def test_delete_cloud_provider_fails_without_permission(
core_session, fake_cloud_provider_root_account, fake_cloud_provider,
cds_session):
account_id, username, password, cloud_provider_id, test_did_cleaning = fake_cloud_provider_root_account
name, desc, cloud_provider_id, cloud_account_id, test_did_cleaning = fake_cloud_provider
account_name = f"acctname{guid()}"
account_id, success = ResourceManager.add_account_cloud_provider(
core_session, account_name, "", cloud_provider_id)
assert success, f"Account addition failed with API response result {account_id}"
pas_user_session, limited_user = cds_session
result, success = CloudProviderManager.delete_cloud_providers(
pas_user_session, [cloud_provider_id], save_passwords=False)
assert not success, f"Delete should not have succeeded {result}"
result, success = CloudProviderManager.delete_cloud_providers(
pas_user_session, cloud_provider_id)
assert not success, f"Delete should not have succeeded {result}"
result, success = ResourceManager.del_account(pas_user_session, account_id)
assert not success, f"Deleting IAM account failed with API response result: {result}"
result, success = ResourceManager.del_account(pas_user_session, account_id)
assert not success, f"Deleting IAM account failed with API response result: {result}"
def test_delete_administrative_account(core_session, network_device_setup):
"""
TC: C2623 - Delete administrative account
:param core_session: Authenticated Centrify session.
:param network_device_setup: Adds a network with account and returns UUID of both.
"""
system_id, account_id, device_data, system_list, account_list = network_device_setup(
'checkpoint')
system_info = RedrockController.get_computer_with_ID(
core_session, system_id)
# setting up Admin account for system
result, success, message = ResourceManager.set_system_administrative_account(
core_session, system_id, account_id)
assert success, f"Failed to update Administrative account for system {system_info['Name']}"
logger.info(
f"Successfully added an administrative account for system {system_info['Name']}"
)
# deleting administrative account
del_result, del_success = ResourceManager.del_account(
core_session, account_id)
assert del_success is False, f"Admin account deleted successfully, unexpected behaviour as Admin account " \
f"should not be deleted. API response result: {del_success}"
logger.info(
f'Admin account could not be deleted as expected, API response result: {del_success}'
)
# finding all systems for cleanup:
acc_script = "@/lib/server/get_accounts.js(mode:'AllAccounts', newcode:true, localOnly:true, colmemberfilter:" \
"'Select ID from VaultAccount WHERE Host IS NOT NULL')"
acc = RedrockController.redrock_query(core_session, acc_script)
for account in acc:
if account['Row']['FQDN'] == "Check.Point":
# Removing Admin Account for successful cleanup of system and account
result, success, message = ResourceManager.set_administrative_account(
core_session, systems=[account['Row']['Host']])
assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
# Removing Admin Account for successful cleanup of system and account
ResourceManager.update_system(
core_session,
account['Row']['Host'],
account['Row']['Name'],
account['Row']['FQDN'],
'CheckPointGaia',
sessiontype=account['Row']['SessionType'])
# deleting administrative account from this system
ResourceManager.del_account(core_session, account['Row']['ID'])
# Removing Admin Account for successful cleanup of system and account
result, success, message = ResourceManager.set_administrative_account(
core_session, systems=[account['Row']['Host']])
assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
def test_delete_system_with_stored_account(core_session, network_device_setup):
"""
TC: C2608 - Delete system with stored account
:param core_session: Authenticated Centrify session.
:param network_device_setup: Adds a network with account and returns UUID of both.
"""
system_id, account_id, device_data, system_list, account_list = network_device_setup(
'checkpoint')
# Deleting system without deleting associated account.
result, success = ResourceManager.del_system(core_session, system_id)
assert not success, f"System successfully deleted though system have active accounts. API response result: {result}"
logger.info("Unable to delete the system. System has active accounts.")
# Deleting associated account
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f"Unable to delete account {account_id}, API response result: {result}."
logger.info(f"Account :{account_id} successfully deleted.")
account_list.remove(account_id) # To avoid error during account cleanup.
# Deleting system after deleting the associated account.
result, success = ResourceManager.del_system(core_session, system_id)
assert success, f"System: {system_id} successfully deleted. API response result: {result}"
logger.info(
"System successfully deleted after deleting the associated accounts.")
system_list.remove(system_id) # To avoid error during resource cleanup.
def test_manage_account_for_valid_domain_account(domain_config_data, core_ui,
core_session):
"""
TCID: C1330: Manage password using administrative account for a valid domain account
:param core_ui: To Open the UI
:param core_session: To create the session
"""
conf = domain_config_data
name = conf['pas_bat_scenario1_infrastructure_data'][0]
domain_name = name["Domain_name3"]
data = conf['pas_scenario1_new_accounts'][0]
account_name = data['Managed_account']
ui = core_ui
ui.navigate("Resources", "Domains")
ui.search(domain_name)
ui.click_row(GridRow(domain_name))
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
ui.launch_modal("Add", modal_title="Add Account")
ui.input("User", account_name)
ui.uncheck("IsManaged")
ui.input("Password", "aaa")
ui.check("IsManaged")
check_disabled_textbox = ui.expect(DisabledTextBox("Password"),
f'Text box is still enabled')
assert check_disabled_textbox, f'Password Text Box is not disabled'
ui.button("Add")
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
account_id = None
results = ServerManager.get_all_accounts(core_session)
for result in results:
if result['User'] == account_name:
account_id = result['ID']
while True:
result, success = ResourceManager.get_account_information(
core_session, account_id)
if result['VaultAccount']['Row']['Status'] != "Missing Password":
break
else:
continue
activity = RedrockController.get_account_activity(core_session, account_id)
detail = []
for activity_detail in activity:
detail.append(activity_detail['Detail'])
assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name}' in detail[
0], f'could not able to change password'
logger.info(f"detail list are: , {detail}")
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f'Account did not get delete '
logger.info(f"result is, {result}")
def test_bulk_account_delete_one_account_at_a_time(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names \
(core_session, list_of_created_systems, ssh=False)
for i in all_accounts:
ResourceManager.del_account(core_session, i)
ResourceManager.wait_for_accounts_to_delete_or_timeout(
core_session, all_systems, all_accounts)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == 0, "All added accounts not removed"
assert len(
ResourceManager.get_multi_added_system_ids(
core_session,
all_systems)) == 1, "Wrong number of added systems remain"
def test_delete_accounts(core_session, pas_config, remote_users_qty1,
cleanup_resources):
"""
TC C283234: Delete accounts.
:param cleanup_resources: cleanup for systems.
:param core_session: Authenticates API session
:param pas_config: returns yaml object
:param remote_users_qty1: Creates account in target system.
:param cleanup_resources:clean up system.
"""
# Clean up system
systems_list = cleanup_resources[0]
# Getting system details.
sys_name = f"{'Win-2012'}{guid()}"
sys_details = pas_config
sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN']
add_user_in_target_system = remote_users_qty1
user_password = '******'
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, sys_fqdn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
systems_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
# Delete Account.
del_account_result, del_account_success = ResourceManager.del_account(
core_session, acc_result)
assert del_account_success, f'Failed to delete account:API response result:{del_account_result}'
logger.info(f"Successfully deleted account:{del_account_result}")
# Getting deletion activity.
sys_activity = ResourceManager.get_system_activity(core_session,
add_sys_result)
assert f'{core_session.auth_details["User"]} deleted local account "{add_user_in_target_system[0]}" for' \
f' "{sys_name}"({sys_fqdn}) with credential type Password' in \
sys_activity[0]['Detail'], f"Failed to get the delete account activity:API response result:{sys_activity}"
logger.info(
f"Successfully found deletion activity in system activity:{sys_activity}"
)
def test_check_account_name_delete_user_account_dialog(core_session, pas_windows_setup):
"""
TC:C2193 Check account name on Delete User Account dialog.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup()
# Deleting account from above system
success, result = ResourceManager.del_account(core_session, account_id)
assert success, f'failed to delete account with response {result}'
logger.info(f"un managed account deleted successfully from the System.")
def test_delete_system_with_account(core_session, pas_setup):
"""
Test case: C279343
:param core_session: CENTRIFY session
:param pas_setup: fixture to add system and account
:return:
"""
system_id, account_id, sys_info = pas_setup
result, status = ResourceManager.del_system(core_session, system_id)
assert status is False, f'system {sys_info[0]} is deleted despite system having active accounts, returned result is {result}'
result, status, = ResourceManager.del_account(core_session, account_id)
assert status, f"Failed to delete account with result {result}"
result, status = ResourceManager.del_system(core_session, system_id)
assert status, f"Failed to delete system with status {status}, returned result is {result}"
def test_add_unmanaged_account_using_unlock_account_permission(
core_session, domain_config_data, get_admin_user_module,
cleanup_accounts):
"""
Steps for this scenario using API:
1)Get the domain that needs to be added managed account with add account permission
2)Set the domain account permission
3)Add unmanaged account in that particular domain
"""
conf = domain_config_data
limited_sesh, limited_user = get_admin_user_module
name = conf['pas_bat_scenario1_infrastructure_data'][0]
data = conf['pas_scenario1_new_accounts'][0]
script = "Select * FROM VaultDomain"
account_name = f'{data["User_name"]}{guid()}'
account_list = cleanup_accounts[0]
request = RedrockController.redrock_query(core_session, script)
for directory_service in request:
if directory_service['Row']['Name'] == name["Domain_name2"]:
directory_service = directory_service['Row']['ID']
break
permissions = "Grant,View,Edit,Delete,AddAccount,UnlockAccount"
result, add_domain_account_success = ResourceManager.set_domain_account_permissions(
core_session,
permissions,
limited_user.get_login_name(),
limited_user.get_id(),
id=directory_service,
pvid=directory_service,
rowkey=directory_service)
assert add_domain_account_success, f'Failed to set add account permission in the domain {result}'
logger.info(f"add account permission set successfully in the Domain.")
request, add_account_success = ResourceManager.add_account(
core_session,
account_name,
data["Password"],
ismanaged=data["Ismanaged"],
domainid=directory_service,
description=None)
assert add_account_success, f'Failed to set unmanaged account in the domain {request}'
logger.info(f"unmanaged account set successfully in the Domain.")
account_list.append(request)
result = ResourceManager.del_account(core_session, request)
assert result, f'failed to delete account with response {result}'
logger.info(f"unmanaged account deleted successfully in the Domain.")
def test_check_button_status_after_canceling_account_deleted(
core_session, add_single_system, pas_config, users_and_roles):
"""
TC:C2217 Check button status after canceling account deleted with user who just has Delete permission.
:param core_session: Returns a API session.
:param add_single_system: Returns a fixture.
:param users_and_roles: Fixture to manage roles and user.
:param pas_config: Read yaml data.
"""
# Creating a system.
created_system_id, system_details = add_single_system
# Creating a account.
payload_data = pas_config['Windows_infrastructure_data']
account_id, account_success = ResourceManager.add_account(
core_session, payload_data['account_name'], payload_data['password'],
created_system_id, payload_data['account_type'])
assert account_success, f'Failed to create account: API response result:{account_id}'
logger.info(f'Successfully created account:{account_id}')
# Cloud user session with "Privileged Access Service Power User".
cloud_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
user_name = cloud_user_session.auth_details['User']
user_id = cloud_user_session.auth_details['UserId']
# Assigning account "Delete" permission.
assign_account_result, assign_account_success = ResourceManager.assign_account_permissions(
core_session, "Delete", user_name, user_id, 'User')
assert assign_account_success, f"Failed to assign account permissions: API response result: {assign_account_result}"
logger.info(
f'Successfully assigned "Delete" permission to user:{assign_account_result}.'
)
# Deleting a account by cloud user.
del_account_result, del_account_success = ResourceManager.del_account(
cloud_user_session, account_id)
assert del_account_success, f"Could not delete account:API response result:{del_account_result}"
logger.info(f"Successfully deleted account: {del_account_result}")
def test_create_domain_account(core_session, create_domain,
domain_config_data):
"""
Steps for this scenario using API:
1) Add new Domain
2) Add new Domain Accounts
System configuration received through test_pas_bat_domain.yaml stored in config/tests/PAS/PAS_BAT
"""
domain_id = create_domain
conf = domain_config_data
data = conf['pas_scenario1_new_accounts'][0]
new_account_id, add_account_success = ResourceManager.add_account(
core_session,
data['User_name'],
data['Password'],
domainid=domain_id,
description="This domain should be "
"removed by test automation.")
assert add_account_success, f"Failed to add Domain account: {data['User_name']}"
logger.info(f"domain account added successfully: {new_account_id}")
result = ResourceManager.del_account(core_session, new_account_id)
assert result, f'failed to delete account with response {result}'
def test_add_managed_account_without_password(domain_config_data, core_session,
core_ui):
"""
TCID: C1329: Add a managed account without password
:param core_ui: To Open the UI
:param core_session: To create the session
"""
conf = domain_config_data
name = conf['pas_bat_scenario1_infrastructure_data'][0]
domain_name = name["Domain_name3"]
data = conf['pas_scenario1_new_accounts'][0]
account_name = data['Managed_account']
ui = core_ui
ui.navigate("Resources", "Domains")
ui.search(domain_name)
ui.click_row(GridRow(domain_name))
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
ui.launch_modal("Add", modal_title="Add Account")
ui.expect(CheckedCheckbox("IsManaged"), f'Checkbox is not checked already')
expected_tooltip_value = "When enabled, the domain administrative account is used to set and manage a password for this account."
ui.input("User", account_name)
tooltip_element = ui._searchAndExpect(
HoverOnToolTip("x-img tooltip-icon x-box-item x-img-default"),
f'Could not able to get the tooltip value')
tooltip_element.try_click()
actual_tooltip_value = ui._searchAndExpect(
Div(expected_tooltip_value),
f'could not able to find the tool tip value')
actual_tooltip_message = actual_tooltip_value.text
assert expected_tooltip_value in actual_tooltip_message, f'tooltip text is not matching'
logger.info(f"ToolTip text: {actual_tooltip_value}")
ui.button("Add")
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
account_id = None
results = ServerManager.get_all_accounts(core_session)
for result in results:
if result['User'] == account_name:
account_id = result['ID']
ui.expect(GridCell("Missing Password"), f'Password is not missing')
while True:
result, success = ResourceManager.get_account_information(
core_session, account_id)
if result['VaultAccount']['Row']['Status'] != "Missing Password":
break
else:
continue
activity = RedrockController.get_account_activity(core_session, account_id)
detail = []
for activity_logs in activity:
detail.append(activity_logs['Detail'])
assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name}' in detail[0], \
f'could not able to change password'
logger.info(f"ToolTip text: {detail}")
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f"Account did not get deleted"
logger.info(f"deleted account response: {success}")
def test_changed_unmanaged_to_managed(domain_config_data, get_admin_user_function, core_session, core_ui):
"""
TCID: C1331, Add an unmanaged account without password and changed unmanaged to managed
:return:
"""
conf = domain_config_data
name = conf['pas_bat_scenario1_infrastructure_data'][0]
domain_name = name["Domain_name3"]
script = "Select * FROM VaultDomain"
request = RedrockController.redrock_query(core_session, script)
directory_service_ID = None
directory_service_Name = None
directory_service_Admin_ID = None
for directory_service in request:
directory_service = directory_service['Row']
if directory_service['Name'] == name["Domain_name3"]:
directory_service_ID = directory_service['ID']
directory_service_Name = directory_service['Name']
directory_service_Admin_ID = directory_service['Administrator']
break
permissions = "Grant,View,Edit,Delete,AddAccount"
result, add_domain_account_success = ResourceManager.set_domain_account_permissions(core_session, permissions,
"System Administrator",
"sysadmin",
id=directory_service_ID,
ptype="Role",
pvid=directory_service_ID,
rowkey=directory_service_ID)
assert add_domain_account_success, f'Failed to set add account permission in the domain {result}'
logger.info(f"add account permission set successfully in the Domain.")
account, add_domain_success = ResourceManager.get_administrative_account(core_session, "administrator")
logger.info(f" Successfully get Domain for adding Administrative account.")
assert add_domain_success, f'Failed to get Domain account {account}'
name = conf['pas_bat_scenario1_infrastructure_data']
pvid = account[0]
domains_name = account[0]
domain_name_list = []
for domain_name in name:
for key, value in domain_name.items():
domain_name_list.append(value)
logger.info(f"Set Administrative account for Domain. {domain_name_list}")
result, add_admin_account_success, message = ResourceManager.set_administrative_account(core_session,
domain_name_list,
pvid=pvid['PVID'],
user=domains_name[
'FullyQualifiedName'])
assert add_admin_account_success, f'Failed to set administrative account {message}'
logger.info(f"Administrative account Set successfully in the Domain.{message}")
result, success = ResourceManager.update_domain_accounts(core_session, directory_service_Name,
directory_service_Admin_ID, directory_service_ID,
allowautomaticaccountmaintenance=True)
assert success, f'failed to update the domain'
logger.info(f"update account successfully in the Domain{result}")
data = conf['pas_scenario1_new_accounts'][0]
account_name = data['Managed_account']
ui = core_ui
ui.navigate("Resources", "Domains")
ui.search(domain_name['Domain_name3'])
ui.click_row(GridRow(domain_name['Domain_name3']))
ui.user_menu("Reload Rights")
ui._waitUntilSettled()
ui.launch_modal("Add", modal_title="Add Account")
ui.input("User", account_name)
ui.uncheck("IsManaged")
ui.button("Add")
ui.expect(GridCell("Missing Password"), f'Password is not missing')
ui.right_click(GridCell(account_name))
right_click_values = ui.get_list_of_right_click_element_values("Update Password")
assert "Checkout" not in right_click_values, f'Checkout option is appeared'
logger.info(f"All right click option:{right_click_values}")
account_id = None
results = ServerManager.get_all_accounts(core_session)
for result in results:
if result['User'] == account_name:
account_id = result['ID']
added_account = ui._searchAndExpect(GridCell(account_name), f'account is not getting added')
added_account.try_click()
ui._waitUntilSettled()
ui.tab("Settings")
ui.check("IsManaged")
ui.save()
ui._waitUntilSettled()
ui.expect(DisabledButton("Save"), f'Account did not get managed')
result = RedrockController.get_account_activity(core_session, account_id)
counter = 0
while counter < 10:
result = RedrockController.get_account_activity(core_session, account_id)
if result[0]['Detail'].__contains__("SYSTEM$"):
break
counter += 1
assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name["Domain_name3"]}' in result[0]['Detail'], f'could not able to change password'
logger.info(f"All Activity's are: , {result}")
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f'Account did not get delete{result}'
logger.info(f"Account got deleted successfully, {result}")
def test_check_message_no_system(core_session, users_and_roles):
"""
TC:C2047 Check message when there are no systems.
:param:core_session:Returns a API session.
:param:users_and_roles:Fixture to manage roles and user.
:param:cleanup_resources: Fixture for cleanup resources.
"""
# finding all systems for cleanup:
acc_script = "@/lib/server/get_accounts.js(mode:'AllAccounts', newcode:true, localOnly:true, colmemberfilter:" \
"'Select ID from VaultAccount WHERE Host IS NOT NULL')"
acc = RedrockController.redrock_query(core_session, acc_script)
for account in acc:
if account['Row']['FQDN'] == "Check.Point":
# Removing Admin Account for successful cleanup of system and account
result, success, message = ResourceManager.set_administrative_account(
core_session, systems=[account['Row']['Host']])
assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
# Removing Admin Account for successful cleanup of system and account
update_result, update_success = ResourceManager.update_system(
core_session,
account['Row']['Host'],
account['Row']['Name'],
account['Row']['FQDN'],
'CheckPointGaia',
sessiontype=account['Row']['SessionType'])
assert update_success, f"Unable to remove admin account from this system: {account['Row']['Host']}"
logger.info(f'System successfully updated with result: {result}')
# deleting administrative account from this system
del_result, del_success = ResourceManager.del_account(
core_session, account['Row']['ID'])
assert del_success, "Account could not be deleted"
logger.info(
f'account successfully deleted with result: {del_result}')
# Removing Admin Account for successful cleanup of system and account
result, success, message = ResourceManager.set_administrative_account(
core_session, systems=[account['Row']['Host']])
assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
accounts = RedrockController.redrock_query(core_session, acc_script)
for account in accounts:
ResourceManager.del_account(core_session, account['Row']['ID'])
# Delete computers from tenant
system = RedrockController.get_computers(core_session)
for SYS in system:
ResourceManager.del_system(core_session, SYS["ID"])
# Trying to get the data from system_by_type on dashboard and expecting no data or an empty list.
get_system_type_result = RedrockController.get_system_type_dashboard_pie_chart(
core_session)
assert len(get_system_type_result) == 0, f"Data found in system_by_type in dashboard:" \
f"API response result:{get_system_type_result}"
logger.info(
f"Could not found any data in system_by_type on"
f" dashboard in without any system in tenant{get_system_type_result}")
# Trying to get the data form system health on dashboard and expecting no data or an empty list.
get_system_health_dashboard = RedrockController.get_systems_health_dashboard(
core_session)
assert len(get_system_health_dashboard) == 0, f"Data found in system health in dashboard:" \
f" API response result:{get_system_health_dashboard}"
logger.info(
f"Could not found any data in system health on "
f"dashboard without any system in tenant{get_system_health_dashboard}")
