def test_view_on_folders_but_not_members(core_session,
create_secret_inside_folder,
pas_general_secrets, users_and_roles,
cleanup_secrets_and_folders):
"""
C3054: test method to View on folders, but not members
1) create multiple secrets & folders inside parent folder
2) Login as Admin, set folder permissions "View" for parent folder
3) Login as pas user
4) Verify can view folder but not secrets
:param core_session: Authenticated Centrify session
:param create_secret_inside_folder: Fixture to create secret inside folder
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param users_and_roles: Fixture to create random user with PAS User Rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
folder_id_list, folder_name, secret_id = create_secret_inside_folder
folders_list = cleanup_secrets_and_folders[1]
params = pas_general_secrets
# creating nested folder
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
params['name'],
params['description'],
parent=folder_id_list[0])
assert child_folder_success, f'Failed to create nested folder, API response result: {child_folder_id}'
logger.info(
f'Nested Folder created successfully, details are: {child_folder_parameters}'
)
folders_list.insert(0, child_folder_id)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id_list[1], 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting the secret for pas user should fail
found_secret = get_secret(pas_power_user_session, secret_id[0])
verify_msg = 'You are not authorized to perform this operation.'
assert found_secret['success'] is False and verify_msg in found_secret["Message"], \
f'Able to find the secret without view permissions, API response result:{found_secret["Message"]}'
logger.info(
f'Not able to find th secret with pas user: {found_secret["Message"]}')
def test_delete_mfa_policy_on_secret(core_session, pas_general_secrets,
clean_up_policy, users_and_roles):
"""
C283962: MFA policy on Secret, verify challenged
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets data from yaml file
:param clean_up_policy: Fixture to cleanup the policy created
:param users_and_roles: Fixture to create new user with restricted rights
"""
secrets_params = pas_general_secrets
suffix = guid()
# Create a folder A
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, secrets_params['mfa_folder_name'] + suffix,
secrets_params['description'])
assert secret_folder_success, f'Failed to create a folder {secret_folder_id}'
logger.info(f' Folder created successfully: {secret_folder_success} ')
secret_folder_parameters['ID'] = secret_folder_id
# Create a secret under A folder
added_secret_success, added_secret_id = create_text_secret_within_folder(
core_session, secrets_params['mfa_secret_name'] + suffix,
secrets_params['secret_text'], secrets_params['secret_description'],
secret_folder_id)
assert added_secret_success, f"Added Secret Failed {added_secret_id}"
logger.info(f'Added secrets info {added_secret_success, added_secret_id}')
# Getting details of the secret
found_secret = get_secret(core_session, added_secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret , API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Secret
result = update_secret(
core_session,
added_secret_id,
secret_name,
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f' Failed to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
# Getting new session for User
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, secret_folder_id,
'Grant,View,Delete')
assert user_permissions_result, f'Failed to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to set DELETE permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'Grant,View,Delete,Retrieve', user_id,
secret_folder_id)
assert member_perm_success, f'Failed to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Delete secret with Mfa Authentication
del_success, del_result = del_secret(pas_power_user_session,
added_secret_id)
# StartChallenge MFA Authentication
session, mechanism = pas_power_user_session.start_mfa_authentication(
user_name, del_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
result = pas_power_user_session.advance_authentication(
answer=pas_power_user_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
assert result, "Password Authentication Failed"
logger.info(f'Advance authentication: {result}')
# After Authentication of MFA delete the secret under folder
del_secret_success, del_secret_result = del_secret_mfa(
pas_power_user_session,
added_secret_id,
ChallengeStateId=del_result['ChallengeId'])
assert del_secret_success, f'User: {user_name} failed to delete secret from this folder: {secret_folder_id}'
logger.info(
f'User: {user_name} deleted secret: '
f'{added_secret_id} successfully from this folder: {secret_folder_id}')
# Delete folder
del_folder_res = del_folder(core_session, secret_folder_id)
assert del_folder_res, f'User: {user_name} failed to delete folder: {secret_folder_id}'
logger.info(
f'User: {user_name} successfully deleted folder: {secret_folder_id}')
def test_retrieve_mfa_policy_on_parent_folder_verify_challenged(
core_session, core_admin_ui, pas_general_secrets,
create_secret_inside_folder, clean_up_policy):
"""
C2985: MFA policy on Parent folder, verify challenged
1) Set MFA on MFAonParent
2) Right click "MFAonSecret" then Retrieve.
3) Verify challenged with MFA popups,
4) Enter password & verify you can retrieve secret
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch ui session for cloud admin
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
verify_text = secrets_params['secret_text']
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
folder_name,
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
ui = core_admin_ui
password = ui.get_user().get_password()
login = Login(ui)
ui.navigate('Resources', 'Secrets')
ui.search(folder_name)
ui.click_row(GridRowByGuid(folder_list[0]))
ui.click_row(GridRowByGuid(secret_list[0]))
ui.action('Retrieve')
ui.switch_context(Modal(text=secret_name))
ui.button('Show Text')
ui.switch_context(NoTitleModal())
login.click_next_on_auth()
login.enter_login_password(password)
login.click_next_on_auth()
ui.switch_context(ActiveMainContentArea())
ui.expect(InputBoxValue(verify_text),
f'Expect to find {verify_text} in Retrieve but could not.')
logger.info(
f'Text Retrieved with MFA challenge(password only)i.e. MFAonParent successfully: {verify_text}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_replace_mfa_on_both_parent_folder_and_secret_verify_challenged(
core_session, pas_general_secrets, create_secret_inside_folder,
core_session_unauthorized, clean_up_policy):
"""
C2981: test method to MFA policy on both Parent folder and Secret, verify secret MFA
1) Set MFA on MFAonSecret & MFAOnParentFolder
2) Right click "MFAonSecret" then Replace.
3) Verify challenged with MFA popups,
4) Enter password & verify you can replace secret
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param core_session_unauthorized: Fixture to start authentication MFA
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
prefix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(
core_session, prefix + secrets_params['policy_name'], challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Secret
result = update_secret(
core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
# Applying MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Folder: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication starts on the secret to be replaced:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(f'MFA popups before secret gets replaced:{mfa_result}')
# Replacing the text of the secret
result = update_secret(core_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + prefix,
secret_text=secrets_params['secret_text_replaced'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA
result = update_secret(core_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + prefix,
secret_text=secrets_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to update the folder, API response result:: {result["Message"]} '
logger.info(f'Updating the folder: {result}')
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
assert 'MFAOnSecretUpdate' in secret_name, \
f'Failed to update the secret, API response result:{found_secret["success"]}'
def test_mfa_on_closest_parent_should_override_mfa_on_higher_levels(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy, core_session_unauthorized):
"""
C2982: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
:param core_session_unauthorized: Fixture to start authentication MFA
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
folder_name = folder_params['folder_name_with_frwdslashes'] + suffix
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, folder_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Not Able to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication applies for closest parent,Password Only:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(
f'MFA applies for closest parent,popups before secret gets replaced: {mfa_result}'
)
# Replacing the text of the secret
result = update_secret(core_session,
secret_id,
folder_params['mfa_secret_name_update'] + suffix,
secret_text=folder_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from Nested folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Removing MFA from Parent folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Getting details of the Secret Replaced
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, secret_id)
assert get_secret_text == folder_params['secret_text_replaced'], \
f'Failed to replace the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_retrieve_mfa_on_closest_parent_should_override_mfa(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy):
"""
C283926: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
secret_name = folder_params['folder_name_with_frwdslashes'] + suffix
user_name = core_session.auth_details['User']
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, secret_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Failed to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Failed to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
# Move Secret with Mfa Authentication
retrieve_success, retrieve_result = retrieve_secret_contents(
core_session, secret_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, retrieve_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info(
f'Successfully applied password authentication with closest parent: {mfa_result}'
)
# After Authenticating of MFA move secret with challenge password
retrieve_secret_success, retrieve_secret_result = retrieve_secret_contents_with_mfa(
core_session,
secret_id,
ChallengeStateId=retrieve_result['ChallengeId'])
assert retrieve_secret_success, f'Failed to retrieve secret with closest parent challenge: {retrieve_secret_result}'
logger.info(
f'Successfully retrieved secret with closest parent challenge: {retrieve_secret_result}'
)
# Removing MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA removed on Nested Folder: {result}')
# Removing MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA removed on Parent Folder: {result}')
