-
Bug
-
Resolution: Done
-
Blocker
-
None
-
None
-
5
-
False
-
-
False
-
-
All are failing for the same reason:
| test_verify_rbac_not_opt_in_and_with_subscriptions_user_permission | Failed | Failed | (unset) | 6.2s |
| test_verify_rbac_not_opt_in_and_without_swatch_group_permission | Failed | AssertionError | (unset) | 9.9s |
| test_verify_rbac_without_swatch_group_permission | Failed | AssertionError | (unset) | 4.9s |
| test_verify_rbac_with_service_account_non_admin | Failed | AssertionError | (unset) | 1s |
| test_verify_rbac_with_service_account_admin | Failed | AttributeError | (unset) | 1.7s |
Stack Trace:
application = <iqe.base.application.Application object at 0x7f078273ed80> remove_all_groups = None add_non_admin_user_to_swatch_read_group = {'admin_default': False, 'created': datetime.datetime(2025, 6, 10, 14, 26, 48, 179404, tzinfo=tzlocal()), 'descripti...: False, 'principal_count': None, 'role_count': 0, 'system': False, 'uuid': 'dccc7080-2043-476b-b5b0-9d871a2bbed7'} rhsm_non_admin_user = <Box: {'auth': {'username': 'rbacnoadmin25', 'password': 'redhatqe', 'refresh_token': 'eyJhbGciOiJIUzUxMiIsInR5cCIgOiA...bGllbnRfdHlwZS5wcmVfa2MyNSJ9.4Clf_kqEzHBXfqJAtIrSqjfTG36sQGLgK6Q8ixzYw3wyd1WEJgKzkV9I92aNmZFxNvbVR9Tudqf756pO6KPd_A'}}> @pytest.mark.post_stage_deploy def test_verify_rbac_not_opt_in_and_with_subscriptions_user_permission( application, remove_all_groups, add_non_admin_user_to_swatch_read_group, rhsm_non_admin_user, ): """Verify user not able to access apis with role Subscription user role and without opt-in. JIRA: ENT-3284 metadata: assignee: aunayak negative: true importance: high level: system test_steps: 1. Create new group with subscriptions user role 2. Add user to group. 3. Delete opt-in config 4. See if user can not access different swatch apis . expected_results: 1. User should not be able to access apis. """ product_id = "RHEL for x86" metric_id = get_random_choice_or_first( config_parser.get_swatch_metric_id_from_tag_metrics(product_id=product_id) ) with application.copy_using(user=rhsm_non_admin_user) as app: app.rhsm_subscriptions.rest_client.opt_in_api.delete_opt_in_config() optin_get = app.rhsm_subscriptions.rest_client.opt_in_api.get_opt_in_config() assert not optin_get.data.opt_in_complete with pytest.raises(Exception) as e: app.rhsm_subscriptions.rest_client.tally_api.get_tally_report_data( product_id=product_id, metric_id=metric_id, beginning=datetime_to_iso8601_format(last_day), ending=datetime_to_iso8601_format(today()), granularity="Daily", ) assert optin_message in e.value.body > with pytest.raises(Exception) as e: ^^^^^^^^^^^^^^^^^^^^^^^^ E Failed: DID NOT RAISE <class 'Exception'>/iqe_venv/lib/python3.12/site-packages/iqe_rhsm_subscriptions/tests/integration/rbac/test_rbac.py:396: Failed
IQE Log:
Using random seed value for random generation: 4145 Setting auth_type to jwt Setting jwt_grant_type to refresh_token Created RESTPluginService client for https://console.stage.redhat.com/api/rbac/v1 with the following attributes: ['access_api', 'audit_logs_api', 'client', 'cross_account_request_api', 'group_api', 'package', 'permission_api', 'principal_api', 'role_api', 'status_api'] REST: GET https://console.stage.redhat.com/api/rbac/v1/groups/ with query params [] and x-rh-insights-request-id=cd41a9f2e6bf439aa55e04afe1488a06 Removing all roles from Custom default access ... REST: GET https://console.stage.redhat.com/api/rbac/v1/groups/f189326b-6bac-401b-a387-c60e3f5185fe/roles/ with query params [('limit', 1000)] and x-rh-insights-request-id=06b52644389e4d42995e9df0b4d31398 Setting auth_type to jwt Setting jwt_grant_type to refresh_token Created RESTPluginService client for https://console.stage.redhat.com/api/rbac/v1 with the following attributes: ['access_api', 'audit_logs_api', 'client', 'cross_account_request_api', 'group_api', 'package', 'permission_api', 'principal_api', 'role_api', 'status_api'] REST: POST https://console.stage.redhat.com/api/rbac/v1/groups/ with query params [] and x-rh-insights-request-id=0de561e7b7f74068a46d14c1353bda65 REST: GET https://console.stage.redhat.com/api/rbac/v1/roles/ with query params [('name', 'Subscriptions user')] and x-rh-insights-request-id=64cd66424c894a83b1ec37fabcd73756 REST: POST https://console.stage.redhat.com/api/rbac/v1/groups/dccc7080-2043-476b-b5b0-9d871a2bbed7/roles/ with query params [] and x-rh-insights-request-id=eeceb185735745b1b95ca2e3cf93e4bc REST: POST https://console.stage.redhat.com/api/rbac/v1/groups/dccc7080-2043-476b-b5b0-9d871a2bbed7/principals/ with query params [] and x-rh-insights-request-id=6d8ca73217e340e887901224fc1c8545 Setting auth_type to jwt Setting jwt_grant_type to refresh_token Created RESTPluginService client for https://console.stage.redhat.com/api/rhsm-subscriptions with the following attributes: ['capacity_api', 'client', 'contracts_api', 'instances_api', 'opt_in_api', 'package', 'root_api', 'subscriptions_api', 'tally_api', 'version_api'] REST: DELETE https://console.stage.redhat.com/api/rhsm-subscriptions/v1/opt-in with query params [] and x-rh-insights-request-id=e262de24eda144cca3ccfddccbe193c6 REST: GET https://console.stage.redhat.com/api/rhsm-subscriptions/v1/opt-in with query params [] and x-rh-insights-request-id=c38987080f39428eb010fec69b16ec73 REST: GET https://console.stage.redhat.com/api/rhsm-subscriptions/v1/tally/products/RHEL%20for%20x86/Sockets with query params [('granularity', 'Daily'), ('beginning', '2025-06-09T14:16:31.107969+00:00'), ('ending', '2025-06-10T14:26:52.299436+00:00')] and x-rh-insights-request-id=33e3305b3bcf4892854efed55cf78976 REST: GET https://console.stage.redhat.com/api/rhsm-subscriptions/v1/capacity/products/RHEL%20for%20x86/Sockets with query params [('granularity', 'Daily'), ('beginning', '2025-06-09T14:16:31.107969+00:00'), ('ending', '2025-06-10T14:26:52.472494+00:00')] and x-rh-insights-request-id=7f02f094921f49ecb2016a57424e65dc REST: DELETE https://console.stage.redhat.com/api/rbac/v1/groups/dccc7080-2043-476b-b5b0-9d871a2bbed7/ with query params [] and x-rh-insights-request-id=2c6a52018ca646e4b3028307a786cfd6
- mentioned on
