def test_delete_system_with_stored_account(core_session, network_device_setup):
"""
TC: C2608 - Delete system with stored account
:param core_session: Authenticated Centrify session.
:param network_device_setup: Adds a network with account and returns UUID of both.
"""
system_id, account_id, device_data, system_list, account_list = network_device_setup(
'checkpoint')
# Deleting system without deleting associated account.
result, success = ResourceManager.del_system(core_session, system_id)
assert not success, f"System successfully deleted though system have active accounts. API response result: {result}"
logger.info("Unable to delete the system. System has active accounts.")
# Deleting associated account
result, success = ResourceManager.del_account(core_session, account_id)
assert success, f"Unable to delete account {account_id}, API response result: {result}."
logger.info(f"Account :{account_id} successfully deleted.")
account_list.remove(account_id) # To avoid error during account cleanup.
# Deleting system after deleting the associated account.
result, success = ResourceManager.del_system(core_session, system_id)
assert success, f"System: {system_id} successfully deleted. API response result: {result}"
logger.info(
"System successfully deleted after deleting the associated accounts.")
system_list.remove(system_id) # To avoid error during resource cleanup.
def test_delete_system_with_account(core_session, pas_setup):
"""
Test case: C279343
:param core_session: CENTRIFY session
:param pas_setup: fixture to add system and account
:return:
"""
system_id, account_id, sys_info = pas_setup
result, status = ResourceManager.del_system(core_session, system_id)
assert status is False, f'system {sys_info[0]} is deleted despite system having active accounts, returned result is {result}'
result, status, = ResourceManager.del_account(core_session, account_id)
assert status, f"Failed to delete account with result {result}"
result, status = ResourceManager.del_system(core_session, system_id)
assert status, f"Failed to delete system with status {status}, returned result is {result}"
def test_delete_system_without_account(core_session, add_single_system):
"""
Test case: C279344
:param core_session: CENTRIFY session
:param pas_setup: fixture to add system and account
:return:
"""
system_id, sys_info = add_single_system
result, status = ResourceManager.del_system(core_session, system_id)
assert status, f"failed to delete system returned status {status} and result {result}"
def test_delete_system_before_delete_its_account(core_session,
pas_windows_setup,
users_and_roles):
"""
TC:C2219 Delete a system before deleting its accounts.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param users_and_roles: Fixture to manage roles and user.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Cloud user session with "Privileged Access Service User".
cloud_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
user_name = cloud_user_session.auth_details['User']
user_id = cloud_user_session.auth_details['UserId']
# Assigning system "View,Edit,Delete" permission.
assign_system_result, assign_system_success = ResourceManager.assign_system_permissions(
core_session, "View,Edit,Delete", user_name, user_id, 'User',
system_id)
assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}"
logger.info(
f'Successfully assigned "View,Edit,Delete" permission to user:{assign_system_result}.'
)
# Trying to delete system whose account is not deleted.
del_system_result, del_system_success = ResourceManager.del_system(
cloud_user_session, system_id)
assert del_system_success is False, f'System is deleted:API response result:{del_system_result}'
logger.info(
f'Failed to delete system whose account is not deleted:{del_system_result}'
)
# Checking the system Activity.
sys_activity = ResourceManager.get_system_activity(cloud_user_session,
system_id)
assert f'{user_name} failed to delete system "{sys_info[0]}"({sys_info[1]}). ' \
f'Reason: System has active accounts' in sys_activity[0]['Detail'], \
f'"Failed to get the expected activity:API response result:{sys_activity}'
logger.info(f'Successfully Found the expected activity:{sys_activity}')
def test_pe_del_assignment_on_system_delete(core_session, setup_generic_pe_command_with_no_rules, create_resources):
commandName, commandID = setup_generic_pe_command_with_no_rules
admin_user = core_session.get_user()
admin_user_name = admin_user.get_login_name()
admin_user_id = admin_user.get_id()
# Add System
added_system_id = create_resources(core_session, 1, "Unix")[0]['ID']
logger.debug(f"Successfully added a System: {added_system_id}")
# Give all permissions but the manager assignments permission to admin user on this system
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount,' \
'ManagePrivilegeElevationAssignment'
result, success = ResourceManager.assign_system_permissions(core_session, permission_string,
admin_user_name, admin_user_id, "User",
added_system_id)
assert success, "Did not set system permissions " + result
# Add assignment
principalType = "User"
principal = admin_user_name
scopeType = "System"
scope = added_system_id
ruleID, isSuccess = PrivilegeElevation.add_pe_rule_assignment(core_session, commandID=commandID,
scopeType=scopeType, scope=scope,
principalType=principalType, principal=principal)
assert isSuccess, f" Adding rule assignment failed"
# Make sure rule assignment is available
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess and len(results['Result']) == 1, f"List assignments API call failed: {results}"
logger.debug(results)
# Delete System
result, isSuccess = ResourceManager.del_system(core_session, added_system_id)
assert isSuccess, f"deleting System failed: {result}"
# Make sure rule assignment is not available anymore
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess and len(results['Result']) == 0, f"List assignments API call failed: {results}"
logger.info(results)
def test_check_message_no_system(core_session, users_and_roles):
"""
TC:C2047 Check message when there are no systems.
:param:core_session:Returns a API session.
:param:users_and_roles:Fixture to manage roles and user.
:param:cleanup_resources: Fixture for cleanup resources.
"""
# finding all systems for cleanup:
acc_script = "@/lib/server/get_accounts.js(mode:'AllAccounts', newcode:true, localOnly:true, colmemberfilter:" \
"'Select ID from VaultAccount WHERE Host IS NOT NULL')"
acc = RedrockController.redrock_query(core_session, acc_script)
for account in acc:
if account['Row']['FQDN'] == "Check.Point":
# Removing Admin Account for successful cleanup of system and account
result, success, message = ResourceManager.set_administrative_account(
core_session, systems=[account['Row']['Host']])
assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
# Removing Admin Account for successful cleanup of system and account
update_result, update_success = ResourceManager.update_system(
core_session,
account['Row']['Host'],
account['Row']['Name'],
account['Row']['FQDN'],
'CheckPointGaia',
sessiontype=account['Row']['SessionType'])
assert update_success, f"Unable to remove admin account from this system: {account['Row']['Host']}"
logger.info(f'System successfully updated with result: {result}')
# deleting administrative account from this system
del_result, del_success = ResourceManager.del_account(
core_session, account['Row']['ID'])
assert del_success, "Account could not be deleted"
logger.info(
f'account successfully deleted with result: {del_result}')
# Removing Admin Account for successful cleanup of system and account
result, success, message = ResourceManager.set_administrative_account(
core_session, systems=[account['Row']['Host']])
assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
accounts = RedrockController.redrock_query(core_session, acc_script)
for account in accounts:
ResourceManager.del_account(core_session, account['Row']['ID'])
# Delete computers from tenant
system = RedrockController.get_computers(core_session)
for SYS in system:
ResourceManager.del_system(core_session, SYS["ID"])
# Trying to get the data from system_by_type on dashboard and expecting no data or an empty list.
get_system_type_result = RedrockController.get_system_type_dashboard_pie_chart(
core_session)
assert len(get_system_type_result) == 0, f"Data found in system_by_type in dashboard:" \
f"API response result:{get_system_type_result}"
logger.info(
f"Could not found any data in system_by_type on"
f" dashboard in without any system in tenant{get_system_type_result}")
# Trying to get the data form system health on dashboard and expecting no data or an empty list.
get_system_health_dashboard = RedrockController.get_systems_health_dashboard(
core_session)
assert len(get_system_health_dashboard) == 0, f"Data found in system health in dashboard:" \
f" API response result:{get_system_health_dashboard}"
logger.info(
f"Could not found any data in system health on "
f"dashboard without any system in tenant{get_system_health_dashboard}")
