From 922c6a52deea5dd802e0471ae4a007ec4599704c Mon Sep 17 00:00:00 2001
From: Peter Ondrejka <pondrejk@redhat.com>
Date: Wed, 22 Jan 2025 14:17:45 +0100
Subject: [PATCH] fixture to get expected permissions

---
 conftest.py                              |  1 +
 pytest_fixtures/component/permissions.py | 55 ++++++++++++++++++++++++
 tests/foreman/api/test_permission.py     | 31 ++-----------
 tests/foreman/ui/test_host.py            | 18 ++++----
 4 files changed, 70 insertions(+), 35 deletions(-)
 create mode 100644 pytest_fixtures/component/permissions.py

diff --git a/conftest.py b/conftest.py
index 037f19e25bc..00784beba58 100644
--- a/conftest.py
+++ b/conftest.py
@@ -54,6 +54,7 @@
     'pytest_fixtures.component.os',
     'pytest_fixtures.component.oscap',
     'pytest_fixtures.component.partition_table',
+    'pytest_fixtures.component.permissions',
     'pytest_fixtures.component.provision_azure',
     'pytest_fixtures.component.provision_gce',
     'pytest_fixtures.component.provision_libvirt',
diff --git a/pytest_fixtures/component/permissions.py b/pytest_fixtures/component/permissions.py
new file mode 100644
index 00000000000..bf344f003ab
--- /dev/null
+++ b/pytest_fixtures/component/permissions.py
@@ -0,0 +1,55 @@
+import pytest
+
+from robottelo.constants import PERMISSIONS
+
+
+@pytest.fixture(scope="session")
+def expected_permissions(session_target_sat):
+    """Return the list of permissions valid for current instance."""
+
+    permissions = PERMISSIONS.copy()
+    rpm_packages = session_target_sat.execute('rpm -qa').stdout
+    if 'rubygem-foreman_rh_cloud' not in rpm_packages:
+        permissions.pop('InsightsHit')
+        permissions[None].remove('generate_foreman_rh_cloud')
+        permissions[None].remove('view_foreman_rh_cloud')
+        permissions[None].remove('dispatch_cloud_requests')
+        permissions[None].remove('control_organization_insights')
+    if 'rubygem-foreman_bootdisk' not in rpm_packages:
+        permissions[None].remove('download_bootdisk')
+    if 'gem-foreman_virt_who_configure' not in rpm_packages:
+        permissions.pop('ForemanVirtWhoConfigure::Config')
+    if 'gem-foreman_openscap' not in rpm_packages:
+        permissions.pop('ForemanOpenscap::Policy')
+        permissions.pop('ForemanOpenscap::ScapContent')
+        permissions[None].remove('destroy_arf_reports')
+        permissions[None].remove('view_arf_reports')
+        permissions[None].remove('create_arf_reports')
+    if 'gem-foreman_remote_execution' not in rpm_packages:
+        permissions.pop('JobInvocation')
+        permissions.pop('JobTemplate')
+        permissions.pop('RemoteExecutionFeature')
+        permissions.pop('TemplateInvocation')
+    if 'gem-foreman_puppet' not in rpm_packages:
+        permissions.pop('ForemanPuppet::ConfigGroup')
+        permissions.pop('ForemanPuppet::Environment')
+        permissions.pop('ForemanPuppet::HostClass')
+        permissions.pop('ForemanPuppet::Puppetclass')
+        permissions.pop('ForemanPuppet::PuppetclassLookupKey')
+    if 'rubygem-foreman_scc_manager' not in rpm_packages:
+        permissions.pop('SccAccount')
+        permissions.pop('SccProduct')
+    if 'gem-foreman_salt' not in rpm_packages:
+        permissions['Host'].remove('saltrun_hosts')
+        permissions['SmartProxy'].remove('destroy_smart_proxies_salt_autosign')
+        permissions['SmartProxy'].remove('view_smart_proxies_salt_autosign')
+        permissions['SmartProxy'].remove('destroy_smart_proxies_salt_keys')
+        permissions['SmartProxy'].remove('view_smart_proxies_salt_keys')
+        permissions['SmartProxy'].remove('edit_smart_proxies_salt_keys')
+        permissions['SmartProxy'].remove('auth_smart_proxies_salt_autosign')
+        permissions['SmartProxy'].remove('create_smart_proxies_salt_autosign')
+        permissions.pop('ForemanSalt::SaltVariable')
+        permissions.pop('ForemanSalt::SaltEnvironment')
+        permissions.pop('ForemanSalt::SaltModule')
+
+    return permissions
diff --git a/tests/foreman/api/test_permission.py b/tests/foreman/api/test_permission.py
index 80eba410319..186d99c8daa 100644
--- a/tests/foreman/api/test_permission.py
+++ b/tests/foreman/api/test_permission.py
@@ -35,37 +35,14 @@ class TestPermission:
     """Tests for the ``permissions`` path."""
 
     @pytest.fixture(scope='class', autouse=True)
-    def create_permissions(self, class_target_sat):
+    def create_permissions(self, expected_permissions):
         # workaround for setting class variables
         cls = type(self)
-        cls.permissions = PERMISSIONS.copy()
-        if class_target_sat.is_upstream:
-            cls.permissions[None].extend(cls.permissions.pop('DiscoveryRule'))
-            cls.permissions[None].remove('app_root')
-            cls.permissions[None].remove('attachments')
-            cls.permissions[None].remove('configuration')
-            cls.permissions[None].remove('logs')
-            cls.permissions[None].remove('view_cases')
-            cls.permissions[None].remove('view_log_viewer')
-
-        result = class_target_sat.execute('rpm -qa | grep rubygem-foreman_openscap')
-        if result.status != 0:
-            cls.permissions.pop('ForemanOpenscap::Policy')
-            cls.permissions.pop('ForemanOpenscap::ScapContent')
-            cls.permissions[None].remove('destroy_arf_reports')
-            cls.permissions[None].remove('view_arf_reports')
-            cls.permissions[None].remove('create_arf_reports')
-        result = class_target_sat.execute('rpm -qa | grep rubygem-foreman_remote_execution')
-        if result.status != 0:
-            cls.permissions.pop('JobInvocation')
-            cls.permissions.pop('JobTemplate')
-            cls.permissions.pop('RemoteExecutionFeature')
-            cls.permissions.pop('TemplateInvocation')
-
+        cls.permissions = expected_permissions
         #: e.g. ['Architecture', 'Audit', 'AuthSourceLdap', …]
-        cls.permission_resource_types = list(cls.permissions.keys())
+        cls.permission_resource_types = list(expected_permissions.keys())
         #: e.g. ['view_architectures', 'create_architectures', …]
-        cls.permission_names = list(chain.from_iterable(cls.permissions.values()))
+        cls.permission_names = list(chain.from_iterable(expected_permissions.values()))
 
     @pytest.mark.tier1
     def test_positive_search_by_name(self, target_sat):
diff --git a/tests/foreman/ui/test_host.py b/tests/foreman/ui/test_host.py
index 18605eacd32..cdf197e3ac4 100644
--- a/tests/foreman/ui/test_host.py
+++ b/tests/foreman/ui/test_host.py
@@ -34,7 +34,6 @@
     FAKE_8_CUSTOM_PACKAGE_NAME,
     OSCAP_PERIOD,
     OSCAP_WEEKDAY,
-    PERMISSIONS,
     REPO_TYPE,
 )
 from robottelo.constants.repos import CUSTOM_FILE_REPO
@@ -564,7 +563,7 @@ def test_positive_view_hosts_with_non_admin_user(
 
 @pytest.mark.tier3
 def test_positive_remove_parameter_non_admin_user(
-    test_name, module_org, smart_proxy_location, target_sat
+    test_name, module_org, smart_proxy_location, target_sat, expected_permissions
 ):
     """Remove a host parameter as a non-admin user with enough permissions
 
@@ -581,8 +580,8 @@ def test_positive_remove_parameter_non_admin_user(
     target_sat.api_factory.create_role_permissions(
         role,
         {
-            'Parameter': PERMISSIONS['Parameter'],
-            'Host': PERMISSIONS['Host'],
+            'Parameter': expected_permissions['Parameter'],
+            'Host': expected_permissions['Host'],
             'Operatingsystem': ['view_operatingsystems'],
         },
     )
@@ -614,7 +613,7 @@ def test_positive_remove_parameter_non_admin_user(
 
 @pytest.mark.tier3
 def test_negative_remove_parameter_non_admin_user(
-    test_name, module_org, smart_proxy_location, target_sat
+    test_name, module_org, smart_proxy_location, target_sat, expected_permissions
 ):
     """Attempt to remove host parameter as a non-admin user with
     insufficient permissions
@@ -636,7 +635,7 @@ def test_negative_remove_parameter_non_admin_user(
         role,
         {
             'Parameter': ['view_params'],
-            'Host': PERMISSIONS['Host'],
+            'Host': expected_permissions['Host'],
             'Operatingsystem': ['view_operatingsystems'],
         },
     )
@@ -668,7 +667,7 @@ def test_negative_remove_parameter_non_admin_user(
 
 @pytest.mark.tier3
 def test_positive_check_permissions_affect_create_procedure(
-    test_name, smart_proxy_location, target_sat, function_org, function_role
+    test_name, smart_proxy_location, target_sat, function_org, function_role, expected_permissions
 ):
     """Verify whether user permissions affect what entities can be selected
     when host is created
@@ -739,7 +738,10 @@ def test_positive_check_permissions_affect_create_procedure(
     # Add permissions for Organization and Location
     target_sat.api_factory.create_role_permissions(
         function_role,
-        {'Organization': PERMISSIONS['Organization'], 'Location': PERMISSIONS['Location']},
+        {
+            'Organization': expected_permissions['Organization'],
+            'Location': expected_permissions['Location'],
+        },
     )
     # Create new user with a configured role
     user_password = gen_string('alpha')