def test_add_un_manage_account_activity(core_session, pas_setup):
"""
:param core_session: Authenticated Centrify Session.
:param pas_setup: Fixture for adding a system and an account associated with it.
TC: C2534 - Add Windows system with un managed account
trying to validate the add un manage Account Activity log's
Steps:
1. Try to add a system with un managed account
-Assert Failure
2. Try to check in the activity of system
-Assert Failure
"""
user_name = core_session.get_user().get_login_name()
sys_id, acc_id, sys_info = pas_setup
logger.info(f"System: {sys_info[0]} successfully added with UUID: {sys_id} and account: {sys_info[4]} "
f"with UUID: {acc_id} associated with it.")
checkflag = True
counter = 0
row = None
while checkflag is True:
if counter != 5:
row = ResourceManager.get_system_activity(core_session, sys_id)
if row is not None:
break
checkflag = False
counter += 1
reports = []
for system_activity in row:
if system_activity['Detail'].__contains__("added local"):
reports.append(system_activity["Detail"])
created_date_json = str(row[0]['When'])
ResourceManager.get_date(created_date_json)
assert f'{user_name} added local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) ' \
f'with credential type Password ' in reports[0], "Account Not Added"
logger.info(f"account activity list:{row}")
def test_add_system_invalid_proxy_account_activity(core_session, pas_setup):
"""
:param core_session: Authenticated Centrify Session.
:param pas_setup: Fixture for adding a system and an account associated with it.
TC: C1822 - Add Windows resource after clearing valid managed account and invalid proxy account
trying to validate the invalid proxy account activity log's
Steps:
1. Try to add a system with managed account
-Assert Failure
2. Try to check manage account updated to un manage account
-Assert Failure
"""
user_name = core_session.get_user().get_login_name()
sys_id, acc_id, sys_info = pas_setup
logger.info(f"System: {sys_info[0]} successfully added with UUID: {sys_id} and account: {sys_info[4]} "
f"with UUID: {acc_id} associated with it.")
row = None
counter = 0
while counter <= 10:
row = ResourceManager.get_system_activity(core_session, sys_id)
if row is not None:
break
counter += 1
reports = []
for system_activity in row:
if system_activity['Detail'].__contains__("added local"):
reports.append(system_activity["Detail"])
# ResourceManager.get_date(created_date_json)
assert f'{user_name} added local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) ' \
f'with credential type Password ' in reports[0], "Account Not Added"
logger.info(f"account activity list:{row}")
def test_delete_accounts(core_session, pas_config, remote_users_qty1,
cleanup_resources):
"""
TC C283234: Delete accounts.
:param cleanup_resources: cleanup for systems.
:param core_session: Authenticates API session
:param pas_config: returns yaml object
:param remote_users_qty1: Creates account in target system.
:param cleanup_resources:clean up system.
"""
# Clean up system
systems_list = cleanup_resources[0]
# Getting system details.
sys_name = f"{'Win-2012'}{guid()}"
sys_details = pas_config
sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN']
add_user_in_target_system = remote_users_qty1
user_password = '******'
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, sys_fqdn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
systems_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
# Delete Account.
del_account_result, del_account_success = ResourceManager.del_account(
core_session, acc_result)
assert del_account_success, f'Failed to delete account:API response result:{del_account_result}'
logger.info(f"Successfully deleted account:{del_account_result}")
# Getting deletion activity.
sys_activity = ResourceManager.get_system_activity(core_session,
add_sys_result)
assert f'{core_session.auth_details["User"]} deleted local account "{add_user_in_target_system[0]}" for' \
f' "{sys_name}"({sys_fqdn}) with credential type Password' in \
sys_activity[0]['Detail'], f"Failed to get the delete account activity:API response result:{sys_activity}"
logger.info(
f"Successfully found deletion activity in system activity:{sys_activity}"
)
def test_delete_system_before_delete_its_account(core_session,
pas_windows_setup,
users_and_roles):
"""
TC:C2219 Delete a system before deleting its accounts.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param users_and_roles: Fixture to manage roles and user.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Cloud user session with "Privileged Access Service User".
cloud_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
user_name = cloud_user_session.auth_details['User']
user_id = cloud_user_session.auth_details['UserId']
# Assigning system "View,Edit,Delete" permission.
assign_system_result, assign_system_success = ResourceManager.assign_system_permissions(
core_session, "View,Edit,Delete", user_name, user_id, 'User',
system_id)
assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}"
logger.info(
f'Successfully assigned "View,Edit,Delete" permission to user:{assign_system_result}.'
)
# Trying to delete system whose account is not deleted.
del_system_result, del_system_success = ResourceManager.del_system(
cloud_user_session, system_id)
assert del_system_success is False, f'System is deleted:API response result:{del_system_result}'
logger.info(
f'Failed to delete system whose account is not deleted:{del_system_result}'
)
# Checking the system Activity.
sys_activity = ResourceManager.get_system_activity(cloud_user_session,
system_id)
assert f'{user_name} failed to delete system "{sys_info[0]}"({sys_info[1]}). ' \
f'Reason: System has active accounts' in sys_activity[0]['Detail'], \
f'"Failed to get the expected activity:API response result:{sys_activity}'
logger.info(f'Successfully Found the expected activity:{sys_activity}')
def test_add_un_manage_account_with_dns_name(core_session, add_single_system):
"""
:param core_session: Authenticated Centrify Session.
TC: C1819 - Add a windows system with un managed account which hostname as DNS Name
trying to validating the added un manged account with dns name System Activity log
Steps:
1. Try to add a system with dns name
-Assert Failure
2. Try to check in the activity of system
-Assert Failure
"""
user_name = core_session.get_user().get_login_name()
added_system_id, sys_info = add_single_system
logger.info(
f"System {sys_info[0]}, with fqdn {sys_info[1]} created successfully with Uuid {added_system_id}")
row = ResourceManager.get_system_activity(core_session, added_system_id)
assert f'{user_name} added system "{sys_info[0]}"({sys_info[1]})' in row[0]['Detail'], "No system activity data"
logger.info(f"account activity list:{row}")
def test_add_windows_activity(core_session, add_single_system):
"""
:param core_session: Authenticated Centrify Session.
TC: C2532 - Add Windows system without account
"""
user_name = core_session.get_user().get_login_name()
added_system_id, sys_info = add_single_system
logger.info(f"System {sys_info[0]}, with fqdn {sys_info[1]} created successfully with Uuid {added_system_id}")
result, success = ResourceManager.get_system_health(core_session, added_system_id)
assert success and result == 'OK', 'failed to test connection with system'
result, success = ResourceManager.get_system_health(core_session, added_system_id)
assert result != 'Unreachable', f"system {added_system_id} is unreachable, API response result : {result}"
logger.info(f"System health check was successful and API response result is: {result}")
system_activity = ResourceManager.get_system_activity(core_session, added_system_id)
assert f"{user_name} added system" in system_activity[0]['Detail'], f"no system activity found, API response " \
f"result {system_activity}"
logger.info(f"System Activity successfully retrieved: {system_activity[0]['Detail']}")
def test_bulk_account_delete_accounts_activity_fast_track(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
delete_ids, _ = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
ResourceManager.del_multiple_accounts(core_session, delete_ids)
row = ResourceManager.get_system_activity(core_session, all_systems.pop())
activity_details = []
for system_activity in row:
if system_activity['EventType'] == "Cloud.Server.ServerAdd":
activity_details.append(system_activity["Detail"])
assert len(activity_details
) == 1, "Wrong dumber of delete activities for the account"
def test_update_un_managed_account(pas_windows_setup, core_session):
"""
:param pas_windows_setup: Fixture for adding a system and an account associated with it.
:param core_session: Authenticated Centrify Session.
TC: C2548 - Update un managed account
trying to Update un managed account password
Steps:
Pre: Create system with 1 un manage account hand
1. Try to update valid password
-Assert Failure
2. Try to get activity of updated password
-Assert Failure
3. Try to check password history
"""
user_name = core_session.get_user().get_login_name()
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
logger.info(
f"System: {sys_info[0]} successfully added with UUID: {system_id} and account: {sys_info[4]} "
f"with UUID: {account_id} associated with it.")
Result, success = ResourceManager.update_password(core_session, account_id,
guid())
assert success, f"Did not update password, API Response: {Result}"
logger.info(f'user not able to update password, API Response::{Result}')
row = ResourceManager.get_system_activity(core_session, system_id)
assert f'{user_name} updated local account "{sys_info[4]}" password for "{sys_info[0]}"' in row[0]['Detail'], \
"user not able to update un managed account password"
logger.info(
f'account activity logs for un manage account API response:{row}')
result, success = ResourceManager.check_out_password(
core_session, 1, account_id)
assert success, f"Did not retrieve password API response: {result}"
logger.info(f'user not able to retrieve password API response:{result}')
query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \
f"'{account_id}' and StateUpdatedBy='{user_name}' and State='Retired'"
password_history = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))[0]
assert len(
password_history
) > 0, f"Password history table did not update {password_history}"
logger.info(f'Password history table API response:{password_history}')
def test_bulk_account_delete_multiple_accounts_activity(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 3, list_of_created_systems)
all_systems, _ = DataManipulation.aggregate_lists_in_dict_values([batch])
delete_ids = ResourceManager.get_multi_added_account_ids(
core_session, all_systems)
ResourceManager.del_multiple_accounts(core_session, delete_ids)
system_activities = ResourceManager.get_system_activity(
core_session, all_systems.pop())
activity_details = []
for activity in system_activities:
if activity['EventType'] == "Cloud.Server.ServerAdd":
activity_details.append(activity["Detail"])
assert len(activity_details
) == 1, "Wrong number of delete activities for the account"
def test_check_in_password_un_managed_account(core_session, pas_windows_setup,
pas_config):
"""
Test case: C2553 Check in password for the un managed account
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param pas_config: fixture for fetching up the value from yaml.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Checking out the password and validating the password.
password_checkout_result, password_checkout_success = ResourceManager.check_out_password(
core_session, 1, accountid=account_id)
assert password_checkout_result['Password'] == user_password, \
f"password checkout Failed. API response result: {password_checkout_result}"
logger.info(
f"password successfully checkout Account password: {password_checkout_result['COID']}"
)
# Checking in password.
password_check_in_result, password_check_in_success = ResourceManager.check_in_password(
core_session, coid=password_checkout_result['COID'])
assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}"
logger.info(
f"password successfully check in for account: {password_check_in_result}"
)
# Checking the activity.
username = core_session.get_user().get_login_name()
result_activity = ResourceManager.get_system_activity(
core_session, system_id)
assert f'{username} checked in local account "{sys_info[4]}" password for system "{sys_info[0]}"' \
f'({sys_info[1]})' in result_activity[0]['Detail'], \
"Fail to check in password:API response result: {password_check_in_result} "
logger.info(f"account activity list:{result_activity}")
def test_manage_to_un_managed(core_session, pas_setup):
"""
:param core_session: Authenticated Centrify Session.
:param pas_setup: Fixture for adding a system and an account associated with it.
TC: C2545 Change managed account to un managed account
trying to Validate account activity log's
Steps:
1. Try to add a system with managed account
-Assert Failure
2. Try to check manage account updated to un manage account
-Assert Failure
"""
user_name = core_session.get_user().get_login_name()
sys_id, acc_id, sys_info = pas_setup
logger.info(f"System: {sys_info[0]} successfully added with UUID: {sys_id} and account: {sys_info[4]} "
f"with UUID: {acc_id} associated with it.")
success, response = ResourceManager.update_account(core_session, acc_id, sys_info[4], host=sys_id,
ismanaged=False)
assert success, f'Updating account failed. API response: {response}'
logger.info(f'account updated successfully: {response}')
checkflag = True
counter = 0
row = None
while checkflag is True:
if counter != 5:
row = ResourceManager.get_system_activity(core_session, sys_id)
if row is not None:
break
checkflag = False
counter += 1
reports = []
for system_activity in row:
if system_activity['Detail'].__contains__("updated local"):
reports.append(system_activity["Detail"])
created_date_json = str(row[0]['When'])
ResourceManager.get_date(created_date_json)
assert f'{user_name} updated local account "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) ' \
f'with credential type Password ' in reports[0], "Account Not Added"
logger.info(f"account activity list:{row}")
def test_update_manage_proxy_account(pas_config, core_session, winrm_engine,
remote_users_qty3, test_proxy,
cleanup_accounts, cleanup_resources):
"""
TC: C2549 - Update managed account with using proxy account
trying to Update managed account with using proxy account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to update invalid password for proxy account
-Assert Failure
2. Try to update valid password for proxy account
-Assert Failure
3. Try to check activity log's
-Assert Failure
4. Try to check password history
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
user_password = '******'
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Update system with proxy user password.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=guid(),
proxyuserismanaged=True)
assert update_sys_result is False, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
# set a different password for the user
update_user_password(winrm_engine, add_user_in_target_system[1],
user_password)
user_name = core_session.get_user().get_login_name()
# rotate password for manage account
result, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Did not Rotate Password {result}"
logger.info(
f'account activity logs for un manage account API response:{result}')
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert success, f"Did not retrieve password {result}"
logger.info(
f'account activity logs for un manage account API response:{result}')
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in \
row[0]['Detail'], "user not able to update un managed account password"
logger.info(
f'account activity logs for un manage account API response:{row}')
query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \
f"'{acc_result}' and StateUpdatedBy='{user_name}' and State='Retired'"
password_history = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))[0]
assert len(
password_history
) > 0, f"Password history table did not update {password_history}"
logger.info(f'Password history table API response:{password_history}')
def test_rotate_password(core_session, pas_config, remote_users_qty3,
test_proxy, cleanup_resources, cleanup_accounts):
"""
TC: C2577 - Rotate Password for managed account
trying to Rotate Password for managed account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to rotate password
-Assert Failure
2. Try to check activity of manage account
-Assert Failure
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
user_name = core_session.get_user().get_login_name()
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
# Update system with management mode 'Smb'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='Smb')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
result, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Did not rotate password, API response: {result}"
logger.info(f"User able to rotate the password: {result}")
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} rotated local account "{add_user_in_target_system[0]}" credential for "{sys_name}"({fdqn})' \
in row[0]['Detail'], "Did not retrieve the activity of rotate password"
logger.info(f"User able to get the activity: {row[0]['Detail']}")
accounts_list.append(acc_result)
def test_add_manage_account_with_proxy_account(core_session, pas_config,
remote_users_qty3,
cleanup_resources,
cleanup_accounts, test_proxy):
"""
TC: C2574 - Add system with managed account using proxy account
trying to Add system with managed account using proxy account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to checkout password
-Assert Failure
2. Try to check activity of manage account
-Assert Failure
"""
user_name = core_session.get_user().get_login_name()
logger.info(f'core sessoin user {core_session.get_user()}')
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Update system with management mode 'Smb'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='Smb')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, add_user_in_target_system[0])
assert server_id == add_sys_result, "Server was not created"
assert acc_id == acc_result, "Account was not created"
res, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Failed to add account in the portal: {res}"
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert result['Password'] != "Hello123", \
f"password checkout Failed. API response result: {result}"
logger.info(
f"password successfully checkout Account password: {result['COID']}")
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \
"Did not retrieve the activity of rotate password"
logger.info(f"User able to get the activity logs: {row[0]['Detail']}")
accounts_list.append(acc_result)
def test_add_account_existing_system(core_session, pas_config,
remote_users_qty1, test_proxy,
cleanup_resources, cleanup_accounts):
"""
TC: C2575 - Add managed account to existing system
trying to Add managed account to existing system
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to checkout password
-Assert Failure
2. Try to check activity of manage account
-Assert Failure
"""
user_details = core_session.__dict__['auth_details']
user_name = core_session.get_user().get_login_name()
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
rights = "Owner,View,Manage,Delete,Login,Naked,RotatePassword,FileTransfer"
result, success = ResourceManager.assign_account_permissions(
core_session,
rights,
user_details['User'],
user_details['UserId'],
pvid=acc_result)
assert success, f"Did not rotate password, API response: {result}"
# Update system with management mode 'Smb'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='Smb')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
res, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Failed to add account in the portal: {res}"
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert result['Password'] != "Hello123", \
f"password checkout Failed. API response result: {result}"
logger.info(
f"password successfully checkout Account password: {result['COID']}")
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \
"Did not retrieve the activity of rotate password"
logger.info(f"User able to get the activity logs: {row[0]['Detail']}")
accounts_list.append(acc_result)
def test_update_un_managed_using_managed_proxy_account_check_password_history(
core_session, pas_windows_setup, test_proxy, pas_config):
"""
TC: C2550 Update un managed account with using proxy account.
:param core_session: Returns a API session.
:param pas_windows_setup: Fixture for adding a system and an account associated with it.
:param pas_config: fixture reading data from resource_data.yaml file.
"""
# Creating a system with un managed account using un managed proxy account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Updating the proxy user password.
payload_data = pas_config['Windows_infrastructure_data']
update_proxy_result, update_proxy_success = ResourceManager.update_system(
core_session,
system_id,
sys_info[0],
sys_info[1],
sys_info[2],
proxyuser=payload_data['proxy_username'],
proxyuserpassword=payload_data['proxy_password'],
proxyuserismanaged=False)
assert update_proxy_success, f"Failed to update proxy user password:API response result:{update_proxy_result}."
logger.info(
f"Successfully able to update the proxy user password without error {update_proxy_result}."
)
# Updating the un managed account with invalid password.
invalid_data = Configs.get_test_node('invalid_resources_data',
'automation_main')
invalid_payload_data = invalid_data['System_infrastructure_data']
invalid_acc_password = invalid_payload_data['invalid_password']
result_update_account, result_update_success = ResourceManager.update_password(
core_session, account_id, invalid_acc_password)
assert result_update_success, f"Failed to update account with invalid password:"******"API response result:{result_update_account}"
logger.info(f"Successfully able to update the un managed "
f"account with invalid password:{result_update_account}.")
# Getting the Account information and validating the status.
status = 'BadCredentials'
get_account_info, get_account_status = ResourceManager.get_accounts_from_resource(
core_session, system_id)
assert get_account_info[0][
'Healthy'] == status, f'Status does not change to Unknown: {status}'
logger.info(
f"Successfully able to change status to Unknown {get_account_info}.")
# Updating the un managed account with correct password.
updated_account_correct_result, updated_account_correct_success = ResourceManager.update_password(
core_session, account_id, payload_data['password'])
assert updated_account_correct_result, f"Failed to update account with correct password:{payload_data['password']}"
logger.info(
f"Successfully able to update the un managed account with correct password: {updated_account_correct_result}."
)
# Getting the system activity and validating update local account password is done or not.
username = core_session.get_user().get_login_name()
result_activity = ResourceManager.get_system_activity(
core_session, system_id)
assert f'{username} updated local account "{sys_info[4]}" password for "{sys_info[0]}"' \
f'({sys_info[1]})' in result_activity[0]['Detail'], \
f"fail to update local account password :{sys_info[4]} "
logger.info(f"Successfully update un managed password : {result_activity}")
def test_check_in_password(core_session, pas_config, cleanup_resources,
cleanup_accounts, remote_users_qty1):
"""TC C2555 Checkin password for the managed account from Accounts page
trying to Checkin password for the managed account from Accounts page
Steps:
Pre: Create system with 1 manage account hand
1. Try to Checkout password for an account
-Assert Failure
2. Try to check my password check-ins in workspace
-Assert Failure
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
success, response = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='RpcOverTcp')
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{add_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, add_user_in_target_system[0])
assert server_id == add_sys_result, "Server was not created"
assert acc_id == acc_result, "Account was not created"
password_checkout_result, password_checkout_success = \
ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
assert password_checkout_success, \
f"expected password equal to actual password: {password_checkout_result}"
logger.info(
f"password successfully checkout Account password: {password_checkout_result}"
)
my_password_checkout = RedrockController.get_total_checkouts(core_session)
created_date_json = str(my_password_checkout[0]['LoanDate'])
ResourceManager.get_date(created_date_json)
check_in_details = []
for i in my_password_checkout:
if i['Summary'] in f'{add_user_in_target_system[0]} ({sys_name})':
check_in_details.append(i['Summary'])
assert check_in_details[0] == f'{add_user_in_target_system[0]} ({sys_name})', \
"fail to checkout password from workspace"
logger.info(
f"password successfully checkout Account password::{my_password_checkout}"
)
password_check_in_result, password_check_in_success = ResourceManager.check_in_password(
core_session, coid=password_checkout_result['COID'])
assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}"
logger.info(
f"password successfully check in for account: {add_user_in_target_system[0]}"
)
username = core_session.get_user().get_login_name()
row = ResourceManager.get_system_activity(core_session, add_sys_result)
created_date_json = str(row[0]['When'])
ResourceManager.get_date(created_date_json)
check_in_details = []
for i in row:
if i['Detail'].__contains__("checked in local account"):
check_in_details.append(i['Detail'])
assert f'{username} checked in local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in \
check_in_details[0], "fail to check in password "
logger.info(f"account activity list:{row}")
my_password_checkout = RedrockController.get_total_checkouts(core_session)
assert len(
my_password_checkout
) == 0, "Check in my password in workspace is not getting updated"
logger.info(
f"password successfully check in for account: {my_password_checkout}")
accounts_list.append(acc_result)
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1,
cleanup_resources, cleanup_accounts,
core_admin_ui):
"""C2541 Settings on Policy page
trying to get rdp through system account with in 15 minute
Steps:
Pre: Create system with 1 account hand
1. Try to take rdp for system
-Assert Failure
2. Try to checkout password for account
-Assert Failure
"""
core_ui = core_admin_ui
user_name = core_ui.get_user().get_login_name()
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
success, response = ResourceManager.update_system(core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
allowremote=True,
defaultcheckouttime=15)
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{add_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
core_ui.navigate('Resources', 'Accounts')
core_ui.search(add_user_in_target_system[0])
core_ui.right_click_action(GridRowByGuid(acc_result), 'Login')
core_ui.switch_to_pop_up_window()
core_ui.expect_disappear(
LoadingMask(),
f'RDP session never exited loading state for system {sys_name}',
time_to_wait=50)
core_ui.switch_to_main_window()
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \
f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp"
password_checkout_result, password_checkout_success = \
ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
new_cid = password_checkout_result['COID']
assert password_checkout_result['Password'] is not user_password, \
f"expected password equal to actual password: {password_checkout_result}"
logger.info(f"password successfully checkout Account password: {new_cid}")
def test_Change_Account_managed(core_session, pas_config, remote_users_qty1,
detect_proxy):
"""
:param core_session: Authenticated Centrify Session.
:param pas_config: fixture reading data from resources_data.yaml file.
TC: C2544 - Change Account to be a managed account and verify password changed in 5 minutes
trying to validate the added manage Account password Activity log's
Steps:
1. Try to add a system along with an manage account
-Assert Failure
2. Try to check in the account password is rotated
-Assert Failure
3. Try to validate account activity log's
"""
user = core_session.get_user()
user_name = user.get_login_name()
sys_name = f"Automatedsystem{guid()}"
res_data = pas_config
user = remote_users_qty1
sys_result, status = ResourceManager.add_system(
core_session, sys_name,
res_data['Windows_infrastructure_data']['FQDN'], 'Windows', "Rdp")
assert status, f"failed to add system"
success, response = ResourceManager.update_system(
core_session,
sys_result,
sys_name,
res_data['Windows_infrastructure_data']['FQDN'],
'Windows',
managementmode='RpcOverTcp')
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{response}")
account_id, status = ResourceManager.add_account(core_session, user[0],
'Hello123', sys_result)
assert status, f'failed to add account'
success, response = ResourceManager.update_account(core_session,
account_id,
user[0],
host=sys_result,
ismanaged=True)
assert success, f'Updating account failed. API response: {response}'
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, user[0])
assert server_id == sys_result, "Server was not created"
assert acc_id == account_id, "Account was not created"
res, success = ResourceManager.rotate_password(core_session, account_id)
assert success, f"Failed to add account in the portal: {res}"
checkout_password, response = ResourceManager.check_out_password(
core_session, 1, accountid=account_id)
assert checkout_password[
'Password'] != 'Hello123', f'Checkout Password Failed. API response: {response}'
row = ResourceManager.get_system_activity(core_session, sys_result)
checkout_activity = row[0]['Detail']
created_date_json = str(row[0]['When'])
ResourceManager.get_date(created_date_json)
assert f'{user_name} checked out local account "{user[0]}" password for system "{sys_name}"' \
f'({res_data["Windows_infrastructure_data"]["FQDN"]})' == checkout_activity, "No system activity data "
logger.info(f"account activity list:{row}")
def test_privilege_service_user_with_view_permission(core_session, pas_setup,
get_limited_user_module):
"""
Test case: C286564 :- Privilege Service User with view permission should can see the related activity
:param core_session: Authenticated Centrify session
:param pas_setup: fixture to create system with account
:param get_limited_user_module: creating cloud user with "Privileged Access Service Power User" right
"""
system_id, account_id, sys_info = pas_setup
cloud_user_session, cloud_user = get_limited_user_module
username = cloud_user.get_login_name()
user_id = cloud_user.get_id()
# "View" permission to cloud user for system
result, success = ResourceManager.assign_system_permissions(core_session,
"View",
username,
user_id,
pvid=system_id)
assert success, f'failed to assign view permission to user {username} for system {sys_info[0]}'
logger.info(
f'view permission for system {sys_info[0]} assigned to user {username}'
)
# Activity validation of system by cloud user
rows = ResourceManager.get_system_activity(cloud_user_session, system_id)
assert rows[0][
'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on system ' \
f'"{sys_info[0]}"({sys_info[1]})', 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of system {sys_info[0]}'
)
# "View" permission to cloud user for account
result, success = ResourceManager.assign_account_permissions(
core_session, "View", username, user_id, pvid=account_id)
assert success, f'failed to assign permissions "View" to {username} for account {sys_info[4]} ' \
f'for system {sys_info[0]}'
logger.info(
f'View permission for account {sys_info[4]} of system {sys_info[0]} to user {username}'
)
# Activity validation of account by cloud user
activity = RedrockController.get_account_activity(cloud_user_session,
account_id)
assert activity[0][
'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on local account' \
f' "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) with credential ' \
f'type Password ', 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of account {sys_info[4]} of system {sys_info[0]}'
)
# Created secret
secret_name = f"test_secret{guid()}"
status, parameters, secret_result = create_text_secret(
core_session, secret_name, "test_secret_text")
assert status, f'failed to create secret with returned result: {result}'
logger.info(
f'secret created successfully {result}, returned parameters are {parameters}'
)
# Assigning view permission to secret to cloud user
result, success = set_users_effective_permissions(core_session, username,
"View", user_id,
secret_result)
assert success, f'failed to set permissions of secret for user {username}'
logger.info(
f'successfully granted "View" permission for secret to {secret_name} to user {username}'
)
# Activity validation of secret by cloud user
secret_activity = get_secret_activity(cloud_user_session, secret_result)
assert f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on the ' \
f'secret "{secret_name}"' in secret_activity[0]['Detail'], 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of secret of {secret_name}'
)
