Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[6.13] users and roles test fixes #13645

Merged
merged 1 commit into from
Jan 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions tests/foreman/api/test_permission.py
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ def set_taxonomies(self, entity, organization=None, location=None):
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
)
def test_positive_check_create(self, entity_cls, class_org, class_location):
def test_positive_check_create(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "create_*" role has an effect.

:id: e4c92365-58b7-4538-9d1b-93f3cf51fbef
Expand All @@ -278,14 +278,14 @@ def test_positive_check_create(self, entity_cls, class_org, class_location):
"""
with pytest.raises(HTTPError):
entity_cls(self.cfg).create()
self.give_user_permission(_permission_name(entity_cls, 'create'))
self.give_user_permission(_permission_name(entity_cls, 'create'), target_sat)
new_entity = self.set_taxonomies(entity_cls(self.cfg), class_org, class_location)
# Entities with both org and loc require
# additional permissions to set them.
fields = {'organization', 'location'}
if fields.issubset(set(new_entity.get_fields())):
self.give_user_permission('assign_organizations')
self.give_user_permission('assign_locations')
self.give_user_permission('assign_organizations', target_sat)
self.give_user_permission('assign_locations', target_sat)
new_entity = new_entity.create_json()
entity_cls(id=new_entity['id']).read() # As admin user.

Expand All @@ -294,7 +294,7 @@ def test_positive_check_create(self, entity_cls, class_org, class_location):
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
)
def test_positive_check_read(self, entity_cls, class_org, class_location):
def test_positive_check_read(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "view_*" role has an effect.

:id: 55689121-2646-414f-beb1-dbba5973c523
Expand All @@ -312,7 +312,7 @@ def test_positive_check_read(self, entity_cls, class_org, class_location):
new_entity = new_entity.create()
with pytest.raises(HTTPError):
entity_cls(self.cfg, id=new_entity.id).read()
self.give_user_permission(_permission_name(entity_cls, 'read'))
self.give_user_permission(_permission_name(entity_cls, 'read'), target_sat)
entity_cls(self.cfg, id=new_entity.id).read()

@pytest.mark.upgrade
Expand All @@ -321,7 +321,7 @@ def test_positive_check_read(self, entity_cls, class_org, class_location):
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
)
def test_positive_check_delete(self, entity_cls, class_org, class_location):
def test_positive_check_delete(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "destroy_*" role has an effect.

:id: 71365147-51ef-4602-948f-78a5e78e32b4
Expand All @@ -339,7 +339,7 @@ def test_positive_check_delete(self, entity_cls, class_org, class_location):
new_entity = new_entity.create()
with pytest.raises(HTTPError):
entity_cls(self.cfg, id=new_entity.id).delete()
self.give_user_permission(_permission_name(entity_cls, 'delete'))
self.give_user_permission(_permission_name(entity_cls, 'delete'), target_sat)
entity_cls(self.cfg, id=new_entity.id).delete()
with pytest.raises(HTTPError):
new_entity.read() # As admin user
Expand Down
61 changes: 38 additions & 23 deletions tests/foreman/api/test_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ def create_org_admin_role(self, target_sat, name=None, orgs=None, locs=None):
return target_sat.api.Role(id=org_admin['role']['id']).read()
return target_sat.api.Role(id=org_admin['id']).read()

def create_org_admin_user(self, role_taxos, user_taxos, target_sat):
def create_org_admin_user(self, target_sat, role_taxos, user_taxos):
"""Helper function to create an Org Admin user by assigning org admin
role and assign taxonomies to Role and User

Expand Down Expand Up @@ -526,7 +526,7 @@ def test_positive_create_org_admin_from_clone(self, target_sat):
default_org_admin = target_sat.api.Role().search(
query={'search': 'name="Organization admin"'}
)
org_admin = self.create_org_admin_role()
org_admin = self.create_org_admin_role(target_sat)
default_filters = target_sat.api.Role(id=default_org_admin[0].id).read().filters
orgadmin_filters = target_sat.api.Role(id=org_admin.id).read().filters
assert len(default_filters) == len(orgadmin_filters)
Expand All @@ -550,7 +550,7 @@ def test_positive_create_cloned_role_with_taxonomies(self, role_taxonomies, targ
:CaseImportance: Critical
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
org_admin = target_sat.api.Role(id=org_admin.id).read()
assert role_taxonomies['org'].id == org_admin.organization[0].id
Expand Down Expand Up @@ -578,7 +578,9 @@ def test_negative_access_entities_from_org_admin(

:CaseLevel: System
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=filter_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies
)
domain = self.create_domain(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
Expand Down Expand Up @@ -609,7 +611,9 @@ def test_negative_access_entities_from_user(

:CaseLevel: System
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=filter_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies
)
domain = self.create_domain(
orgs=[filter_taxonomies['org'].id], locs=[filter_taxonomies['loc'].id]
)
Expand Down Expand Up @@ -973,7 +977,7 @@ def test_positive_user_group_users_access_as_org_admin(self, role_taxonomies, ta
:CaseLevel: System
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
userone_login = gen_string('alpha')
userone_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1081,7 +1085,7 @@ def test_negative_assign_org_admin_to_user_group(
:CaseLevel: System
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_one = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies)
user_two = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies)
Expand Down Expand Up @@ -1123,7 +1127,7 @@ def test_negative_assign_taxonomies_by_org_admin(
:CaseLevel: Integration
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating resource
dom_name = gen_string('alpha')
Expand Down Expand Up @@ -1168,7 +1172,7 @@ def test_positive_remove_org_admin_role(self, role_taxonomies, target_sat):
:CaseImportance: Critical
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1204,7 +1208,9 @@ def test_positive_taxonomies_control_to_superadmin_with_org_admin(

:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
sc = self.user_config(user, target_sat)
# Creating resource
dom_name = gen_string('alpha')
Expand Down Expand Up @@ -1247,7 +1253,9 @@ def test_positive_taxonomies_control_to_superadmin_without_org_admin(

:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
sc = self.user_config(user, target_sat)
# Creating resource
dom_name = gen_string('alpha')
Expand Down Expand Up @@ -1293,7 +1301,7 @@ def test_negative_create_roles_by_org_admin(self, role_taxonomies, target_sat):
create new role
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1333,7 +1341,9 @@ def test_negative_modify_roles_by_org_admin(self, role_taxonomies, target_sat):
:expectedresults: Org Admin should not have permissions to update
existing roles
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
test_role = target_sat.api.Role().create()
sc = self.user_config(user, target_sat)
test_role = target_sat.api.Role(sc, id=test_role.id).read()
Expand All @@ -1360,7 +1370,7 @@ def test_negative_admin_permissions_to_org_admin(self, role_taxonomies, target_s
:CaseLevel: Integration
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1407,7 +1417,7 @@ def test_positive_create_user_by_org_admin(self, role_taxonomies, target_sat):
:CaseLevel: Integration
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1460,7 +1470,9 @@ def test_positive_access_users_inside_org_admin_taxonomies(self, role_taxonomies

:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
test_user = self.create_simple_user(filter_taxos=role_taxonomies)
sc = self.user_config(user, target_sat)
try:
Expand Down Expand Up @@ -1498,7 +1510,7 @@ def test_positive_create_nested_location(self, role_taxonomies, target_sat):
location=[role_taxonomies['loc']],
).create()
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user.role = [org_admin]
user = user.update(['role'])
Expand Down Expand Up @@ -1532,7 +1544,9 @@ def test_negative_access_users_outside_org_admin_taxonomies(

:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
test_user = self.create_simple_user(filter_taxos=filter_taxonomies)
sc = self.user_config(user, target_sat)
with pytest.raises(HTTPError):
Expand All @@ -1557,7 +1571,7 @@ def test_negative_create_taxonomies_by_org_admin(self, role_taxonomies, target_s
1. Org Admin should not have access to create organizations
2. Org Admin should have access to create locations
"""
org_admin = self.create_org_admin_role(orgs=[role_taxonomies['org'].id])
org_admin = self.create_org_admin_role(target_sat, orgs=[role_taxonomies['org'].id])
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
user = target_sat.api.User(
Expand Down Expand Up @@ -1603,7 +1617,7 @@ def test_positive_access_all_global_entities_by_org_admin(
:expectedresults: Org Admin should have access to all the global
target_sat.api in any taxonomies
"""
org_admin = self.create_org_admin_role(orgs=[role_taxonomies['org'].id])
org_admin = self.create_org_admin_role(target_sat, orgs=[role_taxonomies['org'].id])
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
user = target_sat.api.User(
Expand Down Expand Up @@ -1658,7 +1672,7 @@ def test_negative_access_entities_from_ldap_org_admin(
:CaseAutomation: Automated
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating Domain resource in same taxonomies as Org Admin role to access later
domain = self.create_domain(
Expand Down Expand Up @@ -1705,7 +1719,7 @@ def test_negative_access_entities_from_ldap_user(
:CaseAutomation: Automated
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating Domain resource in different taxonomies to access later
domain = self.create_domain(orgs=[module_org.id], locs=[module_location.id])
Expand Down Expand Up @@ -1753,6 +1767,7 @@ def test_positive_assign_org_admin_to_ldap_user_group(
group_name = gen_string("alpha")
password = gen_string("alpha")
org_admin = self.create_org_admin_role(
target_sat,
orgs=[create_ldap['authsource'].organization[0].id],
locs=[create_ldap['authsource'].location[0].id],
)
Expand Down Expand Up @@ -1815,7 +1830,7 @@ def test_negative_assign_org_admin_to_ldap_user_group(
group_name = gen_string("alpha")
password = gen_string("alpha")
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating Domain resource in same taxonomies as Org Admin role to access later
domain = self.create_domain(
Expand Down
2 changes: 1 addition & 1 deletion tests/foreman/cli/test_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ def test_negative_list_filters_without_parameters(self, module_target_sat):

:BZ: 1296782
"""
with pytest.raises(CLIReturnCodeError, CLIDataBaseError) as err:
with pytest.raises(CLIReturnCodeError) as err:
module_target_sat.cli.Role.filters()
if isinstance(err.type, CLIDataBaseError):
pytest.fail(err)
Expand Down