapGroupBase().check_permission( self.user_prefix + str(level_no - 1), self.master) self.rest.invalidate_ldap_cache() self.assertTrue(result)
def test_del_role_from_grp(self): group_names = self.input.param('remove_grp_name', '') groles = self.input.param('remove_grp_role', '') num = group_names[-1] user_name = self.user_list[int(num) - 1][0] content = ldapGroupBase().get_group_detail(group_names, self.master) ldapGroupBase().remove_role_existing_grp([group_names], groles, None, self.master) result = ldapGroupBase().check_permission(user_name, self.master) self.assertFalse(result)
def test_add_remove_user(self): self.rem_usr = self.input.param('rem_usr', "") self.rem_grp = self.input.param('rem_from_grp', "") content = ldapGroupBase().remove_int_user_role(self.rem_usr, self.rem_grp, self.master) result = ldapGroupBase().check_permission(self.rem_usr, self.master) self.assertTrue(result) result = ldapGroupBase().add_local_user_role(self.rem_usr, self.rem_grp, self.master) content = ldapGroupBase().check_permission(self.rem_usr, self.master) self.assertTrue(content)
def setUp(self): super(ldapGroup, self).setUp() self.Users = [] self.Groups = [] self.group_name = self.input.param('group_name', 'testgrp') self.group_no = self.input.param('group_no', None) self.user_no = self.input.param('user_no', '') self.user_list = self.input.param('users', 'oel1:oel2') self.user_roles = self.input.param('user_roles', 'admin') if self.user_no != '': self.user_list = [] user_list = [] number = self.user_no.split(":") count = 0 for num in number: for user_num in range(int(num)): user_list.append("usr" + str(count)) count = count + 1 self.user_list.append(user_list) user_list = [] if ("?" in self.user_list): self.user_list = self.user_list.split("?") usr_list = [] for user in self.user_list: temp = user.split(":") usr_list.append(temp) self.user_list = usr_list else: if (":" in self.user_list): self.user_list = self.user_list.split(":") self.group_roles = self.input.param('group_roles', 'admin') # if("?" not in self.group_roles): self.group_roles = self.group_roles.split(":") self.auth_type = self.input.param('auth_type', 'LDAPGroup') if self.auth_type in ['LDAPGroup', 'ExternalGroup', 'ExternalUser']: ldapGroupBase().create_ldap_config(self.master) if ("?" not in self.user_roles): self.user_roles = self.user_roles.split(":") self.group_prefix = self.input.param('group_prefix', 'newgrp') self.user_prefix = self.input.param('user_prefix', 'newusr') self.nested_level = self.input.param('nested_level', 10) self.access_type = self.input.param('access_type', 'last') self.multiple_setup = self.input.param('multiple_setup', False) if (self.multiple_setup): self.multiple_grp_setup() self.initial_setup = self.input.param('initial_setup', False) self.rest = RestConnection(self.master) self.rest.invalidate_ldap_cache() if self.initial_setup: self.do_initial_setup()
def test_usr_in_multi_grp(self): grp_list, usr_list = ldapGroupBase().create_ldap_grp_user( self.group_no, self.user_no, self.group_roles, self.master, external=self.auth_type in ["ExternalUser", "ExternalGroup"]) self.addToGroupList(grp_list) self.addToUserList(usr_list) common_user = ['comusr'] ldapGroupBase().create_grp_usr_ldap(common_user[0], self.master) self.addToUserList(common_user) for i in range(0, int(self.group_no) - 1): ldapGroupBase().update_group(grp_list[i], common_user, 'Add', self.master) self.sleep(5) if self.auth_type in ["ExternalUser", "ExternalGroup"]: groups = ','.join(grp_list) ldapGroupBase().create_grp_usr_external(common_user, self.master, [''], groups) self.sleep(10) result = ldapGroupBase().check_permission( 'comusr', self.master, external=self.auth_type in ["ExternalUser", "ExternalGroup"]) self.assertTrue(result)
def test_rebal_in_out(self): if len(self.servers) > 1: servers_in = self.servers[1:] self.cluster.rebalance(self.servers, servers_in, []) self.sleep(5) for server in self.servers[:2]: content = ldapGroupBase().check_permission( self.user_list[0], server) self.assertTrue(content) self.sleep(3) self.cluster.rebalance(self.servers, [], servers_in) self.sleep(5) content = ldapGroupBase().check_permission(self.user_list[0], self.master) self.assertTrue(content)
def test_delete_group(self): group_name = self.input.param('group_name', 'testGrp') # ./couchbase-cli user-manage --delete-group --group-name trial options = '--delete-group --group-name ' + group_name output, error = self.execute_admin_role_manage(options) content = ldapGroupBase().check_grp_created(group_name, self.master) self.assertFalse(content)
def multiple_grp_setup(self): group_roles = "" if isinstance(self.group_roles, list): for role in self.group_roles: group_roles = group_roles + ":" + role if group_roles[0] == ":": group_roles = group_roles[1:] else: group_roles = self.group_roles group_no = self.input.param('group_no', "1") group_no = int(group_no) user_role = [] final_roles = [] number = self.user_no.split(":") self.user_roles count = 0 roleIndex = 0 if ':' not in self.user_roles: for num in number: for user_num in range(int(num)): user_role.append(self.user_roles[roleIndex]) final_roles.append(user_role) user_role = [] roleIndex = roleIndex + 1 else: final_roles = self.user_roles self.user_roles = final_roles group_list = ldapGroupBase().create_multiple_group_user( self.user_list, self.user_roles, group_no, self.group_name, group_roles, self.master) self.addToUserList(self.user_list) self.addToGroupList(group_list) return self.user_list, self.user_roles, group_no, self.group_name, group_roles
def test_external_user_group(self): for user in self.user_list: result = ldapGroupBase().check_permission( user, self.master, external=self.auth_type in ["ExternalUser", "ExternalGroup"]) self.assertTrue(result)
def test_add_user_to_group(self): group_name = self.input.param('group_name', 'testGrp') content = ldapGroupBase().check_grp_created(group_name, self.master) if content == False: #default group_roles = admin self.test_create_group() self.test_create_user() users, roles = self._get_user_role() options = '--set --user-groups ' + group_name + ' --rbac-username ' + users[ 0][0] + ' --auth-domain ' + self.auth_type output, error = self.execute_admin_role_manage(options) options = '--get --rbac-username ' + users[0][0] output, error = self.execute_admin_role_manage(options) group_roles = self.get_group_roles(group_name) o = '' for i in output: o = o + i output = literal_eval(o) # if self.auth_type=='InternalGrp'or self.auth_type=='builtin': # self.auth_type='local' # if self.auth_type=='LDAPGrp'or self.auth_type=='ldap': # self.auth_type='external' for usr in output: if usr['id'] == users[0][0]: if usr['domain'] == self.auth_type: role = usr['roles'] for ro in role: origin = ro['origins'] for orig in origin: if 'name' in orig.keys(): if orig['name'] == group_name: self.assertTrue(ro['role'] == group_roles)
def AfterTestExec(self): for grp in self.Groups: LdapGroup(group_name=grp, host=self.master).delete_group() ldapGroupBase().delete_group(grp, self.master) users = [] for subl in self.Users: if isinstance(subl, list): users.extend([user for user in subl]) else: users.append(subl) print(self.Groups) print(users) for usr in users: LdapUser(user_name=usr, password='******', host=self.master).delete_user() InternalUser(user_id=usr, host=self.master).delete_user() ExternalUser(user_id=usr, host=self.master).delete_user()
def test_add_grp_local_usr_ldap(self): final_role = '' final_grp = '' add_grp = self.input.param('add_grp').split(':') add_role = self.input.param('add_role').split(':') for i in range(0, len(add_grp)): # add_role_group(self, group_name, roles, ldap_ref, host) ldapGroupBase().add_role_group(add_grp[i], add_role[i], None, self.master) self.sleep(3) final_grp = add_grp[i] + ',' + final_grp for user in self.user_list: ldapGroupBase().add_int_user_role(user, final_grp, self.master) self.sleep(3) for grp in add_grp: result = ldapGroupBase().check_grp_created(self.group_name, self.master) self.assertTrue(result)
def test_add_user(self): self.add_user = self.input.param('add_user').split(':') self.Users.append(self.add_user) if self.auth_type == "ExternalGroup": ldapGroupBase().update_group(self.group_name, self.add_user, 'Add', self.master, external=self.auth_type) elif self.auth_type == "ExternalUser": ldapGroupBase().update_group(self.group_name, self.add_user, 'Add', self.master, external=self.auth_type) self.sleep(10) if self.auth_type == 'LDAPGroup': ldapGroupBase().update_group(self.group_name, self.add_user, 'Add', self.master) self.sleep(10) if self.auth_type == "InternalGroup": content = ldapGroupBase().get_group_detail(self.group_name, self.master) final_grp = "" content = content[1]['roles'] for role in content: final_grp = final_grp + "," + role['role'] if final_grp[0] == ",": final_grp = final_grp[1:] final_roles = self.user_roles[0] + "," + final_grp ldapGroupBase().create_grp_usr_internal(self.add_user, self.master, [final_roles], self.group_name) self.sleep(10) self.rest.invalidate_ldap_cache() self.sleep(10) result = ldapGroupBase().check_permission( self.add_user[0], self.master, external=(self.auth_type in ["ExternalUser", "ExternalGroup"])) self.assertTrue(result)
def test_multiple_user_and_group_int(self): self.assertFalse(self.multiple_setup, "Please set the multiple_setup parameter to False") user_list, user_roles, group_no, group_name, group_roles = self.multiple_grp_setup( ) group_roles = [ grpRoles.replace(":", ",") for grpRoles in group_roles.split("?") ] if isinstance(self.user_roles, list) == False: user_roles = (self.user_roles).split('?') user_roles = [(role.replace('-', ",")).split(":") for role in user_roles] for num in range(0, group_no): grp = group_name + str(num + 1) result = ldapGroupBase().check_grp_created(grp, self.master) self.sleep(3) self.assertTrue(result, 'Group ' + grp + ' not created properly') users = user_list[num] uRoles = user_roles[num] grp_roles = group_roles[num] roles = [] for uRole in uRoles: role = uRole + "," + grp_roles roles.append(role) for num, user in enumerate(users): if 'admin' not in roles[num].split(','): result = ldapGroupBase().check_permission( user, self.master) self.assertFalse( result, "User " + user + " has admin permission when it should have permission for " + roles[num]) elif 'admin' in roles[num].split(','): result = ldapGroupBase().check_permission( user, self.master) self.assertTrue( result, "User " + user + " has non Admin permission when it should have permission for " + roles[num])
def test_create_group(self): options = '' group_name = self.input.param('group_name', 'testGrp') group_roles = self.input.param('group_roles', 'admin') group_roles = group_roles.replace('-', ',') options = '--set-group --group-name ' + group_name + ' --roles ' + group_roles + ' --auth-domain ' + self.auth_type output, error = self.execute_admin_role_manage(options) content = ldapGroupBase().check_grp_created(group_name, self.master) self.assertTrue(content) roles = self.get_group_roles(group_name) group_roles = group_roles.split(',') roles = roles.split(',') for role in roles: self.assertTrue(role in group_roles, "Issue with --my-roles")
def test_single_user_multiple_groups(self): add_group = self.input.param('add_group', 'addGrp') add_user = self.input.param('add_user_to_grp', 'oel1') content = rbacmain( master_ip=self.master, auth_type='builtin')._retrieve_user_details(add_user) #contains all the group names for the user grp = [] for role in content['roles']: for type in role['origins']: if 'name' in type.keys(): grp.append(type['name']) grp.append(add_group) content = ldapGroupBase().add_int_user_role(add_user, add_group, self.master) content = rbacmain( master_ip=self.master, auth_type='builtin')._retrieve_user_details(add_user) for role in content['roles']: for type in role['origins']: if 'name' in type.keys(): self.assertTrue( type['name'] in grp, "The user roles doesnt have the grp: " + type['name'])
def test_remove_user(self): self.remove_user = self.input.param('remove_user').split(':') self.Users.append(self.remove_user) if self.auth_type in ["ExternalUser", "ExternalGroup"]: ldapGroupBase().update_group(self.group_name, self.remove_user, 'Remove', self.master, external=self.auth_type) else: ldapGroupBase().update_group(self.group_name, self.remove_user, 'Remove', self.master) self.sleep(10) self.rest.invalidate_ldap_cache() self.sleep(10) user = ldapGroupBase().get_user_detail(self.remove_user[0], self.master) result = ldapGroupBase().check_permission( self.remove_user[0], self.master, external=self.auth_type in ["ExternalUser", "ExternalGroup"]) self.sleep(10) self.assertFalse(result)
def setUp(self): super(RbacTestMemcached, self).setUp() rest = RestConnection(self.master) self.auth_type = self.input.param('auth_type', 'builtin') self.user_id = self.input.param("user_id", None) self.user_role = self.input.param("user_role", None) self.bucket_name = self.input.param("bucket_name", None) rest.create_bucket(bucket=self.bucket_name, ramQuotaMB=100, lww=True) self.role_map = self.input.param("role_map", None) self.incorrect_bucket = self.input.param("incorrect_bucket", False) self.new_role = self.input.param("new_role", None) self.new_role_map = self.input.param("new_role_map", None) self.no_bucket_access = self.input.param("no_bucket_access", False) self.no_access_bucket_name = self.input.param("no_access_bucket_name", "noaccess") self.all_buckets = self.input.param("all_buckets", None) self.ldap_users = rbacmain().returnUserList(self.user_id) if self.no_bucket_access: rest.create_bucket(bucket=self.no_access_bucket_name, ramQuotaMB=100, lww=True) if self.auth_type == 'ldap': rbacmain(self.master, 'builtin')._delete_user('cbadminbucket') if self.auth_type == 'ldap': rbacmain().setup_auth_mechanism(self.servers, 'ldap', rest) for user in self.ldap_users: testuser = [{ 'id': user[0], 'name': user[0], 'password': user[1] }] RbacBase().create_user_source(testuser, 'ldap', self.master) self.sleep(10) elif self.auth_type == "pam": rbacmain().setup_auth_mechanism(self.servers, 'pam', rest) rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'deluser') rbacmain().add_remove_local_user(self.servers, self.ldap_users, 'adduser') elif self.auth_type == "builtin": for user in self.ldap_users: testuser = [{ 'id': user[0], 'name': user[0], 'password': user[1] }] RbacBase().create_user_source(testuser, 'builtin', self.master) self.sleep(10) elif self.auth_type == 'LDAPGrp': from security.ldapGroupBase import ldapGroupBase self.group_name = self.input.param('group_name', 'testgrp') ldapGroupBase().create_group_ldap(self.group_name, self.ldap_users[0], self.master) group_dn = 'cn=' + self.group_name + ',' + self.LDAP_GROUP_DN final_role = self._return_roles(self.user_role) ldapGroupBase().add_role_group(self.group_name, final_role, group_dn, self.master) ldapGroupBase().create_ldap_config(self.master) elif self.auth_type == 'InternalGrp': from security.ldapGroupBase import ldapGroupBase self.group_name = self.input.param('group_name', 'testgrp') final_role = self._return_roles(self.user_role) ldapGroupBase().create_int_group(self.group_name, self.ldap_users[0], final_role, final_role, self.master)
def do_initial_setup(self): ldapGroupBase().delete_group(self.group_name, self.master) self.addToUserList(self.user_list) self.addToGroupList([self.group_name]) if self.auth_type == "ExternalGroup": ldapGroupBase().create_group_ldap(self.group_name, self.user_list, self.master) group_dn = 'cn=' + self.group_name + ',' + self.LDAP_GROUP_DN if len(self.user_list) > len(self.user_roles): for num in range(0, len(self.user_list) - 1): self.user_roles.append(self.user_roles[0]) ldapGroupBase().add_role_group(self.group_name, self.group_roles[0], group_dn, self.master) self.log.info(self.user_list) ldapGroupBase().create_grp_usr_external(self.user_list, self.master, [''] * len(self.user_list), self.group_name) elif self.auth_type == "ExternalUser": ldapGroupBase().create_group_ldap(self.group_name, self.user_list, self.master) group_dn = 'cn=' + self.group_name + ',' + self.LDAP_GROUP_DN if len(self.user_list) > len(self.user_roles): for num in range(0, len(self.user_list) - 1): self.user_roles.append(self.user_roles[0]) ldapGroupBase().create_grp_usr_external(self.user_list, self.master, self.user_roles, "") elif self.auth_type == 'LDAPGroup': ldapGroupBase().create_group_ldap(self.group_name, self.user_list, self.master) group_dn = 'cn=' + self.group_name + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(self.group_name, self.group_roles[0], group_dn, self.master) elif self.auth_type == 'InternalGroup': for index, usr in enumerate(self.user_list): ldapGroupBase().create_grp_usr_internal( [usr], self.master, [self.user_roles[index]]) content = rbacmain(master_ip=self.master, auth_type='builtin')._retrieve_user_roles() if (len(self.user_list) > len(self.user_roles)): for num in range(0, len(self.user_list) - 1): self.user_roles.append(self.user_roles[0]) final_role = self.user_roles[index] + "," + self.group_roles[0] ldapGroupBase().create_int_group(self.group_name, [usr], self.group_roles, [self.user_roles[index]], self.master) self.rest.invalidate_ldap_cache()
def testLdap(self): result = ldapGroupBase().check_grp_created(self.group_name, self.master) content = ldapGroupBase().get_user_detail('oel1', self.master) self.assertTrue(result)
def test_ldap_group_cache(self): ldapGroupBase().create_group_ldap(self.group_name, self.user_list, self.master) group_dn = 'cn=' + self.group_name + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(self.group_name, self.group_roles[0], group_dn, self.master) self.sleep(3) content = ldapGroupBase().check_permission(self.user_list[0], self.master) ldapGroupBase().remove_role_existing_grp([self.group_name], ['admin'], group_dn, self.master) self.sleep(3) Gcontent = ldapGroupBase().get_group_detail(self.group_name, self.master) content = ldapGroupBase().check_permission(self.user_list[0], self.master) ldapGroupBase().add_role_group(self.group_name, 'cluster_admin', group_dn, self.master) self.sleep(3) content = ldapGroupBase().check_permission(self.user_list[0], self.master) ldapGroupBase().add_role_group(self.group_name, 'admin', group_dn, self.master) self.sleep(3) content = ldapGroupBase().check_permission(self.user_list[0], self.master)
def test_delete_group(self): ldapGroupBase().delete_group(self.group_name, self.master) result = ldapGroupBase().check_grp_created(self.group_name, self.master) self.assertFalse(result)
def test_del_mult_grp(self): group_names = self.input.param('remove_grp_name', '') ldapGroupBase().delete_int_group(group_names, self.master) result = ldapGroupBase().check_grp_created(group_names, self.master) self.assertFalse(result)
def test_add_role_to_grp(self): add_role = self.input.param('add_role', '').split('?') add_to_grp = self.input.param('add_to_grp', '') ldapGroupBase().add_role_existing_grp([add_to_grp], add_role, None, self.master)
def test_nested_grp(self): nested_grp_depth = self.input.param('nested_grp_depth', 3) self.log.info( "Current nested depth is: - {0}".format(nested_grp_depth)) config_nested_grp_depth = self.input.param('config_nested_grp_depth', 10) self.log.info("Current config nested group depth is: - {0}".format( config_nested_grp_depth)) random_user = self.input.param('random_user', False) ldapGroupBase().update_ldap_config_nested_grp(self.master, config_nested_grp_depth) self.sleep(3) first_group, last_group, first_user, last_user, listOfUsers, listOfGrps = ldapGroupBase().create_nested_grp \ ('newgrp', 'newusr', nested_grp_depth,self.master) self.addToUserList(listOfUsers) self.addToGroupList(listOfGrps) result = '' group_dn = 'cn=' + last_group + ',' + self.LDAP_GROUP_DN if (self.auth_type == 'InternalGroup'): ldapGroupBase().add_role_group(last_group, 'admin', group_dn, self.master) result = ldapGroupBase().check_permission(first_user[0], self.master) else: ldapGroupBase().add_role_group(last_group, 'admin', group_dn, self.master) self.sleep(30) self.rest.invalidate_ldap_cache() self.sleep(30) result = ldapGroupBase().check_permission(first_user[0], self.master) self.assertTrue(result) result = ldapGroupBase().check_permission(last_user[0], self.master) self.assertTrue(result) if random_user: level_no = random.randrange(1, nested_grp_depth) result = ldapGroupBase().check_permission('newusr' + str(level_no), self.master) self.assertTrue(result) add_layer = self.input.param('add_layer', None) if (add_layer != None): ldapGroupBase().create_group_ldap('topGrp', [last_group], self.master) ldapGroupBase().add_role_group('topGrp', 'admin', group_dn, self.master) Gcontent = ldapGroupBase().get_group_detail( self.group_name, self.master) content = ldapGroupBase().check_permission(last_user[0], self.master) self.assertTrue(content)
def test_nested_grp_diff_level(self): self.sleep(30) ldapGroupBase().update_ldap_config_nested_grp(self.master, 10) first_group, last_group, first_user, last_user, listOfUsers, listOfGrps = \ ldapGroupBase().create_nested_grp(self.group_prefix, self.user_prefix, self.nested_level, self.master) self.addToUserList(listOfUsers) self.addToGroupList(listOfGrps) role = "" for i in self.group_roles: role = role + "," + i if role[0] == ',': role = role[1:] self.group_roles = role add_usr = self.input.param('add_user', None) if self.access_type == 'last': group_dn = 'cn=' + last_group + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(last_group, self.group_roles, group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(30) result = ldapGroupBase().check_permission(first_user[0], self.master) self.sleep(30) self.assertTrue(result) result = ldapGroupBase().check_permission(last_user[0], self.master) self.assertTrue(result) #Choose a user with the same group and first group elif (self.access_type == 'middle'): level_no = int(math.floor(self.nested_level / 2)) group_dn = 'cn=' + self.group_prefix + str( level_no) + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(self.group_prefix + str(level_no), self.group_roles, group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(30) result = ldapGroupBase().check_permission( self.user_prefix + str(level_no), self.master) self.assertTrue(result) result = ldapGroupBase().check_permission(first_user[0], self.master) self.assertTrue(result) #Choose a user with the same group and first group elif self.access_type == 'random': level_no = random.randrange(1, self.nested_level) group_dn = 'cn=' + self.group_prefix + str( level_no) + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(self.group_prefix + str(level_no), self.group_roles, group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(30) result = ldapGroupBase().check_permission( self.user_prefix + str(level_no), self.master) self.assertTrue(result) result = ldapGroupBase().check_permission(first_user[0], self.master) self.assertTrue(result) add_grp = self.input.param('add_grp', None) del_grp = self.input.param('del_grp', None) del_usr = self.input.param('del_usr', None) if (add_grp != None): ldapGroupBase().create_group_ldap('addedGrp', ['jyotsna3'], self.master) ldapGroupBase().create_group_ldap( self.group_prefix + str(level_no), ['addedGrp'], self.master) group_dn = 'cn=' + 'addedGrp' + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group('addedGrp', 'admin', group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(30) content = ldapGroupBase().check_permission( 'jyotsna3', self.master) self.assertTrue(content) if del_grp != None: ldapGroupBase().delete_group('addedGrp', self.master) self.rest.invalidate_ldap_cache() self.sleep(30) result = ldapGroupBase().check_grp_created( 'addedGrp', self.master) self.assertFalse(result) if (add_usr != None): ldapGroupBase().create_group_ldap(self.group_name, self.user_list, self.master) ldapGroupBase().update_user_group( self.group_prefix + str(level_no), ['jeremy'], 'Add', self.master, True, last_group) self.rest.invalidate_ldap_cache() self.sleep(30) group_dn = 'cn=' + self.group_prefix + str( level_no) + ',' + self.LDAP_GROUP_DN content = ldapGroupBase().check_permission( 'jyotsna3', self.master) self.assertTrue(content) if del_usr != None: ldapGroupBase().update_group(self.group_name, self.remove_user, 'Remove', self.master) self.rest.invalidate_ldap_cache() self.sleep(30) result = ldapGroupBase().check_permission( self.remove_user[0], self.master) self.assertFalse(result) elif self.access_type == 'first': level_no = random.randrange(1, self.nested_level) group_dn = 'cn=' + first_group + ',' + self.LDAP_GROUP_DN ldapGroupBase().add_role_group(first_group, self.group_roles, group_dn, self.master) self.rest.invalidate_ldap_cache() self.sleep(10) result = ldapGroupBase().check_permission(first_user[0], self.master) self.assertTrue(result)
def test_add_local_group(self): result = ldapGroupBase().check_grp_created(self.group_name, self.master) self.assertTrue(result)