From d4061116c5204413b65ce5b722719e71b78790c9 Mon Sep 17 00:00:00 2001 From: Peter Ondrejka Date: Wed, 13 Dec 2023 16:18:20 +0100 Subject: [PATCH] users and roles test fixes (#13433) (cherry picked from commit c406a3d5e68bb1e7d2da9e140e7bb4385453efa8) --- tests/foreman/api/test_permission.py | 18 ++++---- tests/foreman/api/test_role.py | 61 +++++++++++++++++----------- tests/foreman/cli/test_role.py | 2 +- 3 files changed, 48 insertions(+), 33 deletions(-) diff --git a/tests/foreman/api/test_permission.py b/tests/foreman/api/test_permission.py index 9ea92305b3..30e065d77c 100644 --- a/tests/foreman/api/test_permission.py +++ b/tests/foreman/api/test_permission.py @@ -261,7 +261,7 @@ def set_taxonomies(self, entity, organization=None, location=None): 'entity_cls', **parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]), ) - def test_positive_check_create(self, entity_cls, class_org, class_location): + def test_positive_check_create(self, entity_cls, class_org, class_location, target_sat): """Check whether the "create_*" role has an effect. :id: e4c92365-58b7-4538-9d1b-93f3cf51fbef @@ -278,14 +278,14 @@ def test_positive_check_create(self, entity_cls, class_org, class_location): """ with pytest.raises(HTTPError): entity_cls(self.cfg).create() - self.give_user_permission(_permission_name(entity_cls, 'create')) + self.give_user_permission(_permission_name(entity_cls, 'create'), target_sat) new_entity = self.set_taxonomies(entity_cls(self.cfg), class_org, class_location) # Entities with both org and loc require # additional permissions to set them. fields = {'organization', 'location'} if fields.issubset(set(new_entity.get_fields())): - self.give_user_permission('assign_organizations') - self.give_user_permission('assign_locations') + self.give_user_permission('assign_organizations', target_sat) + self.give_user_permission('assign_locations', target_sat) new_entity = new_entity.create_json() entity_cls(id=new_entity['id']).read() # As admin user. @@ -294,7 +294,7 @@ def test_positive_check_create(self, entity_cls, class_org, class_location): 'entity_cls', **parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]), ) - def test_positive_check_read(self, entity_cls, class_org, class_location): + def test_positive_check_read(self, entity_cls, class_org, class_location, target_sat): """Check whether the "view_*" role has an effect. :id: 55689121-2646-414f-beb1-dbba5973c523 @@ -312,7 +312,7 @@ def test_positive_check_read(self, entity_cls, class_org, class_location): new_entity = new_entity.create() with pytest.raises(HTTPError): entity_cls(self.cfg, id=new_entity.id).read() - self.give_user_permission(_permission_name(entity_cls, 'read')) + self.give_user_permission(_permission_name(entity_cls, 'read'), target_sat) entity_cls(self.cfg, id=new_entity.id).read() @pytest.mark.upgrade @@ -321,7 +321,7 @@ def test_positive_check_read(self, entity_cls, class_org, class_location): 'entity_cls', **parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]), ) - def test_positive_check_delete(self, entity_cls, class_org, class_location): + def test_positive_check_delete(self, entity_cls, class_org, class_location, target_sat): """Check whether the "destroy_*" role has an effect. :id: 71365147-51ef-4602-948f-78a5e78e32b4 @@ -339,7 +339,7 @@ def test_positive_check_delete(self, entity_cls, class_org, class_location): new_entity = new_entity.create() with pytest.raises(HTTPError): entity_cls(self.cfg, id=new_entity.id).delete() - self.give_user_permission(_permission_name(entity_cls, 'delete')) + self.give_user_permission(_permission_name(entity_cls, 'delete'), target_sat) entity_cls(self.cfg, id=new_entity.id).delete() with pytest.raises(HTTPError): new_entity.read() # As admin user @@ -376,7 +376,7 @@ def test_positive_check_update(self, entity_cls, class_org, class_location, targ update_entity = entity_cls(self.cfg, id=new_entity.id, name=name) with pytest.raises(HTTPError): update_entity.update(['name']) - self.give_user_permission(_permission_name(entity_cls, 'update')) + self.give_user_permission(_permission_name(entity_cls, 'update'), target_sat) # update() calls read() under the hood, which triggers # permission error if entity_cls is entities.ActivationKey: diff --git a/tests/foreman/api/test_role.py b/tests/foreman/api/test_role.py index 1fc5ae8906..df0bc67771 100644 --- a/tests/foreman/api/test_role.py +++ b/tests/foreman/api/test_role.py @@ -90,7 +90,7 @@ def create_org_admin_role(self, target_sat, name=None, orgs=None, locs=None): return target_sat.api.Role(id=org_admin['role']['id']).read() return target_sat.api.Role(id=org_admin['id']).read() - def create_org_admin_user(self, role_taxos, user_taxos, target_sat): + def create_org_admin_user(self, target_sat, role_taxos, user_taxos): """Helper function to create an Org Admin user by assigning org admin role and assign taxonomies to Role and User @@ -526,7 +526,7 @@ def test_positive_create_org_admin_from_clone(self, target_sat): default_org_admin = target_sat.api.Role().search( query={'search': 'name="Organization admin"'} ) - org_admin = self.create_org_admin_role() + org_admin = self.create_org_admin_role(target_sat) default_filters = target_sat.api.Role(id=default_org_admin[0].id).read().filters orgadmin_filters = target_sat.api.Role(id=org_admin.id).read().filters assert len(default_filters) == len(orgadmin_filters) @@ -550,7 +550,7 @@ def test_positive_create_cloned_role_with_taxonomies(self, role_taxonomies, targ :CaseImportance: Critical """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) org_admin = target_sat.api.Role(id=org_admin.id).read() assert role_taxonomies['org'].id == org_admin.organization[0].id @@ -578,7 +578,9 @@ def test_negative_access_entities_from_org_admin( :CaseLevel: System """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=filter_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies + ) domain = self.create_domain( orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) @@ -609,7 +611,9 @@ def test_negative_access_entities_from_user( :CaseLevel: System """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=filter_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies + ) domain = self.create_domain( orgs=[filter_taxonomies['org'].id], locs=[filter_taxonomies['loc'].id] ) @@ -973,7 +977,7 @@ def test_positive_user_group_users_access_as_org_admin(self, role_taxonomies, ta :CaseLevel: System """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) userone_login = gen_string('alpha') userone_pass = gen_string('alphanumeric') @@ -1081,7 +1085,7 @@ def test_negative_assign_org_admin_to_user_group( :CaseLevel: System """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) user_one = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies) user_two = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies) @@ -1123,7 +1127,7 @@ def test_negative_assign_taxonomies_by_org_admin( :CaseLevel: Integration """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) # Creating resource dom_name = gen_string('alpha') @@ -1168,7 +1172,7 @@ def test_positive_remove_org_admin_role(self, role_taxonomies, target_sat): :CaseImportance: Critical """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) user_login = gen_string('alpha') user_pass = gen_string('alphanumeric') @@ -1204,7 +1208,9 @@ def test_positive_taxonomies_control_to_superadmin_with_org_admin( :CaseLevel: Integration """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies + ) sc = self.user_config(user, target_sat) # Creating resource dom_name = gen_string('alpha') @@ -1247,7 +1253,9 @@ def test_positive_taxonomies_control_to_superadmin_without_org_admin( :CaseLevel: Integration """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies + ) sc = self.user_config(user, target_sat) # Creating resource dom_name = gen_string('alpha') @@ -1293,7 +1301,7 @@ def test_negative_create_roles_by_org_admin(self, role_taxonomies, target_sat): create new role """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) user_login = gen_string('alpha') user_pass = gen_string('alphanumeric') @@ -1333,7 +1341,9 @@ def test_negative_modify_roles_by_org_admin(self, role_taxonomies, target_sat): :expectedresults: Org Admin should not have permissions to update existing roles """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies + ) test_role = target_sat.api.Role().create() sc = self.user_config(user, target_sat) test_role = target_sat.api.Role(sc, id=test_role.id).read() @@ -1360,7 +1370,7 @@ def test_negative_admin_permissions_to_org_admin(self, role_taxonomies, target_s :CaseLevel: Integration """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) user_login = gen_string('alpha') user_pass = gen_string('alphanumeric') @@ -1407,7 +1417,7 @@ def test_positive_create_user_by_org_admin(self, role_taxonomies, target_sat): :CaseLevel: Integration """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) user_login = gen_string('alpha') user_pass = gen_string('alphanumeric') @@ -1460,7 +1470,9 @@ def test_positive_access_users_inside_org_admin_taxonomies(self, role_taxonomies :CaseLevel: Integration """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies + ) test_user = self.create_simple_user(filter_taxos=role_taxonomies) sc = self.user_config(user, target_sat) try: @@ -1498,7 +1510,7 @@ def test_positive_create_nested_location(self, role_taxonomies, target_sat): location=[role_taxonomies['loc']], ).create() org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) user.role = [org_admin] user = user.update(['role']) @@ -1532,7 +1544,9 @@ def test_negative_access_users_outside_org_admin_taxonomies( :CaseLevel: Integration """ - user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies) + user = self.create_org_admin_user( + target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies + ) test_user = self.create_simple_user(filter_taxos=filter_taxonomies) sc = self.user_config(user, target_sat) with pytest.raises(HTTPError): @@ -1557,7 +1571,7 @@ def test_negative_create_taxonomies_by_org_admin(self, role_taxonomies, target_s 1. Org Admin should not have access to create organizations 2. Org Admin should have access to create locations """ - org_admin = self.create_org_admin_role(orgs=[role_taxonomies['org'].id]) + org_admin = self.create_org_admin_role(target_sat, orgs=[role_taxonomies['org'].id]) user_login = gen_string('alpha') user_pass = gen_string('alphanumeric') user = target_sat.api.User( @@ -1603,7 +1617,7 @@ def test_positive_access_all_global_entities_by_org_admin( :expectedresults: Org Admin should have access to all the global target_sat.api in any taxonomies """ - org_admin = self.create_org_admin_role(orgs=[role_taxonomies['org'].id]) + org_admin = self.create_org_admin_role(target_sat, orgs=[role_taxonomies['org'].id]) user_login = gen_string('alpha') user_pass = gen_string('alphanumeric') user = target_sat.api.User( @@ -1658,7 +1672,7 @@ def test_negative_access_entities_from_ldap_org_admin( :CaseAutomation: Automated """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) # Creating Domain resource in same taxonomies as Org Admin role to access later domain = self.create_domain( @@ -1705,7 +1719,7 @@ def test_negative_access_entities_from_ldap_user( :CaseAutomation: Automated """ org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) # Creating Domain resource in different taxonomies to access later domain = self.create_domain(orgs=[module_org.id], locs=[module_location.id]) @@ -1753,6 +1767,7 @@ def test_positive_assign_org_admin_to_ldap_user_group( group_name = gen_string("alpha") password = gen_string("alpha") org_admin = self.create_org_admin_role( + target_sat, orgs=[create_ldap['authsource'].organization[0].id], locs=[create_ldap['authsource'].location[0].id], ) @@ -1815,7 +1830,7 @@ def test_negative_assign_org_admin_to_ldap_user_group( group_name = gen_string("alpha") password = gen_string("alpha") org_admin = self.create_org_admin_role( - orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] + target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id] ) # Creating Domain resource in same taxonomies as Org Admin role to access later domain = self.create_domain( diff --git a/tests/foreman/cli/test_role.py b/tests/foreman/cli/test_role.py index 034d395b60..11474b42f1 100644 --- a/tests/foreman/cli/test_role.py +++ b/tests/foreman/cli/test_role.py @@ -150,7 +150,7 @@ def test_negative_list_filters_without_parameters(self, module_target_sat): :BZ: 1296782 """ - with pytest.raises(CLIReturnCodeError, CLIDataBaseError) as err: + with pytest.raises(CLIReturnCodeError) as err: module_target_sat.cli.Role.filters() if isinstance(err.type, CLIDataBaseError): pytest.fail(err)