def test_bulk_system_delete_works_with_built_in_set(clean_bulk_delete_systems_and_accounts, core_session, core_tenant,
clean_users, users_and_roles, list_of_created_systems,
get_environment):
Engines = get_environment
if Engines == "AWS - PLV8":
batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 3, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch])
right_data = ("Privileged Access Service Power User", "role_Privileged Access Service Power User")
requester_session = users_and_roles.get_session_for_user(right_data[0])
role_info = users_and_roles.get_role(right_data[0])
account_ids = ResourceManager.get_multi_added_account_ids(core_session, all_systems)
for account_id in account_ids:
permission_string = 'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin'
result, success = ResourceManager.assign_account_permissions(
core_session,
permission_string,
role_info['Name'], role_info['ID'], "Role",
account_id)
assert success, "Did not set account permissions " + str(result)
system_ids = list(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values())
for system_id in system_ids:
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,' \
'UnlockAccount '
result, success = ResourceManager.assign_system_permissions(core_session,
permission_string,
role_info['Name'], role_info['ID'], "Role",
system_id)
assert success, "Did not set system permissions " + result
job_id, result = ResourceManager.del_multiple_systems_by_query(requester_session, '@@Windows Servers')
report = JobManager.get_job_report(core_session, job_id)
# not asserting success or failure, the admin may have access to windows systems created by other tests which
# would not succeed such as windows systems with uncertain accounts
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 0, f"Expected no remaining added accounts {report}"
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 0, f"Expected no remaining added systems {report}"
else:
skip('todo: Fix this test to work on azure')
def test_bulk_account_delete_generates_secret(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems, secret_cleaner):
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 3, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2])
secret_name = "TestSecret-" + str(
ResourceManager.time_mark_in_hours()) + "-" + guid()
sql_query = 'SELECT * FROM VaultAccount WHERE ' + ' OR '.join(
('VaultAccount.ID = "' + str(n) + '"' for n in list(all_accounts)))
ResourceManager.del_multiple_accounts_by_query(core_session, sql_query,
True, secret_name)
ResourceManager.wait_for_secret_to_exist_or_timeout(
core_session, secret_name)
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is not None, "Secret not found"
secret_cleaner.append(secret_id)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == 0, "Expected zero added accounts remain"
def test_bulk_system_delete_by_ids_only_deletes_correct_systems_and_accounts_fast_track(
clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems):
user_info = core_session.get_current_session_user_info().json()['Result']
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems)
batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 6, list_of_created_systems)
batch4 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 8, list_of_created_systems)
batch5 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2, batch3, batch4, batch5])
delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2, batch4])
keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3, batch5])
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2, batch3, batch4, batch5])
ResourceManager.del_multiple_systems(core_session, delete_system_ids, savepasswords=True, wait_time=0,
skip_if_has_apps_or_services=True, run_sync=True)
assert set(ResourceManager.get_multi_added_system_ids(core_session,
all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search"
assert set(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search"
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Start.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Success.Multi'
start_message = f'{username} initiated delete of {len(delete_system_ids)} systems'
end_message = f'{username} successfully deleted {len(delete_system_ids)} systems'
RedrockController.expect_event_message_by_type(core_session, start_type, start_message)
RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_account_deletes_with_ui_no_secret(
clean_bulk_delete_systems_and_accounts, core_session, core_admin_ui,
list_of_created_systems):
server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names(
core_session, list_of_created_systems, ssh=True)
ui = core_admin_ui
ui.navigate('Resources', 'Accounts')
ui.search(server_prefix)
for name in all_account_names:
assert ui.check_exists(
GridCell(name)), f"Account name {name} not found in grid"
ui.action('Delete accounts', all_account_names)
ui.switch_context(Modal('Bulk Account Delete'))
ui.uncheck("SaveSecret")
ui.button('Delete')
ui.switch_context(ConfirmModal())
ui.button('Yes')
ui.switch_context(InfoModal())
ui.button('Close')
ResourceManager.wait_for_accounts_to_delete_or_timeout(
core_session, all_systems, all_accounts)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == 0, "All added accounts not removed"
assert len(
ResourceManager.get_multi_added_system_ids(
core_session,
all_systems)) == 2, "Wrong number of added systems remain"
def test_bulk_account_delete_performs_quickly(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
# test constants
large_number_for_stress_testing = 50 # tested once with higher numbers but reduced for quick execution
reasonable_amount_of_time_to_execute = 90
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, large_number_for_stress_testing // 2,
list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, large_number_for_stress_testing // 2,
list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2])
start_time = time.time()
result, success = ResourceManager.del_multiple_accounts(
core_session, all_accounts)
assert success, "Api did not complete successfully for bulk account delete " + result
end_time = time.time()
elapsed_time = end_time - start_time
assert elapsed_time <= reasonable_amount_of_time_to_execute, \
"Did not complete operation in a reasonable amount of time"
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == 0, "Expected 0 added accounts found"
assert len(
ResourceManager.get_multi_added_system_ids(
core_session, all_systems)) == 2, "Expected 2 added systems found"
def test_bulk_account_delete_does_not_generate_secret_when_told_not_to(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 3, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2])
secret_name = "TestSecret-" + str(
ResourceManager.time_mark_in_hours()) + "-" + guid()
sql_query = 'SELECT * FROM VaultAccount WHERE ' + ' OR '.join(
('VaultAccount.ID = "' + str(n) + '"' for n in list(all_accounts)))
ResourceManager.del_multiple_accounts_by_query(core_session, sql_query,
False, secret_name)
ResourceManager.wait_for_secret_to_exist_or_timeout(core_session,
secret_name,
intervals_to_wait=60)
# set low intervals to wait, since secret should not be generated
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is None, "Secret not found!"
assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 0, \
"Expected zero remaining added accounts remain"
def test_bulk_system_by_api_set_correct_systems_and_accounts_fast_track(clean_bulk_delete_systems_and_accounts,
core_session, list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems,
sys_type="Unix")
batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems,
sys_type="Unix")
delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2])
keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3])
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3])
some_set_name = "ApiSet" + guid()
SetsManager.create_manual_collection(core_session, some_set_name, "Server", None)
set_id = SetsManager.get_collection_id(core_session, some_set_name, "Server")
SetsManager.update_members_collection(core_session, 'add', list(delete_system_ids), 'Server', set_id)
collection_and_filters = SetsManager.get_object_collection_and_filter_by_name(core_session, some_set_name, "Server")
filters = collection_and_filters['Filters']
logger.info(f'Manual set {collection_and_filters} - members - {delete_system_ids}')
result, success = ResourceManager.del_multiple_systems_by_query(core_session, filters, savepasswords=False,
secretname="", run_sync=True)
assert success is True, f'Delete systems job failed when expected success'
SetsManager.delete_collection(core_session, set_id)
assert set(ResourceManager.get_multi_added_system_ids(core_session,
all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search"
assert set(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search"
def test_app_management_user_can_create_job_but_not_delete_servers(clean_bulk_delete_systems_and_accounts, core_session,
core_tenant, clean_users, users_and_roles,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch])
requestor_session = users_and_roles.get_session_for_user('Application Management')
user_info = requestor_session.get_current_session_user_info().json()['Result']
all_systems = batch.keys()
job_id, result = ResourceManager.del_multiple_systems(requestor_session, all_systems)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
assert len(
ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 3, "Wrong number of remaining systems"
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 6, "Wrong number of remaining accounts"
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Start.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Failure.Multi'
start_message = f'{username} initiated delete of {len(all_systems)} systems'
end_message = f'{username} failed to delete {len(all_systems)} of {len(all_systems)} systems'
RedrockController.expect_event_message_by_type(core_session, start_type, start_message)
RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_account_delete_by_sql_query_only_deletes_correct_accounts_fast_track(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 12, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
sql_query = 'SELECT * FROM VaultAccount WHERE ' + ' OR '.join(
('VaultAccount.ID = "' + str(n) + '"' for n in list(delete_ids)))
result, success = ResourceManager.del_multiple_accounts_by_query(
core_session, sql_query, run_sync=True)
assert success, "del_multiple_accounts_by_query failed " + result
assert set(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) == set(all_systems), \
"Wrong set of added systems found"
assert set(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == set(keep_ids), \
"Wrong set of added accounts found"
user_info = core_session.get_current_session_user_info().json()['Result']
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.StartQuery.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Success.Multi'
start_message = f'{username} initiated delete of multiple accounts'
end_message = f'{username} successfully deleted {len(delete_ids)} accounts'
RedrockController.expect_event_message_by_type(core_session, start_type,
start_message)
RedrockController.expect_event_message_by_type(core_session, end_type,
end_message)
def test_bulk_system_delete_no_secret_manually(clean_bulk_delete_systems_and_accounts, core_session, core_ui, list_of_created_systems, secret_cleaner):
server_prefix, names_of_servers, server_ids = _make_two_servers_get_names(core_session, list_of_created_systems)
ui = core_ui
ui.navigate('Resources', 'Systems')
ui.search(server_prefix)
for name in names_of_servers:
assert ui.check_exists(GridCell(name)), "Server not found in grid " + name
ui.action('Delete Systems', names_of_servers)
core_ui.switch_context(Modal('Bulk System Delete'))
core_ui.uncheck("SaveSecret")
core_ui.button('Delete')
core_ui.switch_context(ConfirmModal())
core_ui.button('Yes')
core_ui.switch_context(NoTitleModal())
core_ui.button('Close')
ResourceManager.wait_for_systems_to_delete_or_timeout(core_session, server_ids)
assert len(ResourceManager.get_multi_added_account_ids(core_session, server_ids)) == 0, "All added accounts not removed"
assert len(ResourceManager.get_multi_added_system_ids(core_session, server_ids)) == 0, "All added systems not removed"
def test_bulk_system_deletes_manually_single_system_and_secret(clean_bulk_delete_systems_and_accounts, core_session, core_ui, list_of_created_systems, secret_cleaner):
server_prefix, names_of_servers, server_ids = _make_one_server_get_name(core_session, list_of_created_systems)
ui = core_ui
ui.navigate('Resources', 'Systems')
ui.search(server_prefix)
for name in names_of_servers:
assert ui.check_exists(GridCell(name)), "Missing server from view " + name
ui.action('Delete', names_of_servers)
core_ui.switch_context(Modal('System Delete'))
secret_name = "secret_e2e_name_" + guid()
core_ui.input("SecretName", secret_name)
core_ui.button('Delete')
ResourceManager.wait_for_systems_to_delete_or_timeout(core_session, server_ids)
assert len(ResourceManager.get_multi_added_account_ids(core_session, server_ids)) == 0, "All added accounts not removed"
assert len(ResourceManager.get_multi_added_system_ids(core_session, server_ids)) == 0, "All added systems not removed"
ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name)
secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name)
assert secret_id is not None, "Secret not found"
secret_cleaner.append(secret_id)
def test_bulk_system_deletes_manually_from_set(clean_bulk_delete_systems_and_accounts, core_session, core_ui, list_of_created_systems):
server_prefix, names_of_servers, server_ids = _make_two_servers_get_names(core_session, list_of_created_systems)
ui = core_ui
ui.navigate('Resources', 'Systems')
ui.search(server_prefix)
not_favorite_stars = ui.browser.get_list_of_elements_by_css_selector("img.server-is-not-favorite")
assert len(not_favorite_stars) == 2, "Expected two favorite stars to be found, but other number returned"
for star in not_favorite_stars:
star.click() # favorite server
core_ui.set_action("Favorites", "Delete Systems")
core_ui.switch_context(Modal('Bulk System Delete'))
core_ui.button('Delete')
core_ui.switch_context(NoTitleModal())
core_ui.button('Close')
ResourceManager.wait_for_systems_to_delete_or_timeout(core_session, server_ids)
assert len(ResourceManager.get_multi_added_account_ids(core_session, server_ids)) == 0, "All added accounts not removed"
assert len(ResourceManager.get_multi_added_system_ids(core_session, server_ids)) == 0, "All added systems not removed"
def test_app_management_user_can_create_job_but_not_delete_accounts(
clean_bulk_delete_systems_and_accounts, core_session, core_tenant,
clean_users, users_and_roles, list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
assert len(
ResourceManager.get_multi_added_system_ids(
core_session,
all_systems)) == 2, "Added systems not reflected in search"
assert len(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == 4, "Added accounts not reflected in search"
requestor_session = users_and_roles.get_session_for_user(
'Application Management')
job_id, result = ResourceManager.del_multiple_accounts(
requestor_session, all_accounts)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 2, \
"Expected 2 added systems to be found, but received different number"
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 4, \
"Expected 4 added accounts to be found, but received different number"
user_info = requestor_session.get_current_session_user_info().json(
)['Result']
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Start.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Failure.Multi'
start_message = f'{username} initiated delete of {len(all_accounts)} accounts'
end_message = f'{username} failed to delete {len(all_accounts)} of {len(all_accounts)} accounts'
RedrockController.expect_event_message_by_type(core_session, start_type,
start_message)
RedrockController.expect_event_message_by_type(core_session, end_type,
end_message)
def test_bulk_account_delete_generates_secret_with_ssh_accounts(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems, secret_cleaner, core_tenant):
batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts(
core_session,
2,
2,
list_of_created_systems,
system_prefix=f'test_ssh',
user_prefix=f'test_usr_ssh')
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1])
secret_name = "TestSecret-" + str(
ResourceManager.time_mark_in_hours()) + "-" + guid()
result, success = ResourceManager.del_multiple_accounts(
core_session,
all_accounts,
save_passwords=True,
secret_name=secret_name)
assert success, "Api did not complete successfully for bulk account delete MSG: " + result
ResourceManager.wait_for_secret_to_exist_or_timeout(
core_session, secret_name)
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is not None, "Secret not found"
secret_cleaner.append(secret_id)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == 0, "Expected zero added accounts remain"
user_name = core_tenant['admin_user']
user_id = UserManager.get_user_id(core_session, user_name)
result, success = set_users_effective_permissions(core_session, user_name,
"View,Edit,Retrieve",
user_id, secret_id)
assert success, f"Did not set secret permission successfully with message {result}"
secret_file_contents = get_file_secret_contents(core_session, secret_id)
assert secret_file_contents.count("\n") == 1 + len(
all_accounts
), f"Secret file contained the wrong number of lines {secret_file_contents}"
assert secret_file_contents.count("AutomationTestKey") == len(
all_accounts
), f"Secret file contained the wrong number of keys {secret_file_contents}"
for server_id in all_systems:
assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}"
for account_id in all_accounts:
assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_bulk_system_delete_by_sql_query_only_deletes_correct_systems_and_accounts(
clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems):
user_info = core_session.get_current_session_user_info().json()['Result']
assert len(ResourceManager.get_multi_added_system_ids(core_session, [
"x"])) == 0 # Use fake GUID string to ensure that filter is working properly, since empty list means no filter
assert len(ResourceManager.get_multi_added_account_ids(core_session, ["x"])) == 0
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems)
batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 6, list_of_created_systems)
batch4 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 8, list_of_created_systems)
batch5 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2, batch3, batch4, batch5])
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 15, "Found wrong number of added systems"
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 59, "Found wrong number of add accounts"
delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2, batch4])
keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3, batch5])
sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids)
ResourceManager.del_multiple_systems_by_query(core_session, sql_query, False, "")
assert set(ResourceManager.get_multi_added_system_ids(core_session,
all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search"
assert set(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search"
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.StartQuery.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Success.Multi'
start_message = f'{username} initiated delete of multiple systems'
end_message = f'{username} successfully deleted {len(delete_system_ids)} systems'
RedrockController.expect_event_message_by_type(core_session, start_type, start_message)
RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_other_user_cant_see_secret_created_by_first_user(core_session, users_and_roles, created_system_id_list,
swap_roles):
roles = ["Privileged Access Service Administrator", "Privileged Access Service Power User"]
if swap_roles:
roles_new = [roles[1], roles[0]]
roles = roles_new
batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, created_system_id_list)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch])
deleter_user_0_session = users_and_roles.get_session_for_user(roles[0])
deleter_user_0_role = users_and_roles.get_role(roles[0])
deleter_user_0_role_name = deleter_user_0_role['Name']
deleter_user_0_role_id = deleter_user_0_role['ID']
other_user_1_session = users_and_roles.get_session_for_user(roles[1])
for account_id in all_accounts:
permission_string = 'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin'
result, success = ResourceManager.assign_account_permissions(core_session, permission_string,
deleter_user_0_role_name, deleter_user_0_role_id,
"Role", account_id)
assert success, "Did not set account permissions " + str(result)
for system_id in all_systems:
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount'
result, success = ResourceManager.assign_system_permissions(core_session, permission_string,
deleter_user_0_role_name, deleter_user_0_role_id,
"Role", system_id)
assert success, "Did not set system permissions " + result
secret_name = f"secret{guid()}"
job_id, result = ResourceManager.del_multiple_systems(deleter_user_0_session, batch.keys(), secretname=secret_name)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
remaining_accounts = set(ResourceManager.get_multi_added_account_ids(core_session, created_system_id_list))
remaining_systems = set(ResourceManager.get_multi_added_system_ids(core_session, created_system_id_list).values())
assert remaining_accounts == set(), "Remaining accounts did not match expectation"
assert remaining_systems == set(), "Remaining systems did not match expectation"
secret_id = RedrockController.get_secret_id_by_name(deleter_user_0_session, secret_name)
assert secret_id is not None, f"Secret was not visible to creator '{roles[0]}' user, either because it wasn't created or because of a permissions issue"
secret_id = RedrockController.get_secret_id_by_name(other_user_1_session, secret_name)
assert secret_id is None, f"Secret should not be '{roles[1]}' user when created by '{roles[0]}' user"
secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name)
assert secret_id is not None, f"Sys admin should be able to see secret created by {roles[0]}"
def test_redundant_requests_succeed(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2])
ResourceManager.del_multiple_systems(core_session, batch1.keys())
ResourceManager.del_multiple_systems(core_session, batch2.keys())
ResourceManager.del_multiple_systems(core_session, batch1.keys())
ResourceManager.del_multiple_systems(core_session, batch2.keys())
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 0, "Expected no remaining added accounts"
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 0, "Expected no remaining added systems"
def test_overlapping_requests_succeed(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 2, list_of_created_systems)
batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3])
ResourceManager.del_multiple_systems(core_session, batch1.keys(), wait_time=-1)
ResourceManager.del_multiple_systems(core_session, batch1.keys(), wait_time=-1) # redundancy deliberate
ResourceManager.del_multiple_systems(core_session, batch2.keys(), wait_time=-1)
ResourceManager.del_multiple_systems(core_session, batch3.keys()) # wait on final call
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 0, "Expected no remaining added accounts"
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 0, "Expected no remaining added systems"
def test_bulk_system_delete_does_not_generate_secret_when_told_not_to(clean_bulk_delete_systems_and_accounts,
core_session, list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 7, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 3, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2])
job_id, success = ResourceManager.del_multiple_systems(core_session, all_systems, False, "")
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 0, "Remaining added systems should be zero"
report_contents = JobManager.get_job_report(core_session, job_id)
assert report_contents['report'].find(
'No password secret created') > -1, f'A secret was created even though it should not have been.'
def test_bulk_account_stores_secret_when_deleting_using_ui(
clean_bulk_delete_systems_and_accounts, core_session, core_admin_ui,
list_of_created_systems, secret_cleaner):
server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names(
core_session, list_of_created_systems, ssh=True)
ui = core_admin_ui
ui.navigate('Resources', 'Accounts')
ui.search(server_prefix)
for name in all_account_names:
assert ui.check_exists(
GridCell(name)), f"Account not found in grid with name {name}"
delete_names, keep_names = DataManipulation.shuffle_and_split_into_two_lists(
all_account_names)
action_name = 'Delete accounts'
modal_name = 'Bulk Account Delete'
if len(delete_names) == 1:
action_name = 'Delete'
modal_name = 'Delete'
ui.action(action_name, delete_names)
ui.switch_context(Modal(modal_name))
secret_name = "secret_e2e_name_" + guid() + "_" + guid()
ui.input("SecretName", secret_name)
ui.button('Delete')
ui.switch_context(NoTitleModal())
ui.button('Close')
ResourceManager.wait_for_secret_to_exist_or_timeout(
core_session, secret_name)
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is not None, "Failed to create secret!"
secret_cleaner.append(secret_id)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == len(
keep_names), "Wrong number of remaining systems found"
def test_account_system_deletes_from_ui_using_set(
clean_bulk_delete_systems_and_accounts, core_session, core_admin_ui,
list_of_created_systems):
server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names(
core_session, list_of_created_systems, ssh=True)
ui = core_admin_ui
ui.navigate('Resources', 'Accounts')
ui.search(server_prefix)
favorite_stars = ui.browser.get_list_of_elements_by_css_selector(
"img.server-is-not-favorite")
assert len(
favorite_stars
) == 4, "Expected 4 favorite stars to exist but wrong number found"
for account_id in all_accounts:
notFavoriteStar = FavoriteStar().inside(GridRowByGuid(account_id))
favoritedStar = FavoritedStar().inside(GridRowByGuid(account_id))
star = ui._searchAndExpect(
notFavoriteStar,
f'Failed to find unselected favorite star for {account_id} account'
)
star.try_click(
(RestCallInitiated(), favoritedStar)) # favorite account
ui._searchAndExpect(
favoritedStar,
f'Expected {account_id} not-favorite start to turn to favorited.')
ui.expect(RestCallComplete(),
f'Expected rest call to favorite account to have completed.')
ui.set_action("Favorite Accounts", "Delete accounts")
ui.switch_context(Modal('Bulk Account Delete'))
ui.button('Delete')
ui.switch_context(NoTitleModal())
ui.button('Close')
ResourceManager.wait_for_accounts_to_delete_or_timeout(
core_session, all_systems, all_accounts)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == 0, "All added accounts not removed"
def test_bulk_account_delete_one_account_at_a_time(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names \
(core_session, list_of_created_systems, ssh=False)
for i in all_accounts:
ResourceManager.del_account(core_session, i)
ResourceManager.wait_for_accounts_to_delete_or_timeout(
core_session, all_systems, all_accounts)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == 0, "All added accounts not removed"
assert len(
ResourceManager.get_multi_added_system_ids(
core_session,
all_systems)) == 1, "Wrong number of added systems remain"
def test_add_and_delete_system_with_multiple_benchmarks_per_test(
core_session, created_system_id_list, csv_benchmark):
"""
This test demonstrates measuring multiple things within the same pytest test
See example output at bottom of this file
"""
start, end, info = csv_benchmark
info(filenamesuffix="Bulk System Delete Time Test")
for i in range(3):
info(row=f"Test Run {i+1}")
info(column="Generate Systems")
start()
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 2, created_system_id_list)
end()
secret_name = f"secret{guid()}"
info(column="Delete Job")
start()
job_id, result = ResourceManager.del_multiple_systems(
core_session, batch.keys(), secretname=secret_name)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
end()
info(column="Query Systems and Accounts")
start()
remaining_accounts = set(
ResourceManager.get_multi_added_account_ids(
core_session, created_system_id_list))
remaining_systems = set(
ResourceManager.get_multi_added_system_ids(
core_session, created_system_id_list).values())
assert remaining_accounts == set(
), "Remaining accounts did not match expectation"
assert remaining_systems == set(
), "Remaining systems did not match expectation"
end()
info(column="Query Secret")
start()
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is not None, "No secret was created"
end()
def test_bulk_account_delete_by_ids_only_deletes_correct_accounts(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 2, list_of_created_systems)
batch3 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 4, 6, list_of_created_systems)
batch4 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 8, list_of_created_systems)
batch5 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 5, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2, batch3, batch4, batch5])
delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
result, success = ResourceManager.del_multiple_accounts(
core_session, delete_ids)
assert success, "Api did not complete successfully for bulk account delete MSG: " + result
assert set(
ResourceManager.get_multi_added_system_ids(
core_session, all_systems).values()) == set(
all_systems), "Wrong set of added systems found"
assert set(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == set(keep_ids), "Wrong set of added accounts found"
user_info = core_session.get_current_session_user_info().json()['Result']
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Start.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Success.Multi'
start_message = f'{username} initiated delete of {len(delete_ids)} accounts'
end_message = f'{username} successfully deleted {len(delete_ids)} accounts'
RedrockController.expect_event_message_by_type(core_session, start_type,
start_message)
RedrockController.expect_event_message_by_type(core_session, end_type,
end_message)
def test_bulk_system_deletes_mixed_ssh_systems(clean_bulk_delete_systems_and_accounts, core_session, core_ui, list_of_created_systems, secret_cleaner):
server_prefix, names_of_servers, server_ids = _make_two_servers_get_names(core_session, list_of_created_systems, ssh=True)
ui = core_ui
ui.navigate('Resources', 'Systems')
ui.search(server_prefix)
for name in names_of_servers:
assert ui.check_exists(GridCell(name)), "Missing server from view " + name
ui.action('Delete Systems', names_of_servers)
core_ui.switch_context(Modal('Bulk System Delete'))
core_ui.button('Delete')
core_ui.switch_context(InfoModal())
core_ui.button('Close')
ResourceManager.wait_for_systems_to_delete_or_timeout(core_session, server_ids)
assert len(ResourceManager.get_multi_added_account_ids(core_session, server_ids)) == 0, "All added accounts not removed"
assert len(ResourceManager.get_multi_added_system_ids(core_session, server_ids)) == 0, "All added systems not removed"
def test_missing_permissions_on_bulk_account_delete(
clean_bulk_delete_systems_and_accounts, core_session, core_tenant,
clean_users, users_and_roles, list_of_created_systems):
right_data = [
"Privileged Access Service Power User",
"role_Privileged Access Service Power User"
]
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 3, 3, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
has_permission_ids, missing_permission_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
requester_session = users_and_roles.get_session_for_user(right_data[0])
results_role = users_and_roles.get_role(right_data[0])
permissions_dict = dict.fromkeys(
has_permission_ids,
'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin'
)
permissions_dict.update(
dict.fromkeys(
missing_permission_ids,
'Owner,View,Manage,Login,Naked,UpdatePassword,FileTransfer,'
'UserPortalLogin'))
for account_id, permission_string in permissions_dict.items():
result, success = ResourceManager.assign_account_permissions(
core_session, permission_string, results_role['Name'],
results_role['ID'], "Role", account_id)
assert success, "Did not set account permissions " + str(result)
api_results, success = ResourceManager.del_multiple_accounts(
requester_session, all_accounts, run_sync=True)
assert not success, f"Expected fail result from missing permissions during test_missing_permissions_on_bulk_account_delete {api_results}"
assert set(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == set(missing_permission_ids)
def test_bulk_account_delete_multiple_accounts_activity(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 3, list_of_created_systems)
all_systems, _ = DataManipulation.aggregate_lists_in_dict_values([batch])
delete_ids = ResourceManager.get_multi_added_account_ids(
core_session, all_systems)
ResourceManager.del_multiple_accounts(core_session, delete_ids)
system_activities = ResourceManager.get_system_activity(
core_session, all_systems.pop())
activity_details = []
for activity in system_activities:
if activity['EventType'] == "Cloud.Server.ServerAdd":
activity_details.append(activity["Detail"])
assert len(activity_details
) == 1, "Wrong number of delete activities for the account"
def test_power_user_cant_see_secret_created_by_sysadmin_bsd(core_session, users_and_roles, created_system_id_list):
batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, created_system_id_list)
secret_name = f"secret{guid()}"
job_id, result = ResourceManager.del_multiple_systems(core_session, batch.keys(), secretname=secret_name)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
remaining_accounts = set(ResourceManager.get_multi_added_account_ids(core_session, created_system_id_list))
remaining_systems = set(ResourceManager.get_multi_added_system_ids(core_session, created_system_id_list).values())
assert remaining_accounts == set(), "Remaining accounts did not match expectation"
assert remaining_systems == set(), "Remaining systems did not match expectation"
requester_session = users_and_roles.get_session_for_user("Privileged Access Service Power User")
secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name)
assert secret_id is not None, "No secret was created"
secret_id = RedrockController.get_secret_id_by_name(requester_session, secret_name)
assert secret_id is None, "Secret should not be visible to Privileged Access Service Power User"
def test_overlapping_redundant_requests_succeed(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 16, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 15, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2])
all_accounts_list = list(all_accounts)
random.shuffle(all_accounts_list)
delete_ids1, keep_ids1 = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts_list[1::]
) # by excluding the first, we ensure one account is guaranteed to remain
delete_ids2, _ = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts_list[1::])
delete_ids3, _ = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts_list[1::])
ResourceManager.del_multiple_accounts(core_session,
delete_ids1,
wait_time=-60)
ResourceManager.del_multiple_accounts(core_session,
delete_ids2,
wait_time=-60)
ResourceManager.del_multiple_accounts(core_session,
delete_ids3) # wait on final call
all_delete = set(delete_ids1).union(delete_ids2).union(delete_ids3)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == len(all_accounts) - len(
all_delete), "Wrong number of remaining added accounts found"
assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 2, \
"Wrong number of remaining added systems found"
def test_bulk_account_by_api_set_correct_accounts(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems, core_admin_ui):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
some_set_name = "ApiSet" + guid()
success, set_id = SetsManager.create_manual_collection(
core_session, some_set_name, "VaultAccount", None)
assert success, "Did not create collection"
SetsManager.update_members_collection(core_session, 'add',
list(delete_ids), 'VaultAccount',
set_id)
filters = SetsManager.get_object_collection_and_filter_by_name(
core_session, some_set_name, "VaultAccount")['Filters']
result, success = ResourceManager.del_multiple_accounts_by_query(
core_session, filters)
assert success, "del_multiple_accounts_by_query failed " + result
SetsManager.delete_collection(core_session, set_id)
assert set(
ResourceManager.get_multi_added_system_ids(
core_session, all_systems).values()) == set(
all_systems), "Wrong set of added systems found"
assert set(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == set(keep_ids), "Wrong set of added accounts found"