def test_bulk_system_unenroll_job_fails_due_to_invalid_request_missing_all_fields(core_session, simulate_failure):
if simulate_failure:
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict({}))
else:
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'SetQuery': "@@Favorites", 'SkipIfAgentReconciliationEnabled': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_missing_all_fields(clean_bulk_delete_systems_and_accounts,
core_session, simulate_failure,
list_of_created_systems):
ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)
if simulate_failure:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({}))
else:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
{'SetQuery': "@@Favorites", 'SaveToSecrets': False, 'SecretName': ""}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_and_id_list(core_session, simulate_failure,
test_four_virtual_aapm_agents):
agents, _ = test_four_virtual_aapm_agents
_, server_ids = _setup_agents(core_session, agents)
if simulate_failure:
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'SetQuery': "@@Favorites", 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True}))
else:
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_missing_tag(clean_bulk_delete_systems_and_accounts,
core_session, simulate_failure,
list_of_created_systems):
ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)
if not simulate_failure:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
{'SetQuery': "@@Favorites", 'SaveToSecrets': True, 'SecretName': "MySecretName"}))
else:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE,
Util.scrub_dict({'SetQuery': "@@Favorites", 'SaveToSecrets': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert (not simulate_failure) == success, f"API success response not expected value, returned result {result}"
def test_bulk_account_delete_job_fails_with_request_query_returning_zero_rows_fast_track(
clean_bulk_delete_systems_and_accounts, core_session, simulate_failure,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 1, list_of_created_systems)
_, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values(
[batch])
# Invalid query for the failure case.
if simulate_failure:
sql_query = f"select * from VaultAccount where ID = '{guid()}'"
else:
sql_query = RedrockController.get_query_for_ids(
'VaultAccount', delete_account_ids)
params = Util.scrub_dict({
'Ids': [],
'SaveToSecrets': False,
'SecretName': "",
'SetQuery': sql_query,
'RunSync': True
})
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, \
f'Invalid query bulk account delete request succeeded even though it should fail {result}'
def test_bulk_system_delete_job_fails_due_to_invalid_request_no_query_or_ids_fast_track(
clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)
delete_system_ids, unused_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch])
if simulate_failure:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE,
Util.scrub_dict({'SaveToSecrets': False, 'SecretName': "", 'RunSync': True}))
else:
sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids)
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
{'SetQuery': sql_query, 'SaveToSecrets': False, 'SecretName': "", 'RunSync': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_pe_can_execute_priv_command_user_not_exist(core_session,
cleanup_servers):
session = core_session
sys_name = "test_pe_can_execute_priv_command" + guid()
sys_fqdn = "fqdn" + guid()
added_system_id, system_success_status = ResourceManager.add_system(
core_session,
name=sys_name,
fqdn=sys_fqdn,
computerclass="Windows",
sessiontype="Rdp")
assert system_success_status, f'Adding system failed returned status {system_success_status}'
logger.debug(f"Successfully added a System: {added_system_id}")
cleanup_servers.append(added_system_id)
args = Util.scrub_dict({
'User': "******",
'System': added_system_id,
'Command': "sc stop cagent"
})
response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE,
args)
response_json = response.json()
logger.info(
f"Response from PE canExecutePrivilegeCommand: {response_json}")
assert not response_json[
'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}"
assert response_json[
'Message'] == "User userNotExist not found; they may have been deleted or the directory may be unavailable.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_string_fast_track(core_session, simulate_failure,
test_four_virtual_aapm_agents):
agents, _ = test_four_virtual_aapm_agents
_, server_ids = _setup_agents(core_session, agents)
if simulate_failure:
invalid_query = f"invalid query string" # invalid sql query... should fail
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'SetQuery': invalid_query, 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True}))
else:
valid_query = RedrockController.get_query_for_ids('Server', server_ids)
request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
{'SetQuery': valid_query, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True}))
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_account_delete_job_fails_with_empty_request(core_session):
params = Util.scrub_dict({
'Ids': [],
'SaveToSecrets': False,
'SecretName': "",
'SetQuery': ""
})
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert success is False, f'Empty bulk account delete request succeeded even though it should fail {result}'
def test_pe_can_execute_priv_command_cmd_not_passed(core_session,
cleanup_servers):
session = core_session
args = Util.scrub_dict({'User': "******", 'System': "hobbiton"})
response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE,
args)
response_json = response.json()
logger.info(
f"Response from PE canExecutePrivilegeCommand: {response_json}")
assert not response_json[
'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}"
assert response_json[
'Message'] == "Parameter 'Command' must be specified.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_secret(
clean_bulk_delete_systems_and_accounts, core_session, simulate_failure,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
some_set_name = "ApiSet" + guid()
success, set_id = SetsManager.create_manual_collection(
core_session, some_set_name, "VaultAccount", None)
assert success, "Did not create collection"
SetsManager.update_members_collection(core_session, 'add',
list(all_accounts), 'VaultAccount',
set_id)
params = Util.scrub_dict({
'Ids': list(all_accounts),
'SaveToSecrets': simulate_failure,
'SecretName': "Bulk Account Delete",
'SetQuery': "",
'SkipIfHasAppsOrServices': simulate_failure
})
if simulate_failure:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE,
params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
ResourceManager.wait_for_job_state_succeeded(core_session, result)
assert simulate_failure == success, f"Query success was unexpected value, with message {result}"
else:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE,
params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
ResourceManager.wait_for_job_state_succeeded(core_session, result)
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
total_account = RedrockController.get_accounts(core_session)
SetsManager.delete_collection(core_session, set_id)
list_account = []
for get_account in total_account:
if get_account['ID'] == all_accounts:
list_account.append(get_account['ID'])
assert 0 == len(
list_account
), "Number of remaining added accounts was unexpected number"
def test_privilege_elevation_add_command_no_name(core_session):
"""
Test case: Test for all required params except no name
"""
session = core_session
args = Util.scrub_dict({'CommandPattern': "test", 'ApplyTo': "Linux"})
result = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_ADD_COMMAND,
args)
result_json = result.json()
assert result_json[
'success'] is False, f'PrivilegeElevation add command has failed {result_json}'
assert "Missing required parameter: Name" in result_json[
'Exception'], f'PrivilegeElevation add command should fail with error Missing required parameter: Name {result_json}'
def test_privilege_elevation_add_command_no_applyTo(core_session):
"""
Test case: Test for all required params except no ApplyTo
"""
session = core_session
args = Util.scrub_dict({'Name': "LOTR", 'CommandPattern': "EyeOfSauron"})
result = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_ADD_COMMAND,
args)
result_json = result.json()
assert result_json[
'success'] is False, f'PrivilegeElevation add command has failed {result_json}'
assert "Parameter 'ApplyTo' must be specified." == result_json[
'Message'], f'PrivilegeElevation add command should fail with error Missing required parameter: ApplyTo {result_json}'
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_query(
core_session, simulate_failure):
if simulate_failure:
set_query = ""
else:
set_query = "@@Favorites"
params = Util.scrub_dict({
'Ids': list(),
'SaveToSecrets': False,
'SecretName': "",
'SetQuery': set_query
})
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_pe_can_execute_priv_command_system_not_exist(core_session,
cleanup_servers):
session = core_session
admin_user = core_session.get_user()
admin_user_name = admin_user.get_login_name()
args = Util.scrub_dict({
'User': admin_user_name,
'System': "SysNotExist",
'Command': "sc stop cagent"
})
response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE,
args)
response_json = response.json()
logger.info(
f"Response from PE canExecutePrivilegeCommand: {response_json}")
assert not response_json[
'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}"
assert response_json[
'Message'] == "Computer SysNotExist does not exist.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_rotate_fails_with_invalid_query2(core_session):
my_data = Util.scrub_dict({})
request = core_session.apirequest(EndPoints.PW_MULTI_ROTATE, my_data)
request_json = request.json()
assert not request_json['success'], "Call succeeded and should have failed"
def test_bulk_manage_fails_with_invalid_query2(core_session):
my_data = Util.scrub_dict({})
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_MANAGE, my_data)
request_json = request.json()
logger.info("Multiple manage accounts returned " + request.text)
assert not request_json['success'], "Call succeeded and should have failed"
