External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-17 19:20:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
Files
4eefce622df558ebddcac00b01401b64f239658b
awx/awx_collection/test/awx/test_role_definition.py
Seth Foster 3bb559dd09 AWX Collections for DAB RBAC 
Adds new modules for CRUD operations on the
following endpoints:

- api/v2/role_definitions
- api/v2/role_user_assignments
- api/v2/role_team_assignments

Note: assignment is Create or Delete only

Additional changes:
- Currently DAB endpoints do not have "type"
field on the resource list items. So this modifies
the create_or_update_if_needed to allow manually
specifying item type.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2024-04-11 14:59:09 -04:00

123 lines
3.7 KiB
Python
Raw Blame History

from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from ansible_base.rbac.models import RoleDefinition
@pytest.mark.django_db
def test_create_new(run_module, admin_user):
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate', 'awx.execute_jobtemplate'],
'content_type': 'awx.jobtemplate',
},
admin_user)
assert result['changed']
role_definition = RoleDefinition.objects.get(name='test_view_jt')
assert role_definition
permission_codenames = [p.codename for p in role_definition.permissions.all()]
assert set(permission_codenames) == set(['view_jobtemplate', 'execute_jobtemplate'])
assert role_definition.content_type.model == 'jobtemplate'
@pytest.mark.django_db
def test_update_existing(run_module, admin_user):
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate'],
'content_type': 'awx.jobtemplate',
},
admin_user)
assert result['changed']
role_definition = RoleDefinition.objects.get(name='test_view_jt')
permission_codenames = [p.codename for p in role_definition.permissions.all()]
assert set(permission_codenames) == set(['view_jobtemplate'])
assert role_definition.content_type.model == 'jobtemplate'
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate', 'awx.execute_jobtemplate'],
'content_type': 'awx.jobtemplate',
},
admin_user)
assert result['changed']
role_definition.refresh_from_db()
permission_codenames = [p.codename for p in role_definition.permissions.all()]
assert set(permission_codenames) == set(['view_jobtemplate', 'execute_jobtemplate'])
assert role_definition.content_type.model == 'jobtemplate'
@pytest.mark.django_db
def test_delete_existing(run_module, admin_user):
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate', 'awx.execute_jobtemplate'],
'content_type': 'awx.jobtemplate',
},
admin_user)
assert result['changed']
role_definition = RoleDefinition.objects.get(name='test_view_jt')
assert role_definition
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate', 'awx.execute_jobtemplate'],
'content_type': 'awx.jobtemplate',
'state': 'absent',
},
admin_user)
assert result['changed']
with pytest.raises(RoleDefinition.DoesNotExist):
role_definition.refresh_from_db()
@pytest.mark.django_db
def test_idempotence(run_module, admin_user):
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate', 'awx.execute_jobtemplate'],
'content_type': 'awx.jobtemplate',
},
admin_user)
assert result['changed']
result = run_module(
'role_definition',
{
'name': 'test_view_jt',
'permissions': ['awx.view_jobtemplate', 'awx.execute_jobtemplate'],
'content_type': 'awx.jobtemplate',
},
admin_user)
assert not result['changed']
role_definition = RoleDefinition.objects.get(name='test_view_jt')
permission_codenames = [p.codename for p in role_definition.permissions.all()]
assert set(permission_codenames) == set(['view_jobtemplate', 'execute_jobtemplate'])
Reference in New Issue View Git Blame Copy Permalink