Skip to content

Commit

Permalink
users and roles test fixes (#13433)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pondrejk
pondrejk authored Dec 13, 2023
1 parent eb4c4e7 commit c406a3d
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 33 deletions.
18 changes: 9 additions & 9 deletions tests/foreman/api/test_permission.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ def set_taxonomies(self, entity, organization=None, location=None):
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
)
def test_positive_check_create(self, entity_cls, class_org, class_location):
def test_positive_check_create(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "create_*" role has an effect.
:id: e4c92365-58b7-4538-9d1b-93f3cf51fbef
Expand All @@ -278,14 +278,14 @@ def test_positive_check_create(self, entity_cls, class_org, class_location):
"""
with pytest.raises(HTTPError):
entity_cls(self.cfg).create()
self.give_user_permission(_permission_name(entity_cls, 'create'))
self.give_user_permission(_permission_name(entity_cls, 'create'), target_sat)
new_entity = self.set_taxonomies(entity_cls(self.cfg), class_org, class_location)
# Entities with both org and loc require
# additional permissions to set them.
fields = {'organization', 'location'}
if fields.issubset(set(new_entity.get_fields())):
self.give_user_permission('assign_organizations')
self.give_user_permission('assign_locations')
self.give_user_permission('assign_organizations', target_sat)
self.give_user_permission('assign_locations', target_sat)
new_entity = new_entity.create_json()
entity_cls(id=new_entity['id']).read() # As admin user.

Expand All @@ -294,7 +294,7 @@ def test_positive_check_create(self, entity_cls, class_org, class_location):
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
)
def test_positive_check_read(self, entity_cls, class_org, class_location):
def test_positive_check_read(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "view_*" role has an effect.
:id: 55689121-2646-414f-beb1-dbba5973c523
Expand All @@ -312,7 +312,7 @@ def test_positive_check_read(self, entity_cls, class_org, class_location):
new_entity = new_entity.create()
with pytest.raises(HTTPError):
entity_cls(self.cfg, id=new_entity.id).read()
self.give_user_permission(_permission_name(entity_cls, 'read'))
self.give_user_permission(_permission_name(entity_cls, 'read'), target_sat)
entity_cls(self.cfg, id=new_entity.id).read()

@pytest.mark.upgrade
Expand All @@ -321,7 +321,7 @@ def test_positive_check_read(self, entity_cls, class_org, class_location):
'entity_cls',
**parametrized([entities.Architecture, entities.Domain, entities.ActivationKey]),
)
def test_positive_check_delete(self, entity_cls, class_org, class_location):
def test_positive_check_delete(self, entity_cls, class_org, class_location, target_sat):
"""Check whether the "destroy_*" role has an effect.
:id: 71365147-51ef-4602-948f-78a5e78e32b4
Expand All @@ -339,7 +339,7 @@ def test_positive_check_delete(self, entity_cls, class_org, class_location):
new_entity = new_entity.create()
with pytest.raises(HTTPError):
entity_cls(self.cfg, id=new_entity.id).delete()
self.give_user_permission(_permission_name(entity_cls, 'delete'))
self.give_user_permission(_permission_name(entity_cls, 'delete'), target_sat)
entity_cls(self.cfg, id=new_entity.id).delete()
with pytest.raises(HTTPError):
new_entity.read() # As admin user
Expand Down Expand Up @@ -376,7 +376,7 @@ def test_positive_check_update(self, entity_cls, class_org, class_location, targ
update_entity = entity_cls(self.cfg, id=new_entity.id, name=name)
with pytest.raises(HTTPError):
update_entity.update(['name'])
self.give_user_permission(_permission_name(entity_cls, 'update'))
self.give_user_permission(_permission_name(entity_cls, 'update'), target_sat)
# update() calls read() under the hood, which triggers
# permission error
if entity_cls is target_sat.api.ActivationKey:
Expand Down
61 changes: 38 additions & 23 deletions tests/foreman/api/test_role.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ def create_org_admin_role(self, target_sat, name=None, orgs=None, locs=None):
return target_sat.api.Role(id=org_admin['role']['id']).read()
return target_sat.api.Role(id=org_admin['id']).read()

def create_org_admin_user(self, role_taxos, user_taxos, target_sat):
def create_org_admin_user(self, target_sat, role_taxos, user_taxos):
"""Helper function to create an Org Admin user by assigning org admin
role and assign taxonomies to Role and User
Expand Down Expand Up @@ -526,7 +526,7 @@ def test_positive_create_org_admin_from_clone(self, target_sat):
default_org_admin = target_sat.api.Role().search(
query={'search': 'name="Organization admin"'}
)
org_admin = self.create_org_admin_role()
org_admin = self.create_org_admin_role(target_sat)
default_filters = target_sat.api.Role(id=default_org_admin[0].id).read().filters
orgadmin_filters = target_sat.api.Role(id=org_admin.id).read().filters
assert len(default_filters) == len(orgadmin_filters)
Expand All @@ -550,7 +550,7 @@ def test_positive_create_cloned_role_with_taxonomies(self, role_taxonomies, targ
:CaseImportance: Critical
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
org_admin = target_sat.api.Role(id=org_admin.id).read()
assert role_taxonomies['org'].id == org_admin.organization[0].id
Expand Down Expand Up @@ -578,7 +578,9 @@ def test_negative_access_entities_from_org_admin(
:CaseLevel: System
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=filter_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies
)
domain = self.create_domain(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
Expand Down Expand Up @@ -609,7 +611,9 @@ def test_negative_access_entities_from_user(
:CaseLevel: System
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=filter_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=filter_taxonomies
)
domain = self.create_domain(
orgs=[filter_taxonomies['org'].id], locs=[filter_taxonomies['loc'].id]
)
Expand Down Expand Up @@ -973,7 +977,7 @@ def test_positive_user_group_users_access_as_org_admin(self, role_taxonomies, ta
:CaseLevel: System
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
userone_login = gen_string('alpha')
userone_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1081,7 +1085,7 @@ def test_negative_assign_org_admin_to_user_group(
:CaseLevel: System
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_one = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies)
user_two = self.create_simple_user(target_sat, filter_taxos=filter_taxonomies)
Expand Down Expand Up @@ -1123,7 +1127,7 @@ def test_negative_assign_taxonomies_by_org_admin(
:CaseLevel: Integration
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating resource
dom_name = gen_string('alpha')
Expand Down Expand Up @@ -1168,7 +1172,7 @@ def test_positive_remove_org_admin_role(self, role_taxonomies, target_sat):
:CaseImportance: Critical
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1204,7 +1208,9 @@ def test_positive_taxonomies_control_to_superadmin_with_org_admin(
:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
sc = self.user_config(user, target_sat)
# Creating resource
dom_name = gen_string('alpha')
Expand Down Expand Up @@ -1247,7 +1253,9 @@ def test_positive_taxonomies_control_to_superadmin_without_org_admin(
:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
sc = self.user_config(user, target_sat)
# Creating resource
dom_name = gen_string('alpha')
Expand Down Expand Up @@ -1293,7 +1301,7 @@ def test_negative_create_roles_by_org_admin(self, role_taxonomies, target_sat):
create new role
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1333,7 +1341,9 @@ def test_negative_modify_roles_by_org_admin(self, role_taxonomies, target_sat):
:expectedresults: Org Admin should not have permissions to update
existing roles
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
test_role = target_sat.api.Role().create()
sc = self.user_config(user, target_sat)
test_role = target_sat.api.Role(sc, id=test_role.id).read()
Expand All @@ -1360,7 +1370,7 @@ def test_negative_admin_permissions_to_org_admin(self, role_taxonomies, target_s
:CaseLevel: Integration
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1407,7 +1417,7 @@ def test_positive_create_user_by_org_admin(self, role_taxonomies, target_sat):
:CaseLevel: Integration
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
Expand Down Expand Up @@ -1460,7 +1470,9 @@ def test_positive_access_users_inside_org_admin_taxonomies(self, role_taxonomies
:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
test_user = self.create_simple_user(filter_taxos=role_taxonomies)
sc = self.user_config(user, target_sat)
try:
Expand Down Expand Up @@ -1498,7 +1510,7 @@ def test_positive_create_nested_location(self, role_taxonomies, target_sat):
location=[role_taxonomies['loc']],
).create()
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
user.role = [org_admin]
user = user.update(['role'])
Expand Down Expand Up @@ -1532,7 +1544,9 @@ def test_negative_access_users_outside_org_admin_taxonomies(
:CaseLevel: Integration
"""
user = self.create_org_admin_user(role_taxos=role_taxonomies, user_taxos=role_taxonomies)
user = self.create_org_admin_user(
target_sat, role_taxos=role_taxonomies, user_taxos=role_taxonomies
)
test_user = self.create_simple_user(filter_taxos=filter_taxonomies)
sc = self.user_config(user, target_sat)
with pytest.raises(HTTPError):
Expand All @@ -1557,7 +1571,7 @@ def test_negative_create_taxonomies_by_org_admin(self, role_taxonomies, target_s
1. Org Admin should not have access to create organizations
2. Org Admin should have access to create locations
"""
org_admin = self.create_org_admin_role(orgs=[role_taxonomies['org'].id])
org_admin = self.create_org_admin_role(target_sat, orgs=[role_taxonomies['org'].id])
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
user = target_sat.api.User(
Expand Down Expand Up @@ -1603,7 +1617,7 @@ def test_positive_access_all_global_entities_by_org_admin(
:expectedresults: Org Admin should have access to all the global
target_sat.api in any taxonomies
"""
org_admin = self.create_org_admin_role(orgs=[role_taxonomies['org'].id])
org_admin = self.create_org_admin_role(target_sat, orgs=[role_taxonomies['org'].id])
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
user = target_sat.api.User(
Expand Down Expand Up @@ -1658,7 +1672,7 @@ def test_negative_access_entities_from_ldap_org_admin(
:CaseAutomation: Automated
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating Domain resource in same taxonomies as Org Admin role to access later
domain = self.create_domain(
Expand Down Expand Up @@ -1705,7 +1719,7 @@ def test_negative_access_entities_from_ldap_user(
:CaseAutomation: Automated
"""
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating Domain resource in different taxonomies to access later
domain = self.create_domain(orgs=[module_org.id], locs=[module_location.id])
Expand Down Expand Up @@ -1753,6 +1767,7 @@ def test_positive_assign_org_admin_to_ldap_user_group(
group_name = gen_string("alpha")
password = gen_string("alpha")
org_admin = self.create_org_admin_role(
target_sat,
orgs=[create_ldap['authsource'].organization[0].id],
locs=[create_ldap['authsource'].location[0].id],
)
Expand Down Expand Up @@ -1815,7 +1830,7 @@ def test_negative_assign_org_admin_to_ldap_user_group(
group_name = gen_string("alpha")
password = gen_string("alpha")
org_admin = self.create_org_admin_role(
orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
target_sat, orgs=[role_taxonomies['org'].id], locs=[role_taxonomies['loc'].id]
)
# Creating Domain resource in same taxonomies as Org Admin role to access later
domain = self.create_domain(
Expand Down
2 changes: 1 addition & 1 deletion tests/foreman/cli/test_role.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ def test_negative_list_filters_without_parameters(self, module_target_sat):
:BZ: 1296782
"""
with pytest.raises(CLIReturnCodeError, CLIDataBaseError) as err:
with pytest.raises(CLIReturnCodeError) as err:
module_target_sat.cli.Role.filters()
if isinstance(err.type, CLIDataBaseError):
pytest.fail(err)
Expand Down

0 comments on commit c406a3d

Please sign in to comment.