def test_add_managed_account_without_password_when_policy_is_not_enabled( core_session, ad_session, domain_config_data, set_domain_administrative_account, cleanup_accounts): """ TC ID: C1332 Add a managed account without password when automatic maintenance policy is not enabled :param core_session: Centrify authentication session :param set_domain_administrative_account: Fixture to set administrative account """ session, api_user = ad_session account_list = cleanup_accounts[0] directory_service_Name, directory_service_Admin_ID, directory_service_ID = set_domain_administrative_account account_id, success_status = ResourceManager.add_account( core_session, api_user.user_input.name, password='', ismanaged=True, domainid=directory_service_ID) assert success_status is False, f'failed to add account{account_id}' account_list.append(account_id) logger.info( f'Cannot add managed account or update account from un managed to managed without ' f'password as automatic account maintenance is not enabled:{account_id}' )
def test_update_unmanaged_account(core_session, set_domain_administrative_account, cleanup_accounts): """ TC ID: C1333, Update an unmanaged account without password to managed when automatic maintenance policy is set as :param set_domain_administrative_account: To open a browser and login with the admin account :param core_session: To create a session """ directory_service_Name, directory_service_Admin_ID, directory_service_ID = set_domain_administrative_account accounts_list = cleanup_accounts[0] unmanaged_account = f'user{guid()}' account_id, success_status = ResourceManager.add_account( core_session, unmanaged_account, password='', domainid=directory_service_ID) assert success_status, f'failed to add account{account_id}' logger.info(f'Successfully add the account{account_id}') result, success = ResourceManager.update_account( core_session, account_id, unmanaged_account, domainid=directory_service_ID, ismanaged=True) assert success is False, f'Successfully update the account:{result}' logger.info( f'Cannot add managed account or update account from unmanaged to managed ' f'without password as automatic account maintenance is not enabled:{result}' ) accounts_list.append(account_id)
def test_add_account_without_add_account_permission(core_session, domain_config_data, create_domain, cleanup_accounts): """ TC:- C1325 Add account without Add Account permission Steps for this scenario using API: 1) Add Domain Accounts without Add Account Permission System configuration received through test_pas_bat_domain.yaml stored in config/tests/PAS/PAS_BAT """ user_details = core_session.__dict__ domain_id = create_domain account_list = cleanup_accounts[0] assert domain_id, f'failed to create domain with response {domain_id}' conf = domain_config_data data = conf['pas_scenario1_new_accounts'][0] permissions = "Grant,View,Edit,Delete" result, add_domain_account_success = ResourceManager.set_domain_account_permissions( core_session, permissions, user_details["auth_details"]["User"], user_details["auth_details"]["UserId"], pvid=domain_id) assert add_domain_account_success, f'Failed to set add account permission in the domain {result}' logger.info(f"add account permission set successfully in the Domain.") new_account_id, add_account_success = ResourceManager.add_account( core_session, data['User_name'], data['Password'], domainid=domain_id) assert add_account_success is False, ( f"Successfully added domain account: {data['User_name']}") account_list.append(new_account_id) logger.info( f"Failed to add Account in the Domain, Add Account permission for this domain is required: {new_account_id}" )
def test_add_system_account_with_win_rm(core_session, pas_windows_setup): """C2536 Add system with managed account with WinRM http setting validate the added Account with win rm and check out password after 5 minutes""" # Getting system details. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( True) # Verifying Default management mode should be 'RpcOverTcp' system_rows = RedrockController.get_computer_with_ID( core_session, system_id) assert system_rows[ 'ManagementMode'] == 'RpcOverTcp', "Default Management mode is not RpcOverTcp" logger.info("Default Management mode is RPC Over TCP") # Checkout Password checkout_password_result, checkout_password_success = ResourceManager. \ check_out_password(core_session, lifetime=1, accountid=account_id) assert checkout_password_success, f"Failed to checkout password due to {checkout_password_result}" logger.info("Password checkout successfully") assert checkout_password_result[ 'Password'] != user_password, "Password is same after adding managed account" logger.info("Password updated after adding managed account") success, response = ResourceManager.update_system( core_session, system_id, sys_info[0], sys_info[1], 'Windows', proxycollectionlist=connector_id, chooseConnector="on", managementmode="WinRMOverHttp") assert success, "Failed to update system" logger.info(f"Successfully updated system '{sys_info[0]}'") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, sys_info[6], password=user_password, host=system_id, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info(f"Successfully added account {sys_info[6]} in the portal") # Checkout Password after changing management mode to WinRMOverHttp checkout_password_winrm, checkout_password_success = ResourceManager. \ check_out_password(core_session, lifetime=1, accountid=acc_result) assert checkout_password_success, f"Failed to checkout password due to {checkout_password_winrm}" logger.info("Password checkout successfully") assert checkout_password_winrm[ 'Password'] != user_password, "Password is same after adding managed account" logger.info("Password updated after adding managed account")
def test_add_oracle_sap_ase_account_with_double_quotation_mark( core_session, database_config, add_database_with_account): """ Test case: C1148 :param core_session: Centrify authenticated session :param add_database_with_account: fixture to create database with account as optional :param core_admin_ui: Centrify authenticated ui session """ # Create a oracle DB with account. db_name, db_id, db_account_id, db_data, database_cleaner_list, account_cleaner_list = \ add_database_with_account(db_class='oracle', add_account=False) logger.info(f"Successfully created oracle Database: {db_name}") # Create a SAP DB with account. sap_db_name, sap_db_id, db_account_id, sap_db_data, database_cleaner_list, account_cleaner_list = \ add_database_with_account(db_class='sapase', add_account=False) logger.info(f"Successfully created sap Database: {sap_db_name}") ora_account = f'"{db_data["db_account"]}"' sp_account = f'"{sap_db_data["db_account"]}"' # trying to add Oracle db account with using of double quote string db_account_id, status = ResourceManager.add_account( core_session, user=ora_account, password=db_data['password'], ismanaged=db_data['is_managed'], description=db_data['account_desc'], databaseid=db_id) assert status is False, f'able to add account in database {db_data["db_name"]}, returned status is {status} ' \ f'and id is: {db_account_id}' logger.info(f"Failed to add account in oracle Database: {db_name}") # trying to add sap db account with using of double quote string db_account_id, status = ResourceManager.add_account( core_session, user=sp_account, password=sap_db_data['password'], ismanaged=sap_db_data['is_managed'], description=sap_db_data['account_desc'], databaseid=sap_db_id) assert status is False, \ f'failed to add account in database {sap_db_name}, ' \ f'returned status is {status} and id is {sap_db_id}' logger.info(f"Failed to add account in sap Database: {sap_db_name}")
def test_delete_accounts(core_session, pas_config, remote_users_qty1, cleanup_resources): """ TC C283234: Delete accounts. :param cleanup_resources: cleanup for systems. :param core_session: Authenticates API session :param pas_config: returns yaml object :param remote_users_qty1: Creates account in target system. :param cleanup_resources:clean up system. """ # Clean up system systems_list = cleanup_resources[0] # Getting system details. sys_name = f"{'Win-2012'}{guid()}" sys_details = pas_config sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN'] add_user_in_target_system = remote_users_qty1 user_password = '******' # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, sys_fqdn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") systems_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) # Delete Account. del_account_result, del_account_success = ResourceManager.del_account( core_session, acc_result) assert del_account_success, f'Failed to delete account:API response result:{del_account_result}' logger.info(f"Successfully deleted account:{del_account_result}") # Getting deletion activity. sys_activity = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{core_session.auth_details["User"]} deleted local account "{add_user_in_target_system[0]}" for' \ f' "{sys_name}"({sys_fqdn}) with credential type Password' in \ sys_activity[0]['Detail'], f"Failed to get the delete account activity:API response result:{sys_activity}" logger.info( f"Successfully found deletion activity in system activity:{sys_activity}" )
def test_add_system_with_root_with_managed_proxy_account( core_session, unix_machine_environment_config, cleanup_resources_with_admin, cleanup_accounts, create_unix_users, ssh_session_as_root): """ Test case : C279340 :param ssh_session_as_root: session to create a user_account in unix :param cleanup_accounts: to delete all accounts :param cleanup_resources_with_admin: to delete the all the systems from portal :param unix_machine_environment_config: to get the unix system details :param core_session: Centrify session manager :param create_unix_users: fixture that provide created unix system data """ systems_list = cleanup_resources_with_admin accounts_list = cleanup_accounts[0] conf = unix_machine_environment_config hostname = conf['host'] + "_" + Util.random_string(5) # add users on target system users = create_unix_users(ssh_session_as_root, "manage-unix", 2) logger.info("Users created " + str(len(users))) proxy_user = users[0] accountuser = users[1] new_system_id, add_system_success = ResourceManager.add_system( core_session, hostname, conf["ipaddress"], "Unix", "Ssh", "Unix system") assert add_system_success, "Add System Failed" logger.info(f"Added system Id {new_system_id}") systems_list.append(new_system_id) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, new_system_id, hostname, conf["ipaddress"], 'Unix', proxyuser=proxy_user['Name'], proxyuserpassword=proxy_user['Password'], proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") admin_account_id, add_account_success = ResourceManager.add_account( core_session, accountuser['Name'], accountuser['Password'], new_system_id) assert add_account_success, "Failed to create Account user: root" logger.info(f"Added root Account. Id {admin_account_id}") accounts_list.append(admin_account_id) # Get computer details for update result = RedrockController.get_system(core_session, new_system_id) system = result[0]["Row"] is_managed = system['ProxyUserIsManaged'] assert is_managed, f"Added account is not managed account"
def test_add_unmanaged_account_using_unlock_account_permission( core_session, domain_config_data, get_admin_user_module, cleanup_accounts): """ Steps for this scenario using API: 1)Get the domain that needs to be added managed account with add account permission 2)Set the domain account permission 3)Add unmanaged account in that particular domain """ conf = domain_config_data limited_sesh, limited_user = get_admin_user_module name = conf['pas_bat_scenario1_infrastructure_data'][0] data = conf['pas_scenario1_new_accounts'][0] script = "Select * FROM VaultDomain" account_name = f'{data["User_name"]}{guid()}' account_list = cleanup_accounts[0] request = RedrockController.redrock_query(core_session, script) for directory_service in request: if directory_service['Row']['Name'] == name["Domain_name2"]: directory_service = directory_service['Row']['ID'] break permissions = "Grant,View,Edit,Delete,AddAccount,UnlockAccount" result, add_domain_account_success = ResourceManager.set_domain_account_permissions( core_session, permissions, limited_user.get_login_name(), limited_user.get_id(), id=directory_service, pvid=directory_service, rowkey=directory_service) assert add_domain_account_success, f'Failed to set add account permission in the domain {result}' logger.info(f"add account permission set successfully in the Domain.") request, add_account_success = ResourceManager.add_account( core_session, account_name, data["Password"], ismanaged=data["Ismanaged"], domainid=directory_service, description=None) assert add_account_success, f'Failed to set unmanaged account in the domain {request}' logger.info(f"unmanaged account set successfully in the Domain.") account_list.append(request) result = ResourceManager.del_account(core_session, request) assert result, f'failed to delete account with response {result}' logger.info(f"unmanaged account deleted successfully in the Domain.")
def test_add_managed_account(core_session, unix_machine_environment_config, ssh_session_as_root, create_unix_users, cleanup_resources_with_admin, cleanup_accounts): """ Test case: C279345 :param core_session: Centrify session :param ssh_session_as_root: session to create a user_account in unix :param cleanup_accounts: to delete all accounts :param cleanup_resources_with_admin: to delete the all the systems from portal :param unix_machine_environment_config: to get the unix system details :param create_unix_users: add system with account and yeild system ID, account ID, and system information """ systems_list = cleanup_resources_with_admin accounts_list = cleanup_accounts[0] conf = unix_machine_environment_config hostname = conf['host'] + "_" + Util.random_string(5) # add users on target system users = create_unix_users(ssh_session_as_root, "manage-unix", 1) logger.info("Users created " + str(len(users))) accountuser = users[0] new_system_id, add_system_success = ResourceManager.add_system( core_session, hostname, conf["ipaddress"], "Unix", "Ssh", "Unix system") assert add_system_success, "Add System Failed" logger.info(f"Added system Id {new_system_id}") systems_list.append(new_system_id) admin_account_id, add_account_success = ResourceManager.add_account( core_session, accountuser['Name'], accountuser['Password'], new_system_id, ismanaged=True) assert add_account_success, "Failed to create Account user: root" logger.info(f"Added root Account. Id {admin_account_id}") accounts_list.append(admin_account_id) # Fetching account information to validate desired account is managed or not result, status = ResourceManager.get_account_information( core_session, admin_account_id) assert status, f"failed to retrieve account information, returned result is {result}" is_managed = result['VaultAccount']['Row']['IsManaged'] assert is_managed, "Added account is not managed account"
def test_check_button_status_after_canceling_account_deleted( core_session, add_single_system, pas_config, users_and_roles): """ TC:C2217 Check button status after canceling account deleted with user who just has Delete permission. :param core_session: Returns a API session. :param add_single_system: Returns a fixture. :param users_and_roles: Fixture to manage roles and user. :param pas_config: Read yaml data. """ # Creating a system. created_system_id, system_details = add_single_system # Creating a account. payload_data = pas_config['Windows_infrastructure_data'] account_id, account_success = ResourceManager.add_account( core_session, payload_data['account_name'], payload_data['password'], created_system_id, payload_data['account_type']) assert account_success, f'Failed to create account: API response result:{account_id}' logger.info(f'Successfully created account:{account_id}') # Cloud user session with "Privileged Access Service Power User". cloud_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service Power User') user_name = cloud_user_session.auth_details['User'] user_id = cloud_user_session.auth_details['UserId'] # Assigning account "Delete" permission. assign_account_result, assign_account_success = ResourceManager.assign_account_permissions( core_session, "Delete", user_name, user_id, 'User') assert assign_account_success, f"Failed to assign account permissions: API response result: {assign_account_result}" logger.info( f'Successfully assigned "Delete" permission to user:{assign_account_result}.' ) # Deleting a account by cloud user. del_account_result, del_account_success = ResourceManager.del_account( cloud_user_session, account_id) assert del_account_success, f"Could not delete account:API response result:{del_account_result}" logger.info(f"Successfully deleted account: {del_account_result}")
def test_create_domain_account(core_session, create_domain, domain_config_data): """ Steps for this scenario using API: 1) Add new Domain 2) Add new Domain Accounts System configuration received through test_pas_bat_domain.yaml stored in config/tests/PAS/PAS_BAT """ domain_id = create_domain conf = domain_config_data data = conf['pas_scenario1_new_accounts'][0] new_account_id, add_account_success = ResourceManager.add_account( core_session, data['User_name'], data['Password'], domainid=domain_id, description="This domain should be " "removed by test automation.") assert add_account_success, f"Failed to add Domain account: {data['User_name']}" logger.info(f"domain account added successfully: {new_account_id}") result = ResourceManager.del_account(core_session, new_account_id) assert result, f'failed to delete account with response {result}'
def test_verify_rule_work_correct(core_session, cleanup_accounts, create_basic_pass_profile, pas_setup, remote_users_qty1, cleanup_password_profile): """ TC C281498: Verify the rule (Min number of non-alpha characters) :param core_session: Authenticates API session :param create_basic_pass_profile: Creates a password profile :param pas_setup: Creates system and account :param remote_users_qty1: Creates account in target system :param cleanup_password_profile: Deletes password profile :param cleanup_accounts: Deletes Account """ accounts_list = cleanup_accounts[0] added_system_id, account_id, sys_info = pas_setup logger.info( f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} " f"with UUID: {account_id} associated with it.") profile_list = cleanup_password_profile # Adding user in target machine add_user_in_target_system = remote_users_qty1 user_password = "******" # Adding account in portal acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=added_system_id, ismanaged=True) assert acc_success, f"Failed to add account: {acc_result}" logger.info("Successfully added account in system") # Cleanup Account accounts_list.append(acc_result) # Creating Password Profile profile = create_basic_pass_profile(core_session, 1)[0] profile_name_cps = profile[0]['Name'] cps_prof_id = profile[0]['_RowKey'] # Deleting Password Profile profile_list.append(cps_prof_id) cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id( core_session, cps_prof_id) assert cps_prof_success, f"Failed to create Profile due to {cps_prof_result}" logger.info(f'System successfully updated with result: {cps_prof_result}') # Updating Password Profile update_cps_prof_success = ResourceManager.update_password_profile( core_session, cps_prof_id, profile_name_cps, 8, 20, one_lwr_case=False, one_upp_case=False, one_digit=False, consecutive_chars=False, one_special_char=False, min_alphabetic_char=5, max_alphabetic_char=3, ) assert update_cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user" logger.info(f'Profile {profile_name_cps} successfully updated') cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id( core_session, cps_prof_id) assert cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user" assert cps_prof_result['MinimumPasswordLength'] == 8, \ f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MinimumPasswordLength']} " \ f"instead of 8" logger.info("Successfully updated minimum password length as 8") assert cps_prof_result['MaximumPasswordLength'] == 20, \ f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MaximumPasswordLength']} " \ f"instead of 20" logger.info("Successfully updated minimum password length as 20") assert cps_prof_result['MinimumAlphabeticCharacterCount'] == 5, \ f"Getting Min Password length for Profile {cps_prof_id} is " \ f"{cps_prof_result['MinimumAlphabeticCharacterCount']} instead of 5" logger.info("Updated Minimum Alphabetic Character Count successfully") assert cps_prof_result['MinimumNonAlphabeticCharacterCount'] == 3, \ f"Getting Min Password length for Profile {cps_prof_id} is " \ f"{cps_prof_result['MinimumNonAlphabeticCharacterCount']} instead of 3" logger.info("Updated Minimum Alphabetic Character Count successfully") update_result, update_success = ResourceManager.update_system( core_session, added_system_id, sys_info[0], sys_info[1], sys_info[2], passwordprofileid=cps_prof_id) assert update_success, f"Failed to update system sue to {update_result}" logger.info(f"Successfully update system {sys_info[0]}") # Rotate Password rotate_password_result, rotate_password_success = ResourceManager.rotate_password( core_session, acc_result) assert rotate_password_success, f"Failed to rotate password due to {rotate_password_result}" logger.info("Rotate password successfully") # Checkout Password check_out_password_result, check_out_password_success = ResourceManager.check_out_password( core_session, lifetime=1, accountid=acc_result) assert check_out_password_success, f"Failed to checkout password due to {check_out_password_result}" logger.info("Password checkout successfully") # Getting password value after checkout co_password_value = check_out_password_result['Password'] # Finding all non alpha characters after check out password get_non_alpha_characters = re.findall('[^a-zA-Z]', co_password_value) assert len( get_non_alpha_characters ) >= 3, "Length of Minimum Alphabetic Character Count is less than 3" logger.info( "Minimum Non Alphabetic Character Count is greater than or equal to 3") # Removing Password Profile from system so that profile can be deleted update_result, update_success = ResourceManager.update_system( core_session, added_system_id, sys_info[0], sys_info[1], sys_info[2], passwordprofileid=None) assert update_success, f"Failed to remove password profile from system {sys_info[0]}" logger.info( f"Successfully removed password profile from system {sys_info[0]}")
def test_checkout_password(core_session, pas_config, cleanup_resources, cleanup_accounts, remote_users_qty1): """TC C2554 - Checkout password for a windows managed account from Accounts page trying to Checkout password for a windows managed account from Accounts page Steps: Pre: Create system with 1 manage account hand 1. Try to Checkout password for an account -Assert Failure 2. Try to check my password checkouts in workspace -Assert Failure """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) success, response = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='RpcOverTcp') assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{add_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, add_user_in_target_system[0]) assert server_id == add_sys_result, "Server was not created" assert acc_id == acc_result, "Account was not created" res, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Failed to add account in the portal: {res}" password_checkout_result, password_checkout_success = \ ResourceManager.check_out_password(core_session, 1, accountid=acc_result) assert password_checkout_result['Password'] != user_password, \ f"expected password equal to actual password: {password_checkout_result}" logger.info( f"password successfully checkout Account password: {password_checkout_result}" ) my_password_checkout = RedrockController.get_total_checkouts(core_session) created_date_json = str(my_password_checkout[0]['LoanDate']) ResourceManager.get_date(created_date_json) check_out_details = [] for i in my_password_checkout: if i['Summary'] in f'{add_user_in_target_system[0]} ({sys_name})': check_out_details.append(i['Summary']) assert check_out_details[0] == f'{add_user_in_target_system[0]} ({sys_name})',\ "fail to checkout password from workspace" logger.info( f"password successfully checkout Account password::{my_password_checkout}" ) accounts_list.append(acc_result) password_check_in_result, password_check_in_success = ResourceManager.check_in_password( core_session, coid=password_checkout_result['COID']) assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}" logger.info( f"password successfully check in for account: {add_user_in_target_system[0]}" )
def test_cloud_admin_login_from_my_system_account(core_session, pas_config, core_admin_ui, cleanup_accounts, cleanup_resources, remote_users_qty1): """ Test case: C14831 :param core_session: centrify session :param core_admin_ui: Centrify UI session """ maximum_event_wait_time = 120 account_list = cleanup_accounts[0] system_list = cleanup_resources[0] systems = ServerManager.get_all_resources(core_session) accounts = ServerManager.get_all_accounts(core_session) for system in systems: system_list.append(system['ID']) for account in accounts: account_list.append(account['ID']) system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) ui = core_admin_ui admin_user_uuid = UserManager.get_user_id( core_session, ui.user.centrify_user["Username"]) # assigning cloud admin workspace login permission rights = "View,Login,UserPortalLogin" result, status = ResourceManager.assign_account_permissions( core_session, rights, ui.user.centrify_user["Username"], admin_user_uuid, pvid=acc_result) assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \ f'returned result is: {result}' # Updating allow remote to enable RDP session for targeted system result, success = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, "Windows", allowremote=True) assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}' ui.navigate(('Workspace', 'My System Accounts')) ui.expect( GridRow(sys_name), f'Expected to find system {sys_name} in My System Account but did not') ui.right_click_action(GridRow(sys_name), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear( LoadingMask(), 'Error occurred while launching workspace login session', time_to_wait=250) ui.switch_to_main_window() # wait for manged password change event filter = [['AccountName', add_user_in_target_system[0]]] RedrockController.wait_for_event_by_type_filter( core_session, "Cloud.Server.LocalAccount.RDPSession.Start", filter=filter, maximum_wait_second=maximum_event_wait_time) # wait for 20 seonds # Api call to get details of account active session status, result = ResourceManager.get_my_active_sessions( core_session, acc_result) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info( f'details for active account {add_user_in_target_system[0]} are {result}' ) ui.navigate('Resources', 'Systems') ui.search(sys_name) ui.expect(GridRowByGuid(add_sys_result), expectation_message= f'failed to search for the system by id {add_sys_result}') ui.click_row(GridRowByGuid(add_sys_result)) # fetching Active session value from system view page ui.inner_text_of_element(ActiveSessionTextCount(), expectation_message='1', warning_message="RDP Not taken from user") logger.info(f'Active session value incremented to 1: Active Sessions:1')
def test_update_manage_proxy_account(pas_config, core_session, winrm_engine, remote_users_qty3, test_proxy, cleanup_accounts, cleanup_resources): """ TC: C2549 - Update managed account with using proxy account trying to Update managed account with using proxy account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to update invalid password for proxy account -Assert Failure 2. Try to update valid password for proxy account -Assert Failure 3. Try to check activity log's -Assert Failure 4. Try to check password history """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' sys_details = pas_config add_user_in_target_system = remote_users_qty3 user_password = '******' fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Update system with proxy user password. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=guid(), proxyuserismanaged=True) assert update_sys_result is False, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) # set a different password for the user update_user_password(winrm_engine, add_user_in_target_system[1], user_password) user_name = core_session.get_user().get_login_name() # rotate password for manage account result, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Did not Rotate Password {result}" logger.info( f'account activity logs for un manage account API response:{result}') result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert success, f"Did not retrieve password {result}" logger.info( f'account activity logs for un manage account API response:{result}') row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in \ row[0]['Detail'], "user not able to update un managed account password" logger.info( f'account activity logs for un manage account API response:{row}') query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \ f"'{acc_result}' and StateUpdatedBy='{user_name}' and State='Retired'" password_history = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query))[0] assert len( password_history ) > 0, f"Password history table did not update {password_history}" logger.info(f'Password history table API response:{password_history}')
def test_update_manage_account_win_rm(pas_config, winrm_engine, core_session, remote_users_qty1, cleanup_accounts, test_proxy, cleanup_resources): """ :param pas_config: to get the data from yaml files. :param remote_users_qty1: to create a manage account in windows system :param cleanup_resources: cleanup the system from portal :param cleanup_accounts: cleanup the accounts from portal :param winrm_engine: session to update manage account :param core_session: Authenticated Centrify Session. TC: C2551 - Update managed account password with winRM https configured trying to Update managed account password with winRM https configured Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to update invalid password for manage account -Assert Failure """ sys_details = pas_config system_data_values = sys_details['Windows_infrastructure_data'] add_user_in_target_system = remote_users_qty1 password = "******" # set a different password for the user update_user_password(winrm_engine, add_user_in_target_system[0], password) system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, system_data_values['FQDN'], 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with management mode 'WinRMOverHttp'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, system_data_values['FQDN'], 'Windows', managementmode='WinRMOverHttps') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) managementMode = RedrockController.get_computer_with_ID( core_session, add_sys_result) assert managementMode['ManagementMode'] == "WinRMOverHttps", \ f"management mode is failed because of system doesnt have proxy account. API response result: {managementMode}" logger.info( f"Fetch management mode successfully: {managementMode['ManagementMode']}" ) Result, success = ResourceManager.update_password(core_session, acc_result, guid()) assert success is False, f"Did not update password {Result}" logger.info(f"user not able to update password API response: {Result}")
def test_rotate_password(core_session, pas_config, remote_users_qty3, test_proxy, cleanup_resources, cleanup_accounts): """ TC: C2577 - Rotate Password for managed account trying to Rotate Password for managed account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to rotate password -Assert Failure 2. Try to check activity of manage account -Assert Failure """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] user_name = core_session.get_user().get_login_name() sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty3 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) # Update system with management mode 'Smb'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='Smb') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") result, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Did not rotate password, API response: {result}" logger.info(f"User able to rotate the password: {result}") row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} rotated local account "{add_user_in_target_system[0]}" credential for "{sys_name}"({fdqn})' \ in row[0]['Detail'], "Did not retrieve the activity of rotate password" logger.info(f"User able to get the activity: {row[0]['Detail']}") accounts_list.append(acc_result)
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1, cleanup_resources, cleanup_accounts, core_admin_ui): """C2541 Settings on Policy page trying to get rdp through system account with in 15 minute Steps: Pre: Create system with 1 account hand 1. Try to take rdp for system -Assert Failure 2. Try to checkout password for account -Assert Failure """ core_ui = core_admin_ui user_name = core_ui.get_user().get_login_name() system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) success, response = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, 'Windows', allowremote=True, defaultcheckouttime=15) assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{add_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) core_ui.navigate('Resources', 'Accounts') core_ui.search(add_user_in_target_system[0]) core_ui.right_click_action(GridRowByGuid(acc_result), 'Login') core_ui.switch_to_pop_up_window() core_ui.expect_disappear( LoadingMask(), f'RDP session never exited loading state for system {sys_name}', time_to_wait=50) core_ui.switch_to_main_window() row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \ f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp" password_checkout_result, password_checkout_success = \ ResourceManager.check_out_password(core_session, 1, accountid=acc_result) new_cid = password_checkout_result['COID'] assert password_checkout_result['Password'] is not user_password, \ f"expected password equal to actual password: {password_checkout_result}" logger.info(f"password successfully checkout Account password: {new_cid}")
def test_add_unmanaged_account_for_database(core_session, add_database_with_account, cleanup_accounts): """ Test case: C1092 - Add an un manage account for Database :param core_session: Centrify authenticated session :param add_database_with_account: fixture to create database in portal with account if required :param core_admin_ui: Centrify authenticated ui session """ accounts_list = cleanup_accounts[0] db_name, db_id, db_account_id, db_data, database_cleaner_list, account_cleaner_list = \ add_database_with_account(db_class='oracle', add_account=True) sql_db_name, sql_db_id, sql_db_account_id, sql_db_data, sql_database_cleaner_list, sql_account_cleaner_list = \ add_database_with_account(db_class='sql', add_account=True) db_account1, db_account2 = 'TEST_ACCOUNT1', 'test_account1' # Creates a account on an existing database. (Connector required) database_account_id, database_account_success = ResourceManager.add_account( core_session, user=db_account1, password='******', ismanaged=False, databaseid=db_id) assert database_account_success, f"Adding database account failed with API response Result:" \ f"{database_account_id}" logger.info( f"Managed database account added successfully with API response result : {database_account_id}" ) accounts_list.append(database_account_id) # try to add Duplicate account database_account_id, database_account_success = ResourceManager.add_account( core_session, user=db_account2, password='******', ismanaged=False, databaseid=db_id) assert database_account_success is False, f"Adding database account with API response Result:" \ f"{database_account_id}" logger.info( f"Managed database account not added successfully with API response result : {database_account_id}" ) # Creates a account on an existing database. (Connector required) database_account_id, database_account_success = ResourceManager.add_account( core_session, user=db_account1, password='******', ismanaged=False, databaseid=sql_db_id) assert database_account_success, f"Adding database account failed with API response Result:" \ f"{database_account_id}" logger.info( f"Managed database account added successfully with API response result : {database_account_id}" ) accounts_list.append(database_account_id) # try to add Duplicate account database_account_id, database_account_success = ResourceManager.add_account( core_session, user=db_account2, password='******', ismanaged=False, databaseid=sql_db_id) assert database_account_success is False, f"Adding database account with API response Result:" \ f"{database_account_id}" logger.info( f"database account not added with API response result : {database_account_id}" )
def test_add_manage_account_with_proxy_account(core_session, pas_config, remote_users_qty3, cleanup_resources, cleanup_accounts, test_proxy): """ TC: C2574 - Add system with managed account using proxy account trying to Add system with managed account using proxy account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to checkout password -Assert Failure 2. Try to check activity of manage account -Assert Failure """ user_name = core_session.get_user().get_login_name() logger.info(f'core sessoin user {core_session.get_user()}') system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty3 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Update system with management mode 'Smb'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='Smb') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, add_user_in_target_system[0]) assert server_id == add_sys_result, "Server was not created" assert acc_id == acc_result, "Account was not created" res, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Failed to add account in the portal: {res}" result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert result['Password'] != "Hello123", \ f"password checkout Failed. API response result: {result}" logger.info( f"password successfully checkout Account password: {result['COID']}") row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \ "Did not retrieve the activity of rotate password" logger.info(f"User able to get the activity logs: {row[0]['Detail']}") accounts_list.append(acc_result)
def test_add_account_existing_system(core_session, pas_config, remote_users_qty1, test_proxy, cleanup_resources, cleanup_accounts): """ TC: C2575 - Add managed account to existing system trying to Add managed account to existing system Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to checkout password -Assert Failure 2. Try to check activity of manage account -Assert Failure """ user_details = core_session.__dict__['auth_details'] user_name = core_session.get_user().get_login_name() system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) rights = "Owner,View,Manage,Delete,Login,Naked,RotatePassword,FileTransfer" result, success = ResourceManager.assign_account_permissions( core_session, rights, user_details['User'], user_details['UserId'], pvid=acc_result) assert success, f"Did not rotate password, API response: {result}" # Update system with management mode 'Smb'. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', managementmode='Smb') assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") res, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Failed to add account in the portal: {res}" result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert result['Password'] != "Hello123", \ f"password checkout Failed. API response result: {result}" logger.info( f"password successfully checkout Account password: {result['COID']}") row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \ "Did not retrieve the activity of rotate password" logger.info(f"User able to get the activity logs: {row[0]['Detail']}") accounts_list.append(acc_result)
def test_Change_Account_managed(core_session, pas_config, remote_users_qty1, detect_proxy): """ :param core_session: Authenticated Centrify Session. :param pas_config: fixture reading data from resources_data.yaml file. TC: C2544 - Change Account to be a managed account and verify password changed in 5 minutes trying to validate the added manage Account password Activity log's Steps: 1. Try to add a system along with an manage account -Assert Failure 2. Try to check in the account password is rotated -Assert Failure 3. Try to validate account activity log's """ user = core_session.get_user() user_name = user.get_login_name() sys_name = f"Automatedsystem{guid()}" res_data = pas_config user = remote_users_qty1 sys_result, status = ResourceManager.add_system( core_session, sys_name, res_data['Windows_infrastructure_data']['FQDN'], 'Windows', "Rdp") assert status, f"failed to add system" success, response = ResourceManager.update_system( core_session, sys_result, sys_name, res_data['Windows_infrastructure_data']['FQDN'], 'Windows', managementmode='RpcOverTcp') assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{response}") account_id, status = ResourceManager.add_account(core_session, user[0], 'Hello123', sys_result) assert status, f'failed to add account' success, response = ResourceManager.update_account(core_session, account_id, user[0], host=sys_result, ismanaged=True) assert success, f'Updating account failed. API response: {response}' server_id = ResourceManager.wait_for_server_to_exist_return_id( core_session, sys_name) acc_id = ResourceManager.wait_for_account_to_exist_return_id( core_session, user[0]) assert server_id == sys_result, "Server was not created" assert acc_id == account_id, "Account was not created" res, success = ResourceManager.rotate_password(core_session, account_id) assert success, f"Failed to add account in the portal: {res}" checkout_password, response = ResourceManager.check_out_password( core_session, 1, accountid=account_id) assert checkout_password[ 'Password'] != 'Hello123', f'Checkout Password Failed. API response: {response}' row = ResourceManager.get_system_activity(core_session, sys_result) checkout_activity = row[0]['Detail'] created_date_json = str(row[0]['When']) ResourceManager.get_date(created_date_json) assert f'{user_name} checked out local account "{user[0]}" password for system "{sys_name}"' \ f'({res_data["Windows_infrastructure_data"]["FQDN"]})' == checkout_activity, "No system activity data " logger.info(f"account activity list:{row}")
def test_system_local_account_level(core_session, pas_config, remote_users_qty1, cleanup_accounts, cleanup_resources): """ TC C282671: System Local Account Level. :param cleanup_resources: cleanup for systems. :param core_session: Authenticates API session :param pas_config: returns yaml object :param remote_users_qty1: Creates account in target system. :param cleanup_accounts: cleanup for account. """ systems_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f"{'Win-2012'}{guid()}" sys_details = pas_config sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN'] add_user_in_target_system = remote_users_qty1 user_password = '******' # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, sys_fqdn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") systems_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) # Setting the lifetime checkout for account to 15 min. default_checkout_lifetime = 15 updated_account_result, update_account_success = \ ResourceManager.update_account(core_session, acc_result, add_user_in_target_system[0], host=add_sys_result, default_checkout_time=default_checkout_lifetime) assert update_account_success, f"Failed to add default checkout time: API response result:{updated_account_result}" logger.info( f'Successfully added default checkout time: {updated_account_result}"') # Setting the lifetime checkout for system to 60 min. updated_sys_result, update_sys_success = ResourceManager.update_system( core_session, add_sys_result, sys_name, sys_fqdn, 'Windows', defaultcheckouttime=60) assert update_sys_success, f"Failed to add default checkout time: API response result:{updated_account_result}" logger.info( f'Successfully added default checkout time: {updated_sys_result}"') # Checking the default account password set to default ie 60 min. default_account_password_chk_lifetime = 60 results, success = ServerManager.get_server_settings(core_session, key='policy') assert results['DefaultCheckoutTime'] == default_account_password_chk_lifetime, \ f"account password checkout lifetime is not {default_account_password_chk_lifetime} " # Checkout account. checkout_result, checkout_success = ResourceManager.check_out_password( core_session, 15, acc_result) assert checkout_success, f"Fail to checkout account : {acc_result} : API response " \ f"result: {checkout_result}" logger.info(f"Successfully checked account : {checkout_result}") # Checking the checkout in the workspace and validating the checkout lifetime. checkout_remaining_time = str(default_checkout_lifetime - 1) checkout_accounts = RedrockController.get_password_checkout_from_workspace( core_session, core_session.auth_details['UserId']) for checkout_account in checkout_accounts: if checkout_account['ID'] == checkout_result['COID']: assert checkout_account['Remaining'].split()[0] == checkout_remaining_time,\ f"Fail to find the remaining checkout time equal to {checkout_remaining_time} " logger.info( " Successfully found the checkout activity in workspace.") # Trying to checkout once again,expecting a null checkout ID. failed_checkout_result, failed_checkout_success = ResourceManager.check_out_password( core_session, 15, acc_result) assert failed_checkout_result['COID'] is None, f"checkout account ID generated for : " \ f"{add_user_in_target_system[0]}:" \ f"API response result: {failed_checkout_result}" logger.info(f"Check in option is action enable : {failed_checkout_result}") # Checking out checkout activity. acc_activity = RedrockController.get_account_activity( core_session, acc_result) assert f'{core_session.auth_details["User"]} checked out local account "{add_user_in_target_system[0]}" password ' \ f'for system "{sys_name}"({sys_fqdn})' in \ acc_activity[0]['Detail'], f"no activity of checkout found for account {add_user_in_target_system[0]}" logger.info( f"There is a checkout record for the account {add_user_in_target_system[0]} in activity" )
def test_verify_rule_restrict_character(core_session, cleanup_accounts, create_basic_pass_profile, pas_setup, remote_users_qty1): """ TC C281499: Verify the rule(Restrict number of character occurrences) work correct :param core_session: Authenticates API session :param create_basic_pass_profile: Creates a password profile :param pas_setup: Creates system and account :param remote_users_qty1: Creates account in target system :param cleanup_accounts: Deletes Accounts """ accounts_list = cleanup_accounts[0] added_system_id, account_id, sys_info = pas_setup logger.info( f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} " f"with UUID: {account_id} associated with it.") # Adding user in target machine add_user_in_target_system = remote_users_qty1 user_password = "******" # Adding account in portal acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=added_system_id, ismanaged=True) assert acc_success, f"Failed to add account: {acc_result}" logger.info("Successfully added account in system") # Cleanup Account accounts_list.append(acc_result) # Creating Password Profile profile = create_basic_pass_profile(core_session, 1)[0] profile_name_cps = profile[0]['Name'] cps_prof_id = profile[0]['_RowKey'] cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id( core_session, cps_prof_id) assert cps_prof_success, f"Failed to create Profile due to {cps_prof_result}" logger.info(f'System successfully updated with result: {cps_prof_result}') # Updating Password Profile update_cps_prof_success = ResourceManager.update_password_profile( core_session, cps_prof_id, profile_name_cps, 58, 128, one_lwr_case=False, one_upp_case=False, one_digit=False, consecutive_chars=False, one_special_char=False, min_alphabetic_char=5, max_alphabetic_char=3, restrict_occurrence=1) assert update_cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user" logger.info(f'Profile {profile_name_cps} successfully updated') cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id( core_session, cps_prof_id) assert cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user" assert cps_prof_result['MinimumPasswordLength'] == 58, \ f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MinimumPasswordLength']} " \ f"instead of 8" logger.info("Successfully updated minimum password length as 8") assert cps_prof_result['MaximumPasswordLength'] == 128, \ f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MaximumPasswordLength']} " \ f"instead of 20" logger.info("Successfully updated minimum password length as 20") assert cps_prof_result['MinimumAlphabeticCharacterCount'] == 5, \ f"Getting Min Password length for Profile {cps_prof_id} is " \ f"{cps_prof_result['MinimumAlphabeticCharacterCount']} instead of 5" logger.info("Updated Minimum Alphabetic Character Count successfully") assert cps_prof_result['MinimumNonAlphabeticCharacterCount'] == 3, \ f"Getting Min Password length for Profile {cps_prof_id} is " \ f"{cps_prof_result['MinimumNonAlphabeticCharacterCount']} instead of 3" logger.info("Updated Minimum Alphabetic Character Count successfully") assert cps_prof_result['MaximumCharOccurrenceCount'] == 1, \ f"Getting Min Password length for Profile {cps_prof_id} is " \ f"{cps_prof_result['MinimumNonAlphabeticCharacterCount']} instead of 3" logger.info("Updated Minimum Alphabetic Character Count successfully") update_result, update_success = ResourceManager.update_system( core_session, added_system_id, sys_info[0], sys_info[1], sys_info[2], passwordprofileid=cps_prof_id) assert update_success, f"Failed to update system sue to {update_result}" logger.info(f"Successfully update system {sys_info[0]}") # Rotate Password rotate_password_result, rotate_password_success = ResourceManager.rotate_password( core_session, acc_result) assert rotate_password_success, f"Failed to rotate password due to {rotate_password_result}" logger.info("Rotate password successfully") # Checkout Password check_out_password_result, check_out_password_success = ResourceManager.check_out_password( core_session, lifetime=1, accountid=acc_result) assert check_out_password_success, f"Failed to checkout password due to {check_out_password_result}" logger.info("Password checkout successfully") # Getting check out password value co_password_value = check_out_password_result['Password'] # Getting all the alpha characters in password check out get_alpha_characters = re.findall('[a-zA-Z]', co_password_value) # Checking the maximum occurrence of characters in a list count_alpha_chars = Counter(get_alpha_characters) for item, ct in count_alpha_chars.items(): assert len(item) == 1, "Item is grater than 1" logger.info('%s occurred %d times' % (item, ct)) # Removing password profile from system update_result, update_success = ResourceManager.update_system( core_session, added_system_id, sys_info[0], sys_info[1], sys_info[2], passwordprofileid=None) assert update_success, f"Failed to remove password profile from system {sys_info[0]}" logger.info( f"Successfully removed password profile from system {sys_info[0]}")
def agent_enrolled_unix_system_with_users(core_tenant, core_session_global, agent_enrolled_unix_system, users_and_roles, cleanup_accounts, create_unix_users, proxy_start_stop, detect_proxy): config = Configs().get_yaml_node_as_tuple("agents", "generic_cagent_unix") accounts_list = cleanup_accounts[0] proxycontrol = proxy_start_stop logger.info("adding users on the enrolled system") system_id = agent_enrolled_unix_system["ResourceId"] ssh_session = agent_enrolled_unix_system["Session"] adminuser = {"Name": config.username, "Password": config.password} # add users on target system accountusers = create_unix_users(ssh_session, "agent_", 2) logger.info("Users created " + str(len(accountusers))) for i, val in enumerate(accountusers): logger.info( str(i) + ", Name: " + val["Name"] + "Password:"******"Password"]) right_data = ("Privileged Access Service Power User", "role_Privileged Access Service Power User") requester_session = users_and_roles.get_session_for_user(right_data[0]) role_info = users_and_roles.get_role(right_data[0]) permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount' result, success = ResourceManager.assign_system_permissions( core_session_global, permission_string, role_info['Name'], role_info['ID'], "Role", system_id) assert success, "Did not set system permissions " + result # Step 3 Create Accounts for testing logger.info("Adding root account") admin_account_id, add_account_success = ResourceManager.add_account( requester_session, adminuser['Name'], adminuser["Password"], system_id, ismanaged=False) assert add_account_success, "Failed to create Account user: root" logger.info(f"Added root Account. Id {admin_account_id}") accounts_list.append(admin_account_id) logger.info("Adding user for reconciliation") new_account_id, add_account_success = ResourceManager.add_account( requester_session, accountusers[0]['Name'], accountusers[0]['Password'], system_id, ismanaged=True) assert add_account_success, "Failed to create manged Account user: "******", Verify CC or agent settings and status" logger.info(f"Added Account for testing. Id {new_account_id}") accounts_list.append(new_account_id) permission_string = "Owner,View,Manage,Delete,Login,Naked,UpdatePassword,RotatePassword,FileTransfer,UserPortalLogin" result, success = ResourceManager.assign_account_permissions( core_session_global, permission_string, role_info['Name'], role_info['ID'], "Role", new_account_id) assert success, "Did not set account permissions " + result # Get computer details for update result = RedrockController.get_system(requester_session, system_id) system = result[0]["Row"] # wait for managed password change event filter = [['AccountName', accountusers[0]['Name']]] RedrockController.wait_for_event_by_type_filter( requester_session, "Cloud.Server.LocalAccount.PasswordChange", filter=filter, maximum_wait_second=120) # wait for 20 seonds accounts = [{ "Name": adminuser['Name'], "Password": adminuser["Password"], "Id": admin_account_id }, { "Name": accountusers[0]["Name"], "Password": accountusers[0]["Password"], "Id": new_account_id }] proxy = start_proxy_with_machinename(requester_session, proxycontrol, config.proxy_name) assert proxy != None, ( f'Failed to find the connector {config.proxy_name}, Setup the connector properly.' ) # Set Admin Account and enable local account maintenance result, success = ResourceManager.update_system( requester_session, system_id, system["Name"], system["FQDN"], 'Unix', proxycollectionlist=proxy, adminaccountid=admin_account_id, allowautomaticlocalaccountmaintenance=True) assert success, (f'Failed to set administrative account {result}') # return acount ids, computer, yield [{ "ResourceId": system_id, "ProxyId": proxy, "ResourceName": system["Name"], "Accounts": accounts, "Session": ssh_session }] result, success, message = ResourceManager.set_system_administrative_account( requester_session, system_id) assert success, f'Failed to remove administrative account on {message}'
def test_add_root_using_managed_password( core_session, unix_machine_environment_config, ssh_session_as_root, create_unix_users, cleanup_resources_with_admin, cleanup_accounts): """ Test case C283102: Add system with root using managed proxy account :param core_session: Authorised centrify session. :param ssh_session_as_root: session to create a user_account in unix :param cleanup_accounts: cleanup all accounts :param cleanup_resources_with_admin: to delete the all the systems from portal :param unix_machine_environment_config: to get the unix system details :param create_unix_users: add system with account and yield system ID, account ID, and system information """ # Getting yaml data. systems_list = cleanup_resources_with_admin accounts_list = cleanup_accounts[0] conf = unix_machine_environment_config hostname = conf['host'] + "_" + Util.random_string(5) # add users on target system. users = create_unix_users(ssh_session_as_root, "manage-unix", 1) logger.info("Users created " + str(len(users))) proxy_user = users[0] # Adding system with managed proxy. new_system_id, add_system_success = ResourceManager.add_system( core_session, hostname, conf["ipaddress"], "Unix", "Ssh", "Unix system", proxyuserismanaged=True, proxyuser=proxy_user['Name'], proxyuserpassword=proxy_user['Password']) assert add_system_success, f"Failed to add system with managed proxy:API response result:{new_system_id}" logger.info(f"Successfully added with managed proxy: {new_system_id}") systems_list.append(new_system_id) # Adding local account to the system. admin_account_id, add_account_success = ResourceManager.add_account( core_session, 'root', conf['rootpassword'], new_system_id, ismanaged=False) assert add_account_success, f"Failed to add root user:API response result:{admin_account_id}" logger.info( f"Successfully added root account to the system: {admin_account_id}") accounts_list.append(admin_account_id) # checking added system in the system list. computer_lists = RedrockController.get_computers(core_session) for computer_detail in computer_lists: if computer_detail['ID'] == new_system_id: assert computer_detail['Name'] == hostname, f'Failed to found created system in the list:' \ f'API response result:{computer_lists}' logger.info( f"Successfully found created system in the list:{computer_lists}" ) break
def agent_enrolled_windows_system_with_users( core_session_global, agent_enrolled_windows_system, users_and_roles, remote_users_qty1, cleanup_accounts, pas_ad_domain, pas_ad_administrative_account, cleanup_lapr_systems_and_domains, proxy_start_stop): config = Configs().get_yaml_node_as_tuple("agents", "generic_cagent_win") accounts_list = cleanup_accounts[0] domains_list = cleanup_lapr_systems_and_domains[1] systems_list = cleanup_lapr_systems_and_domains[0] user = remote_users_qty1 proxycontrol = proxy_start_stop accountusers = [{"Name": user[0], "Password": "******"}] logger.info("Users created " + str(len(accountusers))) for i, val in enumerate(accountusers): logger.info( str(i) + ", Name: " + val["Name"] + "Password:"******"Password"]) logger.info("adding users on the enrolled system") system_id = agent_enrolled_windows_system["ResourceId"] winrm_session_as_admin = agent_enrolled_windows_system["Session"] adminuser = { "Name": config.admin_username, "Password": config.admin_password } domain_id = pas_ad_domain['ID'] admin_id = pas_ad_administrative_account['ID'] right_data = ("Privileged Access Service Power User", "role_Privileged Access Service Power User") requester_session = users_and_roles.get_session_for_user(right_data[0]) role_info = users_and_roles.get_role(right_data[0]) domains_list.append(pas_ad_domain) systems_list.append(system_id) logger.info( "Setting Domain Administrator user as Administrative Account on domain." ) result, success, response = ResourceManager.set_administrative_account( core_session_global, [pas_ad_domain['Name']], pas_ad_administrative_account['User'], pas_ad_administrative_account['ID']) logger.info( "Setting Administrative Account on domain, but with no lapr settings enabled." ) result, success = ResourceManager.update_domain_accounts( core_session_global, pas_ad_domain['Name'], admin_id, domain_id, allowautomaticlocalaccountmaintenance=True, allowmanuallocalaccountunlock=True) permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount' result, success = ResourceManager.assign_system_permissions( core_session_global, permission_string, role_info['Name'], role_info['ID'], "Role", system_id) assert success, f"Did not set system permissions {result}" # Step 3 Create Accounts for testing logger.info("Adding Admin account") admin_account_id, add_account_success = ResourceManager.add_account( requester_session, adminuser['Name'], adminuser["Password"], system_id, ismanaged=False) assert add_account_success, "Failed to create admin user" logger.info(f"Added root Account. Id {admin_account_id}") accounts_list.append(admin_account_id) logger.info("Adding user for reconciliation") new_account_id, add_account_success = ResourceManager.add_account( requester_session, accountusers[0]['Name'], accountusers[0]['Password'], system_id, ismanaged=True) assert add_account_success, "Failed to create manged Account user: "******", Verify CC or agent settings and status" logger.info(f"Added Account for testing. Id {new_account_id}") accounts_list.append(new_account_id) permission_string = "Owner,View,Manage,Delete,Login,Naked,UpdatePassword,RotatePassword,FileTransfer,UserPortalLogin" result, success = ResourceManager.assign_account_permissions( core_session_global, permission_string, role_info['Name'], role_info['ID'], "Role", new_account_id) assert success, "Did not set account permissions " + result # Get computer details for update result = RedrockController.get_system(requester_session, system_id) system = result[0]["Row"] # wait for managed password change event filter = [['AccountName', accountusers[0]['Name']]] RedrockController.wait_for_event_by_type_filter( requester_session, "Cloud.Server.LocalAccount.PasswordChange", filter=filter, maximum_wait_second=120) # wait for 120 seonds accounts = [{ "Name": adminuser['Name'], "Password": adminuser["Password"], "Id": admin_account_id }, { "Name": accountusers[0]["Name"], "Password": accountusers[0]["Password"], "Id": new_account_id }] # set proxy proxy = start_proxy_with_machinename(requester_session, proxycontrol, config.proxy_name) assert proxy != None, ( f'Failed to find the connector {config.proxy_name}, Setup the connector properly before the test' ) result, success = ResourceManager.update_system(requester_session, system_id, system["Name"], system["FQDN"], 'Windows', domainid=domain_id, proxycollectionlist=proxy) assert success, (f'Failed to set reconciliation settings {result}') result, success = ResourceManager.update_system( requester_session, system_id, system["Name"], system["FQDN"], 'Windows', proxycollectionlist=proxy, allowautomaticlocalaccountmaintenance=True, allowmanuallocalaccountunlock=True) assert success, (f'Failed to set reconciliation settings {result}') # update_system reset the proxycollectionlist setting? Set it again. result, success = ResourceManager.update_system(requester_session, system_id, system["Name"], system["FQDN"], 'Windows', domainid=domain_id, proxycollectionlist=proxy) assert success, (f'Failed to set reconciliation settings {result}') # return acount ids, computer, yield [{ "ResourceId": system_id, "ProxyId": proxy, "ResourceFQDN": system["FQDN"], "Accounts": accounts, "Session": winrm_session_as_admin }] result, success, message = ResourceManager.set_system_administrative_account( requester_session, system_id) assert success, f'Failed to remove administrative account on {message}'