def test_delete_command_passing_id_and_name(core_session, setup_generic_pe_command_with_no_rules):
logger.info("test_delete_command_passing_id_and_name")
commandName, commandID = setup_generic_pe_command_with_no_rules
# Delete the command with name, should succeed
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, ident=commandID, name=commandName)
assert not isSuccess, f"Deleting command with ID and name passed: {result}"
def test_delete_command_with_assignments(core_session, setup_generic_pe_command_with_no_rules):
logger.info("test_delete_command_with_assignments")
commandName, commandID = setup_generic_pe_command_with_no_rules
# Add assignment
principalType = "Role"
principal = "System Administrator"
scopeType = "Global"
ruleID, isSuccess = PrivilegeElevation.add_pe_rule_assignment(core_session, commandID=commandID,
scopeType=scopeType,
principalType=principalType, principal=principal)
assert isSuccess, f" Adding rule assignment failed"
# Make sure rule assignment is available
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess, f"List assignments API call failed: {results}"
logger.debug(f"List pe assignments response: {results}")
assert PrivilegeElevation.check_rule_in_list_pe_assignments_response(ruleID, results, True), \
f"ruleID not present in list of pe assignments response"
# Delete the command with name, should succeed
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, name=commandName)
assert isSuccess, f"Deleting command failed: {result}"
# Make sure list assignment fails
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert not isSuccess, f"List assignments API call not failed after deleting associated command: {results}"
logger.debug(f"List pe assignments response: {results}")
def test_pe_del_command_scenario2(core_session, setup_generic_pe_command_with_no_rules, users_and_roles,
create_resources, create_manual_set):
commandName, commandID = setup_generic_pe_command_with_no_rules
requester_session = users_and_roles.get_session_for_user('Privilege Elevation Management')
response = requester_session.get_current_session_user_info()
user_info = response.json()['Result']
logger.debug(f"del_command_scenario2 user_info: {user_info}")
admin_user = core_session.get_user()
admin_user_name = admin_user.get_login_name()
admin_user_id = admin_user.get_id()
# Add System
added_system_id = create_resources(core_session, 1, "Unix")[0]['ID']
logger.debug(f"Successfully added a System: {added_system_id}")
# Create Set and the system to this set
set_id = create_manual_set(
core_session, "Server", object_ids=[added_system_id])['ID']
logger.debug(f"Successfully created a set and added system to that set: {set_id}")
# Give all permissions to admin user on this set
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount,' \
'ManagePrivilegeElevationAssignment'
result = SetsManager.set_collection_resource_permissions(core_session, permission_string,
admin_user_name, admin_user_id, set_id,
"User")
assert result['success'], "setting collection permissions failed: " + result
# Add assignment
principalType = "User"
principal = user_info['Name']
scopeType = "Collection"
scope = set_id
ruleID, isSuccess = PrivilegeElevation.add_pe_rule_assignment(core_session, commandID=commandID,
scopeType=scopeType, scope=scope,
principalType=principalType, principal=principal)
assert isSuccess, f" Adding rule assignment failed"
# Make sure rule assignment is available
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess, f"List assignments API call failed: {results}"
logger.debug(f"List pe assignments response: {results}")
assert PrivilegeElevation.check_rule_in_list_pe_assignments_response(ruleID, results, True), \
f"ruleID not present in list of pe assignments response"
# Deleting command should be successful, assignments too
result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, name=commandName)
assert isSuccess, f"Deleting command as a non-admin user with pe permission failed: {result}"
# Deleting assignmnent explicitly should fail
result, isSuccess = PrivilegeElevation.del_pe_rule_assignment(requester_session, ruleID)
assert not isSuccess, f"Deleting an already deleted assignment passed: {ruleID}"
assert re.findall('Privilege Elevation Assignment not found', result), \
f"Deleting an already deleted assignment failed with unknown exception: {result}"
def test_pe_del_command_with_no_pe_permission(users_and_roles, core_session, setup_generic_pe_command_with_no_rules):
logger.info("test_pe_command_non_admin_user_with_no_pe_permission")
requester_session = users_and_roles.get_session_for_user()
commandName, commandID = setup_generic_pe_command_with_no_rules
# Trying to add a new Command with same name should fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows")
assert not isSuccess, "Creating duplicate privilege command succeeded"
# Delete the command as a user with no permissions should fail
result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, ident=commandID)
assert not isSuccess, f"Deleting command as a user with no permissions passed: {result}"
# Creating command with same name should still fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Linux")
assert not isSuccess, f"Creating command with same name passed"
# Deleting it for cleanup
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, name=commandName)
assert isSuccess, f"Deleting command for cleanup failed: {result}"
def test_pe_del_command_nonadmin_with_pe_permission(users_and_roles, core_session,
setup_generic_pe_command_with_no_rules):
logger.info("test_pe_command_non_admin_user_with_no_pe_permission")
commandName, commandID = setup_generic_pe_command_with_no_rules
requester_session = users_and_roles.get_session_for_user('Privilege Elevation Management')
# Trying to add a new Command with same name should fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows")
assert not isSuccess, "Creating duplicate privilege command succeeded"
# Delete the command as a non-admin user with pe permission should succeed
result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, name=commandName)
assert isSuccess, f"Deleting command as a non-admin user with pe permission failed: {result}"
def test_delete_command_basic(core_session, setup_generic_pe_command_with_no_rules):
logger.info("test_delete_command_basic")
commandName, commandID = setup_generic_pe_command_with_no_rules
# Trying to add a new Command with same name should fail
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Windows")
assert not isSuccess, "Creating duplicate privilege command succeeded"
# Delete the command
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, ident=commandID)
assert isSuccess, f"Deleting command failed: {result}"
# Creating command with same name should now succeed
_, isSuccess = PrivilegeElevation.add_pe_command(core_session, commandName, "*", "Linux")
assert isSuccess, f"Creating command with same name after deleting it, failed"
def test_privilege_elevation_add_command_all_required_params(core_session):
"""
Test case: Test for all required params
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "All commands" + Util.random_string(), "*", "Linux,Windows")
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_winlinux(core_session):
"""
Test case: Test for all valid params for ApplyTo as Windows,Linux
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "All commands" + Util.random_string(), "*", "Linux,Windows",
"Run all commands", 0, "*", {}, {})
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_win(core_session):
"""
Test case: Test for all valid params for ApplyTo as Windows
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "Restart any windows service" + Util.random_string(), "netsh",
"Windows", "Restart any windows service", 3, "netsh", {}, {})
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_privilege_elevation_add_command_linux(core_session):
"""
Test case: Test for all valid params for ApplyTo as Linux
"""
session = core_session
result, success = PrivilegeElevation.add_pe_command(
session, "Restart any linux service" + Util.random_string(),
"systemctl restart", "Linux", "Restart any linux service", 6,
"usr/sbin/systemctl", {}, {})
assert success is True, f'PrivilegeElevation add command has failed {result}'
#Clean up
resp, success = PrivilegeElevation.del_pe_command(
session, ident=result['Result']['ID'])
assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_pe_del_command_scenario3(core_session, setup_pe_one_command_one_rule, users_and_roles):
commandName, commandID, ruleID = setup_pe_one_command_one_rule
requester_session = users_and_roles.get_session_for_user('Privilege Elevation Management')
response = requester_session.get_current_session_user_info()
user_info = response.json()['Result']
logger.debug(f"del_command_scenario3 - user_info: {user_info}")
# Make sure rule assignment is available
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess, f"List assignments API call failed: {results}"
logger.debug(f"List pe assignments response: {results}")
assert PrivilegeElevation.check_rule_in_list_pe_assignments_response(ruleID, results, True), \
f"ruleID not present in list of pe assignments response"
# Deleting command should be successful, along with assignments
result, isSuccess = PrivilegeElevation.del_pe_command(requester_session, name=commandName)
assert isSuccess, f"Deleting command as a non-admin user with pe permission failed: {result}"
# Deleting assignment explicitly should fail, as assignment is already deleted
result, isSuccess = PrivilegeElevation.del_pe_rule_assignment(requester_session, ruleID)
assert not isSuccess, f"Deleting an already deleted assignment passed: {ruleID}"
assert re.findall('Privilege Elevation Assignment not found', result), \
f"Deleting an already deleted assignment failed with unknown exception: {result}"
def test_delete_command_pass_no_params(core_session):
logger.info("test_delete_command_pass_no_params")
# Delete the command with name, should succeed
result, isSuccess = PrivilegeElevation.del_pe_command(core_session)
assert not isSuccess, f"Deleting command without params passed: {result}"
def test_pe_del_command_notexists(core_session):
commandName = "Doesn'tExist"
result, isSuccess = PrivilegeElevation.del_pe_command(core_session, name=commandName)
assert not isSuccess, f" Deleting a non existing pe command passed: {commandName}"
