Source code for cfme.fixtures.authentication
import pytest
from time import sleep
import cfme.utils.auth as authutil
from cfme.utils.log import logger
@pytest.fixture(scope='module')
[docs]def amazon_auth_provider():
try:
return authutil.get_auth_crud('amazon')
except KeyError:
pytest.skip('amazon auth provider not found in auth_data.auth_providers, skipping test.')
@pytest.fixture(scope='module')
[docs]def setup_aws_auth_provider(appliance, amazon_auth_provider):
"""Configure AWS IAM authentication mode"""
original_config = appliance.server.authentication.auth_settings
appliance.server.authentication.configure(auth_mode='amazon',
auth_provider=amazon_auth_provider)
sleep(60) # wait for MIQ to update, no trigger to look for, but if you try too soon it fails
yield
appliance.server.authentication.auth_settings = original_config
appliance.server.login_admin()
appliance.server.authentication.configure(auth_mode='database')
@pytest.fixture(scope='function')
@pytest.fixture(scope='function')
[docs]def auth_user_data(auth_provider, user_type):
"""Grab user data attrdict from auth provider's user data in yaml
Expected formatting of yaml containing user data:
test_users:
-
username: ldapuser2
password: mysecretpassworddontguess
fullname: Ldap User2
groups:
- customgroup1
providers:
- freeipa01
user_types:
- uid
Only include user data for users where the user_type matches that under test
Assert the data isn't empty, and skip the test if so
"""
try:
data = [user
for user in auth_provider.user_data
if user_type in user.user_types]
assert data
except (KeyError, AttributeError, AssertionError):
logger.exception('Exception fetching auth_user_data from yaml')
pytest.skip('No yaml data for auth_prov {} under "auth_data.test_data"'
.format(auth_provider))
return data
@pytest.fixture(scope='function')
[docs]def configure_auth(appliance, auth_mode, auth_provider, user_type, request, fix_missing_hostname):
"""Given auth_mode, auth_provider, user_type parametrization, configure auth for login
testing.
Saves original auth settings
Configures external or internal auth modes
Separate freeipa / openldap config methods and finalizers
Restores original auth settings after yielding
"""
original_config = appliance.server.authentication.auth_settings
logger.debug('Original auth settings before configure_auth fixture: %r', original_config)
if auth_mode.lower() != 'external':
appliance.server.authentication.configure(auth_mode=auth_mode,
auth_provider=auth_provider,
user_type=user_type)
elif auth_mode.lower() == 'external': # extra explicit
if auth_provider.auth_type == 'freeipa':
appliance.configure_freeipa(auth_provider)
request.addfinalizer(appliance.disable_freeipa)
elif auth_provider.auth_type == 'openldaps':
appliance.configure_openldap(auth_provider)
request.addfinalizer(appliance.disable_openldap)
# Auth reconfigure is super buggy and sensitive to timing
# Just waiting on sssd to be running, or an httpd restart isn't sufficient
sleep(30)
yield
# return to original auth config
appliance.server.authentication.auth_settings = original_config
appliance.httpd.restart()
appliance.wait_for_web_ui()