def test_remote_rdp_script(self):
self.open_rdp_session()
screen = self.remoteDesktopConnection(class_name="#32770")
screen.find_element_by_class_name("ComboBox").send_keys(self.remote_ip)
screen.find_element_by_name("Connect").click()
time.sleep(3)
screen = self.remoteDesktopConnection("Credential Dialog Xaml Host")
time.sleep(1)
screen.find_element_by_class_name("PasswordBox").send_keys(
self.remote_password)
screen.find_element_by_name("OK").click()
time.sleep(3)
screen = self.remoteDesktopConnection("TscShellContainerClass")
assert screen is not None, "Unable to get the Remote session."
path = get_asset_path(self.script_file)
self.copy_remote_sys_file(cp_file=path)
time.sleep(4)
screen = self.remote_ipconfig(self.script_file)
assert screen is not None, "Unable to get the Remote session."
time.sleep(30)
self.remove_remote_file()
installation_folder = self.get_remote_installation_folder()
if "Centrify.DirectAudit.AuditDatabase" in installation_folder:
assert True, "The installation is not successful"
self.close_rdp_session()
def test_create_file_secret_with_valid_parameters_allowed_admin_rights(
users_and_roles, secret_cleaner, administrative_right):
session = users_and_roles.get_session_for_user(administrative_right)
secret_prefix = guid()
secret_parameters = {
'SecretName': secret_prefix + '_test_file_secret',
'Description': secret_prefix + ' my secret description'
}
logger.info(f'Creating secret {secret_parameters["SecretName"]}')
local_secret_path = get_asset_path('test_secret_upload.txt')
result = create_file_type_secret(session, secret_parameters,
local_secret_path)
assert result[
'success'] is True, f'Failed to create file type secret {secret_parameters["SecretName"]}, response {json.dumps(result)}'
secret_id = result['Result']
secret_cleaner.append(secret_id)
secret_data = find_secret_by_id(session, secret_id)
assert secret_data is not False, 'Could not find secret in return results from secret get endpoint'
secret_file_contents = get_file_secret_contents(session, secret_id)
secret_local_file_contents = open(local_secret_path, 'r').read()
assert secret_file_contents == secret_local_file_contents, 'The remote secret contents do not match the local secret contents'
def test_remote_headless_installation(self):
path = get_asset_path(self.remote_headless_script)
self.copy_remote_sys_file(cp_file=path)
time.sleep(4)
self.run_remote_headless_installation()
time.sleep(30)
self.remove_remote_file()
installation_folder = self.get_remote_installation_folder()
if "Centrify.DirectAudit.AuditDatabase" in installation_folder:
assert True, "The installation is not successful"
def test_create_file_secret_with_valid_parameters_disallowed_admin_rights(
users_and_roles, secret_cleaner, administrative_right):
session = users_and_roles.get_session_for_user(administrative_right)
secret_prefix = guid()
secret_parameters = {
'SecretName': secret_prefix + '_test_file_secret',
'Description': secret_prefix + ' my secret description'
}
logger.info(f'Creating secret {secret_parameters["SecretName"]}')
local_secret_path = get_asset_path('test_secret_upload.txt')
result = create_file_type_secret(session, secret_parameters,
local_secret_path)
assert result[
'success'] is False, f'A user in a role that should not be able to create a secret was allowed to create the secret {json.dumps(result)}'
def test_create_file_type_secret_within_folder(core_session,
create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
test method to add text type secret in a folder
"""
secrets_list = cleanup_secrets_and_folders[0]
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
secret_prefix = guid()
secrets_params = pas_general_secrets
secrets_file = \
{'SecretName': '',
'FolderId': '',
'SecretFilePath': '',
'SecretFilePassword': '',
'SecretFileSize': '',
'Description': '',
'Type': "File",
'updateChallenges': False}
local_secret_path = get_asset_path('secret_upload.txt')
secret_created = create_file_type_secret_within_folder(
core_session, secrets_file,
secret_prefix + secrets_params['secret_name'], folder_id,
local_secret_path, secrets_params['secret_password'],
secrets_params['secret_description'])
assert secret_created["success"], \
f'Not Able to create secret {secret_created["Result"]} with in folder {folder_id}'
logger.info(
f'Secret created within folder successfully: {secret_created["success"]} '
f'and secret id {secret_created["Result"]}')
get_secret_details, get_secret_success, get_secret_created_date = get_file_type_secret_contents(
core_session, secret_created["Result"])
logger.info(f'Secret created details: {get_secret_details}')
assert get_secret_details[
"FolderId"] == folder_id, f'secret within folder {folder_id} doesnt exist'
logger.info(
f'secret inside folder with id: {get_secret_details["FolderId"]} verified successfully'
)
secrets_list.append(secret_created["Result"])
logger.info(f'Added Secret deleted successfully: {secrets_list}')
def test_adding_several_items_during_creation(core_session,
added_secrets_file,
added_secrets,
users_and_roles,
pas_general_secrets,
clean_up_policy):
secret_prefix = guid()
secrets_params = pas_general_secrets
added_secret_id = added_secrets_file
added_text_secret_id, added_text_secret_name = added_secrets
application_management_user = users_and_roles.get_user('Privileged Access Service Power User')
user_name = application_management_user.get_login_name()
user_id = application_management_user.get_id()
# setting permissions for User A
set_permission_result, set_permission_success = set_users_effective_permissions(core_session,
user_name,
'View,Grant',
user_id,
added_secret_id)
assert set_permission_success, f'Failed to set permission: {set_permission_result}'
logger.info(f'Setting permission:{set_permission_result}{set_permission_success}')
# creating new policy
policy_result = PolicyManager.create_new_auth_profile(core_session,
secret_prefix + secrets_params['policy_name'],
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Getting details of file type secrets
get_secret_details, get_secret_success, get_secret_created_date = get_file_type_secret_contents(core_session,
added_secret_id)
assert get_secret_success, f'Failed to get the file type secret contents:{get_secret_success}'
logger.info(f'Secret created details: {get_secret_details}')
secrete_file = {'Type': '',
'SecretFilePassword': '******',
'SecretFilePath': '',
'SecretFileSize': '',
'SecretName': get_secret_details['SecretName'],
'ID': added_secret_id,
'DataVaultDefaultProfile': ''
}
local_secret_path = get_asset_path('secret_upload.txt')
# Assigning policy to file type secrets
policy_assigned = update_file_type_secret(core_session, added_secret_id, secrete_file, local_secret_path,
policy_result)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f'Policy assigned to secret : {policy_assigned}')
# Removing policy to file type secrets
policy_assigned = update_file_type_secret(core_session, added_secret_id, secrete_file, local_secret_path)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f'Policy assigned to secret : {policy_assigned}')
# Setting permissions for text type secrets
set_permission_result, set_permission_success = set_users_effective_permissions(core_session, user_name,
'View,Grant', user_id,
added_text_secret_id[0])
assert set_permission_success, f'Failed to set permission: {set_permission_result}'
logger.info(f'Setting permission:{set_permission_result}{set_permission_success}')
# Applying Policy
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
added_text_secret_name,
policy_id=policy_result)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Removing policy
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
added_text_secret_name)
assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
import pytest
import logging
from Utils.assets import get_asset_path
logger = logging.getLogger('test')
pytestmark = [
pytest.mark.ui, pytest.mark.cloudprovider, pytest.mark.root_login,
pytest.mark.cbe
]
@pytest.mark.parametrize(
"browser_extension_path_override",
[get_asset_path('CentrifyChromeExtension_ver_207.zip')],
indirect=True)
@pytest.mark.parametrize("user_rights",
['Privileged Access Service Administrator'],
indirect=True)
def test_old_browser_extension_works(live_aws_cloud_provider_and_accounts,
grant_permission_to_root_account,
cds_be_ui):
"""
Tests to see if the original browser extension works with cloud providers
If at some point in the future it won't work, this test can be changed to verify
the user is informed that the be is too old and won't work
"""
ui, user = cds_be_ui
cloud_provider_ids, iam_account_ids, access_key_ids, root_account_id, cloud_provider_name = live_aws_cloud_provider_and_accounts
grant_permission_to_root_account(user, root_account_id, 'View,Login,Naked')