def test_update_secret_with_invalid_path_or_name_negative(
core_session, added_secrets, pas_general_secrets):
"""
test method to update the secret with invalid path & invalid name
:param core_session: Authenticated Centrify session
:param added_secrets: Fixture to create text type secret & yield secret id, secret_name
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
added_text_secret_id, added_text_secret_name = added_secrets
secrets_params = pas_general_secrets
prefix = guid()
# Api to update the secret with invalid path
result = update_secret(
core_session, added_text_secret_id,
prefix + secrets_params['nested_secret_backslashes'])
assert result[
'success'] is False, f'Able to update with invalid path name { result["Result"]} '
logger.info(
f'Unable to update with invalid path name:{result["success"]} & {result["Exception"]} '
)
# Api to update the secret with invalid name
result = update_secret(core_session, added_text_secret_id,
prefix + secrets_params['invalid_name'])
assert result[
'success'] is False, f'Able to update with invalid name {result["Result"]} '
logger.info(
f'Unable to update with invalid name: {result["success"]} & {result["Exception"]}'
)
def test_adding_several_items_during_creation(core_session,
added_secrets_file,
added_secrets,
users_and_roles,
pas_general_secrets,
clean_up_policy):
secret_prefix = guid()
secrets_params = pas_general_secrets
added_secret_id = added_secrets_file
added_text_secret_id, added_text_secret_name = added_secrets
application_management_user = users_and_roles.get_user('Privileged Access Service Power User')
user_name = application_management_user.get_login_name()
user_id = application_management_user.get_id()
# setting permissions for User A
set_permission_result, set_permission_success = set_users_effective_permissions(core_session,
user_name,
'View,Grant',
user_id,
added_secret_id)
assert set_permission_success, f'Failed to set permission: {set_permission_result}'
logger.info(f'Setting permission:{set_permission_result}{set_permission_success}')
# creating new policy
policy_result = PolicyManager.create_new_auth_profile(core_session,
secret_prefix + secrets_params['policy_name'],
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Getting details of file type secrets
get_secret_details, get_secret_success, get_secret_created_date = get_file_type_secret_contents(core_session,
added_secret_id)
assert get_secret_success, f'Failed to get the file type secret contents:{get_secret_success}'
logger.info(f'Secret created details: {get_secret_details}')
secrete_file = {'Type': '',
'SecretFilePassword': '******',
'SecretFilePath': '',
'SecretFileSize': '',
'SecretName': get_secret_details['SecretName'],
'ID': added_secret_id,
'DataVaultDefaultProfile': ''
}
local_secret_path = get_asset_path('secret_upload.txt')
# Assigning policy to file type secrets
policy_assigned = update_file_type_secret(core_session, added_secret_id, secrete_file, local_secret_path,
policy_result)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f'Policy assigned to secret : {policy_assigned}')
# Removing policy to file type secrets
policy_assigned = update_file_type_secret(core_session, added_secret_id, secrete_file, local_secret_path)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f'Policy assigned to secret : {policy_assigned}')
# Setting permissions for text type secrets
set_permission_result, set_permission_success = set_users_effective_permissions(core_session, user_name,
'View,Grant', user_id,
added_text_secret_id[0])
assert set_permission_success, f'Failed to set permission: {set_permission_result}'
logger.info(f'Setting permission:{set_permission_result}{set_permission_success}')
# Applying Policy
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
added_text_secret_name,
policy_id=policy_result)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Removing policy
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
added_text_secret_name)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
def test_mfa_policy_on_secret_verify_not_challenged_on_settings_update(core_session,
pas_general_secrets,
users_and_roles,
create_secret_inside_folder,
clean_up_policy):
"""
test method to verify that mfa does not exist on updating the settings for an existing secret "MFAOnSecret"
with already assigned mfa for that secret
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
prefix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
pas_power_user = users_and_roles.get_user('Privileged Access Service Power User')
user_name = pas_power_user.get_login_name()
user_id = pas_power_user.get_id()
text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session,
user_name,
'View,Edit',
user_id,
secret_list[0])
assert text_type_secret_success, f'setting permissions for text type secret:{text_type_secret_result}'
logger.info(f'setting permissions for text type secret: : {text_type_secret_success}')
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(core_session,
prefix + secrets_params['policy_name'],
["UP", None],
None,
"30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to get the details of the secret
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session,
secret_list[0])
assert get_secret_success, f'Failed to get the details of the secret:{get_secret_success}'
logger.info(f'Details of the secret returned:{get_secret_details}')
# Api to assign MFA & update settings of secret
policy_assigned = update_secret(core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'],
secret_text=get_secret_text,
policy_id=policy_result)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Api to Remove MFA from secret
result = update_secret(core_session, secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'])
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
# Api to get details of the secret updated
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session,
secret_list[0])
description_updated = get_secret_details['Description']
name_updated = get_secret_details['SecretName']
assert 'MFAOnSecretUpdate' in name_updated, f'Failed to update the name{get_secret_success}'
assert 'mfa_description' in description_updated, f'Failed to update the description{get_secret_success}'
logger.info(f'Details of the secret updated: {get_secret_details}')
def test_move_mfa_on_secrets_should_apply(core_session, pas_general_secrets,
create_secret_folder, added_secrets,
clean_up_policy):
"""
C283939: MFA on secret should still apply once moved to another folder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_folder: Fixture to create secret folder & yields folder related details
:param added_secrets: Fixture to create text type secrets & yields secrets details
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
secret_id, secret_name = added_secrets
challenges1 = ["UP", ""]
user_name = core_session.auth_details['User']
# creating a new Authentication profile for nested folder
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges1, 0,
0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA to secret
result = update_secret(
core_session,
secret_id[0],
secret_name,
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f'Failed to apply mfa to secret, API response result: {result["Message"]} '
logger.info(f'Successfully applied MFA to Secret: {result}')
# Move Secret with Mfa Authentication
result_secret = move_secret(core_session,
secret_id[0],
folder_info=folder_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_secret['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info(f'successfully applied password authentication: {mfa_result}')
# After Authenticating of MFA move secret with challenge password
moved_success, moved_result = move_secret_by_using_mfa(
core_session,
secret_id[0],
target_folder_info=folder_id,
ChallengeStateId=result_secret['Result']['ChallengeId'])
assert moved_success, f'User: {user_name} Failed to move secret to another folder: {moved_result}'
logger.info(
f'User: {user_name} successfully moved secret to another folder: {moved_result}'
)
# Move Secret with Mfa Authentication
result_secret = move_secret(core_session, secret_id[0])
assert result_secret['success'] is False, \
f'Failed to preserve MFA Policy,API Response result:{result_secret["Message"]}'
logger.info(f'MFA Policy is preserved successfully: {result_secret}')
# Removing mfa from secret
result = update_secret(
core_session,
secret_id[0],
secret_name,
description=secrets_params['mfa_secret_description'])
assert result[
'success'], f'Failed to remove mfa from secret, API response result: {result["Message"]} '
logger.info(f'Successfully removed mfa from secret: {result}')
def test_delete_mfa_policy_on_secret(core_session, pas_general_secrets,
clean_up_policy, users_and_roles):
"""
C283962: MFA policy on Secret, verify challenged
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets data from yaml file
:param clean_up_policy: Fixture to cleanup the policy created
:param users_and_roles: Fixture to create new user with restricted rights
"""
secrets_params = pas_general_secrets
suffix = guid()
# Create a folder A
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, secrets_params['mfa_folder_name'] + suffix,
secrets_params['description'])
assert secret_folder_success, f'Failed to create a folder {secret_folder_id}'
logger.info(f' Folder created successfully: {secret_folder_success} ')
secret_folder_parameters['ID'] = secret_folder_id
# Create a secret under A folder
added_secret_success, added_secret_id = create_text_secret_within_folder(
core_session, secrets_params['mfa_secret_name'] + suffix,
secrets_params['secret_text'], secrets_params['secret_description'],
secret_folder_id)
assert added_secret_success, f"Added Secret Failed {added_secret_id}"
logger.info(f'Added secrets info {added_secret_success, added_secret_id}')
# Getting details of the secret
found_secret = get_secret(core_session, added_secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret , API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Secret
result = update_secret(
core_session,
added_secret_id,
secret_name,
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f' Failed to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
# Getting new session for User
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, secret_folder_id,
'Grant,View,Delete')
assert user_permissions_result, f'Failed to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to set DELETE permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'Grant,View,Delete,Retrieve', user_id,
secret_folder_id)
assert member_perm_success, f'Failed to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Delete secret with Mfa Authentication
del_success, del_result = del_secret(pas_power_user_session,
added_secret_id)
# StartChallenge MFA Authentication
session, mechanism = pas_power_user_session.start_mfa_authentication(
user_name, del_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
result = pas_power_user_session.advance_authentication(
answer=pas_power_user_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
assert result, "Password Authentication Failed"
logger.info(f'Advance authentication: {result}')
# After Authentication of MFA delete the secret under folder
del_secret_success, del_secret_result = del_secret_mfa(
pas_power_user_session,
added_secret_id,
ChallengeStateId=del_result['ChallengeId'])
assert del_secret_success, f'User: {user_name} failed to delete secret from this folder: {secret_folder_id}'
logger.info(
f'User: {user_name} deleted secret: '
f'{added_secret_id} successfully from this folder: {secret_folder_id}')
# Delete folder
del_folder_res = del_folder(core_session, secret_folder_id)
assert del_folder_res, f'User: {user_name} failed to delete folder: {secret_folder_id}'
logger.info(
f'User: {user_name} successfully deleted folder: {secret_folder_id}')
def test_need_to_have_edit_permission_on_secret_to_update_settings_and_policy(
core_session, users_and_roles, added_secrets_file, added_secrets,
pas_general_secrets, clean_up_policy):
"""
test method to set permissions on secrets(with Edit/Without Edit) to update the settings & policy.
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param added_secrets_file: Fixture to create file type secret & yield secret id
:param added_secrets: Fixture to create text type secret & yield secret id, secret_name
:param pas_general_secrets: Fixture to read secret data from yaml file
:param clean_up_policy: Fixture to clean up the policy created
"""
added_file_secret_id = added_secrets_file
added_text_secret_id, added_text_secret_name = added_secrets
secrets_params = pas_general_secrets
secret_prefix = guid()
pas_power_user = users_and_roles.get_user(
'Privileged Access Service Power User')
user_name = pas_power_user.get_login_name()
user_id = pas_power_user.get_id()
# API to set user permissions (Edit)for file_type_secret"""
file_type_secret_result, file_type_secret_success = set_users_effective_permissions(
core_session, user_name, 'View,Grant,Edit', user_id,
added_file_secret_id)
assert file_type_secret_success, f'setting permissions for file type secret failed: {file_type_secret_result}'
logger.info(
f'Setting permissions for file type secret: {file_type_secret_success}'
)
# API to set user permissions (without Edit)for text_type_secret"""
text_type_secret_result, text_type_secret_success = set_users_effective_permissions(
core_session, user_name, 'View,Grant', user_id,
added_text_secret_id[0])
assert text_type_secret_success, f'setting permissions for text type secret failed:{text_type_secret_result}'
logger.info(
f'Setting permissions for text type secret: : {text_type_secret_success}'
)
# API to get new session for User A"""
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
logger.info(
f'User with PAS Power User Rights login successfully :user_Name: {user_name}'
f' & Password: {pas_power_user.get_password()} ')
# Api to update the name of the secret(file_type)
result = update_secret(
pas_power_user_session, added_file_secret_id,
secret_prefix + secrets_params['updated_secret_name'])
assert result[
'success'], f'Not Able to update the settings {result["Result"]} '
logger.info(
f'Updating the settings for secret: {result["success"]} & {result["Exception"]}'
)
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secret_prefix + secrets_params['policy_name'],
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to assign policy to file type secret
policy_assigned = update_secret(pas_power_user_session,
added_file_secret_id,
added_text_secret_name,
policy_id=policy_result)
assert policy_assigned[
'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to secret: {policy_assigned}')
# Api to update settings for text type secret
result = update_secret(
pas_power_user_session, added_text_secret_id[0],
secret_prefix + secrets_params['updated_secret_name'])
assert result[
'success'] is False, f'Able to update the settings: {result["Message"]} '
logger.info(f'Not able to Update settings for secret: {result}')
# Api to assign policy for text type secret
policy_assigned = update_secret(pas_power_user_session,
added_text_secret_id[0],
added_text_secret_name,
policy_id=policy_result)
assert policy_assigned[
'success'] is False, f'Able to assign policy to secret: {policy_assigned["Message"]}'
logger.info(
f' Not able to assign Policy to text type secret: {policy_assigned}')
# Api to Remove policy for file type secret
policy_removed = update_secret(pas_power_user_session,
added_file_secret_id,
added_text_secret_name)
assert policy_removed[
'success'], f'Failed to remove policy to secret: {policy_removed["Message"]}'
logger.info(
f'Successfully removed Policy to text type secret: {policy_removed}')
def test_replace_mfa_policy_on_secret_verify_challenged(
core_session, pas_general_secrets, create_secret_inside_folder,
core_session_unauthorized, clean_up_policy):
"""
C2979: test method to MFA policy on Secret, verify challenged
1) Set MFA on MFAonSecret
2) Right click "MFAonSecret" then Replace.
3) Verify challenged with MFA popups,
4) Enter password & verify you can replace secret
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param core_session_unauthorized: Fixture to start authentication MFA
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
prefix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(
core_session, prefix + secrets_params['policy_name'], challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Secret
result = update_secret(
core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication starts on the secret to be replaced:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{ mfa_result["Result"]}'
logger.info(f'MFA popups before secret gets replaced:{mfa_result}')
# Replacing text of the secret & Removing MFA
result = update_secret(core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
secret_text=secrets_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
def test_multiple_updates_in_permissions_policy_name_verify_all_2(
core_session, added_secrets, pas_general_secrets, users_and_roles,
clean_up_policy):
"""
test method to verify multiple updates like (permissions, policy, name ..) for a secret
:param core_session: Authenticated Centrify Session
:param added_secrets: Fixture to create text type secret & yield secret id, secret_name
:param pas_general_secrets: Fixture to read secret data from yaml file
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param clean_up_policy: Fixture to clean up the policy created
"""
secret_prefix = guid()
added_text_secret_id, added_text_secret_name = added_secrets
secrets_params = pas_general_secrets
application_management_user = users_and_roles.get_user(
'Privileged Access Service Power User')
user_name = application_management_user.get_login_name()
user_id = application_management_user.get_id()
# API to set user permissions for text_type_secret
set_permissions_result, set_permissions_success = set_users_effective_permissions(
core_session, user_name, 'View,Grant,Edit', user_id,
added_text_secret_id[0])
assert set_permissions_success, f'setting permissions for file type secret failed: {set_permissions_result}'
logger.info(
f'setting permissions for text type secret: {set_permissions_success} {set_permissions_result}'
)
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secret_prefix + secrets_params['policy_name'],
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to assign policy to the secret
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
added_text_secret_name,
policy_id=policy_result)
assert policy_assigned[
'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Api to update settings(secret_name) of the secret
result = update_secret(
core_session, added_text_secret_id[0],
secret_prefix + secrets_params['updated_secret_name'])
assert result[
'success'], f'Not Able to update the settings {result["Result"]} '
logger.info(
f'Updating the settings for secret: {result["success"]} & {result["Exception"]}'
)
# Api to retrieve the activity of the secret
rows_result = UserManager.get_secret_activity(core_session,
added_text_secret_id[0])
assert rows_result is not None, f'Unable to fetch Secret updated details & activity fetched:{rows_result}'
logger.info(f'activity list:{rows_result}')
verify_name = 'update_secret1'
verify_permissions = 'View , Grant , Edit'
permissions_updated = False
assert verify_name in rows_result[0][
"Detail"], f'Unable to update the name:{rows_result[0]["Detail"]}'
logger.info(f'Secret Updated details: {rows_result[0]["Detail"]}')
for x in rows_result:
if verify_permissions in x['Detail']:
permissions_updated = True
assert permissions_updated, f'Unable to update the permissions: {permissions_updated}'
def test_retrieve_mfa_policy_on_both_parent_folder_and_secret_verify_secret_mfa(
core_session, core_admin_ui, pas_general_secrets,
create_secret_inside_folder, clean_up_policy):
"""
C2986: MFA policy on both Parent folder and Secret, verify secret MFA
1) Set MFA on both MFAonSecret & MFAOnParent
2) Right click "MFAonSecret" then Retrieve.
3) Verify challenged with MFA should be from "MFAonSecret"
4) Enter password & verify you can retrieve secret
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch ui session for cloud admin
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
verify_text = params['secret_text']
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, params['policy_name'] + "V2" + suffix, challenges_v2, 0,
0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating new policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
challenges = ["UP", ""]
# Creating another policy with password only
policy_result = PolicyManager.create_new_auth_profile(
core_session, params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating another policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
folder_name,
policy_id=policy_result_email)
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Applying MFA on Secret
result = update_secret(core_session,
secret_list[0],
secret_name,
description=params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
ui = core_admin_ui
password = ui.get_user().get_password()
login = Login(ui)
ui.navigate('Resources', 'Secrets')
ui.search(folder_name)
ui.click_row(GridRowByGuid(folder_list[0]))
ui.click_row(GridRowByGuid(secret_list[0]))
ui.action('Retrieve')
ui.switch_context(Modal(text=secret_name))
ui.button('Show Text')
ui.switch_context(NoTitleModal())
login.click_next_on_auth()
login.enter_login_password(password)
login.click_next_on_auth()
ui.switch_context(ActiveMainContentArea())
ui.expect(InputBoxValue(verify_text),
f'Expect to find {verify_text} in Retrieve but could not.')
logger.info(
f'Text Retrieved with MFA challenge(password only)i.e. MFAOnSecret successfully: {verify_text}'
)
# Removing MFA on Folder
result = update_folder(core_session, folder_list[0], folder_name,
params['mfa_folder_name_update'] + suffix)
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["Message"]} '
logger.info(f'MFA Removed for folder: {result}')
# Removing MFA on Secret
result = update_secret(core_session, secret_list[0],
params['mfa_secret_name_update'] + suffix)
assert result[
'success'], f'Not Able to remove MFA, API response result:{result["Message"]} '
logger.info(f'MFA Removed on secret: {result}')
def test_update_retrieve_replace_activity_logged(core_session, added_secrets,
pas_general_secrets,
users_and_roles,
clean_up_policy):
"""
C3071: Update, retrieve, replace activity logged
:param core_session: Authenticated Centrify Session
:param added_secrets: Fixture to create text type secret & yield secret id, secret_name
:param pas_general_secrets: Fixture to read secret data from yaml file
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param clean_up_policy: Fixture to clean up the policy created
"""
secret_suffix = guid()
added_text_secret_id, added_text_secret_name = added_secrets
secrets_params = pas_general_secrets
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to secrets
set_permission_result, set_permission_success = set_users_effective_permissions(
core_session, user_name, 'View,Grant', user_id,
added_text_secret_id[0])
assert set_permission_success, f'Failed to set permission: {set_permission_result}'
logger.info(
f'Setting permission:{set_permission_result}{set_permission_success}')
# Retrieving details(text) of the secret
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_text_secret_id[0])
assert get_secret_success, f'Failed to retrieve the secret:{get_secret_text}'
logger.info(f' Retrieved secret details: {get_secret_details} ')
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + secret_suffix,
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to update secret(assign policy & update name)
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
secrets_params['updated_secret_name'] +
secret_suffix,
policy_id=policy_result)
assert policy_assigned[
'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Api to retrieve the activity of the secret
rows_result = UserManager.get_secret_activity(core_session,
added_text_secret_id[0])
assert rows_result, f'Failed to fetch Secret updated details & activity fetched:{rows_result}'
logger.info(f'Activity list:{rows_result}')
assert 'updated the secret' in rows_result[0][
"Detail"], f'Failed to update the secret:{rows_result[0]["Detail"]}'
assert 'viewed the secret' in rows_result[1][
"Detail"], f'Failed to retrieve the secret :{rows_result[1]["Detail"]}'
added_secret_status = False
added_permissions_status = False
for rows in rows_result:
if 'added a secret' in rows['Detail']:
added_secret_status = True
assert added_secret_status, f'Failed to add secret: {added_secret_status}'
for rows in rows_result:
if 'granted User' in rows['Detail']:
added_permissions_status = True
assert added_permissions_status, f'Failed to add permissions: {added_permissions_status}'
# Api to remove policy from the secret
policy_assigned = update_secret(core_session, added_text_secret_id[0],
added_text_secret_name)
assert policy_assigned[
'success'], f'Failed to remove policy from secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy removed from secret: {policy_assigned}')
def test_needs_edit_permission_to_replace_contents(core_session,
users_and_roles,
added_secrets_file,
added_secrets,
pas_general_secrets):
"""
C283887: User needs edit permission on the secret to replace the contents.
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create New user with PAS Power User & PAS User Rights
:param added_secrets_file: Fixture to create file type secret
:param added_secrets: Fixture to create text type secret
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
secrets_params = pas_general_secrets
added_file_secret_id = added_secrets_file
added_text_secret_id, added_text_secret_name = added_secrets
suffix = guid()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'User with PAS Power User Rights login successfully: user_Name:{user_name}')
# setting user permissions for file_type_secret"""
file_type_secret_result, file_type_secret_success = set_users_effective_permissions(core_session,
user_name,
'View,Grant',
user_id,
added_file_secret_id)
assert file_type_secret_success, f'setting permissions for file type secret failed: {file_type_secret_result}'
logger.info(f'setting permissions for file type secret: {file_type_secret_success}')
# setting user permissions for file_type_secret"""
text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session,
user_name,
'View,Grant,Edit',
user_id,
added_text_secret_id[0])
assert text_type_secret_success, f'setting permissions for text type secret:{text_type_secret_result}'
logger.info(f'setting permissions for text type secret: : {text_type_secret_success}')
# Replacing the content of the secret
secret_updated = update_secret(pas_power_user_session,
added_text_secret_id[0],
secrets_params['mfa_secret_name_update'] + suffix,
description=secrets_params['mfa_secret_description'],
secret_text=secrets_params['secret_text_updated'] + suffix)
assert secret_updated['success'], f'Failed to update secret: {secret_updated["Result"]["ID"]}'
logger.info(f' Successfully updated text type secret: {secret_updated}')
# Verifying replaced secret
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_text_secret_id[0])
logger.info(f'Secret Updated details: {get_secret_details}')
replaced_content = get_secret_details['SecretText']
assert secrets_params['secret_text_updated'] in replaced_content, \
f'Failed to replace the secrets:{replaced_content}'
secret_name = get_secret_details['SecretName']
# creating set manually
success, set_id = SetsManager.create_manual_collection(pas_power_user_session, secrets_params['set_name'] + suffix,
'DataVault')
assert success, f'Failed to create manual set: {set_id}'
logger.info(f'creating manual set:{success} with setid as: {set_id}')
# Adding set to secret
added_to_set_success, added_to_set_result = SetsManager.update_members_collection(pas_power_user_session,
'add',
[added_text_secret_id[0]],
"DataVault", set_id)
assert added_to_set_success, f'Failed to add secret to set: {added_to_set_result}'
logger.info(f'Adding secret to set: {added_to_set_success}')
# Redrock query to fetch "Add to set" related details
get_set_info = RedrockController.verify_set_secret(pas_power_user_session, set_id, added_text_secret_id[0])
logger.info(f'{get_set_info}')
assert get_set_info[0]["Row"]["SecretName"] == secret_name, f' Failed to get "ADD to Set" inside "Actions"'
logger.info(f'Verifiying secret name {get_set_info[0]["Row"]["SecretName"]} in '
f'set with ID {get_set_info[0]["Row"]["CollectionID"]} ')
def test_mfa_on_closest_parent_should_override_mfa_on_higher_levels(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy, core_session_unauthorized):
"""
C2982: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
:param core_session_unauthorized: Fixture to start authentication MFA
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
folder_name = folder_params['folder_name_with_frwdslashes'] + suffix
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, folder_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Not Able to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication applies for closest parent,Password Only:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(
f'MFA applies for closest parent,popups before secret gets replaced: {mfa_result}'
)
# Replacing the text of the secret
result = update_secret(core_session,
secret_id,
folder_params['mfa_secret_name_update'] + suffix,
secret_text=folder_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from Nested folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Removing MFA from Parent folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Getting details of the Secret Replaced
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, secret_id)
assert get_secret_text == folder_params['secret_text_replaced'], \
f'Failed to replace the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_union_of_all_its_permissions(core_session,
pas_general_secrets,
cleanup_secrets_and_folders,
users_and_roles):
"""
C3056: test method Union of all its permissions
1)create multilevel folder /alpha/beta/charlie/delta
2) Login as Admin, set folder permissions "View" for alpha,"Edit" for beta, "Delete" for charlie,"Add" for delta
3) Login as pas user
4) verify sub folder permissions will have a union of all parent folders
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}')
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
assert charlie_folder['success'], \
f'Failed to retrieve charlie folder details, API response result:{charlie_folder["Message"]}'
logger.info(f'charlie folder details:{charlie_folder}')
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
assert parent_folder['success'], \
f'Failed to retrieve parent folder details, API response result:{parent_folder["Message"]}'
logger.info(f'Parent folder details:{parent_folder}')
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session, parent_folder_id)
assert alpha_folder['success'], f'Failed to retrieve alpha folder id, API response result: {alpha_folder["Result"]}'
logger.info(f'Details of Alpha Folder Retrieved:{alpha_folder}')
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0]["Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session, alpha_folder_id)
assert folder_beta['success'], f'Failed to retrieve beta folder id, API response result: {folder_beta["Result"]}'
logger.info(f'Details of Beta Folder Retrieved:{folder_beta}')
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Adding secrets inside child folder
added_secret_success, added_secret_id = create_text_secret_within_folder(core_session,
params['mfa_secret_name'] + folder_prefix,
params['secret_text'],
params['secret_description'],
child_folder_id)
assert added_secret_success, f"Added Secret Failed, API response result {added_secret_id}"
logger.info(f'Added secrets info: {added_secret_id}')
# Api to give user permissions to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(core_session, user_name, user_id, alpha_folder_id, 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result: {user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give user permissions to folder beta
user_permissions_beta = give_user_permissions_to_folder(core_session, user_name, user_id, folder_beta_id, 'Edit')
assert user_permissions_beta['success'], \
f'Not Able to set user permissions to folder, API response result: {user_permissions_beta["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_beta}')
# Api to give member permissions(View, Edit) to folder beta
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View, Edit',
user_id,
folder_beta_id)
assert member_perm_success,\
f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Api to give member permissions(Delete, Retrieve) to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'Delete,Retrieve',
user_id,
charlie_id)
assert member_perm_success,\
f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Updating the secret name & description
result = update_secret(pas_power_user_session,
added_secret_id,
folder_prefix + params['mfa_secret_name_update'],
description=params['mfa_secret_description'])
assert result['success'], f'Not Able to update the secret, API response result: {result["Message"]} '
logger.info(f'Secret Updated Details: {result}')
# Getting details of the Secret updated
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
pas_power_user_session,
added_secret_id)
description_updated = get_secret_details['Description']
name_updated = get_secret_details['SecretName']
assert 'MFAOnSecretUpdate' in name_updated,\
f'Failed to update the name, API response result:{get_secret_success}'
assert 'mfa_description' in description_updated,\
f'Failed to update the description, API response result:{get_secret_success}'
logger.info(f'Details of the secret updated: {get_secret_details}')
# Deleting newly created secrets
del_success, del_result = del_secret(pas_power_user_session, added_secret_id)
assert del_success, f'Failed to delete the secret with pas user, API response result: {del_result}'
logger.info(f'Secret deleted successfully with pas user:{del_result}')
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders are deleted successfully: {folders_list}')
logger.info(f'Added Secrets deleted successfully: {secrets_list}')
def test_replace_mfa_policy_on_parent_folder_verify_challenged(
core_session,
pas_general_secrets,
create_secret_inside_folder,
core_session_unauthorized,
clean_up_policy,
users_and_roles):
"""
C2980: test method to MFA policy on Parent folder, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param core_session_unauthorized: Fixture to start authentication MFA
:param clean_up_policy: Fixture to clean up the policy created
:param users_and_roles: Fixture to create random user with pas user rights
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(core_session, secrets_params['policy_name'] + suffix,
challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session, folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result['success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'{pas_power_user_session.auth_details}')
logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Getting password for MFA
password = users_and_roles.get_default_user_password()
# Api to give user permissions to folder
user_permissions_alpha = give_user_permissions_to_folder(core_session, user_name, user_id, folder_list[0], 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give member permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View, Edit',
user_id,
folder_list[0])
assert member_perm_success, f'Not Able to set member permissions to Folder: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# MFA Authentication starts on the secret to be replaced
mfa_authentication = pas_power_user_session.start_authentication(user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(f'MFA Authentication with "Password" starts on the secret to be replaced:{mfa_authentication.json()}')
# Advance MFA Authentication starts on the secret to be replaced
up_result = pas_power_user_session.advance_authentication(password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result['success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(f'MFA popups before secret gets replaced:{mfa_result}')
# Replacing the text of the secret
result = update_secret(pas_power_user_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + suffix,
secret_text=secrets_params['secret_text_replaced'],
policy_id=policy_result)
assert result['success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from secret
result = update_secret(pas_power_user_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + suffix,
secret_text=secrets_params['secret_text_replaced']
)
assert result['success'], f'Not Able to remove MFA, API response result:{result["Message"]} '
logger.info(f'Removing MFA from secret: {result}')
# Removing MFA from folder
result = update_folder(core_session, folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix
)
assert result['success'], f'Not Able to remove MFA, API response result:: {result["Message"]} '
logger.info(f'Removing MFA from folder: {result}')
# Getting details of the Secret Replaced
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session,
secret_list[0])
assert get_secret_text == secrets_params['secret_text_replaced'], \
f'Failed to replace the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Replaced: {get_secret_details}')
