def test_create_file_secret_with_valid_parameters_allowed_admin_rights( users_and_roles, secret_cleaner, administrative_right): session = users_and_roles.get_session_for_user(administrative_right) secret_prefix = guid() secret_parameters = { 'SecretName': secret_prefix + '_test_file_secret', 'Description': secret_prefix + ' my secret description' } logger.info(f'Creating secret {secret_parameters["SecretName"]}') local_secret_path = get_asset_path('test_secret_upload.txt') result = create_file_type_secret(session, secret_parameters, local_secret_path) assert result[ 'success'] is True, f'Failed to create file type secret {secret_parameters["SecretName"]}, response {json.dumps(result)}' secret_id = result['Result'] secret_cleaner.append(secret_id) secret_data = find_secret_by_id(session, secret_id) assert secret_data is not False, 'Could not find secret in return results from secret get endpoint' secret_file_contents = get_file_secret_contents(session, secret_id) secret_local_file_contents = open(local_secret_path, 'r').read() assert secret_file_contents == secret_local_file_contents, 'The remote secret contents do not match the local secret contents'
def test_bulk_account_delete_generates_secret_with_ssh_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts( core_session, 2, 2, list_of_created_systems, system_prefix=f'test_ssh', user_prefix=f'test_usr_ssh') all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1]) secret_name = "TestSecret-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() result, success = ResourceManager.del_multiple_accounts( core_session, all_accounts, save_passwords=True, secret_name=secret_name) assert success, "Api did not complete successfully for bulk account delete MSG: " + result ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "Secret not found" secret_cleaner.append(secret_id) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "Expected zero added accounts remain" user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts ), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("AutomationTestKey") == len( all_accounts ), f"Secret file contained the wrong number of keys {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_delete_cloud_provider_secret(core_session, fake_cloud_provider_root_account, fake_cloud_provider, secret_cleaner): account_id, username, password, cloud_provider_id, test_did_cleaning = fake_cloud_provider_root_account name, desc, cloud_provider_id, cloud_account_id, test_did_cleaning = fake_cloud_provider account_name = f"acctname{guid()}" account_id, success = ResourceManager.add_account_cloud_provider( core_session, account_name, "", cloud_provider_id) assert success, f"Account addition failed with API response result {account_id}" key_secret = "kjshakjsakjasgfkjysgkjagfkjsakjgfakjsf" result, success = CloudProviderManager.set_mfa_token( core_session, account_id, key_secret) assert success, f"Failed to set mfa token {result}" secret_name = f"SecretName{guid()}" result, success = CloudProviderManager.delete_cloud_providers( core_session, [cloud_provider_id], save_passwords=True, secret_name=secret_name) assert success, f"Failed to delete cloud provider with response {result}" test_did_cleaning() ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user = core_session.get_user() user_name = user.get_login_name() user_id = user.get_id() result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert username in secret_file_contents, f"username absent from secret file {secret_file_contents}" assert password in secret_file_contents, f"password absent from secret file {secret_file_contents}" assert cloud_provider_id in secret_file_contents, f"cloud_provider_id absent from secret file {secret_file_contents}" assert account_name in secret_file_contents, f"account_name absent from secret file {secret_file_contents}" assert key_secret in secret_file_contents, f"mfa secret absent from secret file {secret_file_contents}"
def test_bulk_system_delete_generates_secret(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 3, list_of_created_systems) batch3 = ResourceManager.add_multiple_ssh_systems_with_accounts(core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) all_non_ssh_systems, all_non_shh_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = RedrockController.get_query_for_ids('Server', all_systems) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, True, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.strip().count("\n") == len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_non_shh_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" # Commenting following assert as AutomationTestKey is not available in secret_file_contents, Tested on both AWS, # Azure devdog tenants # assert 'AutomationTestKey' in secret_file_contents, f"Name of SSH key did not appear in secret file {secret_file_contents}" for server_id in all_non_ssh_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_non_shh_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_bulk_system_delete_generates_secret_with_garbage_in_list(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() clean_delete_system_ids = list(all_systems) delete_system_ids = ["foo", "", clean_delete_system_ids[2]] + clean_delete_system_ids + ["!@#$%^&*()", "1", "?", "Jason Alexander", "bar"] ResourceManager.del_multiple_systems(core_session, delete_system_ids, savepasswords=True, secretname=secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("bsd_tst_usr_") == len( all_accounts), f"Secret file contained the wrong number of accounts {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"