def test_bulk_system_unenroll_job_fails_due_to_invalid_request_missing_all_fields(core_session, simulate_failure):
    if simulate_failure:
        request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict({}))
    else:
        request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
            {'SetQuery': "@@Favorites", 'SkipIfAgentReconciliationEnabled': True}))

    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_missing_all_fields(clean_bulk_delete_systems_and_accounts,
                                                                                core_session, simulate_failure,
                                                                                list_of_created_systems):
    ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)

    if simulate_failure:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({}))
    else:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
            {'SetQuery': "@@Favorites", 'SaveToSecrets': False, 'SecretName': ""}))

    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_missing_tag(clean_bulk_delete_systems_and_accounts,
                                                                         core_session, simulate_failure,
                                                                         list_of_created_systems):
    ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)

    if not simulate_failure:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
            {'SetQuery': "@@Favorites", 'SaveToSecrets': True, 'SecretName': "MySecretName"}))
    else:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE,
                                          Util.scrub_dict({'SetQuery': "@@Favorites", 'SaveToSecrets': True}))

    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert (not simulate_failure) == success, f"API success response not expected value, returned result {result}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_and_id_list(core_session, simulate_failure,
                                                                                 test_four_virtual_aapm_agents):
    agents, _ = test_four_virtual_aapm_agents
    _, server_ids = _setup_agents(core_session, agents)

    if simulate_failure:
        request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
            {'SetQuery': "@@Favorites", 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True}))
    else:
        request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
            {'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True}))

    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_no_query_or_ids_fast_track(
        clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems):
    batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems)
    delete_system_ids, unused_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch])

    if simulate_failure:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE,
                                          Util.scrub_dict({'SaveToSecrets': False, 'SecretName': "", 'RunSync': True}))
    else:
        sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids)
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict(
            {'SetQuery': sql_query, 'SaveToSecrets': False, 'SecretName': "", 'RunSync': True}))

    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_pe_can_execute_priv_command_user_not_exist(core_session,
                                                    cleanup_servers):
    session = core_session
    sys_name = "test_pe_can_execute_priv_command" + guid()
    sys_fqdn = "fqdn" + guid()
    added_system_id, system_success_status = ResourceManager.add_system(
        core_session,
        name=sys_name,
        fqdn=sys_fqdn,
        computerclass="Windows",
        sessiontype="Rdp")
    assert system_success_status, f'Adding system failed returned status {system_success_status}'
    logger.debug(f"Successfully added a System: {added_system_id}")
    cleanup_servers.append(added_system_id)

    args = Util.scrub_dict({
        'User': "******",
        'System': added_system_id,
        'Command': "sc stop cagent"
    })

    response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE,
                                  args)
    response_json = response.json()
    logger.info(
        f"Response from PE canExecutePrivilegeCommand: {response_json}")
    assert not response_json[
        'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}"
    assert response_json[
        'Message'] == "User userNotExist not found; they may have been deleted or the directory may be unavailable.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_account_delete_job_fails_with_request_query_returning_zero_rows_fast_track(
        clean_bulk_delete_systems_and_accounts, core_session, simulate_failure,
        list_of_created_systems):
    batch = ResourceManager.add_multiple_systems_with_accounts(
        core_session, 1, 1, list_of_created_systems)
    _, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values(
        [batch])
    # Invalid query for the failure case.
    if simulate_failure:
        sql_query = f"select * from VaultAccount where ID = '{guid()}'"
    else:
        sql_query = RedrockController.get_query_for_ids(
            'VaultAccount', delete_account_ids)

    params = Util.scrub_dict({
        'Ids': [],
        'SaveToSecrets': False,
        'SecretName': "",
        'SetQuery': sql_query,
        'RunSync': True
    })

    request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, \
        f'Invalid query bulk account delete request succeeded even though it should fail {result}'
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_string_fast_track(core_session, simulate_failure,
                                                                                       test_four_virtual_aapm_agents):
    agents, _ = test_four_virtual_aapm_agents
    _, server_ids = _setup_agents(core_session, agents)

    if simulate_failure:
        invalid_query = f"invalid query string"  # invalid sql query... should fail
        request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
            {'SetQuery': invalid_query, 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True}))
    else:
        valid_query = RedrockController.get_query_for_ids('Server', server_ids)
        request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict(
            {'SetQuery': valid_query, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True}))

    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
Exemple #9
0
def test_add_managed_proxy_account_on_system_setting_page(
        core_session, unix_machine_environment_config, ssh_session_as_root,
        create_unix_users, cleanup_resources_with_admin):
    """
    :param core_session: Authenticated Centrify session.
    :param create_unix_users: add unix users
    Note: previously two test cases exist here
      1. add manage proxy account in unix system
      2. un manage proxy account in unix system now only one test cases doing two things.
    """
    systems_list = cleanup_resources_with_admin
    conf = unix_machine_environment_config
    hostname = conf['host'] + "_" + Util.random_string(5)
    # add users on target system
    users = create_unix_users(ssh_session_as_root, "manage-unix", 1)
    logger.info("Users created " + str(len(users)))
    accountuser = users[0]
    new_system_id, add_system_success = ResourceManager.add_system(
        core_session, hostname, conf["ipaddress"], "Unix", "Ssh",
        "Unix system")
    assert add_system_success, "Add System Failed"
    logger.info(f"Added system Id {new_system_id}")
    systems_list.append(new_system_id)

    # Add manage proxy account
    result, success = ResourceManager.update_system(
        core_session,
        new_system_id,
        hostname,
        conf["ipaddress"],
        "Unix",
        proxyuser=accountuser['Name'],
        proxyuserpassword=accountuser['Password'],
        proxyuserismanaged=True)

    assert success, f"Unable to add a managed proxy user for {hostname}. API response result: {result}"
    logger.info(
        f"Managed proxy account {accountuser['Name']} added to Unix system: {hostname}"
    )

    # Changing managed proxy account to un managed
    unmanaged_result, unmanaged_success = ResourceManager.update_system(
        core_session,
        new_system_id,
        hostname,
        conf["ipaddress"],
        "Unix",
        proxyuser=accountuser['Name'],
        proxyuserpassword=accountuser['Password'],
        proxyuserismanaged=False)

    assert unmanaged_success, f"Unable to changed managed proxy user to un managed for Unix: {hostname}. API " \
                              f"response result: {result}"
    logger.info(
        f"Managed proxy account {accountuser['Name']} changed to 'Un managed' for {hostname}"
    )
def test_add_system_with_root_with_managed_proxy_account(
        core_session, unix_machine_environment_config,
        cleanup_resources_with_admin, cleanup_accounts, create_unix_users,
        ssh_session_as_root):
    """
    Test case : C279340
    :param ssh_session_as_root: session to create a user_account in unix
    :param cleanup_accounts: to delete all accounts
    :param cleanup_resources_with_admin: to delete the all the systems from portal
    :param unix_machine_environment_config: to get the unix system details
   :param core_session: Centrify session manager
    :param create_unix_users: fixture that provide created unix system data
    """
    systems_list = cleanup_resources_with_admin
    accounts_list = cleanup_accounts[0]
    conf = unix_machine_environment_config
    hostname = conf['host'] + "_" + Util.random_string(5)
    # add users on target system
    users = create_unix_users(ssh_session_as_root, "manage-unix", 2)
    logger.info("Users created " + str(len(users)))
    proxy_user = users[0]
    accountuser = users[1]
    new_system_id, add_system_success = ResourceManager.add_system(
        core_session, hostname, conf["ipaddress"], "Unix", "Ssh",
        "Unix system")
    assert add_system_success, "Add System Failed"
    logger.info(f"Added system Id {new_system_id}")
    systems_list.append(new_system_id)
    # Update system with proxy user
    update_sys_success, update_sys_result = ResourceManager.update_system(
        core_session,
        new_system_id,
        hostname,
        conf["ipaddress"],
        'Unix',
        proxyuser=proxy_user['Name'],
        proxyuserpassword=proxy_user['Password'],
        proxyuserismanaged=True)
    assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
    logger.info(f"Successfully update the system:{update_sys_result}")

    admin_account_id, add_account_success = ResourceManager.add_account(
        core_session, accountuser['Name'], accountuser['Password'],
        new_system_id)
    assert add_account_success, "Failed to create Account user: root"
    logger.info(f"Added root Account.  Id {admin_account_id}")
    accounts_list.append(admin_account_id)

    # Get computer details for update
    result = RedrockController.get_system(core_session, new_system_id)
    system = result[0]["Row"]
    is_managed = system['ProxyUserIsManaged']
    assert is_managed, f"Added account is not managed account"
def test_bulk_account_delete_job_fails_with_empty_request(core_session):
    params = Util.scrub_dict({
        'Ids': [],
        'SaveToSecrets': False,
        'SecretName': "",
        'SetQuery': ""
    })

    request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert success is False, f'Empty bulk account delete request succeeded even though it should fail {result}'
Exemple #12
0
def test_pe_del_assignment_on_set_delete(core_session, setup_generic_pe_command_with_no_rules, create_resources):
    commandName, commandID = setup_generic_pe_command_with_no_rules

    admin_user = core_session.get_user()
    admin_user_name = admin_user.get_login_name()
    admin_user_id = admin_user.get_id()

    # Add System
    added_system_id = create_resources(core_session, 1, "Unix")[0]['ID']
    logger.debug(f"Successfully added a System: {added_system_id}")

    # Create Set and the system to this set
    set_name = "set_" + Util.random_string()
    is_create, set_id = SetsManager.create_manual_collection(
        core_session, set_name, "Server", object_ids=[added_system_id])

    assert is_create, f"Successfully created a set and added system to that set: {set_id}"

    # Give all permissions to admin user on this set
    permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount,' \
                        'ManagePrivilegeElevationAssignment'
    result = SetsManager.set_collection_resource_permissions(core_session, permission_string,
                                                             admin_user_name, admin_user_id, set_id,
                                                             "User")
    logger.info(result)
    assert result['success'], "setting collection permissions failed: " + result

    # Add assignment
    principalType = "User"
    principal = admin_user_name
    scopeType = "Collection"
    scope = set_id
    ruleID, isSuccess = PrivilegeElevation.add_pe_rule_assignment(core_session, commandID=commandID,
                                                                  scopeType=scopeType, scope=scope,
                                                                  principalType=principalType, principal=principal)

    assert isSuccess, f" Adding rule assignment failed"

    # Make sure rule assignment is available
    results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
    assert isSuccess and len(results['Result']) == 1, f"List assignments API call failed: {results}"
    logger.info(results)

    # Delete Set
    isSuccess, results = SetsManager.delete_collection(core_session, set_id)
    assert isSuccess, f"Deleting set failed: {results}"

    # Make sure rule assignment is not available
    results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
    assert isSuccess and len(results['Result']) == 0, f"List assignments API call failed: {results}"
    logger.info(results)
def test_pe_can_execute_priv_command_cmd_not_passed(core_session,
                                                    cleanup_servers):
    session = core_session

    args = Util.scrub_dict({'User': "******", 'System': "hobbiton"})

    response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE,
                                  args)
    response_json = response.json()
    logger.info(
        f"Response from PE canExecutePrivilegeCommand: {response_json}")
    assert not response_json[
        'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}"
    assert response_json[
        'Message'] == "Parameter 'Command' must be specified.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_secret(
        clean_bulk_delete_systems_and_accounts, core_session, simulate_failure,
        list_of_created_systems):
    batch = ResourceManager.add_multiple_systems_with_accounts(
        core_session, 1, 1, list_of_created_systems)
    all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
        [batch])
    some_set_name = "ApiSet" + guid()
    success, set_id = SetsManager.create_manual_collection(
        core_session, some_set_name, "VaultAccount", None)
    assert success, "Did not create collection"

    SetsManager.update_members_collection(core_session, 'add',
                                          list(all_accounts), 'VaultAccount',
                                          set_id)

    params = Util.scrub_dict({
        'Ids': list(all_accounts),
        'SaveToSecrets': simulate_failure,
        'SecretName': "Bulk Account Delete",
        'SetQuery': "",
        'SkipIfHasAppsOrServices': simulate_failure
    })

    if simulate_failure:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE,
                                          params)
        request_json = request.json()
        result, success = request_json['Result'], request_json['success']
        ResourceManager.wait_for_job_state_succeeded(core_session, result)
        assert simulate_failure == success, f"Query success was unexpected value, with message {result}"
    else:
        request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE,
                                          params)
        request_json = request.json()
        result, success = request_json['Result'], request_json['success']
        ResourceManager.wait_for_job_state_succeeded(core_session, result)
        assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"

    total_account = RedrockController.get_accounts(core_session)
    SetsManager.delete_collection(core_session, set_id)
    list_account = []
    for get_account in total_account:
        if get_account['ID'] == all_accounts:
            list_account.append(get_account['ID'])
    assert 0 == len(
        list_account
    ), "Number of remaining added accounts was unexpected number"
Exemple #15
0
def test_privilege_elevation_add_command_all_required_params(core_session):
    """
    Test case: Test for all required params
    """

    session = core_session

    result, success = PrivilegeElevation.add_pe_command(
        session, "All commands" + Util.random_string(), "*", "Linux,Windows")

    assert success is True, f'PrivilegeElevation add command has failed {result}'

    #Clean up
    resp, success = PrivilegeElevation.del_pe_command(
        session, ident=result['Result']['ID'])
    assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
Exemple #16
0
def test_privilege_elevation_add_command_no_applyTo(core_session):
    """
    Test case: Test for all required params except no ApplyTo
    """

    session = core_session

    args = Util.scrub_dict({'Name': "LOTR", 'CommandPattern': "EyeOfSauron"})

    result = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_ADD_COMMAND,
                                args)
    result_json = result.json()

    assert result_json[
        'success'] is False, f'PrivilegeElevation add command has failed {result_json}'
    assert "Parameter 'ApplyTo' must be specified." == result_json[
        'Message'], f'PrivilegeElevation add command should fail with error Missing required parameter: ApplyTo {result_json}'
Exemple #17
0
def test_privilege_elevation_add_command_winlinux(core_session):
    """
    Test case: Test for all valid params for ApplyTo as Windows,Linux
    """

    session = core_session

    result, success = PrivilegeElevation.add_pe_command(
        session, "All commands" + Util.random_string(), "*", "Linux,Windows",
        "Run all commands", 0, "*", {}, {})

    assert success is True, f'PrivilegeElevation add command has failed {result}'

    #Clean up
    resp, success = PrivilegeElevation.del_pe_command(
        session, ident=result['Result']['ID'])
    assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def agent_get_set(core_session_global):
    """Creates a resource set to be used for agent enrollment

    :return: set name
    """
    session = core_session_global
    set_name = "set_" + Util.random_string()
    is_create, set_id = SetsManager.create_manual_collection(
        session, set_name, "Server", None)
    if is_create:
        logger.debug("Resource set created: " + set_name)
        yield set_name
    else:
        logger.error("Error in creating resource set: " + set_name)
    is_create, response = SetsManager.delete_collection(session, set_id)
    if is_create:
        logger.debug("Resource set deleted: " + set_name)
Exemple #19
0
def test_privilege_elevation_add_command_win(core_session):
    """
    Test case: Test for all valid params for ApplyTo as Windows
    """

    session = core_session

    result, success = PrivilegeElevation.add_pe_command(
        session, "Restart any windows service" + Util.random_string(), "netsh",
        "Windows", "Restart any windows service", 3, "netsh", {}, {})

    assert success is True, f'PrivilegeElevation add command has failed {result}'

    #Clean up
    resp, success = PrivilegeElevation.del_pe_command(
        session, ident=result['Result']['ID'])
    assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
Exemple #20
0
def test_privilege_elevation_add_command_no_name(core_session):
    """
    Test case: Test for all required params except no name
    """

    session = core_session

    args = Util.scrub_dict({'CommandPattern': "test", 'ApplyTo': "Linux"})

    result = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_ADD_COMMAND,
                                args)
    result_json = result.json()

    assert result_json[
        'success'] is False, f'PrivilegeElevation add command has failed {result_json}'
    assert "Missing required parameter: Name" in result_json[
        'Exception'], f'PrivilegeElevation add command should fail with error Missing required parameter: Name {result_json}'
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_query(
        core_session, simulate_failure):
    if simulate_failure:
        set_query = ""
    else:
        set_query = "@@Favorites"

    params = Util.scrub_dict({
        'Ids': list(),
        'SaveToSecrets': False,
        'SecretName': "",
        'SetQuery': set_query
    })

    request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params)
    request_json = request.json()
    result, success = request_json['Result'], request_json['success']
    assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
Exemple #22
0
def test_privilege_elevation_add_command_linux(core_session):
    """
    Test case: Test for all valid params for ApplyTo as Linux
    """

    session = core_session

    result, success = PrivilegeElevation.add_pe_command(
        session, "Restart any linux service" + Util.random_string(),
        "systemctl restart", "Linux", "Restart any linux service", 6,
        "usr/sbin/systemctl", {}, {})

    assert success is True, f'PrivilegeElevation add command has failed {result}'

    #Clean up
    resp, success = PrivilegeElevation.del_pe_command(
        session, ident=result['Result']['ID'])
    assert success is True, f'PrivilegeElevation add command cleanup has failed {resp}'
def test_add_managed_account(core_session, unix_machine_environment_config,
                             ssh_session_as_root, create_unix_users,
                             cleanup_resources_with_admin, cleanup_accounts):
    """
    Test case: C279345
    :param core_session: Centrify session
    :param ssh_session_as_root: session to create a user_account in unix
    :param cleanup_accounts: to delete all accounts
    :param cleanup_resources_with_admin: to delete the all the systems from portal
    :param unix_machine_environment_config: to get the unix system details
    :param create_unix_users: add system with account and yeild system ID, account ID, and system information
    """
    systems_list = cleanup_resources_with_admin
    accounts_list = cleanup_accounts[0]
    conf = unix_machine_environment_config
    hostname = conf['host'] + "_" + Util.random_string(5)
    # add users on target system
    users = create_unix_users(ssh_session_as_root, "manage-unix", 1)
    logger.info("Users created " + str(len(users)))
    accountuser = users[0]
    new_system_id, add_system_success = ResourceManager.add_system(
        core_session, hostname, conf["ipaddress"], "Unix", "Ssh",
        "Unix system")
    assert add_system_success, "Add System Failed"
    logger.info(f"Added system Id {new_system_id}")
    systems_list.append(new_system_id)

    admin_account_id, add_account_success = ResourceManager.add_account(
        core_session,
        accountuser['Name'],
        accountuser['Password'],
        new_system_id,
        ismanaged=True)
    assert add_account_success, "Failed to create Account user: root"
    logger.info(f"Added root Account.  Id {admin_account_id}")
    accounts_list.append(admin_account_id)

    # Fetching account information to validate desired account is managed or not
    result, status = ResourceManager.get_account_information(
        core_session, admin_account_id)
    assert status, f"failed to retrieve account information, returned result is {result}"

    is_managed = result['VaultAccount']['Row']['IsManaged']
    assert is_managed, "Added account is not managed account"
Exemple #24
0
def test_privilege_elevation_add_command_Duplicate(core_session):
    """
    Test case: Test for when duplicate command is added
    """

    session = core_session
    cmdName = "cmd" + Util.random_string()
    result, success = PrivilegeElevation.add_pe_command(
        session, cmdName, "systemctl restart network", "Linux")

    assert success is True, f'PrivilegeElevation add command has failed {result}'

    result, success = PrivilegeElevation.add_pe_command(
        session, cmdName, "systemctl restart network", "Linux")

    assert success is False, f'PrivilegeElevation add command has failed {result}'
    assert f"Privilege elevation command '{cmdName}' already exists" in result[
        'Message'], f'PrivilegeElevation add command should fail with errorPrivilege elevation command '{cmdName}' already exists {result}'


#Add more tests for v2
def test_pe_can_execute_priv_command_system_not_exist(core_session,
                                                      cleanup_servers):
    session = core_session
    admin_user = core_session.get_user()
    admin_user_name = admin_user.get_login_name()

    args = Util.scrub_dict({
        'User': admin_user_name,
        'System': "SysNotExist",
        'Command': "sc stop cagent"
    })

    response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE,
                                  args)
    response_json = response.json()
    logger.info(
        f"Response from PE canExecutePrivilegeCommand: {response_json}")
    assert not response_json[
        'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}"
    assert response_json[
        'Message'] == "Computer SysNotExist does not exist.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
Exemple #26
0
def test_bulk_manage_fails_with_invalid_query2(core_session):
    my_data = Util.scrub_dict({})
    request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_MANAGE, my_data)
    request_json = request.json()
    logger.info("Multiple manage accounts returned " + request.text)
    assert not request_json['success'], "Call succeeded and should have failed"
def test_add_root_using_managed_password(
        core_session, unix_machine_environment_config, ssh_session_as_root,
        create_unix_users, cleanup_resources_with_admin, cleanup_accounts):
    """
    Test case C283102: Add system with root using managed proxy account
    :param core_session: Authorised centrify session.
    :param ssh_session_as_root: session to create a user_account in unix
    :param cleanup_accounts: cleanup  all accounts
    :param cleanup_resources_with_admin: to delete the all the systems from portal
    :param unix_machine_environment_config: to get the unix system details
    :param create_unix_users: add system with account and yield system ID, account ID, and system information
    """

    # Getting yaml data.
    systems_list = cleanup_resources_with_admin
    accounts_list = cleanup_accounts[0]
    conf = unix_machine_environment_config
    hostname = conf['host'] + "_" + Util.random_string(5)

    # add users on target system.
    users = create_unix_users(ssh_session_as_root, "manage-unix", 1)
    logger.info("Users created " + str(len(users)))
    proxy_user = users[0]

    # Adding system with managed proxy.
    new_system_id, add_system_success = ResourceManager.add_system(
        core_session,
        hostname,
        conf["ipaddress"],
        "Unix",
        "Ssh",
        "Unix system",
        proxyuserismanaged=True,
        proxyuser=proxy_user['Name'],
        proxyuserpassword=proxy_user['Password'])
    assert add_system_success, f"Failed to add system with managed proxy:API response result:{new_system_id}"
    logger.info(f"Successfully added with managed proxy: {new_system_id}")
    systems_list.append(new_system_id)

    # Adding local account to the system.
    admin_account_id, add_account_success = ResourceManager.add_account(
        core_session,
        'root',
        conf['rootpassword'],
        new_system_id,
        ismanaged=False)
    assert add_account_success, f"Failed to add root user:API response result:{admin_account_id}"
    logger.info(
        f"Successfully added root account to the system: {admin_account_id}")
    accounts_list.append(admin_account_id)

    # checking added system in the system list.
    computer_lists = RedrockController.get_computers(core_session)
    for computer_detail in computer_lists:
        if computer_detail['ID'] == new_system_id:
            assert computer_detail['Name'] == hostname, f'Failed to found created system in the list:' \
                                                        f'API response result:{computer_lists}'
            logger.info(
                f"Successfully found created system in the list:{computer_lists}"
            )
            break
Exemple #28
0
def test_bulk_rotate_fails_with_invalid_query2(core_session):
    my_data = Util.scrub_dict({})
    request = core_session.apirequest(EndPoints.PW_MULTI_ROTATE, my_data)
    request_json = request.json()
    assert not request_json['success'], "Call succeeded and should have failed"