negative assertions for rex effective user tests (#17348)

SatelliteQE · Jan 22, 2025 · 0ac33fa · 0ac33fa
1 parent e3402b4
commit 0ac33fa
Showing 1 changed file with 61 additions and 1 deletion.
diff --git a/tests/foreman/cli/test_remoteexecution.py b/tests/foreman/cli/test_remoteexecution.py
@@ -242,7 +242,7 @@ def test_positive_timeout_to_kill(self, module_org, rex_contenthost, module_targ
     )
     @pytest.mark.rhel_ver_list([7, 8, 9])
     def test_positive_run_job_effective_user(
-        self, rex_contenthost, module_target_sat, setting_update
+        self, rex_contenthost, module_target_sat, setting_update, module_org
     ):
         """Run default job template as effective user on a host, test ssh user as well
 
@@ -314,6 +314,37 @@ def test_positive_run_job_effective_user(
                     'effective-user': f'{username}',
                 }
             )
+        # negative check for effective user privilige on client
+        command = 'touch /root/test'
+        with pytest.raises(CLIFactoryError) as error:
+            invocation_command = module_target_sat.cli_factory.job_invocation(
+                {
+                    'job-template': 'Run Command - Script Default',
+                    'inputs': f"command={command}",
+                    'search-query': f"name ~ {client.hostname}",
+                    'ssh-user': f'{ssh_username}',
+                    'password': f'{ssh_password}',
+                    'effective-user': f'{username}',
+                    'effective-user-password': f'{password}',
+                }
+            )
+        assert 'A sub task failed' in error.value.args[0]
+        task = module_target_sat.cli.Task.list_tasks({'search': command})[0]
+        search = module_target_sat.cli.Task.list_tasks({'search': f'id={task["id"]}'})
+        assert search[0]['action'] == task['action']
+        job_id = [
+            job['id']
+            for job in module_target_sat.cli.JobInvocation.list()
+            if job['description'] == f'Run {command}'
+        ][0]
+        out = module_target_sat.cli.JobInvocation.get_output(
+            {
+                'id': job_id,
+                'host': client.hostname,
+                'organization-id': module_org.id,
+            }
+        )
+        assert 'Permission denied' in out
 
     @pytest.mark.tier3
     @pytest.mark.e2e
@@ -1284,6 +1315,35 @@ def test_positive_run_job_on_host_registered_to_pull_provider(
         # assert the file is owned by the effective user
         assert username == result.stdout.strip('\n')
 
+        # negative check for effective user privilige on client
+        command = 'touch /root/test'
+        with pytest.raises(CLIFactoryError) as error:
+            invocation_command = module_target_sat.cli_factory.job_invocation(
+                {
+                    'job-template': 'Run Command - Script Default',
+                    'inputs': f"command={command}",
+                    'search-query': f"name ~ {rhel_contenthost.hostname}",
+                    'effective-user': f'{username}',
+                }
+            )
+        assert 'A sub task failed' in error.value.args[0]
+        task = module_target_sat.cli.Task.list_tasks({'search': command})[0]
+        search = module_target_sat.cli.Task.list_tasks({'search': f'id={task["id"]}'})
+        assert search[0]['action'] == task['action']
+        job_id = [
+            job['id']
+            for job in module_target_sat.cli.JobInvocation.list()
+            if job['description'] == f'Run {command}'
+        ][0]
+        out = module_target_sat.cli.JobInvocation.get_output(
+            {
+                'id': job_id,
+                'host': rhel_contenthost.hostname,
+                'organization-id': module_org.id,
+            }
+        )
+        assert 'Permission denied' in out
+
     @pytest.mark.tier3
     @pytest.mark.upgrade
     @pytest.mark.no_containers