mirror of
https://github.com/ansible/awx.git
synced 2026-02-22 21:46:00 -03:30
Make sure org admins can see credential after migration, comment updates on related tests
add clause in test to verify automatic setting of org of new team credential
This commit is contained in:
AlanCoding
@@ -71,7 +71,6 @@ def test_create_user_credential_via_user_credentials_list_xfail(post, alice, bob
|
|||||||
def test_create_team_credential(post, get, team, organization, org_admin, team_member):
|
def test_create_team_credential(post, get, team, organization, org_admin, team_member):
|
||||||
response = post(reverse('api:credential_list'), {
|
response = post(reverse('api:credential_list'), {
|
||||||
'team': team.id,
|
'team': team.id,
|
||||||
'organization': organization.id,
|
|
||||||
'name': 'Some name',
|
'name': 'Some name',
|
||||||
'username': 'someusername'
|
'username': 'someusername'
|
||||||
}, org_admin)
|
}, org_admin)
|
||||||
@@ -81,6 +80,9 @@ def test_create_team_credential(post, get, team, organization, org_admin, team_m
|
|||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
assert response.data['count'] == 1
|
assert response.data['count'] == 1
|
||||||
|
|
||||||
|
# Assure that credential's organization is implictly set to team's org
|
||||||
|
assert response.data['results'][0]['summary_fields']['organization']['id'] == team.organization.id
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_create_team_credential_via_team_credentials_list(post, get, team, org_admin, team_member):
|
def test_create_team_credential_via_team_credentials_list(post, get, team, org_admin, team_member):
|
||||||
response = post(reverse('api:team_credentials_list', args=(team.pk,)), {
|
response = post(reverse('api:team_credentials_list', args=(team.pk,)), {
|
||||||
|
|||||||
@@ -54,7 +54,7 @@ def test_credential_migration_team_member(credential, team, user, permissions):
|
|||||||
|
|
||||||
rbac.migrate_credential(apps, None)
|
rbac.migrate_credential(apps, None)
|
||||||
|
|
||||||
# Admin permissions post migration
|
# User permissions post migration
|
||||||
assert u in credential.use_role
|
assert u in credential.use_role
|
||||||
assert u not in credential.admin_role
|
assert u not in credential.admin_role
|
||||||
|
|
||||||
@@ -67,10 +67,27 @@ def test_credential_migration_team_admin(credential, team, user, permissions):
|
|||||||
|
|
||||||
assert u not in credential.use_role
|
assert u not in credential.use_role
|
||||||
|
|
||||||
# Usage permissions post migration
|
# Admin permissions post migration
|
||||||
rbac.migrate_credential(apps, None)
|
rbac.migrate_credential(apps, None)
|
||||||
assert u in credential.admin_role
|
assert u in credential.admin_role
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_credential_migration_org_auditor(credential, team, org_auditor):
|
||||||
|
# Team's organization is the org_auditor's org
|
||||||
|
credential.deprecated_team = team
|
||||||
|
credential.save()
|
||||||
|
|
||||||
|
# No permissions pre-migration (this happens automatically so we patch this)
|
||||||
|
team.admin_role.children.remove(credential.admin_role)
|
||||||
|
team.member_role.children.remove(credential.use_role)
|
||||||
|
assert org_auditor not in credential.read_role
|
||||||
|
|
||||||
|
rbac.migrate_credential(apps, None)
|
||||||
|
|
||||||
|
# Read permissions post migration
|
||||||
|
assert org_auditor in credential.use_role
|
||||||
|
assert org_auditor in credential.read_role
|
||||||
|
|
||||||
def test_credential_access_superuser():
|
def test_credential_access_superuser():
|
||||||
u = User(username='admin', is_superuser=True)
|
u = User(username='admin', is_superuser=True)
|
||||||
access = CredentialAccess(u)
|
access = CredentialAccess(u)
|
||||||
|
|||||||
Reference in New Issue
Block a user