def test_unlock_user_account( create_user_with_policy_enable_self_service_unlock_account, core_session_unauthorized, core_session): """ Lock user via enter wrong password, then unlock User Account """ user = create_user_with_policy_enable_self_service_unlock_account i = 0 # Do fail to login 3 times, then the user be locked automatically while i < 3: i = i + 1 r = core_session_unauthorized.start_authentication( user.get_login_name()) result = r.json()['Result'] assert 'Challenges' in result, f'This user does not have MFA challenges!' mechanisms1 = result['Challenges'][0]['Mechanisms'] mechanisms2 = result['Challenges'][1]['Mechanisms'] sq_mech_id = None for mechanism in mechanisms1: if mechanism['Name'] == 'SQ': sq_mech_id = mechanism['MechanismId'] sq_mechanism = mechanism break assert sq_mech_id is not None, 'Security question MechanismId does not exist!' security_questions = user.get_security_questions() core_session_unauthorized.sq_advance_authentication( security_questions, sq_mechanism, sq_mech_id) up_mech_id = None for mechanism in mechanisms2: if mechanism['Name'] == 'UP': up_mech_id = mechanism['MechanismId'] break assert up_mech_id is not None, 'Password MechanismId does not exist!' # use wrong password to login r = core_session_unauthorized.advance_authentication( answer=user.get_password() + ",", mechanism_id=up_mech_id) assert r.json()['success'] is False, 'Authentication passed!' # Check user was locked uid = UserManager.get_user_id(core_session, user.get_login_name()) user_attr = UserManager.get_user(core_session, uid) assert user_attr['DisplayName'] in user.get_login_name( ), 'Get locked user name is wrong!' assert user_attr['State'] == "Locked", 'Get user state is not be Locked!' # unlock user r = UserManager.set_user_state(core_session, uid, False) assert r, "set user state fail" # Check user was unlocked user_attr = UserManager.get_user(core_session, uid) assert user_attr['DisplayName'] in user.get_login_name( ), 'Get locked user name is wrong!' assert user_attr['State'] == "None", 'Get user state is not None!'
def test_add_a_new_top_level_stand_alone_folder(core_session, create_secret_folder, pas_general_secrets): """ Test method to create a Folder & verifying the rights of the folder created :param core_session: Authenticated Centrify Session :param create_secret_folder: Fixture to create a folder & yields folder related details :param pas_general_secrets: Fixture to read secret data from yaml file """ secret_folder_details = create_secret_folder folder_id = secret_folder_details['ID'] # Getting the Id of the user. user_details = core_session.__dict__ user_id = user_details['auth_details']['UserId'] # Refreshing the page. refresh_result = UserManager.refresh_token(core_session, user_id) assert refresh_result["success"], f"Failed to reload:API response result:{refresh_result}" # Getting permissions of the folder created permissions = SetsManager.get_collection_rights(core_session, folder_id) verify_permissions = 'View, Edit, Delete, Grant, Add' assert verify_permissions == permissions["Result"], \ f'Failed to verify permissions for the folder{permissions["Result"]}' logger.info(f'Permissions of the folder created: {permissions}')
def check_rights(session, ui_user, api_user, expected_rights): assert ui_user == api_user, f'UI and API fixtures should return the same user' response = UserManager.get_user_role_rights(session, api_user.get_id()) if expected_rights[0] is not None: assert response['Result'][ 'Count'] == 2, f'User should be in everybody role, and a role with admin rights' else: assert response['Result'][ 'Count'] == 1, f'User should be in everybody role only' rights_role_found = False everbody_found = False for result in response['Result']['Results']: row = result['Row'] if len(row['AdministrativeRights']) > 0: rights_found = list( map(lambda right: right['Description'], row['AdministrativeRights'])) rights_found.sort() expected_rights.sort() assert rights_found == expected_rights, f'Role with administrative rights does not have expected rights {expected_rights}, instead has {rights_found}' rights_role_found = True elif row['Name'] == 'Everybody': everbody_found = True else: assert False, f'Unexpected role found {row}' if expected_rights[0] is not None: assert rights_role_found is True, f'Role containing expected rights found' assert everbody_found is True, f'Everybody role not found'
def test_assign_view_permission_to_shared_report(core_session, create_report, users_and_roles): """ TCID: C6351 Assign 'View' permission to shared report :param core_session: Centrify Authentication session :param create_report: To create the report :param users_and_roles: To open an UI and assign specific right to user """ my_report = create_report(core_session, "Select Name From Server", dir="/Reports") report_name = my_report['Name'] grant_str = "0000000000000000000000000000000000000000000000000000000010000100" ui = users_and_roles.get_ui_as_user("Application Management") user_details = ui.get_user() user_name = user_details.get_login_name() user_id = user_details.get_id() role = UserManager.get_user_role_rights(core_session, user_id) assign_result = ReportsManager.assign_directory_rights_to_role( core_session, "/Reports", [{ "Role": role['Result']['Results'][0]['Entities'][0]['Key'], "Rights": ["Read"] }, { "Role": "Everybody", "Rights": ["Read"] }]) assert assign_result, f'Failed to give the read the permission to Shared Folder' result, success, message = ReportsManager.update_report_permission( core_session, user_name, user_id, grant_str, report_name, ['Read']) assert success, f'Failed to assign View permission to Application Management user:{message}' logger.info( f'Successfully assign the View permission to Application Management user:{result}' ) ui.navigate("Reports", check_rendered_tab=False) ui.expect_disappear(LoadingMask(), "Reports page did not loaded properly") ui.expect(RestCallComplete(), "Expected rest call to complete.") ui.expect(TreeFolder("Shared Reports"), "Failed to find shared Reports Tab under Reports", time_to_wait=60) shared_reports_button = ui._searchAndExpect( TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=60) shared_reports_button.try_click() ui.expect( GridCell(report_name), f'Can not see the shared report which assigned View permission to federation user' ) ui.check_actions(["Copy", "Details", "Export Report", "Email Report"], report_name) ui.action("Details", report_name) session = users_and_roles.get_session_for_user('Application Management') query = "Select * from role" result, success, message = ReportsManager.modify_report( session, "/Reports", report_name, query) assert success is False, f'Report modified:{result}' logger.info(f'Report can not modified, API response: {message}')
def test_bulk_account_delete_generates_secret_with_ssh_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts( core_session, 2, 2, list_of_created_systems, system_prefix=f'test_ssh', user_prefix=f'test_usr_ssh') all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1]) secret_name = "TestSecret-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() result, success = ResourceManager.del_multiple_accounts( core_session, all_accounts, save_passwords=True, secret_name=secret_name) assert success, "Api did not complete successfully for bulk account delete MSG: " + result ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "Secret not found" secret_cleaner.append(secret_id) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "Expected zero added accounts remain" user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts ), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("AutomationTestKey") == len( all_accounts ), f"Secret file contained the wrong number of keys {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_add_nested_secret(core_session, pas_general_secrets, cleanup_secrets_and_folders): """ C283806: Can add nested secret :param core_session: Authenticated Centrify session :param pas_general_secrets: Fixture to read secrets data from yaml file :param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created """ params = pas_general_secrets folder_list = cleanup_secrets_and_folders[1] secrets_list = cleanup_secrets_and_folders[0] suffix = guid() # Creating nested secrets added_secret_success, details, added_secret_id = create_text_secret( core_session, params['nested_secret_name_new'] + suffix, params['secret_text']) assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}" logger.info(f'Added secrets info: {details, added_secret_id}') folders_and_secret_name = details['SecretName'] # Getting details of nested secrets get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, added_secret_id) logger.info(f'Secret created details: {get_secret_details}') secret_name = get_secret_details['SecretName'] child_folder_id = get_secret_details['FolderId'] parent_path = get_secret_details['ParentPath'] parent_folder_and_child_folder = parent_path.split('\\') parent_name = parent_folder_and_child_folder[0] child_folder_name = parent_folder_and_child_folder[1] # Getting added secret status secret_activity = UserManager.get_secret_activity(core_session, added_secret_id) logger.info(f'Secret Created activity:{secret_activity} ') added_secret_status = False for rows in secret_activity: if 'added a secret' in rows['Detail']: added_secret_status = True assert added_secret_status, f'Failed to add secret: {added_secret_status}' assert parent_name in folders_and_secret_name, f'Failed to verify parent folder name: {parent_name}' assert child_folder_name in folders_and_secret_name, f'Failed to verify child folder name: {child_folder_name}' assert secret_name in folders_and_secret_name, f'Failed to verify secret name: {secret_name}' # Getting details of the parent folder & child folder parent_id = get_folder(core_session, parent_name) logger.info( f'parent folder id::{parent_id["Result"]["Results"][0]["Row"]["ID"]}') secrets_list.append(added_secret_id) folder_list.append(child_folder_id) folder_list.append(parent_id['Result']['Results'][0]['Row']['ID']) logger.info(f'Added folder deleted successfully : {folder_list}') logger.info(f'Added Secret deleted successfully : {secrets_list}')
def test_check_ui_domain_page(core_session, domain_setups, core_admin_ui): """ Shown the bubble info completely on main Domains page :return: """ name, domain_name, password, user_name, administrative_account_name, child_domain = domain_setups ui = core_admin_ui # Set Administrative account directory_services = CoreManager.get_directory_services(core_session) logger.info( f" Successfully get all the Domain Directory Services. {directory_services}" ) for directory_service in directory_services.json( )['Result']['Results']: # Get the Active Domain Directory Service if directory_service['Row']['Name'] == name: directory_service = directory_service['Row'][ 'directoryServiceUuid'] break # Get the child domain details of a Particular Active Directory active_directory_service_child_domain, add_success = UserManager.directory_query_user( core_session, "Administ", [directory_service]) admin_account = active_directory_service_child_domain['SystemName'] result, add_admin_account_success, message = ResourceManager.set_administrative_account( core_session, child_domain, password=password, user=admin_account, directoryservices=directory_service) assert add_admin_account_success, f'Failed to set administrative account of Active Directory {message}' logger.info( f"Administrative account for Active Directory set successfully in the Domain{result}." ) ui.navigate('Resources', 'Domains') ui.search(child_domain) actual_administrative_account_bubble = ui.expect( GridCell(user_name, data_content=True), "Domain bubble name").mouse_hover() logger.info( f'Shows the bubble info of administrative account {actual_administrative_account_bubble}' ) expected_administrative_account_bubble = administrative_account_name actual_administrative_account_bubble = ui.expect(GridCell( user_name, True), "Domain bubble name").get_attribute("data-content") assert expected_administrative_account_bubble == actual_administrative_account_bubble, f"Domain name bubble not appeared " logger.info( f'successsfully shown the bubble info completely on main Domains page {actual_administrative_account_bubble}' )
def _verify_step_3_policy_settings(self, cp_row): result = UserManager.user_policy_pas_summary(self.session, cp_row['ID'], "CloudProviders", None) result_data = self.session.get_response_data(result) rsop = result_data["rsop"] assert rsop['/PAS/ConfigurationSetting/CloudProviders/EnableUnmanagedPasswordRotationPrompt'] == (self.prompt_to_change is True), f"Policy wrong {rsop}" assert rsop['/PAS/ConfigurationSetting/CloudProviders/EnableUnmanagedPasswordRotation'] == (self.enable_rotation is True), f"Policy wrong {rsop}" min_days_numeric = self.minimum_days if min_days_numeric is None: min_days_numeric = 0 assert rsop['/PAS/ConfigurationSetting/CloudProviders/EnableUnmanagedPasswordRotationReminder'] == (self.enable_reminder is True), f"Policy wrong {rsop}" assert rsop['/PAS/ConfigurationSetting/CloudProviders/UnmanagedPasswordRotationReminderDuration'] == min_days_numeric, f"Policy wrong {rsop}"
def test_nested_secret_with_backslashes(core_session, pas_general_secrets, cleanup_secrets_and_folders): """test method to add nested secret with '\\' """ secrets_list = cleanup_secrets_and_folders[0] folder_list = cleanup_secrets_and_folders[1] secrets_params = pas_general_secrets secret_prefix = guid() secret_parameters = { 'SecretName': secret_prefix + secrets_params['nested_secret_backslashes'], 'SecretText': secrets_params['secret_text'], 'Type': 'Text', 'Description': secrets_params['secret_description'], 'FolderId': '' } logger.info( f'Creating nested secrets : { secrets_params["nested_secret_backslashes"]}' ) """Api to create nested secret with backslashes""" secret_result = core_session.post(EndPoints.SECRET_ADD, secret_parameters).json() logger.info( f'Secret Created successfully:{secret_result}{secret_result["success"]}' ) assert secret_result[ 'success'], f'Not able to create secret with {secret_result}' secret_id = secret_result["Result"] """Api to get secret activity""" secret_activity = UserManager.get_secret_activity(core_session, secret_id) logger.info(f'Secret Created activity:{secret_activity} ') str1 = 'added a secret "Topsecret" of type "Text"' assert str1 in secret_activity[0]['Detail'], "Failed to assert" """Api to get text type secret details""" get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, secret_id) logger.info(f'Secret created details: {get_secret_details}') child_folder = get_secret_details['FolderId'] parent_path = get_secret_details['ParentPath'] parent_folder_name = parent_path.split('\\') parent_folder_sliced = parent_folder_name[0] parent_id = get_folder(core_session, parent_folder_sliced) logger.info( f'parent folder id::{parent_id["Result"]["Results"][0]["Row"]["ID"]}') secrets_list.append(secret_id) folder_list.append(child_folder) folder_list.append(parent_id['Result']['Results'][0]['Row']['ID']) logger.info(f'Added folder deleted successfully : {folder_list}') logger.info(f'Added Secret deleted successfully : {secrets_list}')
def test_assign_edit_permission_to_shared_report(core_session, create_report, users_and_roles): """ TCID: C6352 Assign 'Edit' permission to shared report :param core_session: Centrify Authentication session :param create_report: To create the report :param users_and_roles: To open an UI and assign specific right to user """ my_report = create_report(core_session, "Select Name From Server", dir="/Reports") report_name = my_report['Name'] grant_str = "0000000000000000000000000000000000000000000000000000000011101100" ui = users_and_roles.get_ui_as_user("MFA Unlock") user = ui.get_user() user_name = user.get_login_name() user_id = user.get_id() role = UserManager.get_user_role_rights(core_session, user_id) assign_result = ReportsManager.assign_directory_rights_to_role(core_session, "/Reports", [{"Role": role['Result']['Results'][0]['Entities'][0][ 'Key'], "Rights": ["Read"]}, {"Role": "Everybody", "Rights": ["Read"] }]) assert assign_result, f'Failed to give the read the permission to Shared Folder' result, success, message = ReportsManager.update_report_permission(core_session, user_name, user_id, grant_str, report_name, ['ReadWrite']) assert success, f'Failed to assign Edit permission to MFA user:{message}' logger.info(f'Successfully assign the Edit permission to MFA user:{result}') ui.navigate("Reports", check_rendered_tab=False) ui.expect_disappear(LoadingMask(), "Report page did not load properly", 60) ui.expect(RestCallComplete(), "Expected rest call to complete.") ui.expect(TreeFolder("Shared Reports"), "Failed to find shared Reports Tab under Reports", time_to_wait=60) shared_reports_button = ui._searchAndExpect(TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=60) shared_reports_button.try_click() ui.expect(GridCell(report_name), f'Can not see the shared report which assigned Edit permission to MFA user') ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name) ui.action("Modify", report_name) session = users_and_roles.get_session_for_user('MFA Unlock') query = "Select * From role" result, success, message = ReportsManager.modify_report(session, "/Reports", report_name, query) assert success, f'Script editor could not modified successfully:{message}' logger.info(f'Script editor could not modified successfully:{result}') ui.tab("Permissions") ui.expect(DisabledButton("Add"), "Add is not grey can edit the permission") logger.info(f"'Add' button is grey, and cannot modify the existing permission")
def test_select_two_records_in_my_system_account_field( core_session, create_resources_with_accounts, core_admin_ui, cleanup_accounts): """ Test case id : C14833 :param core_session: Centrify session :param create_resources_with_accounts: fixture to create system with accounts :param core_admin_ui: Ui session :param cleanup_accounts: cleanup fixture for accounts after test completion """ sys = create_resources_with_accounts(core_session, 1, 'Windows', 2)[0] acc = sys['Accounts'] sys1 = acc[0]["User"] sys2 = acc[1]["User"] ui = core_admin_ui admin_user_uuid = UserManager.get_user_id( core_session, ui.user.centrify_user["Username"]) rights = "View,Login,UserPortalLogin" for account in range(len(acc)): result, status = ResourceManager.assign_account_permissions( core_session, rights, ui.user.centrify_user["Username"], admin_user_uuid, pvid=acc[account]['ID']) assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}. returned result is: {result}' logger.info( f'rights {rights} are provided to {ui.user.centrify_user["Username"]} for account {acc[account]["Name"]}' ) ui.user_menu('Reload Rights') ui.navigate(('Workspace', 'My System Accounts')) # Expecting to find both added systems in My System Account List in workspace ui.expect( GridRowByGuid(acc[0]["ID"]), f'Expected to find system {sys1} in My System Account but did not') ui.expect( GridRowByGuid(acc[1]["ID"]), f'Expected to find system {sys2} in My System Account but did not') ui.check_actions(['Rotate credentials', 'Manage Accounts', 'Add To Set'], [sys1, sys2]) logger.info('Add To set option is available')
def test_assign_grant_permission_to_shared_reports(core_session, create_report, users_and_roles): """ TCID: C6353 Assign 'Grant' permission to shared report :param core_session: Centrify Authentication Session """ my_report = create_report(core_session, "Select Name From Server", dir="/Reports") report_name = my_report['Name'] session_user = core_session.get_user() session_user_name = session_user.get_login_name() session_user_id = session_user.get_id() grant_str = "0000000000000000000000000000000000000000000000000000000011101101" ui = users_and_roles.get_ui_as_user("Federation Management") user_details = ui.get_user() user_name = user_details.get_login_name() user_id = user_details.get_id() role = UserManager.get_user_role_rights(core_session, user_id) assign_result = ReportsManager.assign_directory_rights_to_role(core_session, "/Reports", [{"Role": role['Result']['Results'][0]['Entities'][0][ 'Key'], "Rights": ["Read"]}, {"Role": "Everybody", "Rights": ["Read"] }]) assert assign_result, f'Failed to give the read the permission to Shared Folder' result, success, message = ReportsManager.update_report_permission(core_session, user_name, user_id, grant_str, report_name, ['Owner']) assert success, f'Failed to assign grant permission to Federation user:{message}' logger.info(f'Successfully assign the grant permission to federation user:{result}') ui.navigate("Reports", check_rendered_tab=False) ui.expect_disappear(LoadingMask(), 'Report page did not load properly') ui.expect(TreeFolder("My Reports"), "Failed to find Shared Reports Tab under Reports", time_to_wait=30) ui.expect(TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=30).try_click() ui.expect(GridCell(report_name), f'Can not see the shared report which assigned grant permission to federation user') ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name) ui.action("Modify", report_name) ui.expect(Div("Report Builder"), f'Failed to enter report detail page') session = users_and_roles.get_session_for_user('Federation Management') result, success, message = ReportsManager.update_report_permission(session, session_user_name, session_user_id, grant_str, report_name, ['Owner']) assert success, f'Failed to save permission, API response: {message}' logger.info(f'Permission saved successfully:{result}')
def test_user_login_from_invited_email( create_user_with_policy_enable_auth_email, core_session, get_email_authentication_link): """ Login Portal using invited email link with user """ user = create_user_with_policy_enable_auth_email is_invite = UserManager.invite_users_by_action(core_session, [user.get_login_name()]) assert is_invite # to get the user email link urls = get_email_authentication_link(user.get_login_name().lower()) # Access the Link for authentication session = requests.session() response = session.request("POST", urls) assert user.get_login_name().lower() in str(response.content).lower(), f"User {user.get_login_name()} " \ f"MFA Login Failed"
def test_bulk_system_delete_generates_secret(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 3, list_of_created_systems) batch3 = ResourceManager.add_multiple_ssh_systems_with_accounts(core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) all_non_ssh_systems, all_non_shh_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = RedrockController.get_query_for_ids('Server', all_systems) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, True, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.strip().count("\n") == len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_non_shh_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" # Commenting following assert as AutomationTestKey is not available in secret_file_contents, Tested on both AWS, # Azure devdog tenants # assert 'AutomationTestKey' in secret_file_contents, f"Name of SSH key did not appear in secret file {secret_file_contents}" for server_id in all_non_ssh_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_non_shh_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_bulk_system_delete_generates_secret_with_garbage_in_list(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() clean_delete_system_ids = list(all_systems) delete_system_ids = ["foo", "", clean_delete_system_ids[2]] + clean_delete_system_ids + ["!@#$%^&*()", "1", "?", "Jason Alexander", "bar"] ResourceManager.del_multiple_systems(core_session, delete_system_ids, savepasswords=True, secretname=secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("bsd_tst_usr_") == len( all_accounts), f"Secret file contained the wrong number of accounts {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_grant_view_portal_login_permission_to_privileged_access_service_user(core_session, system_with_ssh_account, core_admin_ui): """ TC: C2069 :param core_session: Authenticated Centrify session. :param system_with_ssh_account: Valid unix system with ssh account :param core_admin_ui: Authenticated browser session. """ system_id, account_id, ssh_id, system_list, account_list, ssh_list = system_with_ssh_account ui = core_admin_ui user_id = UserManager.get_user_id(core_session, ui.user.centrify_user['Username']) result, status = ResourceManager.assign_account_permissions(core_session, rights="View,Login,UserPortalLogin", principal=ui.user.centrify_user['Username'], principalid=user_id, pvid=account_id) assert status, f'failed to assign UserPortalLogin permission of account to user {ui.user.centrify_user["Username"]}' logger.info(f'UserPortalLogin permission of account assigned successfully to user ' f'{ui.user.centrify_user["Username"]}') ui = core_admin_ui # "SSH Key" on column "Credential Type" result, status = ResourceManager.get_workspace_my_system_account(core_session) for account in result: if account['Host'] == system_id: assert account['CredentialType'] == 'SshKey', f'SSH Key not displayed in CredentialType column in ' \ f'My System Account' logger.info('SSH key displayed in Credential type column.') # Login to the ssh account ui.navigate(('Workspace', 'My System Accounts')) ui.right_click_action(GridRowByGuid(account_id), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear(LoadingMask(), 'RDP session never exited loading state for system', time_to_wait=60) ui.switch_to_main_window() status, result = ResourceManager.get_my_active_sessions(core_session, account_id) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info(f'details for active account found in My Active sessions, returned row is {result}.')
def test_add_sap_ase_db_with_unmanaged_account(core_session, add_database_with_account): """ Test case: C286609 :param core_session: Authenticated Centrify session :param add_database_with_account: fixture to create database with account """ db_name, db_id, db_account_id, db_data, database_cleaner_list, account_cleaner_list = \ add_database_with_account(db_class='sapase', add_account=True) result = UserManager.security_refresh_token(core_session) assert result['success'], 'failed to refresh Centrify session.' db_row = RedrockController.get_database(core_session, db_id=db_id) assert db_name == db_row[ 'Name'], f'"{db_name}" not found in Centrify portal.' logger.info( f'Database {db_name} found in Centrify portal with details {db_row}') result, status = ResourceManager.check_account_health( core_session, db_account_id) assert status, f"failed to verify DB account {db_data['db_account']} health" logger.info( f"database account {db_data['db_account']} verified successfully")
def agent_get_user(core_tenant_global, core_session_global): """Creates a random user to be used for agent enrollment :return: agent name (str) """ session = core_session_global tenant = core_tenant_global username = tenant['admin_user'] suffix = username.split("@")[1] response = UserManager.create_random_user(session, suffix) logger.debug("User created: " + response['Name'] + " uuid: " + response['Uuid']) response1 = UserManager.create_random_user(session, suffix) logger.debug("User created: " + response1['Name'] + " uuid: " + response1['Uuid']) yield response["Name"], response1["Name"] UserManager.delete_user(session, response['Uuid']) logger.debug("User deleted: " + response['Name']) UserManager.delete_user(session, response1['Uuid']) logger.debug("User deleted: " + response1['Name'])
def test_checkout_lifetime_to_blank(core_session, pas_windows_setup): """ TC:C2213 Set the Checkout lifetime to blank. :param core_session: Returns a API session. :param pas_windows_setup: Returns a fixture """ # Getting the Id of the user. user_details = core_session.__dict__ user_id = user_details['auth_details']['UserId'] # Adding a system with account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) # Setting the lifetime checkout to 15 min. checkout_lifetime = 15 updated_account_result, update_account_success = \ ResourceManager.update_account(core_session, account_id, sys_info[4], host=system_id, ismanaged=False, default_checkout_time=checkout_lifetime) assert update_account_success, f"Failed to add default checkout time: API response result:{updated_account_result}" logger.info( f'Successfully added default checkout time: {updated_account_result}"') # Checking the lifetime checkout value. account_info_result, account_info_success = ResourceManager.get_account_information( core_session, account_id) account_checkout_lifetime = account_info_result['VaultAccount']['Row'][ 'DefaultCheckoutTime'] assert account_checkout_lifetime == checkout_lifetime, f'Failed to found default checkout time in account info: ' \ f'API response ' \ f'result:{account_info_result} ' logger.info( f"Successfully Found check out time in account info: {account_checkout_lifetime}" ) # Setting the lifetime checkout to blank. updated_account_result, update_account_success = ResourceManager.update_account( core_session, account_id, sys_info[4], host=system_id, ismanaged=False, default_checkout_time=None) assert update_account_success, f"Failed to update default checkout time to blank: " \ f"API response result:{updated_account_result} " logger.info( f'Successfully updated default checkout time to blank:{updated_account_result}. ' ) # Checking the lifetime checkout value. account_info_result, account_info_success = ResourceManager.get_account_information( core_session, account_id) updated_account_checkout_lifetime = account_info_result['VaultAccount'][ 'Row'] assert 'DefaultCheckoutTime' not in updated_account_checkout_lifetime, "DefaultCheckoutTime is present" logger.info( f"'DefaultCheckoutTime' is not present in account info: {updated_account_checkout_lifetime}" ) # Refreshing the page. refresh_result = UserManager.refresh_token(core_session, user_id) assert refresh_result[ "success"], f"Failed to reload:API response result:{refresh_result}" # Checking the lifetime value after refresh. modified_account_info_result, modified_account_info_success = ResourceManager. \ get_account_information(core_session, account_id) modified_account_checkout_lifetime = modified_account_info_result[ 'VaultAccount']['Row'] assert 'DefaultCheckoutTime' not in modified_account_checkout_lifetime, "DefaultCheckoutTime is present" logger.info( f"'DefaultCheckoutTime' is not present in account info: {updated_account_checkout_lifetime}" )
def test_user_type_parameter(core_session, cleanup_accounts, cleanup_reports): """ TCID: C6341 Create report with User type parameter required :param core_session: Centrify Authentication session """ user_list = cleanup_accounts[2] session_user = core_session.__dict__ display_name_1 = session_user['auth_details']['DisplayName'] user_create_data = Configs.get_test_node('platform_report_data', 'automation_main') prefix = user_create_data['prefix'] user_alias = core_session.auth_details['User'].split('@')[1] user_name_2 = prefix + guid() + "@" + user_alias user_props = { "Mail": user_create_data['user_email'], "Password": user_create_data['password'], "PasswordNeverExpire": True, "DisplayName": user_create_data['display_name'], "Username": user_name_2, "Name": user_name_2 } success, result_user_2 = UserManager.create_user_with_args( core_session, user_props) assert success, f'Failed to create an user:{result_user_2}' logger.info(f'Successfully created an user:{result_user_2}') reports = Reports(core_session, pop_prefix_base) report = reports.create_report({ "Name": "report_A", "Query": "select Username, LastLogin from user where DisplayName= @userNM", "Parameters": [{ "Type": "User", "Name": "userNM", "Label": "Input searched username", "ObjectProperty": "DisplayName" }] }) assert report, f'Failed to create the report:{report}' logger.info(f'Successfully Created report: {report}') # Actual result for all user list with display name same as session user display name. # and this details will compare all the user from reports page actual_script_1 = f'Select Username, LastLogin from user where DisplayName = "{display_name_1}"' actual_user_list_1 = [] actual_result_1 = RedrockController.redrock_query(core_session, actual_script_1) for user in actual_result_1: actual_user_list_1.append(user['Row']) # Expected result for all users which user name same as session user display name and will assert the list # of users of actual session user display name list expected_result_1 = RedrockController.get_report_result_list_of_user( core_session, "userNM", display_name_1, "Input searched username") expected_user_list_1 = [] for expected_result in expected_result_1: expected_user_list_1.append(expected_result['Row']) assert expected_user_list_1 == actual_user_list_1, f'The report result list all users whose DisplayName is not ' \ f'same with selected users DisplayName:{actual_user_list_1}' logger.info(f'The report result list all users whose DisplayName is ' f'same with selected users displayname:{expected_user_list_1}') # Actual result for all user list with display name same as another user display name. # and this details will compare all the user from reports page actual_script_2 = f'Select Username, LastLogin from user where DisplayName = "{user_create_data["display_name"]}"' actual_user_list_2 = [] actual_result_2 = RedrockController.redrock_query(core_session, actual_script_2) for user in actual_result_2: actual_user_list_2.append(user['Row']) # Expected result for all users which user name same as another user display name and will assert the list # of users of actual another user display name list expected_result_2 = RedrockController.get_report_result_list_of_user( core_session, "userNM", user_create_data['display_name'], "Input searched username") expected_user_list_2 = [] for user in expected_result_2: expected_user_list_2.append(user['Row']) assert expected_user_list_2 == actual_user_list_2, f'The report result list all users whose DisplayName is not ' \ f'same with selected users DisplayName:{actual_user_list_2}' logger.info(f'The report result list all users whose DisplayName is ' f'same with selected users displayname:{expected_user_list_2}') # Delete the created user user_list.append(result_user_2) found_report = reports.get_report_by_name(core_session, report['Name'] + ".report") cleanup_reports.append(found_report['Path'])
def test_string_type_parameter(core_session, created_suffix, suffix_cleaner, cleanup_accounts, cleanup_reports): """ TCID: C6340 Create report with String type parameter required :param created_suffix: centrify Authentication Session :param core_session: Fixture to add the suffix :param suffix_cleaner: Fixture to delete the created suffix :param cleanup_accounts: Fixture to delete the created user :param cleanup_reports: Fixture to delete the created report """ user_list = cleanup_accounts[2] user_create_data = Configs.get_test_node('platform_report_data', 'automation_main') prefix = user_create_data['prefix'] user_alias = core_session.auth_details['User'].split('@')[1] user_name_1 = prefix + guid() + "@" + user_alias user_props = { "Mail": user_create_data['user_email'], "Password": user_create_data['password'], "PasswordNeverExpire": True, "Username": user_name_1, "Name": user_name_1 } success, result_user_1 = UserManager.create_user_with_args( core_session, user_props) assert success, f'Failed to create an user:{result_user_1}' logger.info(f'Successfully created an user:{result_user_1}') suffix_alias = created_suffix user_name_2 = prefix + guid() + "@" + suffix_alias['alias'] user_props = { "Mail": user_create_data['user_email'], "Password": user_create_data['password'], "PasswordNeverExpire": True, "Username": user_name_2, "Name": user_name_2 } success, result_user_2 = UserManager.create_user_with_args( core_session, user_props) assert success, f'Failed to create an user:{result_user_2}' logger.info(f'Successfully created an user:{result_user_2}') reports = Reports(core_session, pop_prefix_base) report = reports.create_report({ "Name": "report_A", "Query": "select Username, " "lastlogin from user where Username like @userNM", "Parameters": [{ "Type": "string", "Name": "userNM", "Label": "Input searched username" }] }) assert report, f'Failed to create the report:{report}' logger.info(f'Successfully Created report: {report}') # All users whose username starts with prefix sript_1 = f"select Username, lastlogin from user where Username like '{prefix}%'" result_prefix = RedrockController.redrock_query(core_session, sript_1) username_with_prefix = [] for username in result_prefix: username_with_prefix.append(username['Row']['Username']) for i in username_with_prefix: assert i.startswith( prefix ), f'The report result user list are not starting with {prefix}' logger.info( f'The report result list all users whose Username starts with: {username_with_prefix}' ) # All users whose username ends with suffix sript_2 = f"select Username, lastlogin from user where Username like '%{suffix_alias['alias']}'" result_suffix = RedrockController.redrock_query(core_session, sript_2) username_with_suffix = [] for username_suffix in result_suffix: username_with_suffix.append(username_suffix['Row']['Username']) for i in username_with_suffix: assert i.endswith( suffix_alias['alias'] ), f'The report result user list are not ending with:{suffix_alias["alias"]}' logger.info( f'The report result list all users whose Username ends with: {username_with_prefix}' ) # Delete created report, user and suffix found_report = reports.get_report_by_name(core_session, report['Name'] + ".report") cleanup_reports.append(found_report['Path']) user_list.append(result_user_2) user_list.append(result_user_1) suffix_cleaner.append(suffix_alias['alias'])
def test_update_retrieve_replace_activity_logged(core_session, added_secrets, pas_general_secrets, users_and_roles, clean_up_policy): """ C3071: Update, retrieve, replace activity logged :param core_session: Authenticated Centrify Session :param added_secrets: Fixture to create text type secret & yield secret id, secret_name :param pas_general_secrets: Fixture to read secret data from yaml file :param users_and_roles: Fixture to create New user with PAS Power Rights :param clean_up_policy: Fixture to clean up the policy created """ secret_suffix = guid() added_text_secret_id, added_text_secret_name = added_secrets secrets_params = pas_general_secrets # API to get new session for User A pas_power_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS User' user_name = pas_power_user_session.auth_details['User'] user_id = pas_power_user_session.auth_details['UserId'] logger.info( f'User with PAS User Rights login successfully: user_Name:{user_name}') # Api to give user permissions to secrets set_permission_result, set_permission_success = set_users_effective_permissions( core_session, user_name, 'View,Grant', user_id, added_text_secret_id[0]) assert set_permission_success, f'Failed to set permission: {set_permission_result}' logger.info( f'Setting permission:{set_permission_result}{set_permission_success}') # Retrieving details(text) of the secret get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, added_text_secret_id[0]) assert get_secret_success, f'Failed to retrieve the secret:{get_secret_text}' logger.info(f' Retrieved secret details: {get_secret_details} ') # Api to create new policy policy_result = PolicyManager.create_new_auth_profile( core_session, secrets_params['policy_name'] + secret_suffix, ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Api to update secret(assign policy & update name) policy_assigned = update_secret(core_session, added_text_secret_id[0], secrets_params['updated_secret_name'] + secret_suffix, policy_id=policy_result) assert policy_assigned[ 'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}') # Api to retrieve the activity of the secret rows_result = UserManager.get_secret_activity(core_session, added_text_secret_id[0]) assert rows_result, f'Failed to fetch Secret updated details & activity fetched:{rows_result}' logger.info(f'Activity list:{rows_result}') assert 'updated the secret' in rows_result[0][ "Detail"], f'Failed to update the secret:{rows_result[0]["Detail"]}' assert 'viewed the secret' in rows_result[1][ "Detail"], f'Failed to retrieve the secret :{rows_result[1]["Detail"]}' added_secret_status = False added_permissions_status = False for rows in rows_result: if 'added a secret' in rows['Detail']: added_secret_status = True assert added_secret_status, f'Failed to add secret: {added_secret_status}' for rows in rows_result: if 'granted User' in rows['Detail']: added_permissions_status = True assert added_permissions_status, f'Failed to add permissions: {added_permissions_status}' # Api to remove policy from the secret policy_assigned = update_secret(core_session, added_text_secret_id[0], added_text_secret_name) assert policy_assigned[ 'success'], f'Failed to remove policy from secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy removed from secret: {policy_assigned}')
def test_cloud_admin_login_from_my_system_account(core_session, pas_config, core_admin_ui, cleanup_accounts, cleanup_resources, remote_users_qty1): """ Test case: C14831 :param core_session: centrify session :param core_admin_ui: Centrify UI session """ maximum_event_wait_time = 120 account_list = cleanup_accounts[0] system_list = cleanup_resources[0] systems = ServerManager.get_all_resources(core_session) accounts = ServerManager.get_all_accounts(core_session) for system in systems: system_list.append(system['ID']) for account in accounts: account_list.append(account['ID']) system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) ui = core_admin_ui admin_user_uuid = UserManager.get_user_id( core_session, ui.user.centrify_user["Username"]) # assigning cloud admin workspace login permission rights = "View,Login,UserPortalLogin" result, status = ResourceManager.assign_account_permissions( core_session, rights, ui.user.centrify_user["Username"], admin_user_uuid, pvid=acc_result) assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \ f'returned result is: {result}' # Updating allow remote to enable RDP session for targeted system result, success = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, "Windows", allowremote=True) assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}' ui.navigate(('Workspace', 'My System Accounts')) ui.expect( GridRow(sys_name), f'Expected to find system {sys_name} in My System Account but did not') ui.right_click_action(GridRow(sys_name), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear( LoadingMask(), 'Error occurred while launching workspace login session', time_to_wait=250) ui.switch_to_main_window() # wait for manged password change event filter = [['AccountName', add_user_in_target_system[0]]] RedrockController.wait_for_event_by_type_filter( core_session, "Cloud.Server.LocalAccount.RDPSession.Start", filter=filter, maximum_wait_second=maximum_event_wait_time) # wait for 20 seonds # Api call to get details of account active session status, result = ResourceManager.get_my_active_sessions( core_session, acc_result) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info( f'details for active account {add_user_in_target_system[0]} are {result}' ) ui.navigate('Resources', 'Systems') ui.search(sys_name) ui.expect(GridRowByGuid(add_sys_result), expectation_message= f'failed to search for the system by id {add_sys_result}') ui.click_row(GridRowByGuid(add_sys_result)) # fetching Active session value from system view page ui.inner_text_of_element(ActiveSessionTextCount(), expectation_message='1', warning_message="RDP Not taken from user") logger.info(f'Active session value incremented to 1: Active Sessions:1')
def test_multiple_updates_in_permissions_policy_name_verify_all_2( core_session, added_secrets, pas_general_secrets, users_and_roles, clean_up_policy): """ test method to verify multiple updates like (permissions, policy, name ..) for a secret :param core_session: Authenticated Centrify Session :param added_secrets: Fixture to create text type secret & yield secret id, secret_name :param pas_general_secrets: Fixture to read secret data from yaml file :param users_and_roles: Fixture to create New user with PAS Power Rights :param clean_up_policy: Fixture to clean up the policy created """ secret_prefix = guid() added_text_secret_id, added_text_secret_name = added_secrets secrets_params = pas_general_secrets application_management_user = users_and_roles.get_user( 'Privileged Access Service Power User') user_name = application_management_user.get_login_name() user_id = application_management_user.get_id() # API to set user permissions for text_type_secret set_permissions_result, set_permissions_success = set_users_effective_permissions( core_session, user_name, 'View,Grant,Edit', user_id, added_text_secret_id[0]) assert set_permissions_success, f'setting permissions for file type secret failed: {set_permissions_result}' logger.info( f'setting permissions for text type secret: {set_permissions_success} {set_permissions_result}' ) # Api to create new policy policy_result = PolicyManager.create_new_auth_profile( core_session, secret_prefix + secrets_params['policy_name'], ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Api to assign policy to the secret policy_assigned = update_secret(core_session, added_text_secret_id[0], added_text_secret_name, policy_id=policy_result) assert policy_assigned[ 'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}') # Api to update settings(secret_name) of the secret result = update_secret( core_session, added_text_secret_id[0], secret_prefix + secrets_params['updated_secret_name']) assert result[ 'success'], f'Not Able to update the settings {result["Result"]} ' logger.info( f'Updating the settings for secret: {result["success"]} & {result["Exception"]}' ) # Api to retrieve the activity of the secret rows_result = UserManager.get_secret_activity(core_session, added_text_secret_id[0]) assert rows_result is not None, f'Unable to fetch Secret updated details & activity fetched:{rows_result}' logger.info(f'activity list:{rows_result}') verify_name = 'update_secret1' verify_permissions = 'View , Grant , Edit' permissions_updated = False assert verify_name in rows_result[0][ "Detail"], f'Unable to update the name:{rows_result[0]["Detail"]}' logger.info(f'Secret Updated details: {rows_result[0]["Detail"]}') for x in rows_result: if verify_permissions in x['Detail']: permissions_updated = True assert permissions_updated, f'Unable to update the permissions: {permissions_updated}'
def test_normal_user_save_admin_account_without_grant_permission(core_session, domain_config_data, get_admin_user_module): """ Tc# C282246 Steps for this scenario using API: 1)Login Admin Portal as a Normal User 2)Call API to clear administrative account 3)Set Administrative account from active directory by calling set Administrative account API """ conf = domain_config_data limited_sesh, limited_user = get_admin_user_module name = conf['pas_bat_scenario1_infrastructure_data'][0] domain_name = name["Domain_name2"] domain_list = [domain_name] data = conf['pas_scenario1_new_accounts'][0] user = conf['pas_scenario1_new_accounts'][1] admin_user = user['User_name'] user_data = core_session.get_user() username = user_data.get_login_name() user_id = user_data.get_id() # Get the domain Id from domain section script = f'Select ID from VaultDomain where Name = "{domain_name}"' request = RedrockController.redrock_query(core_session, script) directory_service = request[0]['Row']['ID'] permissions = "Edit" result, add_domain_account_success = ResourceManager.set_domain_account_permissions(core_session, permissions, limited_user.get_login_name(), limited_user.get_id(), id=directory_service, pvid=directory_service, rowkey=directory_service) assert add_domain_account_success, f'Failed to set add account permission in the domain {result}' logger.info(f"add account permission set successfully in the Domain.") directory_services = CoreManager.get_directory_services(core_session) logger.info(f" Successfully get all the Domain Directory Services.") # Get the Active Domain Directory Service for child_directory_service in directory_services.json()['Result']['Results']: if child_directory_service['Row']['Name'] == name['Domain_name4']: child_directory_service = child_directory_service['Row']['directoryServiceUuid'] break active_directory_service_child_domain, add_success = UserManager.directory_query_user(core_session, admin_user, [child_directory_service]) # set permission permissions = "Grant,View,Edit,Delete,UnlockAccount,AddAccount" result, add_domain_account_success = ResourceManager.set_domain_account_permissions(core_session, permissions, username, user_id, id=directory_service, pvid=directory_service, rowkey=directory_service) assert add_domain_account_success, f'Failed to set permission in the domain {result}' logger.info(f" Permission set successfully in the Domain.") admin_account = active_directory_service_child_domain['SystemName'] result, add_admin_account_success, message = ResourceManager.set_administrative_account( core_session, domain_list, password=data['Password'], user=admin_account, directoryservices=child_directory_service) assert add_admin_account_success, f'Failed to set administrative account of Active Directory: {message}' logger.info(f"Administrative account for Active Directory set successfully in the Domain.{result}") # Clear Administrative account by Normal User in Admin Portal result, clear_admin_account_success, message = ResourceManager.set_administrative_account(get_admin_user_module[0], domain_list) assert clear_admin_account_success, f'Failed to clear administrative account {message}' logger.info(f"Administrative account for Active Directory clear successfully in the Domain.{message}") # Normal User set an Administrative account result, add_admin_account_success, message = ResourceManager.set_administrative_account( get_admin_user_module[0], domain_list, password=data['Password'], user=admin_account, directoryservices=child_directory_service) assert add_admin_account_success is False, f'Successfully set administrative account. {result}' logger.info(f"Failed to set administrative account, {message}.")
def verify_step_5(self): # todo: Revisit combining all verify steps counts_as_none = [None, '', '--', []] assert self.root_email is not None, "This should not be called if root account not configured" cp_row = self._cloud_provider_db_row() results, success = CloudProviderManager.\ get_account_db_rows_by_cloud_provider_id(self.session, cp_row['ID'], root_accounts=True, retries=10) assert success and len(results) == 1, f"Expected exactly one result {results}" result = results[0] account_id = result['ID'] result = UserManager.user_policy_pas_summary(self.session, cp_row['ID'], "CloudProviders", None) result_data = self.session.get_response_data(result) rsop = result_data["rsop"] result = UserManager.user_policy_pas_summary(self.session, account_id, "VaultAccount", None) result_data = self.session.get_response_data(result) rsop2 = result_data["rsop"] key = '/PAS/CloudProviders/LoginRules' login_rules = None if key in rsop: login_rules = rsop[key] if login_rules in counts_as_none: login_rules = None if self.login_conditional_rules is not None: expected_value = [{'Conditions': [{'Prop': 'IpAddress', 'Op': 'OpInCorpIpRange'}], 'ProfileId': self.policies_map[self.login_conditional_rules]}] actual_value = json.dumps(login_rules['_Value'], sort_keys=True) expected_value = json.dumps(expected_value, sort_keys=True) assert actual_value == expected_value, f"Invalid policy for login conditional {actual_value} expected {expected_value}" else: assert login_rules is None or login_rules['_Value'] in counts_as_none, f"Policy should be none for login conditional {login_rules}" key = '/PAS/CloudProviders/LoginDefaultProfile' actual_id = None if key in rsop: actual_id = rsop[key] if actual_id in counts_as_none: actual_id = None expected_id = None if self.login_default_rules is not None: expected_id = self.policies_map[self.login_default_rules] if expected_id in counts_as_none: expected_id = None assert actual_id == expected_id, f"Invalid default login rules {actual_id} != {expected_id}" expected_id = None if self.checkout_default_rules is not None: expected_id = self.policies_map[self.checkout_default_rules] actual_id = None key = '/PAS/VaultAccount/PasswordCheckoutDefaultProfile' if key in rsop2: actual_id = rsop2[key] if actual_id in counts_as_none: actual_id = None assert actual_id == expected_id, f"Invalid default checkout rules {rsop2}" key = '/PAS/VaultAccount/PasswordCheckoutRules' actual_value = None if key in rsop2: actual_value = rsop2[key]['_Value'] if actual_value in counts_as_none: actual_value = None expected_value = None if self.checkout_conditional_rules is not None: expected_value = [{'Conditions': [{'Prop': 'IpAddress', 'Op': 'OpInCorpIpRange'}], 'ProfileId': self.policies_map[self.checkout_conditional_rules]}] if expected_value in counts_as_none: expected_value = None else: actual_value = json.dumps(actual_value, sort_keys=True) expected_value = json.dumps(expected_value, sort_keys=True) assert actual_value == expected_value, f"Invalid root account conditional policy {actual_value} {expected_value}"