def test_delete_ssh_keys_and_account(core_session, add_system_with_ssh_account, get_ssh_key_function, remove_related):
system_id, account_id, ssh_id, system_list, account_list, ssh_list = add_system_with_ssh_account
# Deleting SSH Account
all_key_ids = [ssh_id, get_ssh_key_function]
delete_result, delete_success = ResourceManager.del_multiple_ssh_keys(core_session, all_key_ids,
run_sync=True, remove_related_account=remove_related)
if remove_related:
assert delete_success, f"SSH key {ssh_id} deletion failed with API response result: {delete_result}"
logger.info(f"Account{account_id} associated with system {system_id} and SSH key {ssh_id} was deleted successfully")
else:
assert not delete_success, "Delete should have failed with attached account {delete_result}"
account_list.remove(account_id)
activity = RedrockController.get_ssh_activity(core_session, ssh_id)
sql_query = RedrockController.get_query_for_ids('VaultAccount', [account_id])
result = RedrockController.redrock_query(core_session, sql_query)
if remove_related:
assert len(result) == 0, f"Account not deleted as expected {result}"
else:
assert len(result) == 1, f"Account was delete and should not have been {result} when removed_related_account == False"
sql_query = RedrockController.get_query_for_ids('SshKeys', all_key_ids)
result = RedrockController.redrock_query(core_session, sql_query)
if remove_related:
assert len(result) == 0, f"SSH keys not deleted as expected {result}"
else:
assert len(result) == 1 and ssh_id in str(result), f"Should remain exactly 1 SSH key associated with account {result}"
def test_bulk_account_delete_job_fails_with_request_query_returning_zero_rows_fast_track(
clean_bulk_delete_systems_and_accounts, core_session, simulate_failure,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 1, list_of_created_systems)
_, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values(
[batch])
# Invalid query for the failure case.
if simulate_failure:
sql_query = f"select * from VaultAccount where ID = '{guid()}'"
else:
sql_query = RedrockController.get_query_for_ids(
'VaultAccount', delete_account_ids)
params = Util.scrub_dict({
'Ids': [],
'SaveToSecrets': False,
'SecretName': "",
'SetQuery': sql_query,
'RunSync': True
})
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, \
f'Invalid query bulk account delete request succeeded even though it should fail {result}'
def test_bulk_system_unenroll_by_sql_query_only_unenrolls_correct_systems(core_session, test_four_virtual_aapm_agents):
user_info = core_session.get_current_session_user_info().json()['Result']
agents, _ = test_four_virtual_aapm_agents
all_agent_ids, all_server_ids = _setup_agents(core_session, agents)
unenroll_agent_ids = all_agent_ids[:2]
unenroll_server_ids = all_server_ids[:2]
keep_agent_ids = all_agent_ids[2:]
_validate_aapm_agent_details(core_session, all_agent_ids, True)
sql_query = RedrockController.get_query_for_ids('Server', unenroll_server_ids)
_, success = ResourceManager.unenroll_multiple_systems_by_query(core_session, sql_query)
assert success, f"Unenroll Multiple systems by query failed: {sql_query}"
_validate_aapm_agent_details(core_session, unenroll_agent_ids, False)
_validate_aapm_agent_details(core_session, keep_agent_ids, True)
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkSystemUnenrollClient.StartQuery.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkSystemUnenrollClient.Success.Multi'
start_message = f'{username} initiated unenroll of multiple systems'
end_message = f'{username} successfully unenrolled {len(unenroll_server_ids)} systems'
RedrockController.expect_event_message_by_type(core_session, start_type, start_message)
RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def _validate_aapm_agent_details(session, agent_ids, expected):
query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM')
results = RedrockController.get_result_rows(
RedrockController.redrock_query(session, query))
# make sure num of systems match
assert len(results) == len(agent_ids)
for row in results:
assert row["FeatureAAPM"] is expected
def test_bulk_system_delete_job_fails_due_to_invalid_request_no_query_or_ids_fast_track(
clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)
delete_system_ids, unused_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch])
if simulate_failure:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE,
Util.scrub_dict({'SaveToSecrets': False, 'SecretName': "", 'RunSync': True}))
else:
sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids)
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
{'SetQuery': sql_query, 'SaveToSecrets': False, 'SecretName': "", 'RunSync': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_string_fast_track(core_session, simulate_failure,
test_four_virtual_aapm_agents):
agents, _ = test_four_virtual_aapm_agents
_, server_ids = _setup_agents(core_session, agents)
if simulate_failure:
invalid_query = f"invalid query string" # invalid sql query... should fail
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'SetQuery': invalid_query, 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True}))
else:
valid_query = RedrockController.get_query_for_ids('Server', server_ids)
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'SetQuery': valid_query, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def _wait_for_systems_validation(session, agent_ids, expected, intervals_to_wait=600, delay=1):
while intervals_to_wait > 0:
query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM')
results = RedrockController.get_result_rows(
RedrockController.redrock_query(session, query))
logger.info(results)
# make sure num of systems match
assert len(results) == len(agent_ids)
row = results[0]
if row["FeatureAAPM"] is expected:
return True
if delay > 0:
time.sleep(delay)
intervals_to_wait = intervals_to_wait - 1
return False
def test_bulk_system_delete_by_sql_query_only_deletes_correct_systems_and_accounts(
clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems):
user_info = core_session.get_current_session_user_info().json()['Result']
assert len(ResourceManager.get_multi_added_system_ids(core_session, [
"x"])) == 0 # Use fake GUID string to ensure that filter is working properly, since empty list means no filter
assert len(ResourceManager.get_multi_added_account_ids(core_session, ["x"])) == 0
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems)
batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 6, list_of_created_systems)
batch4 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 8, list_of_created_systems)
batch5 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2, batch3, batch4, batch5])
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 15, "Found wrong number of added systems"
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 59, "Found wrong number of add accounts"
delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2, batch4])
keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3, batch5])
sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids)
ResourceManager.del_multiple_systems_by_query(core_session, sql_query, False, "")
assert set(ResourceManager.get_multi_added_system_ids(core_session,
all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search"
assert set(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search"
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.StartQuery.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Success.Multi'
start_message = f'{username} initiated delete of multiple systems'
end_message = f'{username} successfully deleted {len(delete_system_ids)} systems'
RedrockController.expect_event_message_by_type(core_session, start_type, start_message)
RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_system_delete_generates_secret(clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems, secret_cleaner, core_tenant):
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 3, list_of_created_systems)
batch3 = ResourceManager.add_multiple_ssh_systems_with_accounts(core_session, 1, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3])
all_non_ssh_systems, all_non_shh_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2])
secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid()
sql_query = RedrockController.get_query_for_ids('Server', all_systems)
ResourceManager.del_multiple_systems_by_query(core_session, sql_query, True, secret_name)
ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name)
secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name)
assert secret_id is not None, "No secret was created"
secret_cleaner.append(secret_id)
user_name = core_tenant['admin_user']
user_id = UserManager.get_user_id(core_session, user_name)
result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id)
assert success, f"Did not set secret permission successfully with message {result}"
secret_file_contents = get_file_secret_contents(core_session, secret_id)
assert secret_file_contents.strip().count("\n") == len(
all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}"
assert secret_file_contents.count("thisIsaPAsSwO0rd") == len(
all_non_shh_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}"
# Commenting following assert as AutomationTestKey is not available in secret_file_contents, Tested on both AWS,
# Azure devdog tenants
# assert 'AutomationTestKey' in secret_file_contents, f"Name of SSH key did not appear in secret file {secret_file_contents}"
for server_id in all_non_ssh_systems:
assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}"
for account_id in all_non_shh_accounts:
assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
