def test_delete_system_with_stored_account(core_session, network_device_setup): """ TC: C2608 - Delete system with stored account :param core_session: Authenticated Centrify session. :param network_device_setup: Adds a network with account and returns UUID of both. """ system_id, account_id, device_data, system_list, account_list = network_device_setup( 'checkpoint') # Deleting system without deleting associated account. result, success = ResourceManager.del_system(core_session, system_id) assert not success, f"System successfully deleted though system have active accounts. API response result: {result}" logger.info("Unable to delete the system. System has active accounts.") # Deleting associated account result, success = ResourceManager.del_account(core_session, account_id) assert success, f"Unable to delete account {account_id}, API response result: {result}." logger.info(f"Account :{account_id} successfully deleted.") account_list.remove(account_id) # To avoid error during account cleanup. # Deleting system after deleting the associated account. result, success = ResourceManager.del_system(core_session, system_id) assert success, f"System: {system_id} successfully deleted. API response result: {result}" logger.info( "System successfully deleted after deleting the associated accounts.") system_list.remove(system_id) # To avoid error during resource cleanup.
def test_delete_system_with_account(core_session, pas_setup): """ Test case: C279343 :param core_session: CENTRIFY session :param pas_setup: fixture to add system and account :return: """ system_id, account_id, sys_info = pas_setup result, status = ResourceManager.del_system(core_session, system_id) assert status is False, f'system {sys_info[0]} is deleted despite system having active accounts, returned result is {result}' result, status, = ResourceManager.del_account(core_session, account_id) assert status, f"Failed to delete account with result {result}" result, status = ResourceManager.del_system(core_session, system_id) assert status, f"Failed to delete system with status {status}, returned result is {result}"
def test_delete_system_without_account(core_session, add_single_system): """ Test case: C279344 :param core_session: CENTRIFY session :param pas_setup: fixture to add system and account :return: """ system_id, sys_info = add_single_system result, status = ResourceManager.del_system(core_session, system_id) assert status, f"failed to delete system returned status {status} and result {result}"
def test_delete_system_before_delete_its_account(core_session, pas_windows_setup, users_and_roles): """ TC:C2219 Delete a system before deleting its accounts. :param core_session: Returns a API session. :param pas_windows_setup: Returns a fixture. :param users_and_roles: Fixture to manage roles and user. """ # Creating a system and account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) # Cloud user session with "Privileged Access Service User". cloud_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service User') user_name = cloud_user_session.auth_details['User'] user_id = cloud_user_session.auth_details['UserId'] # Assigning system "View,Edit,Delete" permission. assign_system_result, assign_system_success = ResourceManager.assign_system_permissions( core_session, "View,Edit,Delete", user_name, user_id, 'User', system_id) assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}" logger.info( f'Successfully assigned "View,Edit,Delete" permission to user:{assign_system_result}.' ) # Trying to delete system whose account is not deleted. del_system_result, del_system_success = ResourceManager.del_system( cloud_user_session, system_id) assert del_system_success is False, f'System is deleted:API response result:{del_system_result}' logger.info( f'Failed to delete system whose account is not deleted:{del_system_result}' ) # Checking the system Activity. sys_activity = ResourceManager.get_system_activity(cloud_user_session, system_id) assert f'{user_name} failed to delete system "{sys_info[0]}"({sys_info[1]}). ' \ f'Reason: System has active accounts' in sys_activity[0]['Detail'], \ f'"Failed to get the expected activity:API response result:{sys_activity}' logger.info(f'Successfully Found the expected activity:{sys_activity}')
def test_pe_del_assignment_on_system_delete(core_session, setup_generic_pe_command_with_no_rules, create_resources): commandName, commandID = setup_generic_pe_command_with_no_rules admin_user = core_session.get_user() admin_user_name = admin_user.get_login_name() admin_user_id = admin_user.get_id() # Add System added_system_id = create_resources(core_session, 1, "Unix")[0]['ID'] logger.debug(f"Successfully added a System: {added_system_id}") # Give all permissions but the manager assignments permission to admin user on this system permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount,' \ 'ManagePrivilegeElevationAssignment' result, success = ResourceManager.assign_system_permissions(core_session, permission_string, admin_user_name, admin_user_id, "User", added_system_id) assert success, "Did not set system permissions " + result # Add assignment principalType = "User" principal = admin_user_name scopeType = "System" scope = added_system_id ruleID, isSuccess = PrivilegeElevation.add_pe_rule_assignment(core_session, commandID=commandID, scopeType=scopeType, scope=scope, principalType=principalType, principal=principal) assert isSuccess, f" Adding rule assignment failed" # Make sure rule assignment is available results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName) assert isSuccess and len(results['Result']) == 1, f"List assignments API call failed: {results}" logger.debug(results) # Delete System result, isSuccess = ResourceManager.del_system(core_session, added_system_id) assert isSuccess, f"deleting System failed: {result}" # Make sure rule assignment is not available anymore results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName) assert isSuccess and len(results['Result']) == 0, f"List assignments API call failed: {results}" logger.info(results)
def test_check_message_no_system(core_session, users_and_roles): """ TC:C2047 Check message when there are no systems. :param:core_session:Returns a API session. :param:users_and_roles:Fixture to manage roles and user. :param:cleanup_resources: Fixture for cleanup resources. """ # finding all systems for cleanup: acc_script = "@/lib/server/get_accounts.js(mode:'AllAccounts', newcode:true, localOnly:true, colmemberfilter:" \ "'Select ID from VaultAccount WHERE Host IS NOT NULL')" acc = RedrockController.redrock_query(core_session, acc_script) for account in acc: if account['Row']['FQDN'] == "Check.Point": # Removing Admin Account for successful cleanup of system and account result, success, message = ResourceManager.set_administrative_account( core_session, systems=[account['Row']['Host']]) assert success, f"Failed to update Administrative account for system {account['Row']['Name']}" # Removing Admin Account for successful cleanup of system and account update_result, update_success = ResourceManager.update_system( core_session, account['Row']['Host'], account['Row']['Name'], account['Row']['FQDN'], 'CheckPointGaia', sessiontype=account['Row']['SessionType']) assert update_success, f"Unable to remove admin account from this system: {account['Row']['Host']}" logger.info(f'System successfully updated with result: {result}') # deleting administrative account from this system del_result, del_success = ResourceManager.del_account( core_session, account['Row']['ID']) assert del_success, "Account could not be deleted" logger.info( f'account successfully deleted with result: {del_result}') # Removing Admin Account for successful cleanup of system and account result, success, message = ResourceManager.set_administrative_account( core_session, systems=[account['Row']['Host']]) assert success, f"Failed to update Administrative account for system {account['Row']['Name']}" accounts = RedrockController.redrock_query(core_session, acc_script) for account in accounts: ResourceManager.del_account(core_session, account['Row']['ID']) # Delete computers from tenant system = RedrockController.get_computers(core_session) for SYS in system: ResourceManager.del_system(core_session, SYS["ID"]) # Trying to get the data from system_by_type on dashboard and expecting no data or an empty list. get_system_type_result = RedrockController.get_system_type_dashboard_pie_chart( core_session) assert len(get_system_type_result) == 0, f"Data found in system_by_type in dashboard:" \ f"API response result:{get_system_type_result}" logger.info( f"Could not found any data in system_by_type on" f" dashboard in without any system in tenant{get_system_type_result}") # Trying to get the data form system health on dashboard and expecting no data or an empty list. get_system_health_dashboard = RedrockController.get_systems_health_dashboard( core_session) assert len(get_system_health_dashboard) == 0, f"Data found in system health in dashboard:" \ f" API response result:{get_system_health_dashboard}" logger.info( f"Could not found any data in system health on " f"dashboard without any system in tenant{get_system_health_dashboard}")