def test_view_builtin_password_complex_profile(core_session, core_admin_ui):
"""
Test case: C1632
:param core_session: Centrify session
:param core_admin_ui: Centrify admin Ui session
"""
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Password Profiles")
ResourceManager.get_profiles(core_session, type="Default", rr_format=True)
ui.select_option(name=ComboboxWithNameStartsWith("jsutil-datacombo"), item_name="Built-In Profiles")
ui.action("View Profile", "Windows")
# Viewing the Built-in windows profile Checking Minimum password Length, Maximum password Length,
# Minium Alphabetic Character Count, Minimum NonAlphabetic Character Count
ui.expect(ReadOnlyTextField('Name'), "Name is not editable")
ui.expect(ReadOnlyTextField('MinimumPasswordLength'), "Minimum Password Length is not editable")
ui.expect(ReadOnlyTextField('MaximumPasswordLength'), "Maximum Password Length is not editable")
ui.expect(ReadOnlyTextField('MinimumAlphabeticCharacterCount'),
"Minimum Alphabetic Character Count is not editable")
ui.expect(ReadOnlyTextField('MinimumNonAlphabeticCharacterCount'),
"Minimum Non Alphabetic Character Count is not editable")
ui.close_modal("Close", modal_title="Password Complexity Profile")
logger.info("Password profile for windows is not editable as expected")
ui.switch_context(RenderedTab("Password Profiles"))
# viewing the Database built-in profile. Checking Minimum password Length, Maximum password Length,
# Minium Alphabetic Character Count, Minimum NonAlphabetic Character Count
ui.action("View Profile", "Default profile for Oracle Database services")
ui.expect(ReadOnlyTextField('Name'), "Name is not editable")
ui.expect(ReadOnlyTextField('MinimumPasswordLength'), "Minimum Password Length is not editable")
ui.expect(ReadOnlyTextField('MaximumPasswordLength'), "Maximum Password Length is not editable")
ui.expect(ReadOnlyTextField('MinimumAlphabeticCharacterCount'),
"Minimum Alphabetic Character Count is not editable")
ui.expect(ReadOnlyTextField('MinimumNonAlphabeticCharacterCount'),
"Minimum Non Alphabetic Character Count is not editable")
ui.close_modal("Close", modal_title="Password Complexity Profile")
logger.info("Password profile for windows is not editable as expected")
ui.switch_context(RenderedTab("Password Profiles"))
# viewing the Active directory built-in profile. Checking Minimum password Length, Maximum password Length,
# Minium Alphabetic Character Count, Minimum NonAlphabetic Character Count, Read Only Text Field
ui.action("View Profile", "Default profile for Active Directory domains")
ui.expect(ReadOnlyTextField('Name'), "Name is not editable")
ui.expect(ReadOnlyTextField('MinimumPasswordLength'), "Minimum Password Length is not editable")
ui.expect(ReadOnlyTextField('MaximumPasswordLength'), "Maximum Password Length is not editable")
ui.expect(ReadOnlyTextField('MinimumAlphabeticCharacterCount'),
"Minimum Alphabetic Character Count is not editable")
ui.expect(ReadOnlyTextField('MinimumNonAlphabeticCharacterCount'),
"Minimum Non Alphabetic Character Count is not editable")
ui.close_modal("Close", modal_title="Password Complexity Profile")
logger.info("Password profile for domains is not editable as expected")
def test_account_case_insensitive(core_session, pas_windows_setup,
core_admin_ui):
"""
TC:C2191 Account should be case insensitive for Windows.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param core_admin_ui: Return a browser session.
"""
# Adding a system with account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Launch UI.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.switch_context(RenderedTab("Accounts"))
ui.launch_modal("Add", modal_title="Add Account")
ui.input('User', sys_info[4].upper())
password = f'Password@123{guid()}'
ui.input('Password', password)
ui.button("Add")
assert ui.check_exists(ErrorModal()), 'Failed to found Error Modal'
logger.info('Successfully Found Error Modal')
def test_system_password_rotation_switch_page(core_session, pas_setup, core_admin_ui):
"""
Test Case ID: C1672
:param core_session: Returns API session
:param pas_setup: Creates System and Account
:param core_admin_ui: Authenticates Centrify UI session
"""
# Creating windows system.
system_id, account_id, sys_info = pas_setup
system_name = sys_info[0]
# Navigating to System and enabling the "password rotation duration" option with valid values.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(system_name)
ui.click_row(GridRowByGuid(system_id))
ui.tab('Advanced')
ui.switch_context(RenderedTab("Advanced"))
ui.select_option("AllowPasswordRotation", "Yes")
expected_password_rotation_duration = 5
ui.input("PasswordRotateDuration", expected_password_rotation_duration)
ui.save()
ui.navigate('Resources', 'Domains')
# Leaving the page and coming back to the System's page as per the test case.
ui.navigate('Resources', 'Systems')
system_list = RedrockController.get_computers(core_session)
discovered_system = []
for system in system_list:
if system['Name'] == sys_info[0]:
discovered_system.append(system['ID'])
discovered_system.append(system['PasswordRotateDuration'])
assert expected_password_rotation_duration == discovered_system[1], f"password rotation duration count {expected_password_rotation_duration} not matched with actual count {discovered_system[1]}"
logger.info(
f"Password rotation duration of the system {system_name} with id {system_id} saved with count {discovered_system[1]}")
def test_system_password_rotation(core_session, pas_setup, core_admin_ui):
"""
Test Case ID: C1671
:param core_session: Returns API session
:param pas_setup: Creates System and Account
:param core_admin_ui: Authenticates Centrify UI session
"""
# Creating windows system.
system_id, account_id, sys_info = pas_setup
system_name = sys_info[0]
# Navigating to System and enabling the "All Password Rotation" option with valid and invalid values.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(system_name)
ui.click_row(GridRowByGuid(system_id))
ui.tab('Advanced')
ui.switch_context(RenderedTab("Advanced"))
ui.select_option("AllowPasswordRotation", "Yes")
expected_password_rotation_duration = 1
ui.input("PasswordRotateDuration", expected_password_rotation_duration)
ui.expect(Button("Save"), "Save button should enabled")
logger.info("Save button enabled")
ui.save()
logger.info("Valid value 1 is accepted and saved successfully")
# Checking the value is saved and reflected with the system's settings.
system_list = RedrockController.get_computers(core_session)
discovered_system = []
for system in system_list:
if system['Name'] == sys_info[0]:
discovered_system.append(system['ID'])
discovered_system.append(system['PasswordRotateDuration'])
actual_password_rotation_duration = discovered_system[1]
assert expected_password_rotation_duration == actual_password_rotation_duration, f"password rotation duration count {expected_password_rotation_duration} not matched with actual count {actual_password_rotation_duration}"
logger.info(
f"Password rotation duration of the system {system_name} with id {system_id} saved with count {actual_password_rotation_duration} ")
# Changing the value of password rotation duration with invalid value 0.
ui.tab('Advanced')
ui.switch_context(RenderedTab("Advanced"))
ui.select_option("AllowPasswordRotation", "Yes")
ui.input("PasswordRotateDuration", 0)
ui.save()
ui.switch_context(ErrorModal())
ui.expect(Div("Please correct the errors in your form before submitting."), " Error pop up should appear")
logger.info("Invalid value 0 is not accepted and thrown error popup successfully")
def test_check_action_menu(core_session, pas_windows_setup, users_and_roles):
"""
TC:C2172 Check Actions menu.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param users_and_roles: Returns Authenticated Centrify UI session with limited rights.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Getting the limited user session with limited rights " Privilege Service Power User right."
ui = users_and_roles.get_ui_as_user("Privileged Access Service Power User")
limited_user = ui.get_user()
# Assigning "Login" permission for system to limited user.
assign_system_perm_res, assign_system_perm_success = \
ResourceManager.assign_account_permissions(core_session, "Login",
limited_user.get_login_name(),
limited_user.get_id(),
'User',
account_id)
assert assign_system_perm_success, f"Failed to assign 'Edit' permissions to " \
f"user for the system: API response result: {assign_system_perm_res}."
logger.info(
f"Successfully assign 'Edit' permissions to user for the system:{assign_system_perm_res}."
)
# UI Launch.
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.check_row_by_guid(account_id)
ui.switch_context(RenderedTab("Accounts"))
expected_actions = ['Login', 'Add To Set', 'Verify Credential']
ui.check_actions(expected_actions, sys_info[4])
logger.info('Successfully found "Actions" menu in Accounts page.')
ui.expect(GridRowCheckbox(sys_info[4], True),
"Not checking the row").try_click()
logger.info('Successfully uncheck the account row.')
ui.right_click(GridRowByGuid(account_id))
Flag = False
counter = 0
while Flag:
list_action_elements = ui.get_list_of_right_click_element_values(
'Login')
if 'Verify Credential' in list_action_elements:
Flag = True
break
counter += 1
if counter == 10:
break
assert expected_actions == list_action_elements, f"Expected actions elements are not found in the list"
logger.info(
'Successfully found the elements same as in "Actions" menu in Accounts page.'
)
def test_domain_action_try_to_delete_parent_domain(core_session, domain_setup,
cleanup_resources,
core_admin_ui):
"""
TC:C2112 Check domain's "Actions" when try to delete the parent domain"".
:param core_session: Returns API session.
:param domain_setup: Fixture for domain creation.
:param cleanup_resources: cleaner for domain.
:param core_admin_ui: Return browser session.
"""
# Creating a parent domain.
parent_domain_id, domain_info = domain_setup
parent_domain_name = domain_info[0]
# Create a child domain.
child_domain_name = f"{'child'}{guid()}"
domain_cleanup_list = cleanup_resources[1]
new_child_domain_id, add_child_domain_success = ResourceManager.add_child_domain(
core_session,
child_domain_name,
description='test_child_domain',
parent_id=parent_domain_id)
assert add_child_domain_success, f'Failed to create child domain:API response result:{new_child_domain_id}'
logger.info(
f"Successfully created child domain:API response result: {new_child_domain_id}"
)
domain_cleanup_list.append(new_child_domain_id)
# Trying to delete parent domain without deleting a child,expecting a failure.
failed_del_domain_result, failed_del_domain_success = ResourceManager.del_domain(
core_session, parent_domain_id)
assert failed_del_domain_success is False, f'Could able to delete domain:API response ' \
f'result: {failed_del_domain_result} '
logger.info(
f"Successfully found error message Unable to delete the domain."
f"Domain has child domains {failed_del_domain_result}")
# UI Launch
ui = core_admin_ui
ui.navigate('Resources', 'Domains')
ui.switch_context(RenderedTab('Domains'))
ui.check_span(parent_domain_name)
ui.check_span(child_domain_name)
ui.check_actions(["Set Administrative Account", "Add To Set"])
logger.info(
'Successfully find "Set Administrative Account" & "Add To Set" in Actions Menu.'
)
def test_enable_workflow_without_approve(core_session, pas_windows_setup,
core_admin_ui):
"""
TC:C2192 Enable workflow without approver.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param core_admin_ui: Return a browser session.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Launch UI.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.click_row(GridRowByGuid(account_id))
ui.tab('Workflow')
ui.select_option('WorkflowEnabled', 'Yes')
ui.switch_context(ActiveMainContentArea())
ui.expect(TreeFolder('Permissions'),
'Expect to permission tab but failed to find it.').try_click(
Modal())
ui.switch_context(WarningModal())
warning_message = "Please correct the errors before leaving the page."
ui.check_exists(Div(warning_message))
logger.info(
'Successfully found warning modal when try to navigate to another page.'
)
ui.close_modal('Close')
ui.switch_context(RenderedTab('Workflow'))
ui.button('Save')
ui.switch_context(WarningModal())
save_warning_message = "Please correct the errors in your form before submitting."
ui.check_exists(Div(save_warning_message))
logger.info(
'Successfully found warning modal containing "Please correct the errors in your form before '
'submitting".')
def test_check_action_menu_selecting_existing_account(core_session,
pas_windows_setup,
users_and_roles):
"""
TC:C2173 Check Actions menu after selecting an existing account.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param:users_and_roles:Fixture to manage roles and user.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Cloud user session with "'Privileged Access Service Power User'".
cloud_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
user_name = cloud_user_session.auth_details['User']
user_id = cloud_user_session.auth_details['UserId']
# UI session with 'Privileged Access Service Power User' rights.
ui = users_and_roles.get_ui_as_user('Privileged Access Service Power User')
# Assigning system "Edit" permission.
assign_system_result, assign_system_success = ResourceManager.assign_system_permissions(
core_session, "Edit", user_name, user_id, 'User', system_id)
assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}"
logger.info(
f'Successfully assigned "Edit" permission to user:{assign_system_result}.'
)
# UI Launch.
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.switch_context(RenderedTab("Accounts"))
ui.check_row(sys_info[4])
assert ui.button_exists(
'Actions'), "Failed to find 'Actions'menu button in Accounts page."
logger.info('Successfully found "Actions" menu in Accounts page. ')
def test_access_system_not_allow_from_public_network(core_session,
pas_windows_setup,
core_admin_ui,
update_tenant_remote):
"""
C1573 : 20180720-02:31:59 system Level
:param core_session: Authenticated Centrify Session
:param pas_windows_setup: Added Windows system with Account associated to it.
:param core_admin_ui: Authenticated Centrify Browser Session
"""
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
ui = core_admin_ui
# Disable 'Allow access from a public network' policy on Global Security Setting page
result, success = update_tenant_remote(core_session, False)
assert success, f"Not able to disable 'Allow access from a public network' policy on Global Security Setting " \
f"page. API response result: {result}. "
logger.info(
f"'Allow access from a public network' policy disabled on Global Security Setting page"
)
# Navigating Resources - System page
ui.navigate("Resources", "Systems")
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.check_row_by_guid(account_id)
ui.switch_context(RenderedTab("Accounts"))
# Login to Account using RDP session
ui.action('Login')
ui.wait_for_tab_with_name(f"Login session {sys_info[0]}")
expected_alert_message = "Remote access not allowed. Please enable the 'Allow access from a public network' " \
"policy if web login from a public network is required."
core_admin_ui.switch_context(WarningModal())
assert core_admin_ui.check_exists(
(Div(expected_alert_message))
), f"pop up warning message for Remote access is not same as : {expected_alert_message}"
logger.info(f"Correct pop up warning message displayed for Remote access.")
def test_check_dialog_select_user_group_role(core_session, core_admin_ui,
pas_windows_setup):
"""
TC:C2220 Check the dialog for Select User, Group, Role panel.
:param:core_session: Returns Authenticated Centrify session.
:param:core_admin_ui:Returns browser session.
:param pas_windows_setup: Return a fixture.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# UI Launch
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.tab('Permissions')
ui.switch_context(RenderedTab('Permissions'))
ui.launch_modal('Add', modal_title='Select User, Group, or Role')
logger.info(
'Successfully could not find "computer" in "Select User, Group, or Role" dialog list.'
)
def test_check_account_actions(core_session, users_and_roles,
pas_windows_setup):
"""
TC:C2214 Check account's Actions.
:param:core_session: Returns Authenticated Centrify session.
:param users_and_roles: Fixture to manage roles and user.
:param pas_windows_setup: Return a fixture.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# UI session with 'Privileged Access Service Power User' rights.
ui = users_and_roles.get_ui_as_user(
"Privileged Access Service Administrator")
# UI Launch
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.switch_context(RenderedTab('Accounts'))
ui.check_actions(['Add To Set', 'Verify Credential'], sys_info[4])
logger.info('Successfully show accounts menu rather than system menu.')
def test_check_menu_two_sys_under_password_checkouts(core_session,
list_of_created_systems,
core_admin_ui,
cleanup_resources,
cleanup_accounts):
"""
TC:C2174 Check menu when choosing two systems under My Password Checkouts.
:param:core_session: Returns Authenticated Centrify session.
:param:list_of_created_systems:Container for created system.
:param:core_admin_ui: Returns browser session.
:param:cleanup_resources: Cleans up system.
:param:cleanup_accounts:Cleans up accounts.
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Creating multiple system and accounts.
batches = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batches])
assert len(
ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 2, f"Failed to create multiple " \
f"system with accounts: API " \
f"response result: {batches} "
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 2, f"Failed to create multiple system " \
f"with accounts: API response result: " \
f"{batches} "
logger.info(
f'Successfully Created multiple system with accounts.:{batches}')
# Appending the created system and accounts id for cleanup.
for all_account in all_accounts:
accounts_list.append(all_account)
for all_system in all_systems:
system_list.append(all_system)
# Checking out password for the account created.
accounts_password_checkout = []
for account_id in all_accounts:
result, status = ResourceManager.check_out_password(
core_session, 1, account_id, 'test checkout account')
accounts_password_checkout.append(result['COID'])
assert status, f'Failed to checkout password: API response result: {result}'
# Getting the account name.
accounts_name = []
for account_id in all_accounts:
result, success = ResourceManager.get_account_information(
core_session, account_id)
accounts_name.append(result["VaultAccount"]["Row"]['User'])
# Validating "No actions available" after selecting two accounts from My Password Checkout Title in workspace.
ui = core_admin_ui
ui.navigate(("Workspace", "My Password Checkouts"))
ui.switch_context(RenderedTab('My Password Checkouts'))
ui.check_actions_by_guid([], accounts_password_checkout)
logger.info(
'Successfully found "No actions available." after password account checkout.'
)
def test_ui_check_job_details_page_values(core_session, core_admin_ui, list_of_created_systems):
"""
Test case: C1670
:param core_session: Returns API session
:param core_admin_ui: Centrify admin Ui session
:param list_of_created_systems: returns the empty systems list.
"""
account_name_prefix = f'account_test{guid()}'
# adding multiple systems with accounts
result = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems,
user_prefix=account_name_prefix)
# arranging the results in the lists
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([result])
# Deleting systems for creating bulk delete scheduled report
result_acc, success_acc = ResourceManager.del_multiple_accounts(core_session, all_accounts)
assert success_acc, f"Api did not complete successfully for bulk account delete MSG:{result_acc}"
# Deleting accounts for creating bulk delete scheduled report
result_sys, success = ResourceManager.del_multiple_systems(core_session, all_systems)
assert success, f'Delete systems job failed when expected success'
logger.info(f"Delete systems job executed successfully {result_sys}")
# Going to password storage page and click on migration job status link.
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Password Storage", check_rendered_tab=False)
ui.expect(Anchor("View Migration Job Status and Reports "), "Clicking migration job status").try_click()
ui.switch_to_newest_tab()
ui._waitUntilSettled()
ui.click_row(GridRowByGuid(result_sys))
ui.expect(Span("Details"), "Clicking migration job status").try_click(Div("Job Details"))
# Checking the Job Id of system.
ui.expect_value(Div(result_sys), value=None, expected_value=result_sys,
wrong_value_message="expected id value is not matched in the report",
text=True)
logger.info("Id value in the Job description appeared correctly")
# List of the Expected text from Job Details
list_of_text = ['Job Information', 'Type', 'ID', 'Description', 'Submitted', 'Started', 'Completed',
'Retry Count', 'Items Synced', 'Items Failed']
# Getting the Job history
job_history = JobManager.get_job_history(core_session)
# Validating the Job history expected title appeared correctly on UI.
for label in list_of_text:
ui.expect_value(Label(label), value=None, expected_value=label,
wrong_value_message=f"expected {label} value is not matched in the report",
text=True)
logger.info(f"expected {label} value is matched in the report")
delete_scheduled_job = []
check_text = []
if job_history[1]['JobName'] == 'BulkSystemDelete':
account_bulk_delete_schedule_id = job_history[0]['ID']
System_bulk_delete_schedule_id = job_history[1]['ID']
System_jobdescription = job_history[1]['JobDescription']
System_jobName = job_history[1]['JobName']
check_text.append(System_bulk_delete_schedule_id)
check_text.append(System_jobdescription)
check_text.append(System_jobName)
check_text.append(account_bulk_delete_schedule_id)
delete_scheduled_job.append(System_bulk_delete_schedule_id)
ui.switch_context(RenderedTab("Job Details"))
# Validating the Job history results from API appeared correctly on UI.
for text in check_text:
ui.expect_value(Div(text), value=None, expected_value=text,
wrong_value_message=f"expected {text} value is not matched in the report",
text=True)
logger.info(f"expected {text} value is matched in the report")
# Deleting the Scheduled jobs of Bulk System's and Account's
for delete in delete_scheduled_job:
result_account_delete, success, response = Discovery.delete_job_history(core_session, delete)
assert success, f"Failed to delete Job history profile {result_account_delete}"
logger.info(f"delete Job history profile with id {delete} successful {success}")