def test_move_folders(core_session, secret_folder,
cleanup_secrets_and_folders):
"""Tests that movign a secret works
Steps:
1. Add a folder
-Verify Success
2. Move the folder
-Verify Success
3. Get info
- Verify information is correct
"""
add_folder_success, folder_params, folder_id = create_secret_folder(
core_session, "FolderName" + guid() + str(datetime.time()))
assert add_folder_success, f"User was able to create a folder in a folder they did not create, should have failed, response {json.dumps(folder_params)}"
cleanup_secrets_and_folders[1].append(folder_id)
move_result = move_folder(core_session, folder_id, secret_folder['ID'])
assert move_result[
'success'], f"Failed to move secret folder {folder_params['Name']} to folder {secret_folder['Name']}, resposne {json.dumps(move_result)}"
move_result = move_folder(core_session, folder_id, "")
assert move_result[
'success'], f"Failed to move secret folder {folder_params['Name']} to folder {secret_folder['Name']}, resposne {json.dumps(move_result)}"
def test_move_folder_into_a_similarly_named_folder(core_session,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
C3042: test method to create folders B1,B11,B1.1 at same level
1) Move Folder B1 to B11 & verify move is successful.
2) Move Folder B1 to B1.1 & verify move is successful.
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
params = pas_general_secrets
prefix = guid()
folder_list = cleanup_secrets_and_folders[1]
# Creating folder B1
folder_success, folder_parameters, folder_id = create_folder(
core_session,
prefix + params['folder_name_move'],
params['description'])
assert folder_success, f'Failed to create a folder with b1:{folder_parameters["Message"]}'
logger.info(f' Folder b1 created successfully: {folder_success} & details are {folder_parameters}')
folder_list.insert(0, folder_id)
# Creating folder B11
new_folder_success, new_folder_parameters, new_folder_id = create_folder(
core_session,
prefix + params['folder_name_move_simi'],
params['description'])
assert new_folder_success, f'Failed to create a folder with b11:{new_folder_id}'
logger.info(f' New Folder b11 created successfully: {new_folder_success} & details are {new_folder_parameters}')
folder_list.insert(1, new_folder_id)
# Creating folder B1.1
success, parameters, id_folder = create_folder(
core_session,
prefix + params['folder_name_move_similar'],
params['description'])
assert success, f'Failed to create a folder with b1.1 {parameters["Message"]}'
logger.info(f' Folder b1.1 created successfully: {success} & details are {parameters}')
# As the cleanup is not working accordingly due to multiple moves so ids are
# inserted like this
folder_list.insert(2, id_folder)
# Moving Folder B1 into B11
result_move = move_folder(core_session, folder_id, new_folder_id)
assert result_move['success'], f'Not Able to Move Folder B1 into B11: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
# Moving Folder B1 into B1.1
result_move = move_folder(core_session, folder_id, id_folder)
assert result_move['success'], f'Not Able to Move Folder B1 into B1.1: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
def test_move_permissions(core_session, get_admin_user_function,
cleanup_secrets_and_folders, secret_folder):
"""Tests moving folders with permissions
Steps:
1. Have the admin add a folder
-Verify Succes
2.Have core set permissions on seperate folder
-Verify Success
3. Try to let admin move an item into that folder
-Verify Failure (No Edit Permission yet)
4. Give user Edit Permission
-Verify Success
5. Let admin try to move them folders
-Verify Success
"""
admin_sesh, admin_user = get_admin_user_function
fol_name = 'test_folder' + guid()
add_folder_success, folder_params, folder_id = create_secret_folder(
core_session, fol_name)
assert add_folder_success, f"User was able to create a folder in a folder they did not create, should have failed, response {json.dumps(folder_params)}"
cleanup_secrets_and_folders[1].append(folder_id)
give_perm_result = give_user_permissions_to_folder(
core_session, admin_user.get_login_name(), admin_user.get_id(),
secret_folder['ID'], "View,Edit,Grant")
assert give_perm_result[
'success'], f"Core Session Should have been able to give User Permission to folder {secret_folder['Name']}"
move_result = move_folder(admin_sesh, secret_folder['ID'], folder_id)
assert not move_result['success']
give_perm_result = give_user_permissions_to_folder(
core_session, admin_user.get_login_name(), admin_user.get_id(),
secret_folder['ID'], "View,Edit,Grant")
assert give_perm_result[
'success'], f"Core Session Should have been able to give User Permission to folder {secret_folder['Name']}"
give_perm_result = give_user_permissions_to_folder(
core_session, admin_user.get_login_name(), admin_user.get_id(),
folder_id, "View,Add")
assert give_perm_result[
'success'], f"Core Session Should have been able to give User Permission to folder {secret_folder['Name']}"
move_result = move_folder(admin_sesh, secret_folder['ID'], folder_id)
assert move_result[
'success'], f"User should have been able to move folder {secret_folder['ID']} to {folder_id}, response {json.dumps(move_result)}"
def test_move_top_level_folder_into_another_folder(
core_session, create_secret_inside_folder, create_folder_inside_folder,
cleanup_secrets_and_folders):
"""
C284025: test method to Move parent folder into another folder
1) Move one folder into another folder & Verify move is successfully including secret
:param core_session: Authenticated Centrify Session
:param create_secret_inside_folder: Fixture to create secret inside Folder & yields folder & secret related details
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
# Move root Folder to another root Folder.
logger.info(
f'Moving Folder {folder_name} into Folder:{parent_folder_info}')
result_move = move_folder(core_session, folder_id_list[1],
nested_folder_id)
assert result_move['success'], \
f'Not Able to move Folder into another Folder, API response result: {result_move["Result"]}'
logger.info(
f'Moved Folder {folder_id_list[1]} into another Folder:{nested_folder_id} successfully'
)
folder_list.insert(0, folder_list.pop(1))
# Getting moved folder name inside folder or nested folder to verify.
moved_folder = get_secrets_and_folders_in_folders(core_session,
nested_folder_id)
moved_folder_name = moved_folder["Result"]["Results"][0]["Row"]["Name"]
assert moved_folder_name == folder_name, f'Failed to get the moved folder{moved_folder_name} inside the folder'
logger.info(
f'Moved folder {moved_folder_name} get successfully inside the folder')
def test_move_folder_and_contents_to_another_folder_verify_activity(core_session,
create_secret_inside_folder,
create_folder_inside_folder,
cleanup_secrets_and_folders):
"""
C3068: test method to Move folder and contents to another folder verify activity
1) Move top level folder into a nested folder
2) Verify you can logged the activity of the folder moved
:param core_session: Authenticated Centrify Session
:param create_secret_inside_folder: Fixture to create secret inside Folder & yields folder & secret related details
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
logger.info(f'{folder_id_list}')
# Moving Top Level Folder into another Sub Folder
result_move = move_folder(core_session, folder_id_list[1], nested_folder_id)
assert result_move['success'], \
f'Not Able to move Folder into Sub Folder, API response result: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
folder_list.insert(0, folder_list.pop(1))
activity_rows = get_folder_activity(core_session, folder_id_list[0])
verify_move_activity = 'moved the folder'
assert verify_move_activity in activity_rows[0]['Detail'], f'Failed to verify the activity:{activity_rows}'
logger.info(f'Replace activity found for secret {activity_rows}')
def test_move_top_level_folder_into_another_folder(
core_session, create_secret_inside_folder, create_folder_inside_folder,
pas_general_secrets, cleanup_secrets_and_folders):
"""
C3035: test method to Move top level folder into another folder
1) Move top level folder into another top level folder & Verify move is successful
2) Move top level folder into a sub folder & Verify move is successful
:param core_session: Authenticated Centrify Session
:param create_secret_inside_folder: Fixture to create secret inside Folder & yields folder & secret related details
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_params = pas_general_secrets
folder_prefix = guid()
folder_list = cleanup_secrets_and_folders[1]
# Creating folder
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder, API response result:{secret_folder_id}'
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
folder_list.insert(2, secret_folder_id)
# Moving Top Level Folder into another Sub Folder
result_move = move_folder(core_session, folder_id_list[1],
nested_folder_id)
assert result_move['success'], \
f'Not Able to move Folder into Sub Folder, API response result: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
folder_list.insert(0, folder_list.pop(1))
# Moving Top Level Folder into another Root Folder
result_move = move_folder(core_session, secret_folder_id,
folder_id_list[3])
assert result_move['success'], \
f'Not Able to move Folder into Root Folder, API response result: {result_move["Result"]}'
logger.info(f'Moving Folder into Root Folder:{result_move["Message"]}')
def test_add_folder_permission_on_destination_folder_to_move_into_it(
core_session, users_and_roles, create_secret_folder,
pas_general_secrets, cleanup_secrets_and_folders):
"""
C3033:test method to Login as Cloud admin
1) Disable "ADD" permissions for user A
2) Login As User A
3) Move an existing folder to a destination folder(without ADD permissions) should Fail
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_folder: Fixture to create secret Folder & yield folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folders_list = cleanup_secrets_and_folders[1]
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folder_prefix = guid()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to set permissions with folder
permissions = give_user_permissions_to_folder(core_session, user_name,
user_id, folder_id,
'View,Edit')
assert permissions[
'success'], f'Not able to set permissions to folder:{permissions["Result"]}'
logger.info(f'Permissions to folder: {permissions}')
# Creating new folder with pas_power_user_session
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
pas_power_user_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder{secret_folder_parameters["Message"]} '
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
folders_list.append(secret_folder_id)
# Api to move Folder(without ADD permissions) into Folder
result_move = move_folder(pas_power_user_session, secret_folder_id,
folder_id)
assert result_move[
'success'] is False, f'Able to move the secret into Folder: {result_move["Result"]}'
logger.info(
f'Moving Folder without ADD permissions:{result_move["Message"]}')
def test_inherited_folder_permissions_should_be_removed_if_you_move_away_from_parent(
core_session, create_folder_inside_folder, pas_general_secrets,
cleanup_secrets_and_folders, users_and_roles):
"""
C3052: Inherited folder permissions should be removed if you move away from parent
:param core_session: Authenticated Centrify Session
:param create_folder_inside_folder: Fixture to create folder inside parent folder
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User rights
"""
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
parent_folder_id = parent_folder_info['ID']
folder_prefix = guid()
params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['name'],
params['description'],
parent=nested_folder_id)
assert child_folder_success, f'Failed to create child folder, API response result:: {child_folder_id}'
logger.info(
f'Child Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
folders_list.insert(0, child_folder_id)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder(View,Delete,Edit)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View,Delete,Edit')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give user permissions to nested folder(View,Add )
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, nested_folder_id, 'View,Add')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to , API response result: {user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Getting permissions of child folder(should inherit from parent)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Edit, Delete, Add'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
# Moving Nested Folder into Top Level Secrets
result_move = move_folder(pas_power_user_session, nested_folder_id)
assert result_move[
'success'], f'Not Able to Move Folder B1 into B11, API response result:: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move}')
# Getting permissions of child folder(should inherit from nested folder)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Add'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
def test_move_mfa_enabled_folder_to_non_mfa_enabled_folder(
core_session, pas_general_secrets, create_secret_inside_folder,
create_folder_inside_folder, cleanup_secrets_and_folders,
clean_up_policy):
"""
C284026: test method to move Source parent has MFA, destination no MFA, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
suffix = guid()
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
update_folder_name = secrets_params['mfa_folder_name_update'] + suffix
challenges = ["UP", ""]
# creating a new Authentication profile
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id_list[1],
folder_name,
update_folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move Folder with Mfa Authentication
result_folder_result = move_folder(core_session, folder_id_list[1],
nested_folder_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_folder_result['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
# After Authenticating of MFA move mfa enabled folder to the non mfa enabled folder.
moved_success, moved_result = move_folder_by_using_mfa(
core_session,
folder_id_list[1],
target_folder_info=nested_folder_id,
ChallengeStateId=result_folder_result['Result']['ChallengeId'])
assert moved_success, f'User: {user_name} Not Able to move mfa enabled folder' \
f' to the non mfa enabled folder: {moved_result}'
logger.info(
f'User: {user_name} moved mfa enabled folder: {update_folder_name} successfully '
f'to the non mfa enabled folder:')
folder_list.insert(0, folder_list.pop(1))
# Verifying mfa enabled folder moved successfully or not, inside non mfa enabled folder.
moved_folder = get_secrets_and_folders_in_folders(core_session,
nested_folder_id)
moved_folder_name = moved_folder["Result"]["Results"][0]["Row"]["Name"]
assert moved_folder_name == update_folder_name, f'Failed to get the moved folder{moved_folder_name} ' \
f'inside the folder'
logger.info(
f'Moved folder {moved_folder_name} get successfully inside the folder')
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_list[0],
update_folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_mfa_on_moved_folder(core_session, pas_general_secrets,
create_secret_inside_folder,
create_folder_inside_folder,
cleanup_secrets_and_folders, clean_up_policy):
"""
C284029: MFA on moved folder should challenge and be moved over too.
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
challenges1 = ["UP", ""]
challenges2 = ["UP,SQ", ""]
# creating First Authentication profile
create_first_profile = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + guid(), challenges1, 0,
0)
assert create_first_profile, f'Failed to create policy, API response result:{create_first_profile}'
logger.info(f' Creating first policy:{create_first_profile}')
clean_up_policy.append(create_first_profile)
# creating second Authentication profile
create_second_profile = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + guid(), challenges2, 0,
0)
assert create_second_profile, f'Failed to create policy, API response result:{create_second_profile}'
logger.info(f' Creating second policy:{create_second_profile}')
clean_up_policy.append(create_second_profile)
# Applying MFA on Folder
result = update_folder(
core_session,
parent_folder_info['ID'],
parent_folder_info['Name'],
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'],
policy_id=create_second_profile)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Applying MFA on another Folder
result = update_folder(
core_session,
folder_id_list[1],
folder_name,
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'],
policy_id=create_first_profile)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move one mfa enabled folder to another mfa enabled folder.
logger.info(
f'Moving Folder {folder_name} into Folder:{parent_folder_info}')
result_folder_result = move_folder(core_session, folder_id_list[1],
parent_folder_info['ID'])
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_folder_result['Result']['ChallengeId'])
assert session, "Failed to ask MFA"
logger.info("Successfully asked MFA")
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info("Password Authentication Success")
# After Authenticating of MFA move mfa enabled folder to the mfa enabled folder.
moved_success, moved_result = move_folder_by_using_mfa(
core_session,
folder_id_list[1],
target_folder_info=parent_folder_info['ID'],
ChallengeStateId=result_folder_result['Result']['ChallengeId'])
assert moved_success, f'User: {user_name} Not Able to move mfa enabled folder' \
f' to the other mfa enabled folder: {moved_result}'
logger.info(f'User: {user_name} moved mfa enabled folder: successfully '
f'to the other mfa enabled folder:')
folder_list.insert(0, folder_list.pop(1))
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Removing MFA on Folder
result = update_folder(
core_session,
parent_folder_info['ID'],
parent_folder_info['Name'],
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["success"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_edit_permission_on_source_to_move_folder(core_session,
users_and_roles,
create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
C3034: test method to Login as Cloud Admin
1) Enable "Edit" permission on a folder for UserA Then Login as UserA
Move folder for User A & verify the move is successful
2) Disable "Edit" permission on a folder for UserA Then Login as UserA
Move folder for User A & verify the move is unavailable & unsuccessful
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_folder: Fixture to create secret Folder & yield folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folders_list = cleanup_secrets_and_folders[1]
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folder_prefix = guid()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to set permissions with folder(without EDIT)
permissions = give_user_permissions_to_folder(core_session, user_name,
user_id, folder_id, 'View')
assert permissions[
'success'], f'Not able to set permissions to folder:{permissions["Result"]}'
logger.info(f'Permissions to folder: {permissions}')
# Creating new folder with pas_power_user_session
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
pas_power_user_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder{secret_folder_id} '
logger.info(
f'Folder created for pas_power_user_session: {secret_folder_success}')
folders_list.append(secret_folder_id)
# Api to move Folder should Fail
result_move = move_folder(pas_power_user_session, folder_id,
secret_folder_id)
assert result_move[
'success'] is False, f'Able to move the Folder: {result_move["Result"]}'
logger.info(f'Failed to Move the Folder :{result_move["Message"]}')
# Api to set permissions with folder(with EDIT)
permissions = give_user_permissions_to_folder(core_session, user_name,
user_id, folder_id,
'View,Edit')
assert permissions[
'success'], f'Not able to set permissions to folder:{permissions["Result"]}'
logger.info(f'Permissions to folder: {permissions}')
# Api to move Folder should pass
result_move = move_folder(pas_power_user_session, folder_id,
secret_folder_id)
assert result_move[
'success'], f'Not Able to move the folder: {result_move["Result"]}'
logger.info(f'Folder Moved successfully :{result_move["Message"]}')
def test_move_no_mfa_enabled_folder_to_mfa_enabled_folder(
core_session,
pas_general_secrets,
create_secret_inside_folder,
create_folder_inside_folder,
cleanup_secrets_and_folders,
clean_up_policy):
"""
C284027: test method to Move no mfa enabled folder to mfa enabled folder, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
update_folder_name = secrets_params['mfa_folder_name_update'] + suffix
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(core_session, secrets_params['policy_name'] + suffix,
challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session, parent_folder_info['ID'],
parent_folder_info['Name'],
update_folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result['success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move no mfa enabled folder to mfa enabled folder.
logger.info(f'Moving Folder {folder_name} into Folder:{parent_folder_info}')
result_move = move_folder(core_session, folder_id_list[1], nested_folder_id)
assert result_move['success'], \
f'Not Able to move no mfa enabled folder to mfa enabled folder, API response result: {result_move["Result"]}'
logger.info(f'Moved successfully non mfa enabled Folder {folder_id_list[1]} to'
f'mfa enabled folder:{nested_folder_id}')
folder_list.insert(0, folder_list.pop(1))
# Verifying non mfa enabled folder moved successfully or not , inside mfa enabled folder.
moved_folder = get_secrets_and_folders_in_folders(core_session, nested_folder_id)
moved_folder_name = moved_folder["Result"]["Results"][0]["Row"]["Name"]
assert moved_folder_name == folder_name, f'Failed to get the moved folder{moved_folder_name} ' \
f'inside the folder'
logger.info(f'Moved folder {moved_folder_name} get successfully inside the folder')
# Removing MFA on Folder
result = update_folder(core_session, parent_folder_info['ID'],
parent_folder_info['Name'],
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result['success'], f'Not Able to remove MFA, API response result: {result["success"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_both_source_and_destination_have_mfa(core_session,
pas_general_secrets,
create_secret_inside_folder,
create_secret_folder,
clean_up_policy):
"""
C284028: Both source and destination have MFA
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_secret_folder: Fixture to create Folder & yields folder related details
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
suffix = guid()
folder_id_source, folder_name_source, secret_list = create_secret_inside_folder
secret_folder_details = create_secret_folder
folder_id_destination = secret_folder_details['ID']
folder_name_destination = secret_folder_details['Name']
challenges = ["UP", ""]
challenges_v2 = ["SQ", ""]
# creating a new Authentication profile
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# creating a new Authentication profile
policy_result_v2 = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + "v2" + suffix,
challenges_v2, 0, 0)
assert policy_result_v2, f'Failed to create policy, API response result:{policy_result_v2}'
logger.info(f' Creating new policy:{policy_result_v2}')
clean_up_policy.append(policy_result_v2)
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id_source[0],
folder_name_source,
folder_name_source,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id_destination,
folder_name_destination,
folder_name_destination,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result_v2)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move Folder with Mfa Authentication
result_folder_result = move_folder(core_session, folder_id_source[0],
folder_id_destination)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_folder_result['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
# After Authenticating of MFA move source folder with mfa to destination folder with mfa.
moved_success, moved_result = move_folder_by_using_mfa(
core_session,
folder_id_source[0],
target_folder_info=folder_id_destination,
ChallengeStateId=result_folder_result['Result']['ChallengeId'])
assert moved_success, f'Failed to verify Mfa challenged by source folder, API response result:{mfa_result} '
logger.info(
f'Successfully verified Mfa challenged by source folder: {moved_result}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_source[0],
folder_name_source,
folder_name_source,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result: {result["Message"]} '
logger.info(f'Successfully removed MFA for folder: {result}')
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_destination,
folder_name_destination,
folder_name_destination,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result: {result["Message"]} '
logger.info(f'Successfully removed MFA for folder: {result}')