Checkin.

No-Issue Signed-off-by: James Tanner <[email protected]>
ansible · Sep 7, 2024 · d7d02bb · d7d02bb
1 parent 974860e
commit d7d02bb
Showing 1 changed file with 39 additions and 7 deletions.
diff --git a/galaxy_ng/tests/integration/aap/test_aap_superuser_management.py b/galaxy_ng/tests/integration/aap/test_aap_superuser_management.py
@@ -15,14 +15,14 @@
 
 
 @pytest.mark.deployment_standalone
-@pytest.mark.skipif(
-    not os.environ.get('JWT_PROXY'),
-    reason="relies on jwt proxy"
-)
+#@pytest.mark.skipif(
+#    not os.environ.get('JWT_PROXY'),
+#    reason="relies on jwt proxy"
+#)
 @pytest.mark.parametrize(
     'url',
     [
-        "_ui/v1/users/",
+        #"_ui/v1/users/",
         "_ui/v2/users/",
         #"pulp/api/v3/users/",
     ]
@@ -45,6 +45,13 @@ def test_aap_superuser_management(
     gc = galaxy_client("admin", ignore_cache=True)
     ga = BasicAuthClient(gc.galaxy_root, 'admin', 'admin')
 
+    # make sure the user can't be created directly in galaxy ...
+    resp = ga.post(
+        '/api/galaxy/_ui/v2/users/',
+        body=json.dumps({'username': random_username, 'password': 'redhat1234'})
+    )
+    assert "You do not have permission to perform this action" in str(resp)
+
     # make the user in the gateway
     user_data = ga.post(
         '/api/gateway/v1/users/',
@@ -55,7 +62,7 @@ def test_aap_superuser_management(
     uc = BasicAuthClient(gc.galaxy_root, random_username, 'redhat1234')
 
     # get the user details from galaxy ...
-    new_data = ga.get(f'/api/galaxy/{url}/?username={random_username}')
+    new_data = ga.get(f'/api/galaxy/{url.rstrip("/")}/?username={random_username}')
     if 'results' in new_data:
         assert new_data['count'] == 1
         new_user = new_data['results'][0]
@@ -82,6 +89,7 @@ def test_aap_superuser_management(
         resp = admin_func(user_url, json=payload)
         assert resp.get('is_superuser') is value, resp
 
+    '''
     # make sure the admin can not change the username ...
     if verb == 'PUT':
         payload = copy.deepcopy(new_user)
@@ -90,6 +98,7 @@ def test_aap_superuser_management(
         payload = {'username': "foobar12345"}
     resp = admin_func(user_url, json=payload)
     assert "You do not have permission to perform this action" in str(resp)
+    '''
 
     # make sure the user can not promote themself ...
     if verb == 'PUT':
@@ -108,5 +117,28 @@ def test_aap_superuser_management(
     else:
         payload = {'is_superuser': False}
     resp = user_func(user_url, json=payload)
+    assert resp.get('is_superuser') is False, resp
+
+    # see what happens when local state doesn't match gateway state ...
+    guid = user_data['id']
+    gw_user_url = f'/api/gateway/v1/users/{guid}/'
+    #payload = copy.deepcopy(user_data)
+    #payload['is_superuser'] = True
+    #gw_resp = ga.put(gw_user_url, json=payload)
+    gw_resp = ga.patch(gw_user_url, json={'is_superuser': True})
+    # process claims again and see what happens ...
+    resp = uc.get(user_url)
+    assert resp['is_superuser'] is True
     #import epdb; epdb.st()
-    assert resp.get('is_superuser') is False, resp
+
+    # can the user change their own password?
+    resp = uc.patch(user_url, {"password": "foobar1234"})
+    #uc2 = BasicAuthClient(gc.galaxy_root, random_username, 'foobar1234')
+    #me2 = uc.get("/api/")
+    #import epdb; epdb.st()
+
+    # the admin shouldn't be able to delete the user from galaxy ...
+    resp = ga.delete(user_url)
+    assert "You do not have permission to perform this action" in str(resp)
+
+    import epdb; epdb.st()