def test_cancel_update_password(core_session, pas_windows_setup,
core_admin_ui):
"""
TC:C2203 Cancel to update password
:param core_admin_ui: Return a browser session.
:param core_session: Return API session.
:param:pas_windows_setup: Returning a fixture.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# UI Launch.
ui = core_admin_ui
ui.navigate('Resources', 'Accounts')
ui.search(sys_info[0])
ui.right_click_action(GridRow(sys_info[0]), "Update Password")
ui.switch_context(Modal())
update_password = f'{"test1@"}{guid()}'
ui.input("Password", update_password)
ui.button('Cancel')
result = ui.check_exists(Div('An unknown error occurred'))
assert result is False, f'Error message popups appears.'
logger.info("Successfully cancel without pop error message")
def test_ends_with_search(core_session, core_admin_ui,
cleanup_secrets_and_folders, pas_general_secrets):
"""
C3061: Ends with search
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch the browser with cloud admin
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
params = pas_general_secrets
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
suffix = guid()
# Creating folder
folder_success, folder_parameters, folder_id = create_folder(
core_session, params['name'] + suffix, params['description'])
assert folder_success, f'Failed to create folder, API response result: {folder_id}'
logger.info(
f'Folder created successfully: {folder_id} & details are {folder_parameters}'
)
folder_list.append(folder_id)
folder_name = folder_parameters['Name']
# Creating secret
added_secret_success, details, added_secret_id = create_text_secret(
core_session, params['secret_name'] + suffix, params['secret_text'])
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {details, added_secret_id}')
secrets_list.append(added_secret_id)
ui = core_admin_ui
ui.navigate('Resources', 'Secrets')
# Searching for secrets & folder
ui.search(suffix)
ui.expect(GridRow(folder_name),
f' Expect to find folder {folder_name} but could not')
ui.expect(
GridRowByGuid(added_secret_id),
f' Expect to find secret with id as {added_secret_id} but could not')
logger.info(
f'Both folder {folder_name} & secret {added_secret_id} are successfully visible'
)
# Getting permissions of folder
permissions = SetsManager.get_collection_rights(core_session, folder_id)
assert permissions["Result"], \
f'Failed to get permissions for folder, API response result:{permissions["Result"]}'
logger.info(f'Permissions of the folder created: {permissions}')
# Getting permissions of secret
permissions_secret = get_users_effective_secret_permissions(
core_session, added_secret_id)
assert permissions_secret,\
f'Failed to get permissions for secret, API response result: {permissions_secret}'
logger.info(f' Permissions for Secret: {permissions_secret}')
def test_privilege_elevation_command_assignment_works_at_all_three_scopes(
test_agent, pe_global_command_assignment_cleaner_by_user,
create_manual_set, cds_ui, cds_session, core_session):
ui, user = cds_ui
session, _ = cds_session
main_admin_session = core_session
main_admin_user = main_admin_session.get_user()
# Make sure the users global assignments will be cleaned up
pe_global_command_assignment_cleaner_by_user.append(user.get_id())
server_id = test_agent.computerUuid
logger.info(f'Server guid for vritual agent {server_id}')
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount,' \
'ManagePrivilegeElevationAssignment'
agent_server_set = create_manual_set(session,
'Server',
object_ids=[server_id])
# Give all permissions to the admin
result = SetsManager.set_collection_resource_permissions(
session, permission_string, user.get_login_name(), user.get_id(),
agent_server_set["ID"], "User")
assert result[
'success'], "setting admin collection permissions failed: " + result
set_name = agent_server_set['Name']
# Create an assignment at global scope
ui.navigate('Settings', 'Resources', 'Security',
'Global Privilege Elevation')
ui.launch_modal('Add', 'Select User, Group, or Role')
ui.search(user.get_login_name())
ui.check_row(user.get_login_name())
ui.close_modal('Add')
ui.save()
global_assignment_selector = GridCell('Global').inside(
GridRow(user.get_login_name()))
# Create an assignment at collection scope
ui.navigate('Resources', 'Systems')
ui.set_action(set_name, "Modify")
ui.tab('Member Privilege Elevation')
ui.expect(
global_assignment_selector,
'Inherited command from global is not present even though we just created it.'
)
ui.launch_modal('Add', 'Select User, Group, or Role')
ui.search(user.get_login_name())
ui.check_row(user.get_login_name())
ui.close_modal('Add')
ui.save()
collection_assignment_selector = GridCell(f'{set_name}').inside(
GridRow(user.get_login_name()))
# Look at the PE tab on the server, make sure inherited assignments are there and add another.
ui.navigate('Resources', 'Systems')
ui.click_row_by_guid(server_id)
ui.tab('Privilege Elevation')
ui.expect(
global_assignment_selector,
'Inherited command from global is not present even though we just created it.'
)
ui.expect(
collection_assignment_selector,
'Inherited command from collection is not present even though we just created it.'
)
ui.launch_modal('Add', 'Select User, Group, or Role')
ui.search(main_admin_user.get_login_name())
ui.check_row(main_admin_user.get_login_name())
ui.close_modal('Add')
ui.save()
system_direct_selector = GridRow(main_admin_user.get_login_name())
# Look at the server directly, make sure all assignments still there.
ui.navigate('Resources', 'Systems')
ui.click_row_by_guid(server_id)
ui.tab('Privilege Elevation')
ui.expect(
global_assignment_selector,
'Inherited command from global is not present even though we just created it.'
)
ui.expect(
collection_assignment_selector,
'Inherited command from collection is not present even though we just created it.'
)
ui.expect(
system_direct_selector,
'Command assignment directly on system not present even though we just created it.'
)
def done(self):
self.ui.step("Done")
self.ui.switch_context(ActiveMainContentArea())
self.ui.expect(GridRow(self.name), f'Could not find grid row for cloud provider {self.name} after wizard completed')
# Make sure we always keep track of the cloud provider id we created for later cleanup
self._cloud_provider_db_row()
def test_privilege_elevation_workflow_can_be_enabled_by_sys_admin(
test_agent, cds_ui, cds_session, core_session):
ui, ui_user = cds_ui
session, user = cds_session
main_admin_session = core_session
main_admin_user = main_admin_session.get_user()
server_id = test_agent.computerUuid
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount'
result, success = ResourceManager.assign_system_permissions(
main_admin_session, permission_string, ui_user.get_login_name(),
ui_user.get_id(), "User", server_id)
# Create an assignment at collection scope
ui.navigate('Resources', 'Systems')
ui.click_row_by_guid(server_id)
ui.tab('Workflow')
ui.select_option('PrivilegeElevationWorkflowEnabled', 'Yes')
ui.switch_context(Component('privilegeElevationApproverGrid'))
ui.button('Add')
ui.select_option('Type', 'Specified User or Role')
ui.launch_modal(Button('Add', 'inlineAddButton'), 'Select User or Role')
ui.search(user.get_login_name())
ui.check_row(user.get_login_name())
ui.close_modal('Add')
ui.save()
time.sleep(20)
request_settings = {
'assignment_type': 'Temporary',
'start_grant_value': '10',
'end_grant_value': '50',
'start_time_interval': 'hours',
'start_time_interval_value': 60,
'end_time_interval': 'hours',
'end_time_interval_value': 60,
'ticket': '1'
}
# Request twice so we can approve/reject
_request_pe_permission(ui, request_settings, server_id)
_request_pe_permission(ui, request_settings, server_id)
jobs, is_get = WorkflowManager.get_my_jobs(session)
request_jobs = []
options = None
for i in jobs:
if i['Row']['Context']['Scope'] == server_id:
job = i['Row']
request_jobs.append(job)
options = job['Context']['RequestedOptions']
assert options['StartGrantValue'] == int(
request_settings['start_grant_value']
), f'StartGrantValue is not correct in job context compared to ui entry'
assert options['EndGrantValue'] == int(
request_settings['end_grant_value']
), f'EndGrantValue is not correct in job context compared to ui entry'
assert options['StartTimeInterval'] == request_settings[
'start_time_interval_value'], f'StartTimeInterval is not correct in job context compared to ui entry'
assert options['EndTimeInterval'] == request_settings[
'end_time_interval_value'], f'EndTimeInterval is not correct in job context compared to ui entry'
approve_job = request_jobs[0]
ui.navigate('Access', 'Requests')
ui.click_row_by_guid(approve_job['ID'])
ui.launch_modal('Approve', 'Approve Privilege Elevation Request')
time.sleep(20)
ui.button(
'Submit',
expectations={
'click_element_should_dissapear': True,
'seconds_to_wait': 60 #because Azure
})
job = WorkflowManager.get_my_job(session, approve_job['ID'])
assert job[
'TargetPrincipalAction'] == 'Approved', f'PE workflow request should have been approved after UI interaction but it is not'
reject_job = request_jobs[1]
ui.navigate('Access', 'Requests')
ui.click_row_by_guid(reject_job['ID'])
ui.launch_modal('Reject', 'Reject Privilege Elevation Request')
ui.input('Reason', 'Not today')
time.sleep(20)
ui.button(
'Submit',
expectations={
'click_element_should_dissapear': True,
'seconds_to_wait': 60 #because Azure
})
job = WorkflowManager.get_my_job(session, reject_job['ID'])
assert job[
'TargetPrincipalAction'] == 'Rejected', f'PE workflow request should have been approved after UI interaction but it is not'
system_direct_selector = GridRow(user.get_login_name())
# Look at the server directly, make sure the system assignment via workflow is there.
ui.navigate('Resources', 'Systems')
ui.click_row_by_guid(server_id)
ui.tab('Privilege Elevation')
ui.expect(
system_direct_selector,
'Command assignment directly on system not present even though we just created it.'
)
time.sleep(20)