def test_update_managed_account(pas_setup, core_session, pas_config): """ :param pas_config: :param pas_setup: Fixture for adding a system and an account associated with it. :param core_admin_ui: Authenticated Centrify Session. :param core_session: Authenticated Centrify Session. TC: C2547 - Update managed account trying to Update managed account password Steps: Pre: Create system with 1 manage account hand 1. Try to update invalid password -Assert Failure 2. Try to update valid password -Assert Failure 3. Try to check password history """ user_name = core_session.get_user().get_login_name() System_configurations_from_yaml = pas_config system_data = System_configurations_from_yaml[ 'Windows_infrastructure_data'] added_system_id, account_id, sys_info = pas_setup Result, success = ResourceManager.update_password(core_session, account_id, guid()) assert success, "Did not update password" Result, success = ResourceManager.update_password(core_session, account_id, system_data['password']) assert success, "Did not update password" result, success = ResourceManager.check_out_password( core_session, 1, account_id) assert success, "Did not retrieve password" query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \ f"'{account_id}' and StateUpdatedBy='{user_name}' and State='Retired'" password_history = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query))[0] assert len(password_history) > 0, "Password history table did not update"
def test_check_ui_on_subnet_mapping_page(core_session, cleanup_system_subnet_mapping): """ TC:C2197 Check UI on Subnet Mappings page. 1) Login Admin Portal as cloud admin 2) Add System subnet mapping by calling API add_system_subnet_mapping 3) Checking through UI for assertion :param core_session: Authenticated Centrify session. :param core_admin_ui: Authenticated Centrify browser session. :param: cleanup_system_subnet_mapping: cleanup for created system subnet. """ subnet = Configs.get_environment_node('update_discovery_profile', 'automation_main')['port_scan_scope']['subnet_mask'] subnet_list = cleanup_system_subnet_mapping # Adding System Subnet Mapping. result, success, message = ResourceManager.add_system_subnet_mapping(core_session, subnet, chooseConnector="on") system_subnet_id = result['ID'] assert success, f'Failed to add System subnet mapping with API response: {message}' subnet_list.append(system_subnet_id) logger.info(f"System subnet mapping added successfully, {system_subnet_id}") # Checking on ui for assertion query = "select * from ProxyGroup" results = RedrockController.get_result_rows(RedrockController.redrock_query(core_session, query)) assert results[0]['Subnet'] == subnet, \ f'Failed to see the detail of System Subnet Mapping with API response: {message}'
def _validate_aapm_agent_details(session, agent_ids, expected): query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM') results = RedrockController.get_result_rows( RedrockController.redrock_query(session, query)) # make sure num of systems match assert len(results) == len(agent_ids) for row in results: assert row["FeatureAAPM"] is expected
def _wait_for_systems_validation(session, agent_ids, expected, intervals_to_wait=600, delay=1): while intervals_to_wait > 0: query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM') results = RedrockController.get_result_rows( RedrockController.redrock_query(session, query)) logger.info(results) # make sure num of systems match assert len(results) == len(agent_ids) row = results[0] if row["FeatureAAPM"] is expected: return True if delay > 0: time.sleep(delay) intervals_to_wait = intervals_to_wait - 1 return False
def start_proxy_with_machinename(core_session, start_stop_proxy, machineName): proxycontrol = start_stop_proxy proxy_query = f"select ID, Online, Version, MachineName from Proxy order by Online DESC" rows = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, proxy_query)) for item in rows: try: if str(item['MachineName']).lower() == machineName.lower(): if item['Online'] == True: return item["ID"] proxycontrol(item["ID"], True) return item["ID"] except Exception: # there will be multiple proxies with same machine name logger.debug( f"Failed to start connector {item['ID']}, Name {item['MachineName']}, ignoring " ) return None
def test_update_un_managed_account(pas_windows_setup, core_session): """ :param pas_windows_setup: Fixture for adding a system and an account associated with it. :param core_session: Authenticated Centrify Session. TC: C2548 - Update un managed account trying to Update un managed account password Steps: Pre: Create system with 1 un manage account hand 1. Try to update valid password -Assert Failure 2. Try to get activity of updated password -Assert Failure 3. Try to check password history """ user_name = core_session.get_user().get_login_name() system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup( ) logger.info( f"System: {sys_info[0]} successfully added with UUID: {system_id} and account: {sys_info[4]} " f"with UUID: {account_id} associated with it.") Result, success = ResourceManager.update_password(core_session, account_id, guid()) assert success, f"Did not update password, API Response: {Result}" logger.info(f'user not able to update password, API Response::{Result}') row = ResourceManager.get_system_activity(core_session, system_id) assert f'{user_name} updated local account "{sys_info[4]}" password for "{sys_info[0]}"' in row[0]['Detail'], \ "user not able to update un managed account password" logger.info( f'account activity logs for un manage account API response:{row}') result, success = ResourceManager.check_out_password( core_session, 1, account_id) assert success, f"Did not retrieve password API response: {result}" logger.info(f'user not able to retrieve password API response:{result}') query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \ f"'{account_id}' and StateUpdatedBy='{user_name}' and State='Retired'" password_history = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query))[0] assert len( password_history ) > 0, f"Password history table did not update {password_history}" logger.info(f'Password history table API response:{password_history}')
def test_iam_account_correct_data(core_session, fake_cloud_provider_iam_account): account_id, username = fake_cloud_provider_iam_account query = f"SELECT VaultAccount.CredentialType, VaultAccount.ID, VaultAccount.User FROM VaultAccount WHERE ID='{account_id}'" results = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query)) assert len(results) == 1, f"Expected exactly one result {results}" result = results[0] expected_result = { 'ID': account_id, 'User': username, 'CredentialType': 'AwsAccessKey' } if '_TableName' in result: del result['_TableName'] assert result == expected_result, f"Unexpected data in results {result}"
def test_system_delete(pas_setup, core_admin_ui, core_session): """C2571 Delete systems Steps: Pre: Create system with 1 manage account hand 1. Try to delete system -Assert Failure 2.check on the SecretName -Assert Failure """ ui = core_admin_ui # Step 1: create a system along with on account added_system_id, account_id, sys_info = pas_setup logger.info( f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} " f"with UUID: {account_id} associated with it.") ui.navigate('Resources', 'Systems') ui.search(sys_info[0]) ui.right_click_action(GridRowByGuid(added_system_id), 'Delete') ui.switch_context('System Delete') email_id = ui._searchAndExpect(TextField('SecretName'), "Not able to get the data from textbox") get_email_id = email_id.get_value_from_attribute('value') ui.remove_context() ui.button('Delete') # Step 2: Fetch the all secrets from data vault and compare query = 'Select * FROM DataVault' rows = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query)) delete = [] for row in rows: if row['SecretName'].find(get_email_id) == -1: delete.append(row['ParentPath']) else: logger.info(f"no data found:{delete}") assert 'Bulk Delete' in delete, "User not deleted system and there is no data" logger.info( f'Successfully deleted a system and generated bulk delete secret')
def test_root_account(core_session, fake_cloud_provider_root_account): account_id, username, password, cloud_provider_id, test_did_cleaning = fake_cloud_provider_root_account query = f"SELECT VaultAccount.CredentialType, VaultAccount.ID, VaultAccount.User FROM VaultAccount WHERE ID='{account_id}'" results = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query)) assert len(results) == 1, f"Expected exactly one result {results}" result = results[0] expected_result = { 'ID': account_id, 'User': username, 'CredentialType': 'Password' } if '_TableName' in result: del result['_TableName'] assert result == expected_result, f"Unexpected data in results {result}" # todo cloud provider ID appears in secret (it doesn't, which is a problem)
def test_update_database_settings_page(core_session, database_config, cleanup_resources): """ TC: C281881 Update Database Settings page :param core_session: Authenticated Centrify session :param database_config:fixture to create database with accounts :param cleanup_resources:cleans up resources """ # Creating a database database_list = cleanup_resources[2] db_data = database_config['sql_db_config'] db_name = f"{db_data['db_name']}{guid()}" db_description = "Test Description" default_checkout_time = 15 db_result, db_success = ResourceManager.add_database( core_session, name=db_name, port=None, fqdn=db_data['hostname'], databaseclass=db_data['databaseclass'], description=db_description, instancename=db_data['instancename'], servicename=db_data['servicename']) assert db_success, f'Failed to create database without defined port:API response result:{db_result}' logger.info( f'Successfully created database without defined port :{db_result}') database_list.append(db_result) # Updating the database setting update_db_res, update_db_success = ResourceManager.update_database( core_session, db_result, db_name, db_data['hostname'], db_data['port'], db_description, db_data['instancename'], DefaultCheckoutTime=default_checkout_time, allowmultiplecheckouts=True) assert update_db_success, f"Fail to update database: API response result:{update_db_res}" logger.info(f"Successfully updated database with port:{update_db_res}") # Query for database description query_description = f"SELECT VaultDatabase.Description FROM VaultDatabase where VaultDatabase.Name='{db_name}'" description_check = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query_description)) assert description_check[0][ 'Description'] == db_description, "Password history table did not update" logger.info('Password history table API response') # Query for database default checkout time query_default_checkout_time = f"SELECT VaultDatabase.DefaultCheckoutTime FROM VaultDatabase where " \ f"VaultDatabase.Name='{db_name}' " checkout_value_check = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query_default_checkout_time)) assert checkout_value_check[0]['DefaultCheckoutTime'] == default_checkout_time, "Password history table did not " \ "update " logger.info('Password history table API response') # Query for allow multiple checkouts query_allow_multiple_checkouts = f"SELECT VaultDatabase.AllowMultipleCheckouts FROM VaultDatabase where " \ f"VaultDatabase.Name='{db_name}' " allow_multiple_checkouts_value_check = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query_allow_multiple_checkouts)) assert allow_multiple_checkouts_value_check[0]['AllowMultipleCheckouts'] is True, "Allow multiple " \ "checkouts value is False" logger.info('Allow multiple checkouts value is True')
def test_update_manage_proxy_account(pas_config, core_session, winrm_engine, remote_users_qty3, test_proxy, cleanup_accounts, cleanup_resources): """ TC: C2549 - Update managed account with using proxy account trying to Update managed account with using proxy account Steps: Pre: Create system with 1 proxy and manage account hand 1. Try to update invalid password for proxy account -Assert Failure 2. Try to update valid password for proxy account -Assert Failure 3. Try to check activity log's -Assert Failure 4. Try to check password history """ system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' sys_details = pas_config add_user_in_target_system = remote_users_qty3 user_password = '******' fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Update system with proxy user update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=user_password, proxyuserismanaged=True) assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Update system with proxy user password. update_sys_success, update_sys_result = ResourceManager.update_system( core_session, add_sys_result, sys_name, fdqn, 'Windows', proxyuser=add_user_in_target_system[1], proxyuserpassword=guid(), proxyuserismanaged=True) assert update_sys_result is False, f'Fail to update the system:API response result: {update_sys_result}' logger.info(f"Successfully update the system:{update_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) # set a different password for the user update_user_password(winrm_engine, add_user_in_target_system[1], user_password) user_name = core_session.get_user().get_login_name() # rotate password for manage account result, success = ResourceManager.rotate_password(core_session, acc_result) assert success, f"Did not Rotate Password {result}" logger.info( f'account activity logs for un manage account API response:{result}') result, success = ResourceManager.check_out_password( core_session, 1, acc_result) assert success, f"Did not retrieve password {result}" logger.info( f'account activity logs for un manage account API response:{result}') row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \ f'password for system "{sys_name}"({fdqn})' in \ row[0]['Detail'], "user not able to update un managed account password" logger.info( f'account activity logs for un manage account API response:{row}') query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \ f"'{acc_result}' and StateUpdatedBy='{user_name}' and State='Retired'" password_history = RedrockController.get_result_rows( RedrockController.redrock_query(core_session, query))[0] assert len( password_history ) > 0, f"Password history table did not update {password_history}" logger.info(f'Password history table API response:{password_history}')