def test_checkout_password_for_sql_unmanaged_account(
core_session, add_database_with_account):
"""
Test case: C1101 - Checkout password for a SQL unmanaged account
:param core_session: Authenticated centrify session
:param add_database_with_account: fixture to create database with account as optional.
"""
db_name, db_id, db_account_id, db_data, database_cleaner_list, sql_account_cleaner_list = \
add_database_with_account(db_class='sql', add_account=True)
result, status = ResourceManager.check_out_password(
core_session, lifetime=15, accountid=db_account_id)
assert status, f'failed to checkout account {db_data["db_account"]} password.'
assert result['Password'] == db_data[
'password'], "Checked out password dose'nt match the actual password"
logger.info(f'{db_data["db_account"]} password check out successfully.')
acc_activity = RedrockController.get_account_activity(
core_session, db_account_id)
assert f'{core_session.auth_details["User"]} checked out database account "{db_data["db_account"]}" password for ' \
f'database "{db_name}"' in \
acc_activity[0]['Detail'], f"no activity of checkout found for account {db_data['db_account']}"
logger.info(
f"There is a checkout record for the account {db_data['db_account']} in activity"
)
def test_manage_account_for_valid_domain_account(domain_config_data, core_ui,
core_session):
"""
TCID: C1330: Manage password using administrative account for a valid domain account
:param core_ui: To Open the UI
:param core_session: To create the session
"""
conf = domain_config_data
name = conf['pas_bat_scenario1_infrastructure_data'][0]
domain_name = name["Domain_name3"]
data = conf['pas_scenario1_new_accounts'][0]
account_name = data['Managed_account']
ui = core_ui
ui.navigate("Resources", "Domains")
ui.search(domain_name)
ui.click_row(GridRow(domain_name))
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
ui.launch_modal("Add", modal_title="Add Account")
ui.input("User", account_name)
ui.uncheck("IsManaged")
ui.input("Password", "aaa")
ui.check("IsManaged")
check_disabled_textbox = ui.expect(DisabledTextBox("Password"),
f'Text box is still enabled')
assert check_disabled_textbox, f'Password Text Box is not disabled'
ui.button("Add")
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
account_id = None
results = ServerManager.get_all_accounts(core_session)
for result in results:
if result['User'] == account_name:
account_id = result['ID']
while True:
result, success = ResourceManager.get_account_information(
core_session, account_id)
if result['VaultAccount']['Row']['Status'] != "Missing Password":
break
else:
continue
activity = RedrockController.get_account_activity(core_session, account_id)
detail = []
for activity_detail in activity:
detail.append(activity_detail['Detail'])
assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name}' in detail[
0], f'could not able to change password'
logger.info(f"detail list are: , {detail}")
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f'Account did not get delete '
logger.info(f"result is, {result}")
def test_system_level_password_checkout_blank(
core_session, pas_windows_setup, users_and_roles,
update_tenant_multiple_checkouts):
"""
C1548 : System level password checkout set to '--'
:param core_session: Authenticated Centrify Session
:param pas_windows_setup: Added and return Windows system and Account associated to it.
:param users_and_roles: Gets user and role on demand.
"""
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
user_session = users_and_roles.get_session_for_user(
"Privileged Access Service Administrator")
pas_admin = user_session.__dict__['auth_details']
# Setting 'Allow multiple password checkouts' policy to Uncheck on Global Security Setting page
result, success = update_tenant_multiple_checkouts(core_session, False)
assert success, f"Not able to disable 'Allow multiple password checkouts' policy on Global " \
f"Security Setting page. API response result: {result}."
logger.info(
f"'Allow multiple password checkouts' policy Unchecked on Global Security Setting page"
)
# Assigning 'Checkout' permission to user for Account.
account_result, account_success = ResourceManager.assign_account_permissions(
core_session, 'Naked', pas_admin['User'], pas_admin['UserId'], 'User',
account_id)
assert account_success, f"Assign Checkout permission to account : {account_id} failed. " \
f"API response result: {account_result}"
logger.info(
f"'Checkout' permission given to user: {pas_admin['User']} for Account:{account_id}."
)
# Checkout account while logged in as Cloud Admin
admin_checkout_result, admin_checkout_success = ResourceManager.check_out_password(
core_session, 1, account_id)
assert admin_checkout_result['Password'] == user_password, f"Not able to checkout Account : {account_id}. API " \
f"response result: {admin_checkout_result} "
logger.info(f"Account Checkout successful for Account :{account_id}.")
# Checkout account while logged in as Privileged Access Service Administrator
user_checkout_result, user_checkout_success = ResourceManager.check_out_password(
user_session, 1, account_id)
assert not user_checkout_success, f"Checkout Account successful : {account_id} : API response " \
f"result: {user_checkout_result}"
logger.info(f"Not able to checkout Account : {account_id}")
activity = RedrockController.get_account_activity(user_session,
account_id)[0]['Detail']
assert 'Multiple checkouts not allowed' in activity, f"Checkout Failed activity not found " \
f"for account : {account_id}. API response result: {activity} "
logger.info(
f"Checkout Failed activity found in Activity for account : {account_id}"
)
def test_update_unmanaged_account_password(core_session,
setup_pas_system_for_unix):
"""
TC: C280138 - Update unmanaged account and check password history
:param core_session: Authenticated Centrify session
:param setup_pas_system_for_unix: Yields UUID for an added Unix system and an account associated to it.
Steps:
1. Adding a valid system with managed account.
2. Change the password.
3. Check password change activity under "Account Activies".
"""
added_system_id, account_id, sys_info = setup_pas_system_for_unix
# Updating Password for unmanaged account
password_result, password_success = ResourceManager.update_password(
core_session, account_id, guid())
assert password_success, f"Password updation failed with API response Result: {password_result}"
logger.info(f"Password Updated successfully for account {account_id}")
# Verify Account Activity after password updated
activity_logs = RedrockController.get_account_activity(
core_session, account_id)
events = []
for activity in activity_logs:
events.append(activity['EventType'])
assert "Cloud.Server.LocalAccount.PasswordUpdate" in events, f"Password update activity not displayed under" \
f" Account Activity Section for Account : {account_id}"
logger.info(
f"Password updated record displayed in Account Activity section")
# Verifying Password History for account
password_history_records = RedrockController.get_password_history_with_id(
core_session, account_id)
assert password_history_records, f"Password updated history not found for account {account_id}"
logger.info(
f"Password history successfully retrieved for account: {account_id}")
def test_checkin_password_for_unmanaged_account(core_session,
add_database_with_account):
"""
Test case: C1104
:param core_session: Authenticated centrify session
:param add_database_with_account: fixture to create database with account as optional.
"""
db_name, db_id, db_account_id, db_data, database_cleaner_list, sql_account_cleaner_list = \
add_database_with_account(db_class='sql', add_account=True)
checkout_result, status = ResourceManager.check_out_password(
core_session, lifetime=15, accountid=db_account_id)
assert status, f'failed to checkout account {db_data["db_account"]} password. returned result is {checkout_result}'
assert checkout_result['Password'] == db_data[
'password'], "Checked out password dose'nt match the actual password"
logger.info(f'{db_data["db_account"]} password check out successfully.')
result, status = ResourceManager.check_in_password(core_session,
checkout_result['COID'])
assert status, f'failed to checkin password for account {db_data["db_account"]}, return result is {result}'
logger.info(
f'account {db_data["db_account"]} password checked in successfully')
acc_activity = RedrockController.get_account_activity(
core_session, db_account_id)
assert f'{core_session.auth_details["User"]} checked in database account "{db_data["db_account"]}" password for ' \
f'database "{db_name}"' in \
acc_activity[0]['Detail'], f"no activity of checkout found for account {db_data['db_account']}"
logger.info(
f"There is a checkout record for the account {db_data['db_account']} in activity"
)
for activity in acc_activity:
assert 'Reason: Change password after checked-in' not in activity[
'Detail'], f'activity for change password behavior found.'
logger.info('activity for change password behavior not found.')
def test_add_managed_account_without_password(domain_config_data, core_session,
core_ui):
"""
TCID: C1329: Add a managed account without password
:param core_ui: To Open the UI
:param core_session: To create the session
"""
conf = domain_config_data
name = conf['pas_bat_scenario1_infrastructure_data'][0]
domain_name = name["Domain_name3"]
data = conf['pas_scenario1_new_accounts'][0]
account_name = data['Managed_account']
ui = core_ui
ui.navigate("Resources", "Domains")
ui.search(domain_name)
ui.click_row(GridRow(domain_name))
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
ui.launch_modal("Add", modal_title="Add Account")
ui.expect(CheckedCheckbox("IsManaged"), f'Checkbox is not checked already')
expected_tooltip_value = "When enabled, the domain administrative account is used to set and manage a password for this account."
ui.input("User", account_name)
tooltip_element = ui._searchAndExpect(
HoverOnToolTip("x-img tooltip-icon x-box-item x-img-default"),
f'Could not able to get the tooltip value')
tooltip_element.try_click()
actual_tooltip_value = ui._searchAndExpect(
Div(expected_tooltip_value),
f'could not able to find the tool tip value')
actual_tooltip_message = actual_tooltip_value.text
assert expected_tooltip_value in actual_tooltip_message, f'tooltip text is not matching'
logger.info(f"ToolTip text: {actual_tooltip_value}")
ui.button("Add")
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
account_id = None
results = ServerManager.get_all_accounts(core_session)
for result in results:
if result['User'] == account_name:
account_id = result['ID']
ui.expect(GridCell("Missing Password"), f'Password is not missing')
while True:
result, success = ResourceManager.get_account_information(
core_session, account_id)
if result['VaultAccount']['Row']['Status'] != "Missing Password":
break
else:
continue
activity = RedrockController.get_account_activity(core_session, account_id)
detail = []
for activity_logs in activity:
detail.append(activity_logs['Detail'])
assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name}' in detail[0], \
f'could not able to change password'
logger.info(f"ToolTip text: {detail}")
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f"Account did not get deleted"
logger.info(f"deleted account response: {success}")
def test_changed_unmanaged_to_managed(domain_config_data, get_admin_user_function, core_session, core_ui):
"""
TCID: C1331, Add an unmanaged account without password and changed unmanaged to managed
:return:
"""
conf = domain_config_data
name = conf['pas_bat_scenario1_infrastructure_data'][0]
domain_name = name["Domain_name3"]
script = "Select * FROM VaultDomain"
request = RedrockController.redrock_query(core_session, script)
directory_service_ID = None
directory_service_Name = None
directory_service_Admin_ID = None
for directory_service in request:
directory_service = directory_service['Row']
if directory_service['Name'] == name["Domain_name3"]:
directory_service_ID = directory_service['ID']
directory_service_Name = directory_service['Name']
directory_service_Admin_ID = directory_service['Administrator']
break
permissions = "Grant,View,Edit,Delete,AddAccount"
result, add_domain_account_success = ResourceManager.set_domain_account_permissions(core_session, permissions,
"System Administrator",
"sysadmin",
id=directory_service_ID,
ptype="Role",
pvid=directory_service_ID,
rowkey=directory_service_ID)
assert add_domain_account_success, f'Failed to set add account permission in the domain {result}'
logger.info(f"add account permission set successfully in the Domain.")
account, add_domain_success = ResourceManager.get_administrative_account(core_session, "administrator")
logger.info(f" Successfully get Domain for adding Administrative account.")
assert add_domain_success, f'Failed to get Domain account {account}'
name = conf['pas_bat_scenario1_infrastructure_data']
pvid = account[0]
domains_name = account[0]
domain_name_list = []
for domain_name in name:
for key, value in domain_name.items():
domain_name_list.append(value)
logger.info(f"Set Administrative account for Domain. {domain_name_list}")
result, add_admin_account_success, message = ResourceManager.set_administrative_account(core_session,
domain_name_list,
pvid=pvid['PVID'],
user=domains_name[
'FullyQualifiedName'])
assert add_admin_account_success, f'Failed to set administrative account {message}'
logger.info(f"Administrative account Set successfully in the Domain.{message}")
result, success = ResourceManager.update_domain_accounts(core_session, directory_service_Name,
directory_service_Admin_ID, directory_service_ID,
allowautomaticaccountmaintenance=True)
assert success, f'failed to update the domain'
logger.info(f"update account successfully in the Domain{result}")
data = conf['pas_scenario1_new_accounts'][0]
account_name = data['Managed_account']
ui = core_ui
ui.navigate("Resources", "Domains")
ui.search(domain_name['Domain_name3'])
ui.click_row(GridRow(domain_name['Domain_name3']))
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
ui.launch_modal("Add", modal_title="Add Account")
ui.input("User", account_name)
ui.uncheck("IsManaged")
ui.button("Add")
ui.expect(GridCell("Missing Password"), f'Password is not missing')
ui.right_click(GridCell(account_name))
right_click_values = ui.get_list_of_right_click_element_values("Update Password")
assert "Checkout" not in right_click_values, f'Checkout option is appeared'
logger.info(f"All right click option:{right_click_values}")
account_id = None
results = ServerManager.get_all_accounts(core_session)
for result in results:
if result['User'] == account_name:
account_id = result['ID']
added_account = ui._searchAndExpect(GridCell(account_name), f'account is not getting added')
added_account.try_click()
ui._waitUntilSettled()
ui.tab("Settings")
ui.check("IsManaged")
ui.save()
ui._waitUntilSettled()
ui.expect(DisabledButton("Save"), f'Account did not get managed')
result = RedrockController.get_account_activity(core_session, account_id)
counter = 0
while counter < 10:
result = RedrockController.get_account_activity(core_session, account_id)
if result[0]['Detail'].__contains__("SYSTEM$"):
break
counter += 1
assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name["Domain_name3"]}' in result[0]['Detail'], f'could not able to change password'
logger.info(f"All Activity's are: , {result}")
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f'Account did not get delete{result}'
logger.info(f"Account got deleted successfully, {result}")
def test_check_permission_name_on_portal(core_session, pas_setup, clean_up_collections):
"""
Test case: C2059
:param core_session: Authenticated Centrify Session
:param pas_setup: fixture to create system with accounts in portal
:param core_admin_ui: Authenticated Centrify ui session
"""
system_id, account_id, sys_info = pas_setup
# Getting the Id of the user.
user_details = core_session.__dict__
user_id = user_details['auth_details']['UserId']
User_name = user_details['auth_details']['User']
# Assigning 'UserPortalLogin' permission to user for account.
account_result, account_success = ResourceManager.assign_account_permissions(core_session, 'UserPortalLogin',
User_name,
user_id, 'User',
account_id)
assert account_success, f"Failed to give 'UserPortalLogin' permission to user: {User_name} for " \
f"Account: {account_id}. API response 'Result': {account_result}"
logger.info(f"'UserPortalLogin' permission given to user: {User_name} for Account:{account_id}.")
# Fetching account information to validate desired account is un managed
result, status = ResourceManager.get_account_information(core_session, account_id)
assert status, f"failed to retrieve account information, returned result is {result}"
set_name = f"test_setname{guid()}"
status, set_result = SetsManager.create_manual_collection(core_session, set_name, "VaultAccount",
object_ids=[account_id])
assert status, f"failed to create set {set_name}, returned result is {set_result}"
logger.info(f"set {set_name} created for account {sys_info[4]} of system {sys_info[0]}")
clean_up_collections.append(set_result) # Set cleanup list
# "Workspace Login" rather than "Portal Login" in granted permission activity
result, success = ResourceManager.assign_account_permissions(core_session, "UserPortalLogin",
User_name, user_id,
pvid=account_id)
assert success, f'failed to assign permissions "UserPortalLogin" to ' \
f'{User_name} for account {sys_info[4]} ' \
f'for system {sys_info[0]}'
activity = RedrockController.get_account_activity(core_session, account_id)
assert activity[0]['Detail'] == f'{User_name} granted User "{User_name}" to have "Workspace Login" permissions ' \
f'on local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]})' \
f' with credential type Password ', 'No Workspace Login keyword found in ' \
'retrieved permission activity '
logger.info(f'Displayed "Workspace Login" rather than "Portal Login" in granted permission activity for '
f'account {sys_info[4]}')
status, result, SetsManager.set_collection_member_permission(core_session, User_name,
user_id,
"UserPortalLogin", set_result)
assert status, f'failed to assign workspace login permission to ' \
f'user {User_name} for set {set_name}'
logger.info(f'successfully assigned work space login permission to user {User_name}.')
# "Workspace Login" in set activity
set_activity_rows = ResourceManager.get_activity_for_collection(core_session, set_result)
assert set_activity_rows[0]['Detail'] == f'{User_name} granted User ' \
f'"{User_name}" to have ' \
f'"Workspace Login" permissions on the account set "{set_name}"', \
f'failed to get {set_name} activity for permissions'
logger.info(f'displayed "Workspace Login" in activity in set {set_name} activity')
# displayed "Workspace Login" in user profile activity
user_profile_activity = RedrockController.get_user_activity_profile(core_session, user_id)
counter = 0
while counter < 10:
user_profile_activity = RedrockController.get_user_activity_profile(core_session, user_id)
if user_profile_activity[0]['EventMessage'].__contains__(sys_info[0]):
break
counter += 1
assert user_profile_activity[0]['EventMessage'] == f'{User_name} ' \
f'granted User "{User_name}" to have "Workspace Login" ' \
f'permissions on local account "{sys_info[4]}" ' \
f'for "{sys_info[0]}"({sys_info[1]}) with credential type ' \
f'Password ', \
f'No Workspace Login keyword found in retrieved permission activity '
logger.info('displayed "Workspace Login" in user profile activity')
def test_system_local_account_level(core_session, pas_config,
remote_users_qty1, cleanup_accounts,
cleanup_resources):
"""
TC C282671: System Local Account Level.
:param cleanup_resources: cleanup for systems.
:param core_session: Authenticates API session
:param pas_config: returns yaml object
:param remote_users_qty1: Creates account in target system.
:param cleanup_accounts: cleanup for account.
"""
systems_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f"{'Win-2012'}{guid()}"
sys_details = pas_config
sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN']
add_user_in_target_system = remote_users_qty1
user_password = '******'
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, sys_fqdn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
systems_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
# Setting the lifetime checkout for account to 15 min.
default_checkout_lifetime = 15
updated_account_result, update_account_success = \
ResourceManager.update_account(core_session,
acc_result,
add_user_in_target_system[0],
host=add_sys_result,
default_checkout_time=default_checkout_lifetime)
assert update_account_success, f"Failed to add default checkout time: API response result:{updated_account_result}"
logger.info(
f'Successfully added default checkout time: {updated_account_result}"')
# Setting the lifetime checkout for system to 60 min.
updated_sys_result, update_sys_success = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
sys_fqdn,
'Windows',
defaultcheckouttime=60)
assert update_sys_success, f"Failed to add default checkout time: API response result:{updated_account_result}"
logger.info(
f'Successfully added default checkout time: {updated_sys_result}"')
# Checking the default account password set to default ie 60 min.
default_account_password_chk_lifetime = 60
results, success = ServerManager.get_server_settings(core_session,
key='policy')
assert results['DefaultCheckoutTime'] == default_account_password_chk_lifetime, \
f"account password checkout lifetime is not {default_account_password_chk_lifetime} "
# Checkout account.
checkout_result, checkout_success = ResourceManager.check_out_password(
core_session, 15, acc_result)
assert checkout_success, f"Fail to checkout account : {acc_result} : API response " \
f"result: {checkout_result}"
logger.info(f"Successfully checked account : {checkout_result}")
# Checking the checkout in the workspace and validating the checkout lifetime.
checkout_remaining_time = str(default_checkout_lifetime - 1)
checkout_accounts = RedrockController.get_password_checkout_from_workspace(
core_session, core_session.auth_details['UserId'])
for checkout_account in checkout_accounts:
if checkout_account['ID'] == checkout_result['COID']:
assert checkout_account['Remaining'].split()[0] == checkout_remaining_time,\
f"Fail to find the remaining checkout time equal to {checkout_remaining_time} "
logger.info(
" Successfully found the checkout activity in workspace.")
# Trying to checkout once again,expecting a null checkout ID.
failed_checkout_result, failed_checkout_success = ResourceManager.check_out_password(
core_session, 15, acc_result)
assert failed_checkout_result['COID'] is None, f"checkout account ID generated for : " \
f"{add_user_in_target_system[0]}:" \
f"API response result: {failed_checkout_result}"
logger.info(f"Check in option is action enable : {failed_checkout_result}")
# Checking out checkout activity.
acc_activity = RedrockController.get_account_activity(
core_session, acc_result)
assert f'{core_session.auth_details["User"]} checked out local account "{add_user_in_target_system[0]}" password ' \
f'for system "{sys_name}"({sys_fqdn})' in \
acc_activity[0]['Detail'], f"no activity of checkout found for account {add_user_in_target_system[0]}"
logger.info(
f"There is a checkout record for the account {add_user_in_target_system[0]} in activity"
)
def test_privilege_service_user_with_view_permission(core_session, pas_setup,
get_limited_user_module):
"""
Test case: C286564 :- Privilege Service User with view permission should can see the related activity
:param core_session: Authenticated Centrify session
:param pas_setup: fixture to create system with account
:param get_limited_user_module: creating cloud user with "Privileged Access Service Power User" right
"""
system_id, account_id, sys_info = pas_setup
cloud_user_session, cloud_user = get_limited_user_module
username = cloud_user.get_login_name()
user_id = cloud_user.get_id()
# "View" permission to cloud user for system
result, success = ResourceManager.assign_system_permissions(core_session,
"View",
username,
user_id,
pvid=system_id)
assert success, f'failed to assign view permission to user {username} for system {sys_info[0]}'
logger.info(
f'view permission for system {sys_info[0]} assigned to user {username}'
)
# Activity validation of system by cloud user
rows = ResourceManager.get_system_activity(cloud_user_session, system_id)
assert rows[0][
'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on system ' \
f'"{sys_info[0]}"({sys_info[1]})', 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of system {sys_info[0]}'
)
# "View" permission to cloud user for account
result, success = ResourceManager.assign_account_permissions(
core_session, "View", username, user_id, pvid=account_id)
assert success, f'failed to assign permissions "View" to {username} for account {sys_info[4]} ' \
f'for system {sys_info[0]}'
logger.info(
f'View permission for account {sys_info[4]} of system {sys_info[0]} to user {username}'
)
# Activity validation of account by cloud user
activity = RedrockController.get_account_activity(cloud_user_session,
account_id)
assert activity[0][
'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on local account' \
f' "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) with credential ' \
f'type Password ', 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of account {sys_info[4]} of system {sys_info[0]}'
)
# Created secret
secret_name = f"test_secret{guid()}"
status, parameters, secret_result = create_text_secret(
core_session, secret_name, "test_secret_text")
assert status, f'failed to create secret with returned result: {result}'
logger.info(
f'secret created successfully {result}, returned parameters are {parameters}'
)
# Assigning view permission to secret to cloud user
result, success = set_users_effective_permissions(core_session, username,
"View", user_id,
secret_result)
assert success, f'failed to set permissions of secret for user {username}'
logger.info(
f'successfully granted "View" permission for secret to {secret_name} to user {username}'
)
# Activity validation of secret by cloud user
secret_activity = get_secret_activity(cloud_user_session, secret_result)
assert f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on the ' \
f'secret "{secret_name}"' in secret_activity[0]['Detail'], 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of secret of {secret_name}'
)
