def _verify_get_mfa_token(self, account_id, expect_challenge_on_checkout): pas_user = self.session.get_user() result, success = ResourceManager.assign_account_permissions(self.session, "Owner,View,Manage,Delete,Login,Naked,UpdatePassword,RotatePassword", pas_user.get_login_name(), pas_user.get_id(), pvid=account_id) assert success, f"Failed to set account permissions {result}" result, success = ResourceManager.check_out_password(self.session, 6, account_id) if not expect_challenge_on_checkout: assert success and result['Password'] == self.root_password, f"Unexpected value for password {result}" new_coid = result['COID'] result, success = ResourceManager.check_in_password(self.session, coid=new_coid) assert success, "Did not check in password" else: assert 'ChallengeId' in result and len( result) == 1, f"Did not receive expected challenge {result} {success}" result, success = CloudProviderManager.get_mfa_token(self.session, account_id) if self.mfa_code: assert success, f"Failed to get_mfa_token {result}" assert len(result['code']) == 6, f"Token returned was wrong length {result}" else: assert not success, f"Should fail with MFA not set {result}"
def test_checkin_password_for_unmanaged_account(core_session, setup_pas_system_for_unix): """ TC: C279514 - Checkin password for unmanaged account. :param core_session: Authenticated Centrify Session. :param setup_pas_system_for_unix: Adds and yields uuid of a Unix system and account associated to it. """ added_system_id, account_id, sys_info = setup_pas_system_for_unix co_result, co_success = ResourceManager.check_out_password(core_session, 1, account_id, "checkout test") assert co_success, f"Account checkout failed with APi response result: {co_result}." checkin_result, checkin_success = ResourceManager.check_in_password(core_session, co_result['COID']) assert checkin_success, f"Checkin for account {account_id} failed with API response result: {checkin_result}" logger.info(f'Successfully checked in the password for account {account_id} with API response result:' f' {checkin_result} and success: {checkin_success}')
def test_checkin_password_for_managed_account_from_workspace( core_session, setup_pas_system_for_unix, core_admin_ui): """ TC: C2503 - Checkin password for managed account from Workspace page :param core_session: Authenticated Centrify Session. :param setup_pas_system_for_unix: Adds and yields uuid of a Unix system and account associated to it. """ added_system_id, account_id, sys_info = setup_pas_system_for_unix co_result, co_success = ResourceManager.check_out_password( core_session, 1, account_id, "checkout test") assert co_success, f"Account checkout failed with APi response result: {co_result}." ui = core_admin_ui ui.navigate(['Workspace', 'My Password Checkouts']) ui.check_row_by_guid(co_result["COID"]) ui.action('Checkin') logger.info( f'Password for {account_id} has been checked-in from workspace page.') result, success = ResourceManager.check_in_password( core_session, account_id) assert success is False, "Password checkin from workspace page failed" logger.info('Password successfully checked-in from workspace page.')
def test_check_in_password_un_managed_account(core_session, pas_windows_setup, pas_config): """ Test case: C2553 Check in password for the un managed account :param core_session: Returns a API session. :param pas_windows_setup: Returns a fixture. :param pas_config: fixture for fetching up the value from yaml. """ # Creating a system and account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) # Checking out the password and validating the password. password_checkout_result, password_checkout_success = ResourceManager.check_out_password( core_session, 1, accountid=account_id) assert password_checkout_result['Password'] == user_password, \ f"password checkout Failed. API response result: {password_checkout_result}" logger.info( f"password successfully checkout Account password: {password_checkout_result['COID']}" ) # Checking in password. password_check_in_result, password_check_in_success = ResourceManager.check_in_password( core_session, coid=password_checkout_result['COID']) assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}" logger.info( f"password successfully check in for account: {password_check_in_result}" ) # Checking the activity. username = core_session.get_user().get_login_name() result_activity = ResourceManager.get_system_activity( core_session, system_id) assert f'{username} checked in local account "{sys_info[4]}" password for system "{sys_info[0]}"' \ f'({sys_info[1]})' in result_activity[0]['Detail'], \ "Fail to check in password:API response result: {password_check_in_result} " logger.info(f"account activity list:{result_activity}")
def test_checkin_password_for_unmanaged_account(core_session, add_database_with_account): """ Test case: C1104 :param core_session: Authenticated centrify session :param add_database_with_account: fixture to create database with account as optional. """ db_name, db_id, db_account_id, db_data, database_cleaner_list, sql_account_cleaner_list = \ add_database_with_account(db_class='sql', add_account=True) checkout_result, status = ResourceManager.check_out_password( core_session, lifetime=15, accountid=db_account_id) assert status, f'failed to checkout account {db_data["db_account"]} password. returned result is {checkout_result}' assert checkout_result['Password'] == db_data[ 'password'], "Checked out password dose'nt match the actual password" logger.info(f'{db_data["db_account"]} password check out successfully.') result, status = ResourceManager.check_in_password(core_session, checkout_result['COID']) assert status, f'failed to checkin password for account {db_data["db_account"]}, return result is {result}' logger.info( f'account {db_data["db_account"]} password checked in successfully') acc_activity = RedrockController.get_account_activity( core_session, db_account_id) assert f'{core_session.auth_details["User"]} checked in database account "{db_data["db_account"]}" password for ' \ f'database "{db_name}"' in \ acc_activity[0]['Detail'], f"no activity of checkout found for account {db_data['db_account']}" logger.info( f"There is a checkout record for the account {db_data['db_account']} in activity" ) for activity in acc_activity: assert 'Reason: Change password after checked-in' not in activity[ 'Detail'], f'activity for change password behavior found.' logger.info('activity for change password behavior not found.')
def test_checkout_password(core_session, pas_config, cleanup_resources, cleanup_accounts, remote_users_qty1): """TC C2554 - Checkout password for a windows managed account from Accounts page trying to Checkout password for a windows managed account from Accounts page Steps: Pre: Create system with 1 manage account hand 1. Try to Checkout password for an account -Assert Failure 2. Try to check my password checkouts in workspace -Assert Failure """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) success, response = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='RpcOverTcp') assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{add_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, add_user_in_target_system[0]) assert server_id == add_sys_result, "Server was not created" assert acc_id == acc_result, "Account was not created" res, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Failed to add account in the portal: {res}" password_checkout_result, password_checkout_success = \ ResourceManager.check_out_password(core_session, 1, accountid=acc_result) assert password_checkout_result['Password'] != user_password, \ f"expected password equal to actual password: {password_checkout_result}" logger.info( f"password successfully checkout Account password: {password_checkout_result}" ) my_password_checkout = RedrockController.get_total_checkouts(core_session) created_date_json = str(my_password_checkout[0]['LoanDate']) ResourceManager.get_date(created_date_json) check_out_details = [] for i in my_password_checkout: if i['Summary'] in f'{add_user_in_target_system[0]} ({sys_name})': check_out_details.append(i['Summary']) assert check_out_details[0] == f'{add_user_in_target_system[0]} ({sys_name})',\ "fail to checkout password from workspace" logger.info( f"password successfully checkout Account password::{my_password_checkout}" ) accounts_list.append(acc_result) password_check_in_result, password_check_in_success = ResourceManager.check_in_password( core_session, coid=password_checkout_result['COID']) assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}" logger.info( f"password successfully check in for account: {add_user_in_target_system[0]}" )