def test_add_a_new_top_level_stand_alone_folder(core_session,
create_secret_folder,
pas_general_secrets):
"""
Test method to create a Folder &
verifying the rights of the folder created
:param core_session: Authenticated Centrify Session
:param create_secret_folder: Fixture to create a folder & yields folder related details
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
# Getting the Id of the user.
user_details = core_session.__dict__
user_id = user_details['auth_details']['UserId']
# Refreshing the page.
refresh_result = UserManager.refresh_token(core_session, user_id)
assert refresh_result["success"], f"Failed to reload:API response result:{refresh_result}"
# Getting permissions of the folder created
permissions = SetsManager.get_collection_rights(core_session, folder_id)
verify_permissions = 'View, Edit, Delete, Grant, Add'
assert verify_permissions == permissions["Result"], \
f'Failed to verify permissions for the folder{permissions["Result"]}'
logger.info(f'Permissions of the folder created: {permissions}')
def test_ends_with_search(core_session, core_admin_ui,
cleanup_secrets_and_folders, pas_general_secrets):
"""
C3061: Ends with search
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch the browser with cloud admin
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
params = pas_general_secrets
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
suffix = guid()
# Creating folder
folder_success, folder_parameters, folder_id = create_folder(
core_session, params['name'] + suffix, params['description'])
assert folder_success, f'Failed to create folder, API response result: {folder_id}'
logger.info(
f'Folder created successfully: {folder_id} & details are {folder_parameters}'
)
folder_list.append(folder_id)
folder_name = folder_parameters['Name']
# Creating secret
added_secret_success, details, added_secret_id = create_text_secret(
core_session, params['secret_name'] + suffix, params['secret_text'])
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {details, added_secret_id}')
secrets_list.append(added_secret_id)
ui = core_admin_ui
ui.navigate('Resources', 'Secrets')
# Searching for secrets & folder
ui.search(suffix)
ui.expect(GridRow(folder_name),
f' Expect to find folder {folder_name} but could not')
ui.expect(
GridRowByGuid(added_secret_id),
f' Expect to find secret with id as {added_secret_id} but could not')
logger.info(
f'Both folder {folder_name} & secret {added_secret_id} are successfully visible'
)
# Getting permissions of folder
permissions = SetsManager.get_collection_rights(core_session, folder_id)
assert permissions["Result"], \
f'Failed to get permissions for folder, API response result:{permissions["Result"]}'
logger.info(f'Permissions of the folder created: {permissions}')
# Getting permissions of secret
permissions_secret = get_users_effective_secret_permissions(
core_session, added_secret_id)
assert permissions_secret,\
f'Failed to get permissions for secret, API response result: {permissions_secret}'
logger.info(f' Permissions for Secret: {permissions_secret}')
def test_check_ui_after_changing_setting(core_session, pas_setup,
clean_up_collections):
"""
Test case: C2206 Check permission for set
:param core_session: Authenticated centrify session
:param pas_setup: Creating a new system with accounts
"""
# Adding Systems for test execution
created_system_id, created_account_id, system_details = pas_setup
user_details = core_session.__dict__
collection_name = "testManualCollection" + guid()
# Get list of permission
get_sys_result, get_sys_success = ResourceManager.get_system_permissions(
core_session, created_system_id)
assert get_sys_success, f"Failed to get system permissions for resource, API result:{get_sys_result}"
permission = get_sys_result[0]['Rights']
permission_list = list(chain(*zip(permission.split())))[:-1]
permission_index_value = [
list((i, permission_list[i])) for i in range(len(permission_list))
]
assert (permission_index_value[3][0] < permission_index_value[4][0]
), f"Failed to get permission 'Grant' is in front of 'View'"
logger.info(
f'Grant is successfully shows in front of View. as Grant index is {permission_index_value[3][0]} and View index is {permission_index_value[4][0]}'
)
# Create set
add_set_success, new_set_id = SetsManager.create_manual_collection(
core_session, collection_name, "Server")
assert add_set_success, "Collection " + new_set_id + " Failed to Create"
# Set cleanup list
clean_up_collections.append(new_set_id)
# Assign permission to the set
set_permissions_result = SetsManager.set_collection_permissions(
core_session, "Grant,View,Edit,Delete",
user_details["auth_details"]["User"],
user_details['auth_details']['UserId'], new_set_id)
logger.info(
f'Successfully set collection Permissions for the set page :{set_permissions_result}'
)
# Get collection permission rights
get_permissions_result = SetsManager.get_collection_rights(
core_session, new_set_id)
set_permission = get_permissions_result['Result']
# Actual set permission rights list
actual_set_permission_list = 'View, Edit, Delete, Grant'
assert set_permission == actual_set_permission_list, f'Failed to verify permissions:{actual_set_permission_list}'
logger.info(
f'Successfully verify Permissions for the set page created:{actual_set_permission_list}'
)
def test_add_new_sub_folder_and_set_with_same_name(core_session,
set_cleaner,
create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
test method to add a set with same name as Sub Folder
:param core_session: Authenticated Centrify Session
:param set_cleaner: Fixture to cleanup the sets created
:param create_secret_folder: Fixture to create a folder & yields folder related details
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
folder_prefix = guid()
folder_success, folder_parameters, sub_folder_id = create_folder(core_session,
folder_prefix + folder_params['name'],
folder_params['description'],
parent=folder_id)
assert folder_success, f'Failed to add sub folder:{folder_parameters["Result"]}'
logger.info(f'Folder added successfully: {folder_success}')
folders_list.insert(0, sub_folder_id)
success, set_id = SetsManager.create_manual_collection(core_session,
folder_prefix + folder_params['name'],
'DataVault')
assert success is True, f'Failed to create manual set with same name as Sub Folder {set_id}'
logger.info(f'creating manual set:{success} with setid as: {set_id}')
set_cleaner.append(set_id)
logger.info(f'Added set deleted successfully:{set_cleaner}')
# Getting permissions of the set created
permissions = SetsManager.get_collection_rights(core_session, set_id)
verify_permissions = 'View, Edit, Delete, Grant'
assert verify_permissions == permissions["Result"], \
f'Failed to verify permissions for the set:{permissions["Result"]}'
logger.info(f'Permissions of the set created: {permissions}')
def test_inherited_folder_permissions_should_be_removed_if_you_move_away_from_parent(
core_session, create_folder_inside_folder, pas_general_secrets,
cleanup_secrets_and_folders, users_and_roles):
"""
C3052: Inherited folder permissions should be removed if you move away from parent
:param core_session: Authenticated Centrify Session
:param create_folder_inside_folder: Fixture to create folder inside parent folder
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User rights
"""
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
parent_folder_id = parent_folder_info['ID']
folder_prefix = guid()
params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['name'],
params['description'],
parent=nested_folder_id)
assert child_folder_success, f'Failed to create child folder, API response result:: {child_folder_id}'
logger.info(
f'Child Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
folders_list.insert(0, child_folder_id)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder(View,Delete,Edit)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View,Delete,Edit')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give user permissions to nested folder(View,Add )
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, nested_folder_id, 'View,Add')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to , API response result: {user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Getting permissions of child folder(should inherit from parent)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Edit, Delete, Add'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
# Moving Nested Folder into Top Level Secrets
result_move = move_folder(pas_power_user_session, nested_folder_id)
assert result_move[
'success'], f'Not Able to Move Folder B1 into B11, API response result:: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move}')
# Getting permissions of child folder(should inherit from nested folder)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Add'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
def test_updates_by_admin_are_reflected_on_sub_folders(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles):
"""
C3049: test method to Updates and changes by admin are reflected on sub folders through inheritance
1) create multilevel folder /alpha/beta/charlie/delta
2)Login as Admin, add & update different folder permissions for alpha
3) Login as pas user
4) verify permissions are saved and propagated to the child folders.
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session, folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(
f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session,
parent_folder_id)
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0][
"Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session,
alpha_folder_id)
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to assign all the permissions(View, Edit, Delete, Grant, Add) to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id,
'View, Edit, Delete, Grant, Add')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting permissions of the folder delta(should inherit from parent)
permissions_delta = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Edit, Delete, Grant, Add'
assert verify_permissions_all == permissions_delta["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_delta["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_delta}')
# Api to assign selected permissions(View, Edit, Delete) to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id,
'View, Edit, Delete')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting permissions of the folder delta(should inherit from parent)
permissions_delta = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_selected = 'View, Edit, Delete'
assert verify_permissions_selected == permissions_delta["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_delta["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_delta}')
# Api to give permissions(View,Add) to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id, 'View, Add')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting permissions of the folder delta(should inherit from parent)
permissions_delta = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_view_add = 'View, Add'
assert verify_permissions_view_add == permissions_delta["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_delta["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_delta}')
# cleanup of folders accordingly
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders deleted successfully: {folders_list}')
def test_member_add_single_folder_then_append_multilevel_folder_to_it(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles, create_secret_folder):
"""
C3059: test method to Add single folder then append multilevel folder to it
1) create multilevel folder dogs/labradors/yellow inside a parent folder
2) Login as Admin, set folder permissions "View" for parent folder
3) Login as pas user
4) verify pas user can view all folders i.e. "folder1/dogs/labradors/yellow" & inherit permissions from parent.
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
:param create_secret_folder: Fixture to create folder & yields folder details
"""
params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
folder_parameters = create_secret_folder
parent_folder_id = folder_parameters['ID']
# creating multilevel folder dogs/labradors/yellow
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
params['folder_multiple_level'],
params['description'],
parent=parent_folder_id)
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(
f'Multilevel Folder created successfully, details are: {child_folder_parameters}'
)
# Getting details of Folder Labradors
labradors_folder = get_folder(core_session, child_folder_id)
logger.info(f'labradors folder details:{labradors_folder}')
labradors_folder_id = labradors_folder['Result']['Results'][0]['Row'][
'Parent']
# Getting id of Folder Dogs
dogs_folder = get_folder(core_session, labradors_folder_id)
logger.info(f'Dogs folder details:{dogs_folder}')
dogs_folder_id = dogs_folder['Result']['Results'][0]['Row']['Parent']
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting id of Folder Dog
dog_folder = get_secrets_and_folders_in_folders(pas_power_user_session,
parent_folder_id)
logger.info(f'Details of Dog Folder Retrieved with pas user:{dog_folder}')
dog_id = dog_folder["Result"]["Results"][0]["Entities"][0]["Key"]
assert dog_id == dogs_folder_id, \
f'Failed to view dog folder with pas user, API response result:{dog_folder["success"]} & {dog_folder["Result"]}'
# Getting id of parent folder
labradors_folder = get_secrets_and_folders_in_folders(
pas_power_user_session, dog_id)
logger.info(
f'Details of labradors Folder Retrieved with pas user:{labradors_folder}'
)
labradors_id = labradors_folder["Result"]["Results"][0]["Entities"][0][
"Key"]
assert labradors_id == labradors_folder_id, \
f'Failed to view labradors folder with pas user, API response result:' \
f'{labradors_folder["success"]} & {labradors_folder["Result"]}'
# Getting id of parent folder
yellow_folder = get_secrets_and_folders_in_folders(pas_power_user_session,
labradors_id)
logger.info(
f'Details of yellow Folder Retrieved with pas user:{yellow_folder}')
yellow_id = yellow_folder["Result"]["Results"][0]["Entities"][0]["Key"]
assert \
yellow_id == child_folder_id, f' Failed to view yellow folder with pas user, API response result:' \
f'{yellow_folder["success"]} & {yellow_folder["Result"]}'
# Getting permissions of the folder yellow(should inherit from parent)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
# cleanup of folders accordingly
folders_list.insert(0, child_folder_id)
folders_list.insert(1, labradors_folder_id)
folders_list.insert(2, dogs_folder_id)