def test_create_fake_user(ldap_connection, user): """Creates a fake user and inserts it to the inbound queue for ingestion by rbac_ledger_sync. Waits 15 seconds. Checks if the fake user exists in the users table in rethinkDB. Args: ldap_connection: obj: A bound mock ldap connection object user: obj: dict: common_name: str: A string containing the common name of an AD user. name: str: A string containing the username of an AD user. given_name: str: a string containing the given name of an AD user. """ create_fake_user(ldap_connection, **user) fake_user = get_fake_user(ldap_connection, user["common_name"]) put_in_inbound_queue(fake_user, "user") # wait for the fake user to be ingested by rbac_ledger_sync time.sleep(2) email = "*****@*****.**" % user["common_name"] result = is_user_in_db(email) syncflag_fetched = is_user_inbound(user["common_name"]) assert result is True assert syncflag_fetched is True
def test_delete_user(ldap_connection): """Deletes a AD user in NEXT Args: ldap_connection: obj: A bound mock mock_ldap_connection """ # Create fake user and attach as owner to a role create_fake_user(ldap_connection, "jchan20", "Jackie Chan", "Jackie") user_remote_id = "CN=jchan20,OU=Users,OU=Accounts,DC=AD2012,DC=LAB" create_fake_group(ldap_connection, "jchan_role", "jchan_role", user_remote_id) group_distinct_name = ( "CN=jchan_role,OU=Roles,OU=Security,OU=Groups,DC=AD2012,DC=LAB") addMembersToGroups.ad_add_members_to_groups(ldap_connection, user_remote_id, group_distinct_name, fix=True) fake_user = get_fake_user(ldap_connection, "jchan20") put_in_inbound_queue(fake_user, "user") fake_group = get_fake_group(ldap_connection, "jchan_role") put_in_inbound_queue(fake_group, "group") time.sleep(3) # See if owner and role are in the system email = "*****@*****.**" assert is_user_in_db(email) is True assert is_group_in_db("jchan_role") is True # See if all LDAP user has entries in the following # off chain tables: user_mapping and metadata user = get_user_in_db_by_email(email) next_id = user[0]["next_id"] assert get_user_mapping_entry(next_id) assert get_user_metadata_entry(next_id) # See that the owner is assigned to correct role role = get_role("jchan_role") owners = get_role_owners(role[0]["role_id"]) members = get_role_members(role[0]["role_id"]) assert owners[0]["related_id"] == next_id assert members[0]["related_id"] == next_id # Create a NEXT role with LDAP user as an admin and # check for LDAP user's entry in auth table next_role_id = create_next_role_ldap(user=user[0], role_name="managers") admins = get_role_admins(next_role_id) assert admins[0]["related_id"] == next_id assert get_auth_entry(next_id) # Create a NEXT pack with LDAP user as an owner next_pack_id = create_pack_ldap(user=user[0], pack_name="technology department") assert check_user_is_pack_owner(next_pack_id, next_id) # Delete user and verify LDAP user and related off chain # table entries have been deleted, role still exists # and role relationships have been deleted insert_deleted_entries([user_remote_id], "user_deleted") time.sleep(3) assert get_deleted_user_entries(next_id) == [] assert get_pack_owners_by_user(next_id) == [] assert is_group_in_db("jchan_role") is True assert get_role_owners(role[0]["role_id"]) == [] assert get_role_admins(next_role_id) == [] assert get_role_members(role[0]["role_id"]) == [] delete_role_by_name("managers") delete_pack_by_name("technology department")