def test_add_un_manage_account_activity(core_session, pas_setup): """ :param core_session: Authenticated Centrify Session. :param pas_setup: Fixture for adding a system and an account associated with it. TC: C2534 - Add Windows system with un managed account trying to validate the add un manage Account Activity log's Steps: 1. Try to add a system with un managed account -Assert Failure 2. Try to check in the activity of system -Assert Failure """ user_name = core_session.get_user().get_login_name() sys_id, acc_id, sys_info = pas_setup logger.info(f"System: {sys_info[0]} successfully added with UUID: {sys_id} and account: {sys_info[4]} " f"with UUID: {acc_id} associated with it.") checkflag = True counter = 0 row = None while checkflag is True: if counter != 5: row = ResourceManager.get_system_activity(core_session, sys_id) if row is not None: break checkflag = False counter += 1 reports = [] for system_activity in row: if system_activity['Detail'].__contains__("added local"): reports.append(system_activity["Detail"]) created_date_json = str(row[0]['When']) ResourceManager.get_date(created_date_json) assert f'{user_name} added local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) ' \ f'with credential type Password ' in reports[0], "Account Not Added" logger.info(f"account activity list:{row}")
def test_add_system_invalid_proxy_account_activity(core_session, pas_setup): """ :param core_session: Authenticated Centrify Session. :param pas_setup: Fixture for adding a system and an account associated with it. TC: C1822 - Add Windows resource after clearing valid managed account and invalid proxy account trying to validate the invalid proxy account activity log's Steps: 1. Try to add a system with managed account -Assert Failure 2. Try to check manage account updated to un manage account -Assert Failure """ user_name = core_session.get_user().get_login_name() sys_id, acc_id, sys_info = pas_setup logger.info(f"System: {sys_info[0]} successfully added with UUID: {sys_id} and account: {sys_info[4]} " f"with UUID: {acc_id} associated with it.") row = None counter = 0 while counter <= 10: row = ResourceManager.get_system_activity(core_session, sys_id) if row is not None: break counter += 1 reports = [] for system_activity in row: if system_activity['Detail'].__contains__("added local"): reports.append(system_activity["Detail"]) # ResourceManager.get_date(created_date_json) assert f'{user_name} added local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) ' \ f'with credential type Password ' in reports[0], "Account Not Added" logger.info(f"account activity list:{row}")
def test_delete_accounts(core_session, pas_config, remote_users_qty1, cleanup_resources): """ TC C283234: Delete accounts. :param cleanup_resources: cleanup for systems. :param core_session: Authenticates API session :param pas_config: returns yaml object :param remote_users_qty1: Creates account in target system. :param cleanup_resources:clean up system. """ # Clean up system systems_list = cleanup_resources[0] # Getting system details. sys_name = f"{'Win-2012'}{guid()}" sys_details = pas_config sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN'] add_user_in_target_system = remote_users_qty1 user_password = '******' # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, sys_fqdn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") systems_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) # Delete Account. del_account_result, del_account_success = ResourceManager.del_account( core_session, acc_result) assert del_account_success, f'Failed to delete account:API response result:{del_account_result}' logger.info(f"Successfully deleted account:{del_account_result}") # Getting deletion activity. sys_activity = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{core_session.auth_details["User"]} deleted local account "{add_user_in_target_system[0]}" for' \ f' "{sys_name}"({sys_fqdn}) with credential type Password' in \ sys_activity[0]['Detail'], f"Failed to get the delete account activity:API response result:{sys_activity}" logger.info( f"Successfully found deletion activity in system activity:{sys_activity}" )
def test_delete_system_before_delete_its_account(core_session, pas_windows_setup, users_and_roles): """ TC:C2219 Delete a system before deleting its accounts. :param core_session: Returns a API session. :param pas_windows_setup: Returns a fixture. :param users_and_roles: Fixture to manage roles and user. """ # Creating a system and account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) # Cloud user session with "Privileged Access Service User". cloud_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service User') user_name = cloud_user_session.auth_details['User'] user_id = cloud_user_session.auth_details['UserId'] # Assigning system "View,Edit,Delete" permission. assign_system_result, assign_system_success = ResourceManager.assign_system_permissions( core_session, "View,Edit,Delete", user_name, user_id, 'User', system_id) assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}" logger.info( f'Successfully assigned "View,Edit,Delete" permission to user:{assign_system_result}.' ) # Trying to delete system whose account is not deleted. del_system_result, del_system_success = ResourceManager.del_system( cloud_user_session, system_id) assert del_system_success is False, f'System is deleted:API response result:{del_system_result}' logger.info( f'Failed to delete system whose account is not deleted:{del_system_result}' ) # Checking the system Activity. sys_activity = ResourceManager.get_system_activity(cloud_user_session, system_id) assert f'{user_name} failed to delete system "{sys_info[0]}"({sys_info[1]}). ' \ f'Reason: System has active accounts' in sys_activity[0]['Detail'], \ f'"Failed to get the expected activity:API response result:{sys_activity}' logger.info(f'Successfully Found the expected activity:{sys_activity}')
def test_add_un_manage_account_with_dns_name(core_session, add_single_system): """ :param core_session: Authenticated Centrify Session. TC: C1819 - Add a windows system with un managed account which hostname as DNS Name trying to validating the added un manged account with dns name System Activity log Steps: 1. Try to add a system with dns name -Assert Failure 2. Try to check in the activity of system -Assert Failure """ user_name = core_session.get_user().get_login_name() added_system_id, sys_info = add_single_system logger.info( f"System {sys_info[0]}, with fqdn {sys_info[1]} created successfully with Uuid {added_system_id}") row = ResourceManager.get_system_activity(core_session, added_system_id) assert f'{user_name} added system "{sys_info[0]}"({sys_info[1]})' in row[0]['Detail'], "No system activity data" logger.info(f"account activity list:{row}")
def test_add_windows_activity(core_session, add_single_system): """ :param core_session: Authenticated Centrify Session. TC: C2532 - Add Windows system without account """ user_name = core_session.get_user().get_login_name() added_system_id, sys_info = add_single_system logger.info(f"System {sys_info[0]}, with fqdn {sys_info[1]} created successfully with Uuid {added_system_id}") result, success = ResourceManager.get_system_health(core_session, added_system_id) assert success and result == 'OK', 'failed to test connection with system' result, success = ResourceManager.get_system_health(core_session, added_system_id) assert result != 'Unreachable', f"system {added_system_id} is unreachable, API response result : {result}" logger.info(f"System health check was successful and API response result is: {result}") system_activity = ResourceManager.get_system_activity(core_session, added_system_id) assert f"{user_name} added system" in system_activity[0]['Detail'], f"no system activity found, API response " \ f"result {system_activity}" logger.info(f"System Activity successfully retrieved: {system_activity[0]['Detail']}")
def test_bulk_account_delete_accounts_activity_fast_track( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) delete_ids, _ = DataManipulation.shuffle_and_split_into_two_lists( all_accounts) ResourceManager.del_multiple_accounts(core_session, delete_ids) row = ResourceManager.get_system_activity(core_session, all_systems.pop()) activity_details = [] for system_activity in row: if system_activity['EventType'] == "Cloud.Server.ServerAdd": activity_details.append(system_activity["Detail"]) assert len(activity_details ) == 1, "Wrong dumber of delete activities for the account"
def test_update_un_managed_account(pas_windows_setup, core_session): """ :param pas_windows_setup: Fixture for adding a system and an account associated with it. :param core_session: Authenticated Centrify Session. TC: C2548 - Update un managed account trying to Update un managed account password Steps: Pre: Create system with 1 un manage account hand 1. Try to update valid password -Assert Failure 2. Try to get activity of updated password -Assert Failure 3. Try to check password history """ user_name = core_session.get_user().get_login_name() system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) logger.info( f"System: {sys_info[0]} successfully added with UUID: {system_id} and account: {sys_info[4]} " f"with UUID: {account_id} associated with it.") Result, success = ResourceManager.update_password(core_session, account_id, guid()) assert success, f"Did not update password, API Response: {Result}" logger.info(f'user not able to update password, API Response::{Result}') row = ResourceManager.get_system_activity(core_session, system_id) assert f'{user_name} updated local account "{sys_info[4]}" password for "{sys_info[0]}"' in row[0]['Detail'], \ "user not able to update un managed account password" logger.info( f'account activity logs for un manage account API response:{row}') result, success = ResourceManager.check_out_password( core_session, 1, account_id) assert success, f"Did not retrieve password API response: {result}" logger.info(f'user not able to retrieve password API response:{result}') query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \ f"'{account_id}' and StateUpdatedBy='{user_name}' and State='Retired'" password_history = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query))[0] assert len( password_history ) > 0, f"Password history table did not update {password_history}" logger.info(f'Password history table API response:{password_history}')
def test_bulk_account_delete_multiple_accounts_activity( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 3, list_of_created_systems) all_systems, _ = DataManipulation.aggregate_lists_in_dict_values([batch]) delete_ids = ResourceManager.get_multi_added_account_ids( core_session, all_systems) ResourceManager.del_multiple_accounts(core_session, delete_ids) system_activities = ResourceManager.get_system_activity( core_session, all_systems.pop()) activity_details = [] for activity in system_activities: if activity['EventType'] == "Cloud.Server.ServerAdd": activity_details.append(activity["Detail"]) assert len(activity_details ) == 1, "Wrong number of delete activities for the account"
def test_check_in_password_un_managed_account(core_session, pas_windows_setup, pas_config): """ Test case: C2553 Check in password for the un managed account :param core_session: Returns a API session. :param pas_windows_setup: Returns a fixture. :param pas_config: fixture for fetching up the value from yaml. """ # Creating a system and account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) # Checking out the password and validating the password. password_checkout_result, password_checkout_success = ResourceManager.check_out_password( core_session, 1, accountid=account_id) assert password_checkout_result['Password'] == user_password, \ f"password checkout Failed. API response result: {password_checkout_result}" logger.info( f"password successfully checkout Account password: {password_checkout_result['COID']}" ) # Checking in password. password_check_in_result, password_check_in_success = ResourceManager.check_in_password( core_session, coid=password_checkout_result['COID']) assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}" logger.info( f"password successfully check in for account: {password_check_in_result}" ) # Checking the activity. username = core_session.get_user().get_login_name() result_activity = ResourceManager.get_system_activity( core_session, system_id) assert f'{username} checked in local account "{sys_info[4]}" password for system "{sys_info[0]}"' \ f'({sys_info[1]})' in result_activity[0]['Detail'], \ "Fail to check in password:API response result: {password_check_in_result} " logger.info(f"account activity list:{result_activity}")
def test_manage_to_un_managed(core_session, pas_setup): """ :param core_session: Authenticated Centrify Session. :param pas_setup: Fixture for adding a system and an account associated with it. TC: C2545 Change managed account to un managed account trying to Validate account activity log's Steps: 1. Try to add a system with managed account -Assert Failure 2. Try to check manage account updated to un manage account -Assert Failure """ user_name = core_session.get_user().get_login_name() sys_id, acc_id, sys_info = pas_setup logger.info(f"System: {sys_info[0]} successfully added with UUID: {sys_id} and account: {sys_info[4]} " f"with UUID: {acc_id} associated with it.") success, response = ResourceManager.update_account(core_session, acc_id, sys_info[4], host=sys_id, ismanaged=False) assert success, f'Updating account failed. API response: {response}' logger.info(f'account updated successfully: {response}') checkflag = True counter = 0 row = None while checkflag is True: if counter != 5: row = ResourceManager.get_system_activity(core_session, sys_id) if row is not None: break checkflag = False counter += 1 reports = [] for system_activity in row: if system_activity['Detail'].__contains__("updated local"): reports.append(system_activity["Detail"]) created_date_json = str(row[0]['When']) ResourceManager.get_date(created_date_json) assert f'{user_name} updated local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) ' \ f'with credential type Password ' in reports[0], "Account Not Added" logger.info(f"account activity list:{row}")
def test_update_manage_proxy_account(pas_config, core_session, winrm_engine, remote_users_qty3, test_proxy, cleanup_accounts, cleanup_resources): """ TC: C2549 - Update managed account with using proxy account trying to Update managed account with using proxy account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to update invalid password for proxy account -Assert Failure 2. Try to update valid password for proxy account -Assert Failure 3. Try to check activity log's -Assert Failure 4. Try to check password history """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' sys_details = pas_config add_user_in_target_system = remote_users_qty3 user_password = '******' fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Update system with proxy user password. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=guid(), proxyuserismanaged=True) assert update_sys_result is False, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) # set a different password for the user update_user_password(winrm_engine, add_user_in_target_system[1], user_password) user_name = core_session.get_user().get_login_name() # rotate password for manage account result, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Did not Rotate Password {result}" logger.info( f'account activity logs for un manage account API response:{result}') result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert success, f"Did not retrieve password {result}" logger.info( f'account activity logs for un manage account API response:{result}') row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in \ row[0]['Detail'], "user not able to update un managed account password" logger.info( f'account activity logs for un manage account API response:{row}') query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \ f"'{acc_result}' and StateUpdatedBy='{user_name}' and State='Retired'" password_history = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query))[0] assert len( password_history ) > 0, f"Password history table did not update {password_history}" logger.info(f'Password history table API response:{password_history}')
def test_rotate_password(core_session, pas_config, remote_users_qty3, test_proxy, cleanup_resources, cleanup_accounts): """ TC: C2577 - Rotate Password for managed account trying to Rotate Password for managed account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to rotate password -Assert Failure 2. Try to check activity of manage account -Assert Failure """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] user_name = core_session.get_user().get_login_name() sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty3 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) # Update system with management mode 'Smb'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='Smb') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") result, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Did not rotate password, API response: {result}" logger.info(f"User able to rotate the password: {result}") row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} rotated local account "{add_user_in_target_system[0]}" credential for "{sys_name}"({fdqn})' \ in row[0]['Detail'], "Did not retrieve the activity of rotate password" logger.info(f"User able to get the activity: {row[0]['Detail']}") accounts_list.append(acc_result)
def test_add_manage_account_with_proxy_account(core_session, pas_config, remote_users_qty3, cleanup_resources, cleanup_accounts, test_proxy): """ TC: C2574 - Add system with managed account using proxy account trying to Add system with managed account using proxy account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to checkout password -Assert Failure 2. Try to check activity of manage account -Assert Failure """ user_name = core_session.get_user().get_login_name() logger.info(f'core sessoin user {core_session.get_user()}') system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty3 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Update system with management mode 'Smb'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='Smb') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, add_user_in_target_system[0]) assert server_id == add_sys_result, "Server was not created" assert acc_id == acc_result, "Account was not created" res, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Failed to add account in the portal: {res}" result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert result['Password'] != "Hello123", \ f"password checkout Failed. API response result: {result}" logger.info( f"password successfully checkout Account password: {result['COID']}") row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \ "Did not retrieve the activity of rotate password" logger.info(f"User able to get the activity logs: {row[0]['Detail']}") accounts_list.append(acc_result)
def test_add_account_existing_system(core_session, pas_config, remote_users_qty1, test_proxy, cleanup_resources, cleanup_accounts): """ TC: C2575 - Add managed account to existing system trying to Add managed account to existing system Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to checkout password -Assert Failure 2. Try to check activity of manage account -Assert Failure """ user_details = core_session.__dict__['auth_details'] user_name = core_session.get_user().get_login_name() system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) rights = "Owner,View,Manage,Delete,Login,Naked,RotatePassword,FileTransfer" result, success = ResourceManager.assign_account_permissions( core_session, rights, user_details['User'], user_details['UserId'], pvid=acc_result) assert success, f"Did not rotate password, API response: {result}" # Update system with management mode 'Smb'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='Smb') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") res, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Failed to add account in the portal: {res}" result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert result['Password'] != "Hello123", \ f"password checkout Failed. API response result: {result}" logger.info( f"password successfully checkout Account password: {result['COID']}") row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \ "Did not retrieve the activity of rotate password" logger.info(f"User able to get the activity logs: {row[0]['Detail']}") accounts_list.append(acc_result)
def test_update_un_managed_using_managed_proxy_account_check_password_history( core_session, pas_windows_setup, test_proxy, pas_config): """ TC: C2550 Update un managed account with using proxy account. :param core_session: Returns a API session. :param pas_windows_setup: Fixture for adding a system and an account associated with it. :param pas_config: fixture reading data from resource_data.yaml file. """ # Creating a system with un managed account using un managed proxy account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) # Updating the proxy user password. payload_data = pas_config['Windows_infrastructure_data'] update_proxy_result, update_proxy_success = ResourceManager.update_system( core_session, system_id, sys_info[0], sys_info[1], sys_info[2], proxyuser=payload_data['proxy_username'], proxyuserpassword=payload_data['proxy_password'], proxyuserismanaged=False) assert update_proxy_success, f"Failed to update proxy user password:API response result:{update_proxy_result}." logger.info( f"Successfully able to update the proxy user password without error {update_proxy_result}." ) # Updating the un managed account with invalid password. invalid_data = Configs.get_test_node('invalid_resources_data', 'automation_main') invalid_payload_data = invalid_data['System_infrastructure_data'] invalid_acc_password = invalid_payload_data['invalid_password'] result_update_account, result_update_success = ResourceManager.update_password( core_session, account_id, invalid_acc_password) assert result_update_success, f"Failed to update account with invalid password:"******"API response result:{result_update_account}" logger.info(f"Successfully able to update the un managed " f"account with invalid password:{result_update_account}.") # Getting the Account information and validating the status. status = 'BadCredentials' get_account_info, get_account_status = ResourceManager.get_accounts_from_resource( core_session, system_id) assert get_account_info[0][ 'Healthy'] == status, f'Status does not change to Unknown: {status}' logger.info( f"Successfully able to change status to Unknown {get_account_info}.") # Updating the un managed account with correct password. updated_account_correct_result, updated_account_correct_success = ResourceManager.update_password( core_session, account_id, payload_data['password']) assert updated_account_correct_result, f"Failed to update account with correct password:{payload_data['password']}" logger.info( f"Successfully able to update the un managed account with correct password: {updated_account_correct_result}." ) # Getting the system activity and validating update local account password is done or not. username = core_session.get_user().get_login_name() result_activity = ResourceManager.get_system_activity( core_session, system_id) assert f'{username} updated local account "{sys_info[4]}" password for "{sys_info[0]}"' \ f'({sys_info[1]})' in result_activity[0]['Detail'], \ f"fail to update local account password :{sys_info[4]} " logger.info(f"Successfully update un managed password : {result_activity}")
def test_check_in_password(core_session, pas_config, cleanup_resources, cleanup_accounts, remote_users_qty1): """TC C2555 Checkin password for the managed account from Accounts page trying to Checkin password for the managed account from Accounts page Steps: Pre: Create system with 1 manage account hand 1. Try to Checkout password for an account -Assert Failure 2. Try to check my password check-ins in workspace -Assert Failure """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) success, response = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='RpcOverTcp') assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{add_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, add_user_in_target_system[0]) assert server_id == add_sys_result, "Server was not created" assert acc_id == acc_result, "Account was not created" password_checkout_result, password_checkout_success = \ ResourceManager.check_out_password(core_session, 1, accountid=acc_result) assert password_checkout_success, \ f"expected password equal to actual password: {password_checkout_result}" logger.info( f"password successfully checkout Account password: {password_checkout_result}" ) my_password_checkout = RedrockController.get_total_checkouts(core_session) created_date_json = str(my_password_checkout[0]['LoanDate']) ResourceManager.get_date(created_date_json) check_in_details = [] for i in my_password_checkout: if i['Summary'] in f'{add_user_in_target_system[0]} ({sys_name})': check_in_details.append(i['Summary']) assert check_in_details[0] == f'{add_user_in_target_system[0]} ({sys_name})', \ "fail to checkout password from workspace" logger.info( f"password successfully checkout Account password::{my_password_checkout}" ) password_check_in_result, password_check_in_success = ResourceManager.check_in_password( core_session, coid=password_checkout_result['COID']) assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}" logger.info( f"password successfully check in for account: {add_user_in_target_system[0]}" ) username = core_session.get_user().get_login_name() row = ResourceManager.get_system_activity(core_session, add_sys_result) created_date_json = str(row[0]['When']) ResourceManager.get_date(created_date_json) check_in_details = [] for i in row: if i['Detail'].__contains__("checked in local account"): check_in_details.append(i['Detail']) assert f'{username} checked in local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in \ check_in_details[0], "fail to check in password " logger.info(f"account activity list:{row}") my_password_checkout = RedrockController.get_total_checkouts(core_session) assert len( my_password_checkout ) == 0, "Check in my password in workspace is not getting updated" logger.info( f"password successfully check in for account: {my_password_checkout}") accounts_list.append(acc_result)
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1, cleanup_resources, cleanup_accounts, core_admin_ui): """C2541 Settings on Policy page trying to get rdp through system account with in 15 minute Steps: Pre: Create system with 1 account hand 1. Try to take rdp for system -Assert Failure 2. Try to checkout password for account -Assert Failure """ core_ui = core_admin_ui user_name = core_ui.get_user().get_login_name() system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) success, response = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, 'Windows', allowremote=True, defaultcheckouttime=15) assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{add_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) core_ui.navigate('Resources', 'Accounts') core_ui.search(add_user_in_target_system[0]) core_ui.right_click_action(GridRowByGuid(acc_result), 'Login') core_ui.switch_to_pop_up_window() core_ui.expect_disappear( LoadingMask(), f'RDP session never exited loading state for system {sys_name}', time_to_wait=50) core_ui.switch_to_main_window() row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \ f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp" password_checkout_result, password_checkout_success = \ ResourceManager.check_out_password(core_session, 1, accountid=acc_result) new_cid = password_checkout_result['COID'] assert password_checkout_result['Password'] is not user_password, \ f"expected password equal to actual password: {password_checkout_result}" logger.info(f"password successfully checkout Account password: {new_cid}")
def test_Change_Account_managed(core_session, pas_config, remote_users_qty1, detect_proxy): """ :param core_session: Authenticated Centrify Session. :param pas_config: fixture reading data from resources_data.yaml file. TC: C2544 - Change Account to be a managed account and verify password changed in 5 minutes trying to validate the added manage Account password Activity log's Steps: 1. Try to add a system along with an manage account -Assert Failure 2. Try to check in the account password is rotated -Assert Failure 3. Try to validate account activity log's """ user = core_session.get_user() user_name = user.get_login_name() sys_name = f"Automatedsystem{guid()}" res_data = pas_config user = remote_users_qty1 sys_result, status = ResourceManager.add_system( core_session, sys_name, res_data['Windows_infrastructure_data']['FQDN'], 'Windows', "Rdp") assert status, f"failed to add system" success, response = ResourceManager.update_system( core_session, sys_result, sys_name, res_data['Windows_infrastructure_data']['FQDN'], 'Windows', managementmode='RpcOverTcp') assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{response}") account_id, status = ResourceManager.add_account(core_session, user[0], 'Hello123', sys_result) assert status, f'failed to add account' success, response = ResourceManager.update_account(core_session, account_id, user[0], host=sys_result, ismanaged=True) assert success, f'Updating account failed. API response: {response}' server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, user[0]) assert server_id == sys_result, "Server was not created" assert acc_id == account_id, "Account was not created" res, success = ResourceManager.rotate_password(core_session, account_id) assert success, f"Failed to add account in the portal: {res}" checkout_password, response = ResourceManager.check_out_password( core_session, 1, accountid=account_id) assert checkout_password[ 'Password'] != 'Hello123', f'Checkout Password Failed. API response: {response}' row = ResourceManager.get_system_activity(core_session, sys_result) checkout_activity = row[0]['Detail'] created_date_json = str(row[0]['When']) ResourceManager.get_date(created_date_json) assert f'{user_name} checked out local account "{user[0]}" password for system "{sys_name}"' \ f'({res_data["Windows_infrastructure_data"]["FQDN"]})' == checkout_activity, "No system activity data " logger.info(f"account activity list:{row}")
def test_privilege_service_user_with_view_permission(core_session, pas_setup, get_limited_user_module): """ Test case: C286564 :- Privilege Service User with view permission should can see the related activity :param core_session: Authenticated Centrify session :param pas_setup: fixture to create system with account :param get_limited_user_module: creating cloud user with "Privileged Access Service Power User" right """ system_id, account_id, sys_info = pas_setup cloud_user_session, cloud_user = get_limited_user_module username = cloud_user.get_login_name() user_id = cloud_user.get_id() # "View" permission to cloud user for system result, success = ResourceManager.assign_system_permissions(core_session, "View", username, user_id, pvid=system_id) assert success, f'failed to assign view permission to user {username} for system {sys_info[0]}' logger.info( f'view permission for system {sys_info[0]} assigned to user {username}' ) # Activity validation of system by cloud user rows = ResourceManager.get_system_activity(cloud_user_session, system_id) assert rows[0][ 'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on system ' \ f'"{sys_info[0]}"({sys_info[1]})', 'No activity related to view permission found ' logger.info( f'cloud user {username} can see all the activities of system {sys_info[0]}' ) # "View" permission to cloud user for account result, success = ResourceManager.assign_account_permissions( core_session, "View", username, user_id, pvid=account_id) assert success, f'failed to assign permissions "View" to {username} for account {sys_info[4]} ' \ f'for system {sys_info[0]}' logger.info( f'View permission for account {sys_info[4]} of system {sys_info[0]} to user {username}' ) # Activity validation of account by cloud user activity = RedrockController.get_account_activity(cloud_user_session, account_id) assert activity[0][ 'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on local account' \ f' "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) with credential ' \ f'type Password ', 'No activity related to view permission found ' logger.info( f'cloud user {username} can see all the activities of account {sys_info[4]} of system {sys_info[0]}' ) # Created secret secret_name = f"test_secret{guid()}" status, parameters, secret_result = create_text_secret( core_session, secret_name, "test_secret_text") assert status, f'failed to create secret with returned result: {result}' logger.info( f'secret created successfully {result}, returned parameters are {parameters}' ) # Assigning view permission to secret to cloud user result, success = set_users_effective_permissions(core_session, username, "View", user_id, secret_result) assert success, f'failed to set permissions of secret for user {username}' logger.info( f'successfully granted "View" permission for secret to {secret_name} to user {username}' ) # Activity validation of secret by cloud user secret_activity = get_secret_activity(cloud_user_session, secret_result) assert f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on the ' \ f'secret "{secret_name}"' in secret_activity[0]['Detail'], 'No activity related to view permission found ' logger.info( f'cloud user {username} can see all the activities of secret of {secret_name}' )