[Fix] test to check various user group access #1034
Conversation
jstourac
added
the
enhancements
Robot Results
|
I think this is not correct, because the test uses |
ods_ci/tests/Tests/500__jupyterhub/jupyterhub-user-access.robot
Outdated
Show resolved
Hide resolved
Uf, you're right, Berto; good catch: I have it modified in my local properties settings, damn. Anyway, I've checked the cluster config for the Not sure for how long this test been failing in which release this got changed. |
jstourac
force-pushed
the
fixJupyterUserAccess
branch
from
d2d225a to
1f69adf
Compare
yeah, this is actually an environement issue rather than test issue, because the script our CI uses to create IDPs assignes wrong permissions to some users. We should fix it there, I haven't done it yet because I was working on a new script for IDPs (which is completed and used by interop team). In the meantime I'm okay with fixing the test. You can have a look at how it's been done in |
jstourac
force-pushed
the
fixJupyterUserAccess
branch
from
1f69adf to
a55aad4
Compare
ods_ci/tests/Tests/500__jupyterhub/jupyterhub-user-access.robot
Outdated
Show resolved
Hide resolved
ods_ci/tests/Tests/500__jupyterhub/jupyterhub-user-access.robot
Outdated
Show resolved
Hide resolved
jstourac
force-pushed
the
fixJupyterUserAccess
branch
from
a55aad4 to
5e810c6
Compare
The existing test checks that users from different groups have different access and that this access can be setup via RHOAI User settings. What this test does: * creates a `custom-admins-group` with `TEST_USER2` user * creates a `custom-users-group` with `TEST_USER3` user * configures first group as admins in RHOAI User settings * configures second group as users in RHOAI User settings Once this was applied it tried to perform operations with three different users: * TEST_USER - expected no privileges and simple `Access permissions needed` page presented * TEST_USER2 - all privileges * TEST_USER3 - no Administration page shown Problem in this approach is that the `TEST_USER` is part of the `dedicated-admins` group, which has a `cluster-admin` role in our default cluster settings. Per this [1], such user is an admin by default. So my changes incorporates usage of the `TEST_USER4` instead of `TEST_USER`. Also, unnecessary check for the product version is removed with this commit. [1] https://access.redhat.com/documentation/en-us/red_hat_openshift_data_science/1/html-single/managing_users_and_user_resources/index#defining-openshift-data-science-admin-and-user-groups_user-mgmt ``` By default, users with cluster admin permissions and users in the dedicated-admins administrator group are OpenShift Data Science administrators, but all users authenticated in OpenShift can access OpenShift Data Science. A cluster admin is a superuser that can perform any action in any project in the OpenShift cluster. ```
jstourac
force-pushed
the
fixJupyterUserAccess
branch
from
5e810c6 to
523c74a
Compare
jstourac
dismissed
bdattoma’s stale review
requested changes have been incorporated already, dismissing to be able to merge this one
|
Kudos, SonarCloud Quality Gate passed!
|
This fixes the `Verify Unauthorized User Is Not Able To Spawn Jupyter Notebook` test. It is basically similar change as done in [1,2]. Note: looks like the behavior of the RHOAI is a bit different now - the user without permissions is shown directly the `Access permissions needed` page. Nothing else is shown. Based on the test structure, in previous versions we could see the application but weren't able to start a JupyterHub tile in the `Applications -> Enabled` menu. Also, unnecessary check for the product version is removed with this commit and a small typo fix. [1] red-hat-data-services#1034 [2] c719b70
This fixes the `Verify Unauthorized User Is Not Able To Spawn Jupyter Notebook` test. It is basically similar change as done in [1,2]. Note: looks like the behavior of the RHOAI is a bit different now - the user without permissions is shown directly the `Access permissions needed` page. Nothing else is shown. Based on the test structure, in previous versions we could see the application but weren't able to start a JupyterHub tile in the `Applications -> Enabled` menu. Also, unnecessary check for the product version is removed with this commit and a small typo fix. [1] #1034 [2] c719b70
…1034) The existing test checks that users from different groups have different access and that this access can be setup via RHOAI User settings. What this test does: * creates a `custom-admins-group` with `TEST_USER2` user * creates a `custom-users-group` with `TEST_USER3` user * configures first group as admins in RHOAI User settings * configures second group as users in RHOAI User settings Once this was applied it tried to perform operations with three different users: * TEST_USER - expected no privileges and simple `Access permissions needed` page presented * TEST_USER2 - all privileges * TEST_USER3 - no Administration page shown Problem in this approach is that the `TEST_USER` is part of the `dedicated-admins` group, which has a `cluster-admin` role in our default cluster settings. Per this [1], such user is an admin by default. So my changes incorporates usage of the `TEST_USER4` instead of `TEST_USER`. Also, unnecessary check for the product version is removed with this commit. [1] https://access.redhat.com/documentation/en-us/red_hat_openshift_data_science/1/html-single/managing_users_and_user_resources/index#defining-openshift-data-science-admin-and-user-groups_user-mgmt ``` By default, users with cluster admin permissions and users in the dedicated-admins administrator group are OpenShift Data Science administrators, but all users authenticated in OpenShift can access OpenShift Data Science. A cluster admin is a superuser that can perform any action in any project in the OpenShift cluster. ```
The existing test checks that users from different groups have different
access and that this access can be setup via RHOAI User settings.
What this test does:
custom-admins-groupwithTEST_USER2usercustom-users-groupwithTEST_USER3userOnce this was applied it tried to perform operations with three
different users:
Access permissions neededpage presentedProblem in this approach is that the
TEST_USERis part of thededicated-adminsgroup, which has acluster-adminrole in ourdefault cluster settings. Per this [1], such user is an admin by
default.
So my changes incorporates usage of the
TEST_USER4instead ofTEST_USER.Also, unnecessary check for the product version is removed with this
commit.
[1] https://access.redhat.com/documentation/en-us/red_hat_openshift_data_science/1/html-single/managing_users_and_user_resources/index#defining-openshift-data-science-admin-and-user-groups_user-mgmt
CI: rhods-ci-pr-test/2159