def test_proposals(): """Create a new fake role and try to add yourself to role you created""" with requests.Session() as session: user_payload = { "name": "Susan S", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Office_Assistant", "owners": user_id, "administrators": user_id, } insert_role(role_resource) delete_role_by_name("Office_Assistant") role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) role_id = role_response.json()["data"]["id"] insert_role(role_resource) res = session.post( "http://rbac-server:8000/api/roles/" + role_id + "/members", json=user_response.json()["data"]["user"], ) assert (res.json()["message"] == "Owner is the requester. Proposal is autoapproved") delete_user_by_username("susans2224") delete_role_by_name("Office_Assistant")
def test_add_role_member_outqueue(): """Test adding a new member to a role. Creates two test users and a role using the first user, then adds the second user as member to role.""" user1_payload = { "name": "Test Owner 0521201905", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test Member 0521201906", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0521201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 3", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] start_depth = get_outbound_queue_depth() role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user1_payload["username"], "password": user1_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth delete_role_by_name("TestRole0521201902") delete_user_by_username("test0521201905") delete_user_by_username("test0521201906")
def test_create_duplicate_role(): """Create a new fake role resource""" insert_role({ "name": "Manager0501201901", "owners": "12345", "administrators": "12345" }) with requests.Session() as session: user_payload = { "name": "Susan Susanson", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Manager0501201901", "owners": user_id, "administrators": user_id, } insert_role(role_resource) response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert ( response.json()["message"] == "Error: Could not create this role because the role name already exists." ) assert response.json()["code"] == 400 delete_user_by_username("susan22") delete_role_by_name("Manager0501201901")
def test_duplicate_pack_with_spaces(): """Create a new fake role resource with varying spaces in between the name""" with requests.Session() as session: user_payload = { "name": "Susan Susanson", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) user_id = user_response.json()["data"]["user"]["id"] role_response = create_fake_role(session, user_id) role_id = role_response.json()["data"]["id"] create_fake_pack(session, user_id, role_id) pack_resource = { "name": " My Pack ", "owners": user_id, "roles": role_id, } response = session.post("http://rbac-server:8000/api/packs", json=pack_resource) assert ( response.json()["message"] == "Error: Could not create this pack because the pack name already exists." ) assert response.json()["code"] == 400 delete_user_by_username("susan21") delete_role_by_name("Manager") delete_pack_by_name("My Pack")
def test_delete_invalid_role(): """Test the delete roll api Create a test user for auth Create a test role Deletes the test role Only checks that the role was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Rapp Scallion", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/invalid_role_id") assert delete_role_response.status_code == 404, ( "Unexpected response: %s" % delete_role_response.json()) # clean up delete_user_by_username("guybrush3pw00d")
def test_search_api(): """Tests the search api endpoint functions and returns a valid payload.""" delete_user_by_username("susan20") with requests.Session() as session: create_user_input = { "name": "Susan Susanson", "username": "******", "password": "******", "email": "*****@*****.**", } create_test_user(session, create_user_input) search_query = { "query": { "search_input": "super long search input", "search_object_types": ["role", "pack", "user"], "page_size": "20", "page": "2", } } response = session.post("http://rbac-server:8000/api/search", json=search_query) assert response.json()["data"] == { "roles": [], "packs": [], "users": [] } delete_user_by_username("susan23")
def test_role_outq_insertion(): """ Test the insertion of a new fake role resource which is unique into the outbound_queue table. """ user1_payload = { "name": "Test Unique User", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: expected_result = True user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] role_payload = { "name": "TestUniqueRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Unique Role 1", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_name = role_result["data"]["name"] inserted_queue_item = peek_at_queue("outbound_queue", LDAP_DC) LOGGER.info("Received queue entry %s from outbound queue...", inserted_queue_item["id"]) successful_insert = bool(inserted_queue_item) assert expected_result == successful_insert delete_role_by_name("TestUniqueRole0501201903") delete_user_by_username("testuniqueuser0501201901")
def teardown_module(): """actions to be performed to clear configurations after tests are run. """ # delete the user(s) for user in TEST_USERS: delete_user_by_username(user["username"]) # delete the role(s) for role in TEST_ROLES: delete_role_by_name(role["name"])
def test_delete_role_with_admins(): """Test the delete roll api Create a test user for auth Create a test role Deletes the test role Check that the role admin object was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Elaine Marley", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) # Create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Tri-Island Area", "owners": user_id, "administrators": user_id, } role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert role_response.status_code == 200, ("Error creating role: %s" % role_response.json()) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json()) # Check for role admins are_admins_removed = wait_for_resource_removal_in_db( "role_admins", "role_id", role_id) assert are_admins_removed is True # clean up delete_user_by_username("elaine1")
def test_update_manager(): """ Creates a user and then updates their manager Manager is the second user created here.""" user1_payload = { "name": "Test User 6", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 7", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] manager_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.put( "http://rbac-server:8000/api/users/{}/manager".format(user1_id), json=manager_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user2_id # Logging in as role owner credentials_payload = { "id": user2_payload["username"], "password": user2_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["status"] == "CONFIRMED" delete_user_by_username("testuser6") delete_user_by_username("testuser7")
def test_add_role_member(): """Test adding a new member to a role. Creates two test users and a role using the first user, then adds the second user as member to role.""" user1_payload = { "name": "Test Owner 1", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test Member", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Role 3", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_role_by_name("TestRole0501201903") delete_user_by_username("testowner") delete_user_by_username("testmemeber")
def test_add_task_owner(): """Test adding an owner to a task. Creates two test users and a task using the first user, then adds the second user as task owner.""" user1_payload = { "name": "Test User 10", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 11", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] task1_payload = { "name": "TestTask3", "administrators": user1_id, "owners": user1_id, "metadata": "", } task_response = create_test_task(session, task1_payload) task_result = assert_api_success(task_response) task_id = task_result["data"]["id"] owner_payload = { "id": user2_id, "reason": "Integration test of adding task owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/tasks/{}/owners".format(task_id), json=owner_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_task_by_name("TestTask3") delete_user_by_username("testuser10") delete_user_by_username("testuser11")
def test_add_role_task(): """Test adding a new task to a role. Creates a test user and a role, then creates a task, to add to the role.""" user1_payload = { "name": "Test Owner 2", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] task1_payload = { "name": "TestTask1", "administrators": user1_id, "owners": user1_id, "metadata": "", } task_response = create_test_task(session, task1_payload) task_result = assert_api_success(task_response) task_id = task_result["data"]["id"] role_payload = { "name": "TestRole0501201904", "owners": user1_id, "administrators": user1_id, "description": "Test Role 4", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": task_id, "reason": "Integration test of adding a task.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/tasks".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_role_by_name("TestRole0501201904") delete_user_by_username("testowner2") delete_task_by_name("TestTask1")
def test_valid_unique_username(): """ Testing the creation of two users with different usernames. """ user_input = { "name": "Sri Nuthal", "username": "******", "password": "******", "email": "*****@*****.**", } expected = {"message": "Authorization successful", "code": 200} with requests.Session() as session: response = session.post("http://rbac-server:8000/api/users", json=user_input) assert response.json()["data"]["message"] == expected["message"] delete_user_by_username(user_input["username"])
def test_update_manager_outqueue(): """ Creates a user and then updates their manager Manager is the second user created here.""" user1_payload = { "name": "Test User 0521201901", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 0521201902", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] start_depth = get_outbound_queue_depth() manager_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.put( "http://rbac-server:8000/api/users/{}/manager".format(user1_id), json=manager_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user2_payload["username"], "password": user2_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth delete_user_by_username("test0521201901") delete_user_by_username("test0521201902")
def test_syncdirectionflag_username(): """ Testing the presence and the value of syncdirection flag is set to OUTBOUND of a user in users table. """ expected_metadata = {"metadata": {"sync_direction": "OUTBOUND"}} new_username = "******" time.sleep(1) conn = connect_to_db() metadata_object = (r.db("rbac").table("users").filter({ "username": new_username }).pluck("metadata").coerce_to("array").run(conn)) actual_metadata = metadata_object[0] assert actual_metadata == expected_metadata conn.close() delete_user_by_username(new_username)
def test_delete_role(): """Test the delete roll api Create a test user for auth Create a test role Deletes the test role Only checks that the role was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Guybrush Threepwood", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) # Create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Men of Low Moral Fiber", "owners": user_id, "administrators": user_id, } role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert role_response.status_code == 200, ("Error creating role: %s" % role_response.json()) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json()) # clean up delete_user_by_username("guybrush3pw00d")
def test_syncdirectionflag_rolename(): """ Testing the presence and the value of syncdirection flag is set to OUTBOUND of a role in roles table. """ new_rolename = "ManagerRandom0501201902" new_username = "******" expected_metadata = {"metadata": {"sync_direction": "OUTBOUND"}} time.sleep(3) conn = connect_to_db() metadata_object = (r.db("rbac").table("roles").filter({ "name": new_rolename }).pluck("metadata").coerce_to("array").run(conn)) actual_metadata = metadata_object[0] assert actual_metadata == expected_metadata conn.close() delete_user_by_username(new_username) delete_role_by_name(new_rolename)
def test_invalid_duplicate_username(): """Test that a duplicate username cannot be created.""" user_input = { "name": "Sri Nuthal", "username": "******", "password": "******", "email": "*****@*****.**", } expected = { "message": "Username already exists. Please give a different Username.", "code": 400, } insert_user(user_input) with requests.Session() as session: response = session.post("http://rbac-server:8000/api/users", json=user_input) assert response.json()["message"] == expected["message"] assert response.json()["code"] == expected["code"] delete_user_by_username(user_input["username"])
def test_proposals(): """Create a new fake role and try to add yourself to role you created""" with requests.Session() as session: # create test user user_payload = { "name": "Susan S", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) # create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Office_Assistant", "owners": user_id, "administrators": user_id, } role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert role_response.status_code == 200, ("Error creating role: %s" % role_response.json()) # Wait for role in rethinkdb role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # create a membership proposal to test autoapproval res = session.post( "http://rbac-server:8000/api/roles/" + role_id + "/members", json=user_response.json()["data"]["user"], ) assert (res.json()["message"] == "Owner is the requester. Proposal is autoapproved") # clean up delete_user_by_username("susans2224") delete_role_by_name("Office_Assistant")
def test_user_relationship_api(): """ Test to check that user relationship API is not throwing an index out of range error if user dont have any manager. Creates a test user without manager and calls the user relationship api for testing whether it is causing any index out of range error or not.""" user1_payload = { "name": "kiran kumar", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] response = session.get("http://rbac-server:8000/api/users/" + user1_id + "/relationships") assert response.json()["data"]["managers"] == [] delete_user_by_username("kkumar36")
def test_role_outq_insertion(): """ Test the insertion of a new fake role resource which is unique into the outbound_queue table.""" user1_payload = { "name": "Test Unique User", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: expected_result = True user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] role_payload = { "name": "TestUniqueRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Unique Role 1", } role_response = create_test_role(session, role_payload) assert_api_success(role_response) inserted_queue_item = peek_at_q_unfiltered("outbound_queue") LOGGER.info("Received queue entry %s from outbound queue...", inserted_queue_item["id"]) successful_insert = bool(inserted_queue_item) assert expected_result == successful_insert # Check status of new outbound_entry role_entry = get_role("TestUniqueRole0501201903") outbound_queue_data = prepare_outbound_queue_data( role_entry[0], "role") outbound_entry = get_outbound_queue_entry(outbound_queue_data) assert outbound_entry[0]["status"] == "UNCONFIRMED" delete_role_by_name("TestUniqueRole0501201903") delete_user_by_username("testuniqueuser0501201901")
def test_update_manager_outqueue(): """ Creates a user and then updates their manager Manager is the second user created here.""" # TODO: Rewrite this test after data gets sent to outbound_queue # after a user has their manager updated. user1_payload = { "name": "Test User 0521201901", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 0521201902", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] start_depth = get_outbound_queue_depth() next_admins = { "name": "NextAdmins", "owners": [user2_id], "administrators": [user2_id], } role_response = create_test_role(session, next_admins) add_role_member(session, role_response.json()["data"]["id"], {"id": user2_id}) manager_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.put( "http://rbac-server:8000/api/users/{}/manager".format(user1_id), json=manager_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user2_payload["username"], "password": user2_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # TODO: Add tests to check for UNCONFIRMED outbound_queue entry status # when a user's manager gets updated. delete_user_by_username("test0521201901") delete_user_by_username("test0521201902") delete_role_by_name("NextAdmins")
def test_add_role_owner_outqueue(): """Test adding an owner to a role. Creates two test users and a role with user1 as owner/admin, then adds the second user as role owner.""" user1_payload = { "name": "Test User 0521201903", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 0521201904", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0521201901", "owners": user1_id, "administrators": user1_id, "description": "Test Role 1", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] start_depth = get_outbound_queue_depth() role_update_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/owners".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) # Logging in as role owner credentials_payload = { "id": user1_payload["username"], "password": user1_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approval_response = approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # Check status of new outbound_entry role_entry = get_role("TestRole0521201901") outbound_queue_data = prepare_outbound_queue_data( role_entry[0], "role") outbound_entry = get_outbound_queue_entry(outbound_queue_data) assert outbound_entry[0]["status"] == "UNCONFIRMED" delete_role_by_name("TestRole0521201901") delete_user_by_username("test0521201903") delete_user_by_username("test0521201904")
def test_add_role_owner(): """Test adding an owner to a role. Creates two test users and a role with user1 as owner/admin, then adds the second user as role owner.""" user1_payload = { "name": "Test User 3", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 4", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0501201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 2", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/owners".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id # Logging in as role owner credentials_payload = { "id": user1_payload["username"], "password": user1_payload["password"], } log_in(session, credentials_payload) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["status"] == "CONFIRMED" delete_role_by_name("TestRole0501201902") delete_user_by_username("testuser3") delete_user_by_username("testuser4")
def test_delete_role_with_proposals(): """ Test the delete roll api Create a test user for auth Create a test user for role membership Create a test role Propose adding the second user as a member Deletes the test role Check that the membership proposal was autorejected """ with requests.Session() as session: # Create test user role_owner = { "name": "Fin Pirate", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, role_owner) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) role_owner["next_id"] = user_response.json()["data"]["user"]["id"] # Create test user new_member = { "name": "Frank Pirate", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, new_member) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) new_member["next_id"] = user_response.json()["data"]["user"]["id"] # Auth as role_owner payload = { "id": role_owner["username"], "password": role_owner["password"] } auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( role_owner["username"], auth_response.json(), ) # Create test role role_resource = { "name": "Men of Low Moral Fiber", "owners": role_owner["next_id"], "administrators": role_owner["next_id"], } role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert role_response.status_code == 200, ("Error creating role: %s" % role_response.json()) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Auth as new_member payload = { "id": new_member["username"], "password": new_member["password"] } auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( new_member["username"], auth_response.json(), ) # Add role member role_update_payload = { "id": new_member["next_id"], "reason": "Integration test of membership proposal removal on role deletion.", "metadata": "", } member_response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) assert member_response.status_code == 200, ( "Error adding role member: %s" % member_response.json()) # Auth as role_owner payload = { "id": role_owner["username"], "password": role_owner["password"] } auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( role_owner["username"], auth_response.json(), ) # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json()) # Check for open role member proposals are_proposals_rejected = wait_for_prpsl_rjctn_in_db(role_id) assert are_proposals_rejected is True # clean up delete_user_by_username("fin1") delete_user_by_username("frank1")
def test_delete_role_not_owner(): """ Test the delete role api Create a test user for auth Create a test user for role membership Create a test role Attempt to delete the test role as a non role owner/admin Check that the deletion attempt was autorejected """ with requests.Session() as session: # Create test user role_owner = { "name": "Fred Pirate", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, role_owner) assert user_response.status_code == 200, "Error creating user: %s;\n %s" % ( role_owner["name"], user_response.json(), ) role_owner["next_id"] = user_response.json()["data"]["user"]["id"] # Create test user test_user = { "name": "Meunster Monster", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, test_user) assert user_response.status_code == 200, "Error creating user: %s;\n %s" % ( test_user["name"], user_response.json(), ) test_user["next_id"] = user_response.json()["data"]["user"]["id"] # Auth as new_member payload = { "id": role_owner["username"], "password": role_owner["password"] } auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( test_user["name"], auth_response.json(), ) # Create test role role_resource = { "name": "Men of Low Moral Fiber", "owners": role_owner["next_id"], "administrators": role_owner["next_id"], } role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert role_response.status_code == 200, ("Error creating role: %s" % role_response.json()) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Auth as test_user payload = { "id": test_user["username"], "password": test_user["password"] } auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( role_owner["name"], auth_response.json(), ) # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id) assert delete_role_response.status_code == 403, ( "Unexpected response: %s" % delete_role_response.json()) # clean up delete_user_by_username("fred1") delete_user_by_username("meunster1") delete_role_by_name("Men of Low Moral Fiber")
def test_delete_role_with_members(): """ Test the delete roll api Create a test user for auth Create a test role Add the first user as a member of the role Deletes the test role Check that the role member object was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Walt the Dog", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ("Error creating user: %s" % user_response.json()) # Create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Phatt Island Jail", "owners": user_id, "administrators": user_id, } role_response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert role_response.status_code == 200, ("Error creating role: %s" % role_response.json()) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Add role member role_update_payload = { "id": user_id, "reason": "Integration test of member removal on role deletion.", "metadata": "", } member_response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) assert member_response.status_code == 200, ( "Error adding role member: %s" % member_response.json()) # Wait for member in rethinkdb is_member_in_db = wait_for_resource_in_db("role_members", "related_id", user_id) assert ( is_member_in_db is True, ), "Couldn't find member in rethinkdb, maximum attempts exceeded." # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json()) # Check for role members are_members_removed = wait_for_resource_removal_in_db( "role_members", "role_id", role_id) assert are_members_removed is True # clean up delete_user_by_username("walt1")