def test_delete_ssh_keys_and_account(core_session, add_system_with_ssh_account, get_ssh_key_function, remove_related): system_id, account_id, ssh_id, system_list, account_list, ssh_list = add_system_with_ssh_account # Deleting SSH Account all_key_ids = [ssh_id, get_ssh_key_function] delete_result, delete_success = ResourceManager.del_multiple_ssh_keys(core_session, all_key_ids, run_sync=True, remove_related_account=remove_related) if remove_related: assert delete_success, f"SSH key {ssh_id} deletion failed with API response result: {delete_result}" logger.info(f"Account{account_id} associated with system {system_id} and SSH key {ssh_id} was deleted successfully") else: assert not delete_success, "Delete should have failed with attached account {delete_result}" account_list.remove(account_id) activity = RedrockController.get_ssh_activity(core_session, ssh_id) sql_query = RedrockController.get_query_for_ids('VaultAccount', [account_id]) result = RedrockController.redrock_query(core_session, sql_query) if remove_related: assert len(result) == 0, f"Account not deleted as expected {result}" else: assert len(result) == 1, f"Account was delete and should not have been {result} when removed_related_account == False" sql_query = RedrockController.get_query_for_ids('SshKeys', all_key_ids) result = RedrockController.redrock_query(core_session, sql_query) if remove_related: assert len(result) == 0, f"SSH keys not deleted as expected {result}" else: assert len(result) == 1 and ssh_id in str(result), f"Should remain exactly 1 SSH key associated with account {result}"
def test_bulk_account_delete_job_fails_with_request_query_returning_zero_rows_fast_track( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) _, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values( [batch]) # Invalid query for the failure case. if simulate_failure: sql_query = f"select * from VaultAccount where ID = '{guid()}'" else: sql_query = RedrockController.get_query_for_ids( 'VaultAccount', delete_account_ids) params = Util.scrub_dict({ 'Ids': [], 'SaveToSecrets': False, 'SecretName': "", 'SetQuery': sql_query, 'RunSync': True }) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, \ f'Invalid query bulk account delete request succeeded even though it should fail {result}'
def test_bulk_system_unenroll_by_sql_query_only_unenrolls_correct_systems(core_session, test_four_virtual_aapm_agents): user_info = core_session.get_current_session_user_info().json()['Result'] agents, _ = test_four_virtual_aapm_agents all_agent_ids, all_server_ids = _setup_agents(core_session, agents) unenroll_agent_ids = all_agent_ids[:2] unenroll_server_ids = all_server_ids[:2] keep_agent_ids = all_agent_ids[2:] _validate_aapm_agent_details(core_session, all_agent_ids, True) sql_query = RedrockController.get_query_for_ids('Server', unenroll_server_ids) _, success = ResourceManager.unenroll_multiple_systems_by_query(core_session, sql_query) assert success, f"Unenroll Multiple systems by query failed: {sql_query}" _validate_aapm_agent_details(core_session, unenroll_agent_ids, False) _validate_aapm_agent_details(core_session, keep_agent_ids, True) username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkSystemUnenrollClient.StartQuery.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkSystemUnenrollClient.Success.Multi' start_message = f'{username} initiated unenroll of multiple systems' end_message = f'{username} successfully unenrolled {len(unenroll_server_ids)} systems' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def _validate_aapm_agent_details(session, agent_ids, expected): query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM') results = RedrockController.get_result_rows( RedrockController.redrock_query(session, query)) # make sure num of systems match assert len(results) == len(agent_ids) for row in results: assert row["FeatureAAPM"] is expected
def test_bulk_system_delete_job_fails_due_to_invalid_request_no_query_or_ids_fast_track( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems) delete_system_ids, unused_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch]) if simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({'SaveToSecrets': False, 'SecretName': "", 'RunSync': True})) else: sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict( {'SetQuery': sql_query, 'SaveToSecrets': False, 'SecretName': "", 'RunSync': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_string_fast_track(core_session, simulate_failure, test_four_virtual_aapm_agents): agents, _ = test_four_virtual_aapm_agents _, server_ids = _setup_agents(core_session, agents) if simulate_failure: invalid_query = f"invalid query string" # invalid sql query... should fail request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'SetQuery': invalid_query, 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True})) else: valid_query = RedrockController.get_query_for_ids('Server', server_ids) request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'SetQuery': valid_query, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def _wait_for_systems_validation(session, agent_ids, expected, intervals_to_wait=600, delay=1): while intervals_to_wait > 0: query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM') results = RedrockController.get_result_rows( RedrockController.redrock_query(session, query)) logger.info(results) # make sure num of systems match assert len(results) == len(agent_ids) row = results[0] if row["FeatureAAPM"] is expected: return True if delay > 0: time.sleep(delay) intervals_to_wait = intervals_to_wait - 1 return False
def test_bulk_system_delete_by_sql_query_only_deletes_correct_systems_and_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): user_info = core_session.get_current_session_user_info().json()['Result'] assert len(ResourceManager.get_multi_added_system_ids(core_session, [ "x"])) == 0 # Use fake GUID string to ensure that filter is working properly, since empty list means no filter assert len(ResourceManager.get_multi_added_account_ids(core_session, ["x"])) == 0 batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems) batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 6, list_of_created_systems) batch4 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 8, list_of_created_systems) batch5 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2, batch3, batch4, batch5]) assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 15, "Found wrong number of added systems" assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 59, "Found wrong number of add accounts" delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2, batch4]) keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3, batch5]) sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, False, "") assert set(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search" assert set(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search" username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.StartQuery.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Success.Multi' start_message = f'{username} initiated delete of multiple systems' end_message = f'{username} successfully deleted {len(delete_system_ids)} systems' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_system_delete_generates_secret(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 3, list_of_created_systems) batch3 = ResourceManager.add_multiple_ssh_systems_with_accounts(core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) all_non_ssh_systems, all_non_shh_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = RedrockController.get_query_for_ids('Server', all_systems) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, True, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.strip().count("\n") == len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_non_shh_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" # Commenting following assert as AutomationTestKey is not available in secret_file_contents, Tested on both AWS, # Azure devdog tenants # assert 'AutomationTestKey' in secret_file_contents, f"Name of SSH key did not appear in secret file {secret_file_contents}" for server_id in all_non_ssh_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_non_shh_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"