def _verify_get_mfa_token(self, account_id, expect_challenge_on_checkout):
pas_user = self.session.get_user()
result, success = ResourceManager.assign_account_permissions(self.session,
"Owner,View,Manage,Delete,Login,Naked,UpdatePassword,RotatePassword",
pas_user.get_login_name(), pas_user.get_id(),
pvid=account_id)
assert success, f"Failed to set account permissions {result}"
result, success = ResourceManager.check_out_password(self.session, 6, account_id)
if not expect_challenge_on_checkout:
assert success and result['Password'] == self.root_password, f"Unexpected value for password {result}"
new_coid = result['COID']
result, success = ResourceManager.check_in_password(self.session, coid=new_coid)
assert success, "Did not check in password"
else:
assert 'ChallengeId' in result and len(
result) == 1, f"Did not receive expected challenge {result} {success}"
result, success = CloudProviderManager.get_mfa_token(self.session, account_id)
if self.mfa_code:
assert success, f"Failed to get_mfa_token {result}"
assert len(result['code']) == 6, f"Token returned was wrong length {result}"
else:
assert not success, f"Should fail with MFA not set {result}"
def test_checkin_password_for_unmanaged_account(core_session, setup_pas_system_for_unix):
"""
TC: C279514 - Checkin password for unmanaged account.
:param core_session: Authenticated Centrify Session.
:param setup_pas_system_for_unix: Adds and yields uuid of a Unix system and account associated to it.
"""
added_system_id, account_id, sys_info = setup_pas_system_for_unix
co_result, co_success = ResourceManager.check_out_password(core_session, 1, account_id, "checkout test")
assert co_success, f"Account checkout failed with APi response result: {co_result}."
checkin_result, checkin_success = ResourceManager.check_in_password(core_session, co_result['COID'])
assert checkin_success, f"Checkin for account {account_id} failed with API response result: {checkin_result}"
logger.info(f'Successfully checked in the password for account {account_id} with API response result:'
f' {checkin_result} and success: {checkin_success}')
def test_checkin_password_for_managed_account_from_workspace(
core_session, setup_pas_system_for_unix, core_admin_ui):
"""
TC: C2503 - Checkin password for managed account from Workspace page
:param core_session: Authenticated Centrify Session.
:param setup_pas_system_for_unix: Adds and yields uuid of a Unix system and account associated to it.
"""
added_system_id, account_id, sys_info = setup_pas_system_for_unix
co_result, co_success = ResourceManager.check_out_password(
core_session, 1, account_id, "checkout test")
assert co_success, f"Account checkout failed with APi response result: {co_result}."
ui = core_admin_ui
ui.navigate(['Workspace', 'My Password Checkouts'])
ui.check_row_by_guid(co_result["COID"])
ui.action('Checkin')
logger.info(
f'Password for {account_id} has been checked-in from workspace page.')
result, success = ResourceManager.check_in_password(
core_session, account_id)
assert success is False, "Password checkin from workspace page failed"
logger.info('Password successfully checked-in from workspace page.')
def test_check_in_password_un_managed_account(core_session, pas_windows_setup,
pas_config):
"""
Test case: C2553 Check in password for the un managed account
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param pas_config: fixture for fetching up the value from yaml.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Checking out the password and validating the password.
password_checkout_result, password_checkout_success = ResourceManager.check_out_password(
core_session, 1, accountid=account_id)
assert password_checkout_result['Password'] == user_password, \
f"password checkout Failed. API response result: {password_checkout_result}"
logger.info(
f"password successfully checkout Account password: {password_checkout_result['COID']}"
)
# Checking in password.
password_check_in_result, password_check_in_success = ResourceManager.check_in_password(
core_session, coid=password_checkout_result['COID'])
assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}"
logger.info(
f"password successfully check in for account: {password_check_in_result}"
)
# Checking the activity.
username = core_session.get_user().get_login_name()
result_activity = ResourceManager.get_system_activity(
core_session, system_id)
assert f'{username} checked in local account "{sys_info[4]}" password for system "{sys_info[0]}"' \
f'({sys_info[1]})' in result_activity[0]['Detail'], \
"Fail to check in password:API response result: {password_check_in_result} "
logger.info(f"account activity list:{result_activity}")
def test_checkin_password_for_unmanaged_account(core_session,
add_database_with_account):
"""
Test case: C1104
:param core_session: Authenticated centrify session
:param add_database_with_account: fixture to create database with account as optional.
"""
db_name, db_id, db_account_id, db_data, database_cleaner_list, sql_account_cleaner_list = \
add_database_with_account(db_class='sql', add_account=True)
checkout_result, status = ResourceManager.check_out_password(
core_session, lifetime=15, accountid=db_account_id)
assert status, f'failed to checkout account {db_data["db_account"]} password. returned result is {checkout_result}'
assert checkout_result['Password'] == db_data[
'password'], "Checked out password dose'nt match the actual password"
logger.info(f'{db_data["db_account"]} password check out successfully.')
result, status = ResourceManager.check_in_password(core_session,
checkout_result['COID'])
assert status, f'failed to checkin password for account {db_data["db_account"]}, return result is {result}'
logger.info(
f'account {db_data["db_account"]} password checked in successfully')
acc_activity = RedrockController.get_account_activity(
core_session, db_account_id)
assert f'{core_session.auth_details["User"]} checked in database account "{db_data["db_account"]}" password for ' \
f'database "{db_name}"' in \
acc_activity[0]['Detail'], f"no activity of checkout found for account {db_data['db_account']}"
logger.info(
f"There is a checkout record for the account {db_data['db_account']} in activity"
)
for activity in acc_activity:
assert 'Reason: Change password after checked-in' not in activity[
'Detail'], f'activity for change password behavior found.'
logger.info('activity for change password behavior not found.')
def test_checkout_password(core_session, pas_config, cleanup_resources,
cleanup_accounts, remote_users_qty1):
"""TC C2554 - Checkout password for a windows managed account from Accounts page
trying to Checkout password for a windows managed account from Accounts page
Steps:
Pre: Create system with 1 manage account hand
1. Try to Checkout password for an account
-Assert Failure
2. Try to check my password checkouts in workspace
-Assert Failure
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
success, response = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='RpcOverTcp')
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{add_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, add_user_in_target_system[0])
assert server_id == add_sys_result, "Server was not created"
assert acc_id == acc_result, "Account was not created"
res, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Failed to add account in the portal: {res}"
password_checkout_result, password_checkout_success = \
ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
assert password_checkout_result['Password'] != user_password, \
f"expected password equal to actual password: {password_checkout_result}"
logger.info(
f"password successfully checkout Account password: {password_checkout_result}"
)
my_password_checkout = RedrockController.get_total_checkouts(core_session)
created_date_json = str(my_password_checkout[0]['LoanDate'])
ResourceManager.get_date(created_date_json)
check_out_details = []
for i in my_password_checkout:
if i['Summary'] in f'{add_user_in_target_system[0]} ({sys_name})':
check_out_details.append(i['Summary'])
assert check_out_details[0] == f'{add_user_in_target_system[0]} ({sys_name})',\
"fail to checkout password from workspace"
logger.info(
f"password successfully checkout Account password::{my_password_checkout}"
)
accounts_list.append(acc_result)
password_check_in_result, password_check_in_success = ResourceManager.check_in_password(
core_session, coid=password_checkout_result['COID'])
assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}"
logger.info(
f"password successfully check in for account: {add_user_in_target_system[0]}"
)
