コード例 #1
0
def test_view_on_folders_but_not_members(core_session,
                                         create_secret_inside_folder,
                                         pas_general_secrets, users_and_roles,
                                         cleanup_secrets_and_folders):
    """
     C3054: test method to View on folders, but not members
        1) create multiple secrets & folders inside parent folder
       2) Login as Admin, set folder permissions "View" for parent folder
       3) Login as pas user
       4) Verify can view folder but not secrets

    :param core_session:  Authenticated Centrify session
    :param create_secret_inside_folder: Fixture to create secret inside folder
    :param pas_general_secrets: Fixture to read secrets related data from yaml file
    :param users_and_roles: Fixture to create random user with PAS User Rights
    :param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
    """
    folder_id_list, folder_name, secret_id = create_secret_inside_folder
    folders_list = cleanup_secrets_and_folders[1]
    params = pas_general_secrets

    # creating nested folder
    child_folder_success, child_folder_parameters, child_folder_id = create_folder(
        core_session,
        params['name'],
        params['description'],
        parent=folder_id_list[0])
    assert child_folder_success, f'Failed to create nested folder, API response result: {child_folder_id}'
    logger.info(
        f'Nested Folder created successfully, details are: {child_folder_parameters}'
    )
    folders_list.insert(0, child_folder_id)

    # API to get new session for User A
    pas_power_user_session = users_and_roles.get_session_for_user(
        'Privileged Access Service User')
    assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
    user_name = pas_power_user_session.auth_details['User']
    user_id = pas_power_user_session.auth_details['UserId']
    logger.info(
        f'User with PAS User Rights login successfully: user_Name:{user_name}')

    # Api to give user permissions to parent folder
    user_permissions_alpha = give_user_permissions_to_folder(
        core_session, user_name, user_id, folder_id_list[1], 'View')
    assert user_permissions_alpha['success'], \
        f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
    logger.info(f'User Permissions to folder: {user_permissions_alpha}')

    # Getting the secret for pas user should fail
    found_secret = get_secret(pas_power_user_session, secret_id[0])
    verify_msg = 'You are not authorized to perform this operation.'
    assert found_secret['success'] is False and verify_msg in found_secret["Message"], \
        f'Able to find the secret without view permissions, API response result:{found_secret["Message"]}'
    logger.info(
        f'Not able to find th secret with pas user: {found_secret["Message"]}')
コード例 #2
0
def test_delete_mfa_policy_on_secret(core_session, pas_general_secrets,
                                     clean_up_policy, users_and_roles):
    """
        C283962: MFA policy on Secret, verify challenged
    :param core_session: Authenticated Centrify session
    :param pas_general_secrets: Fixture to read secrets data from yaml file
    :param clean_up_policy: Fixture to cleanup the policy created
    :param users_and_roles: Fixture to create new user with restricted rights
    """
    secrets_params = pas_general_secrets
    suffix = guid()

    # Create a folder A
    secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
        core_session, secrets_params['mfa_folder_name'] + suffix,
        secrets_params['description'])
    assert secret_folder_success, f'Failed to create a folder {secret_folder_id}'
    logger.info(f' Folder created successfully: {secret_folder_success} ')
    secret_folder_parameters['ID'] = secret_folder_id

    # Create a secret under A folder
    added_secret_success, added_secret_id = create_text_secret_within_folder(
        core_session, secrets_params['mfa_secret_name'] + suffix,
        secrets_params['secret_text'], secrets_params['secret_description'],
        secret_folder_id)
    assert added_secret_success, f"Added Secret Failed {added_secret_id}"
    logger.info(f'Added secrets info {added_secret_success, added_secret_id}')

    # Getting details of the secret
    found_secret = get_secret(core_session, added_secret_id)
    assert found_secret['success'], \
        f'Failed to get the details of the secret , API response result:{found_secret["Message"]}'
    logger.info(f'Getting details of the secret: {found_secret}')
    secret_name = found_secret['Result']['SecretName']

    challenges = ["UP", ""]
    # Creating new policy
    policy_result = PolicyManager.create_new_auth_profile(
        core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
    assert policy_result, f'Failed to create policy, API response result:{policy_result}'
    logger.info(f' Creating new policy:{policy_result}')
    clean_up_policy.append(policy_result)

    # Applying MFA on Secret
    result = update_secret(
        core_session,
        added_secret_id,
        secret_name,
        description=secrets_params['mfa_secret_description'],
        policy_id=policy_result)
    assert result[
        'success'], f' Failed to apply MFA on the secret, API response result:{result["Message"]} '
    logger.info(f'MFA Applied on the secret: {result}')

    # Getting new session for User
    pas_power_user_session = users_and_roles.get_session_for_user(
        'Privileged Access Service Power User')
    assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
    user_name = pas_power_user_session.auth_details['User']
    user_id = pas_power_user_session.auth_details['UserId']
    logger.info(
        f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
    )

    # Api to give user permissions to folder
    user_permissions_result = give_user_permissions_to_folder(
        core_session, user_name, user_id, secret_folder_id,
        'Grant,View,Delete')
    assert user_permissions_result, f'Failed to set user permissions to folder{user_permissions_result}'
    logger.info(f'User Permissions to folder: {user_permissions_result}')

    # Api to set DELETE permissions to folder
    member_perm_result, member_perm_success = set_member_permissions_to_folder(
        core_session, user_name, 'Grant,View,Delete,Retrieve', user_id,
        secret_folder_id)
    assert member_perm_success, f'Failed to set member permissions to Folder{member_perm_result["Result"]}'
    logger.info(f'Member permissions to folder:{member_perm_result}')

    # Delete secret with Mfa Authentication
    del_success, del_result = del_secret(pas_power_user_session,
                                         added_secret_id)

    # StartChallenge MFA Authentication
    session, mechanism = pas_power_user_session.start_mfa_authentication(
        user_name, del_result['ChallengeId'])

    # AdvanceAuthentication MFA to Password
    result = pas_power_user_session.advance_authentication(
        answer=pas_power_user_session.user.user_input.password,
        session_id=session,
        mechanism_id=mechanism)
    assert result, "Password Authentication Failed"
    logger.info(f'Advance authentication: {result}')

    # After Authentication of MFA delete the secret under folder
    del_secret_success, del_secret_result = del_secret_mfa(
        pas_power_user_session,
        added_secret_id,
        ChallengeStateId=del_result['ChallengeId'])
    assert del_secret_success, f'User: {user_name} failed to delete secret from this folder: {secret_folder_id}'
    logger.info(
        f'User: {user_name} deleted secret: '
        f'{added_secret_id} successfully from this folder: {secret_folder_id}')

    # Delete folder
    del_folder_res = del_folder(core_session, secret_folder_id)
    assert del_folder_res, f'User: {user_name} failed to delete folder: {secret_folder_id}'
    logger.info(
        f'User: {user_name} successfully deleted folder: {secret_folder_id}')
コード例 #3
0
def test_retrieve_mfa_policy_on_parent_folder_verify_challenged(
        core_session, core_admin_ui, pas_general_secrets,
        create_secret_inside_folder, clean_up_policy):
    """
             C2985: MFA policy on Parent folder, verify challenged
         1) Set MFA on MFAonParent
         2) Right click "MFAonSecret" then Retrieve.
         3) Verify challenged with MFA popups,
         4) Enter password & verify you can retrieve secret

    :param core_session: Authenticated Centrify Session
    :param core_admin_ui: Fixture to launch ui session for cloud admin
    :param pas_general_secrets: Fixture to read secret data from yaml file
    :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
    :param clean_up_policy: Fixture to clean up the policy created
    """
    secrets_params = pas_general_secrets
    suffix = guid()
    folder_list, folder_name, secret_list = create_secret_inside_folder
    verify_text = secrets_params['secret_text']

    # Getting details of the secret replaced
    found_secret = get_secret(core_session, secret_list[0])
    assert found_secret['success'], \
        f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
    logger.info(f'Getting details of the secret: {found_secret}')
    secret_name = found_secret['Result']['SecretName']

    challenges = ["UP", ""]
    # Creating new policy
    policy_result = PolicyManager.create_new_auth_profile(
        core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
    assert policy_result, f'Failed to create policy, API response result:{policy_result}'
    logger.info(f' Creating new policy:{policy_result}')
    clean_up_policy.append(policy_result)

    # Applying MFA on Folder
    result = update_folder(core_session,
                           folder_list[0],
                           folder_name,
                           folder_name,
                           policy_id=policy_result)
    assert result[
        'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
    logger.info(f'Applying MFA  for folder: {result}')

    ui = core_admin_ui
    password = ui.get_user().get_password()
    login = Login(ui)
    ui.navigate('Resources', 'Secrets')
    ui.search(folder_name)
    ui.click_row(GridRowByGuid(folder_list[0]))
    ui.click_row(GridRowByGuid(secret_list[0]))
    ui.action('Retrieve')
    ui.switch_context(Modal(text=secret_name))
    ui.button('Show Text')
    ui.switch_context(NoTitleModal())
    login.click_next_on_auth()
    login.enter_login_password(password)
    login.click_next_on_auth()
    ui.switch_context(ActiveMainContentArea())
    ui.expect(InputBoxValue(verify_text),
              f'Expect to find {verify_text} in Retrieve but could not.')
    logger.info(
        f'Text Retrieved with MFA challenge(password only)i.e. MFAonParent successfully: {verify_text}'
    )

    # Removing MFA on Folder
    result = update_folder(
        core_session,
        folder_list[0],
        folder_name,
        secrets_params['mfa_folder_name_update'] + suffix,
        description=secrets_params['mfa_folder_description'])
    assert result[
        'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
    logger.info(f'Applying MFA  for folder: {result}')
コード例 #4
0
def test_replace_mfa_on_both_parent_folder_and_secret_verify_challenged(
        core_session, pas_general_secrets, create_secret_inside_folder,
        core_session_unauthorized, clean_up_policy):
    """
         C2981: test method to MFA policy on both Parent folder and Secret, verify secret MFA
         1) Set MFA on MFAonSecret & MFAOnParentFolder
         2) Right click "MFAonSecret" then Replace.
         3) Verify challenged with MFA popups,
         4) Enter password & verify you can replace secret

    :param core_session:  Authenticated Centrify Session
    :param pas_general_secrets: Fixture to read secret data from yaml file
    :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
    :param core_session_unauthorized: Fixture to start authentication MFA
    :param clean_up_policy: Fixture to clean up the policy created
    """
    secrets_params = pas_general_secrets
    prefix = guid()
    folder_list, folder_name, secret_list = create_secret_inside_folder

    challenges = ["UP", ""]
    policy_result = PolicyManager.create_new_auth_profile(
        core_session, prefix + secrets_params['policy_name'], challenges, 0, 0)
    assert policy_result, f'Failed to create policy, API response result:{policy_result}'
    logger.info(f' Creating new policy:{policy_result}')
    clean_up_policy.append(policy_result)

    # Applying MFA on Secret
    result = update_secret(
        core_session,
        secret_list[0],
        prefix + secrets_params['mfa_secret_name_update'],
        description=secrets_params['mfa_secret_description'],
        policy_id=policy_result)
    assert result[
        'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} '
    logger.info(f'MFA Applied on the secret: {result}')

    # Applying MFA on Folder
    result = update_folder(
        core_session,
        folder_list[0],
        folder_name,
        folder_name,
        description=secrets_params['mfa_folder_description'],
        policy_id=policy_result)
    assert result[
        'success'], f'Not Able to apply MFA on folder, API response result: {result["Message"]} '
    logger.info(f'MFA Applied on Folder: {result}')

    user = core_session.get_user()
    user_name = user.get_login_name()
    password = user.get_password()

    # MFA Authentication starts on the secret to be replaced
    mfa_authentication = core_session_unauthorized.start_authentication(
        user_name)
    result = mfa_authentication.json()['Result']
    success = mfa_authentication.json()['success']
    assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
    challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
    assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
    logger.info(
        f'MFA Authentication starts on the secret to be replaced:{mfa_authentication.json()}'
    )

    # Advance MFA Authentication starts on the secret to be replaced
    up_result = core_session_unauthorized.advance_authentication(
        password, challenge_index=0, mechanism_name='UP')
    mfa_result = up_result.json()
    assert mfa_result[
        'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
    logger.info(f'MFA popups before secret gets replaced:{mfa_result}')

    # Replacing the text of the secret
    result = update_secret(core_session,
                           secret_list[0],
                           secrets_params['mfa_secret_name_update'] + prefix,
                           secret_text=secrets_params['secret_text_replaced'],
                           policy_id=policy_result)
    assert result[
        'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
    logger.info(f'Secret gets replaced: {result}')

    # Removing MFA
    result = update_secret(core_session,
                           secret_list[0],
                           secrets_params['mfa_secret_name_update'] + prefix,
                           secret_text=secrets_params['secret_text_replaced'])
    assert result[
        'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
    logger.info(f'Secret gets replaced: {result}')

    # Removing MFA from folder
    result = update_folder(
        core_session,
        folder_list[0],
        folder_name,
        folder_name,
        description=secrets_params['mfa_folder_description'])
    assert result[
        'success'], f'Not Able to update the folder, API response result:: {result["Message"]} '
    logger.info(f'Updating the folder: {result}')

    # Getting details of the secret replaced
    found_secret = get_secret(core_session, secret_list[0])
    assert found_secret['success'], \
        f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
    logger.info(f'Getting details of the secret: {found_secret}')
    secret_name = found_secret['Result']['SecretName']
    assert 'MFAOnSecretUpdate' in secret_name, \
        f'Failed to update the secret, API response result:{found_secret["success"]}'
コード例 #5
0
def test_mfa_on_closest_parent_should_override_mfa_on_higher_levels(
        core_session, pas_general_secrets, cleanup_secrets_and_folders,
        clean_up_policy, core_session_unauthorized):
    """
         C2982: MFA on closest parent should override MFA on higher levels
             1) Create a multilevel folder "Folder/Subfolder/secretName"
             2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
             3) Verify secretName inherits challenge of subfolder

    :param core_session:  Authenticated Centrify Session
    :param pas_general_secrets:  Fixture to read secret data from yaml file
    :param cleanup_secrets_and_folders:  Fixture to cleanup the secrets & folder created
    :param clean_up_policy:  Fixture to cleanup the policy created
    :param core_session_unauthorized:  Fixture to start authentication MFA
    """
    folder_list = cleanup_secrets_and_folders[1]
    secrets_list = cleanup_secrets_and_folders[0]
    folder_params = pas_general_secrets
    suffix = guid()
    folder_name = folder_params['folder_name_with_frwdslashes'] + suffix

    # creating multilevel folder "Folder/Subfolder/secretName"
    added_secret_success, details, secret_id = create_text_secret(
        core_session, folder_name, folder_params['secret_text'])
    assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
    logger.info(f'Added Multilevel folder info: {details, secret_id}')
    secrets_list.append(secret_id)

    # Getting details of the secret
    found_secret = get_secret(core_session, secret_id)
    assert found_secret['success'], \
        f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
    logger.info(f'Getting details of the secret: {found_secret}')
    nested_folder_id = found_secret['Result']['FolderId']
    nested_folder_path = found_secret['Result']['ParentPath']
    parent_folder_list = nested_folder_path.split('\\')
    parent_folder_name = parent_folder_list[0]

    # Getting details of Parent Folder
    parent_folder = get_folder(core_session, nested_folder_id)
    parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
    nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
        "SecretName"]
    logger.info(f'Parent Folder details: {parent_folder}')

    if folder_list != []:
        folder_list[0] = nested_folder_id
        folder_list[1] = parent_folder_id
    else:
        folder_list.append(nested_folder_id)
        folder_list.append(parent_folder_id)

    challenges = ["UP", ""]
    challenges_v2 = ["UP,EMAIL", ""]
    # Creating new policy with Password
    policy_result = PolicyManager.create_new_auth_profile(
        core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
    assert policy_result, f'Failed to create policy, API response result:{policy_result}'
    logger.info(f' Creating new policy:{policy_result}')
    clean_up_policy.append(policy_result)

    # Creating new policy with Password & Email
    policy_result_email = PolicyManager.create_new_auth_profile(
        core_session, folder_params['policy_name'] + "V2" + suffix,
        challenges_v2, 0, 0)
    assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
    logger.info(f' Creating another policy:{policy_result_email}')
    clean_up_policy.append(policy_result_email)

    # Applying MFA on Nested Folder
    result = update_folder(core_session,
                           nested_folder_id,
                           nested_folder_name,
                           nested_folder_name,
                           description=folder_params['mfa_folder_description'],
                           policy_id=policy_result)
    assert result[
        'success'], f'Not Able to apply MFA on Nested folder, API response result: {result["Message"]} '
    logger.info(f'MFA Applied on Nested Folder: {result}')

    # Applying MFA on Parent Folder
    result = update_folder(core_session,
                           parent_folder_id,
                           parent_folder_name,
                           parent_folder_name,
                           description=folder_params['mfa_folder_description'],
                           policy_id=policy_result_email)
    assert result[
        'success'], f'Not Able to apply MFA on parent folder, API response result: {result["Message"]} '
    logger.info(f'MFA Applied on Parent Folder: {result}')

    user = core_session.get_user()
    user_name = user.get_login_name()
    password = user.get_password()

    # MFA Authentication starts on the secret to be replaced
    mfa_authentication = core_session_unauthorized.start_authentication(
        user_name)
    result = mfa_authentication.json()['Result']
    success = mfa_authentication.json()['success']
    assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
    challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
    assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
    logger.info(
        f'MFA Authentication applies for closest parent,Password Only:{mfa_authentication.json()}'
    )

    # Advance MFA Authentication starts on the secret to be replaced
    up_result = core_session_unauthorized.advance_authentication(
        password, challenge_index=0, mechanism_name='UP')
    mfa_result = up_result.json()
    assert mfa_result[
        'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
    logger.info(
        f'MFA applies for closest parent,popups before secret gets replaced: {mfa_result}'
    )

    # Replacing the text of the secret
    result = update_secret(core_session,
                           secret_id,
                           folder_params['mfa_secret_name_update'] + suffix,
                           secret_text=folder_params['secret_text_replaced'])
    assert result[
        'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
    logger.info(f'Secret gets replaced: {result}')

    # Removing MFA from Nested folder
    result = update_folder(core_session,
                           nested_folder_id,
                           nested_folder_name,
                           nested_folder_name,
                           description=folder_params['mfa_folder_description'])
    assert result[
        'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
    logger.info(f'Removing mfa from folder: {result}')

    # Removing MFA from Parent folder
    result = update_folder(core_session,
                           parent_folder_id,
                           parent_folder_name,
                           parent_folder_name,
                           description=folder_params['mfa_folder_description'])
    assert result[
        'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
    logger.info(f'Removing mfa from folder: {result}')

    # Getting details of the Secret Replaced
    get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
        core_session, secret_id)
    assert get_secret_text == folder_params['secret_text_replaced'], \
        f'Failed to replace the secret, API response result: {get_secret_success}'
    logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_retrieve_mfa_on_closest_parent_should_override_mfa(
        core_session, pas_general_secrets, cleanup_secrets_and_folders,
        clean_up_policy):
    """
        C283926: MFA on closest parent should override MFA on higher levels
             1) Create a multilevel folder "Folder/Subfolder/secretName"
             2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
             3) Verify secretName inherits challenge of subfolder

    :param core_session:  Authenticated Centrify Session
    :param pas_general_secrets:  Fixture to read secret data from yaml file
    :param cleanup_secrets_and_folders:  Fixture to cleanup the secrets & folder created
    :param clean_up_policy:  Fixture to cleanup the policy created
    """
    folder_list = cleanup_secrets_and_folders[1]
    secrets_list = cleanup_secrets_and_folders[0]
    folder_params = pas_general_secrets
    suffix = guid()
    secret_name = folder_params['folder_name_with_frwdslashes'] + suffix
    user_name = core_session.auth_details['User']

    # creating multilevel folder "Folder/Subfolder/secretName"
    added_secret_success, details, secret_id = create_text_secret(
        core_session, secret_name, folder_params['secret_text'])
    assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
    logger.info(f'Added Multilevel folder info: {details, secret_id}')
    secrets_list.append(secret_id)

    # Getting details of the secret
    found_secret = get_secret(core_session, secret_id)
    assert found_secret['success'], \
        f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
    logger.info(f'Getting details of the secret: {found_secret}')
    nested_folder_id = found_secret['Result']['FolderId']
    nested_folder_path = found_secret['Result']['ParentPath']
    parent_folder_list = nested_folder_path.split('\\')
    parent_folder_name = parent_folder_list[0]

    # Getting details of Parent Folder
    parent_folder = get_folder(core_session, nested_folder_id)
    parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
    nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
        "SecretName"]
    logger.info(f'Parent Folder details: {parent_folder}')

    if folder_list != []:
        folder_list[0] = nested_folder_id
        folder_list[1] = parent_folder_id
    else:
        folder_list.append(nested_folder_id)
        folder_list.append(parent_folder_id)

    challenges = ["UP", ""]
    challenges_v2 = ["UP,EMAIL", ""]
    # Creating new policy with Password
    policy_result = PolicyManager.create_new_auth_profile(
        core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
    assert policy_result, f'Failed to create policy, API response result:{policy_result}'
    logger.info(f' Creating new policy:{policy_result}')
    clean_up_policy.append(policy_result)

    # Creating new policy with Password & Email
    policy_result_email = PolicyManager.create_new_auth_profile(
        core_session, folder_params['policy_name'] + "V2" + suffix,
        challenges_v2, 0, 0)
    assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
    logger.info(f' Creating another policy:{policy_result_email}')
    clean_up_policy.append(policy_result_email)

    # Applying MFA on Nested Folder
    result = update_folder(core_session,
                           nested_folder_id,
                           nested_folder_name,
                           nested_folder_name,
                           description=folder_params['mfa_folder_description'],
                           policy_id=policy_result)
    assert result[
        'success'], f'Failed to apply MFA on Nested folder, API response result: {result["Message"]} '
    logger.info(f'MFA Applied on Nested Folder: {result}')

    # Applying MFA on Parent Folder
    result = update_folder(core_session,
                           parent_folder_id,
                           parent_folder_name,
                           parent_folder_name,
                           description=folder_params['mfa_folder_description'],
                           policy_id=policy_result_email)
    assert result[
        'success'], f'Failed to apply MFA on parent folder, API response result: {result["Message"]} '
    logger.info(f'MFA Applied on Parent Folder: {result}')

    # Move Secret with Mfa Authentication
    retrieve_success, retrieve_result = retrieve_secret_contents(
        core_session, secret_id)

    # StartChallenge MFA Authentication
    session, mechanism = core_session.start_mfa_authentication(
        user_name, retrieve_result['ChallengeId'])

    # AdvanceAuthentication MFA to Password
    advance_auth_result = core_session.advance_authentication(
        answer=core_session.user.user_input.password,
        session_id=session,
        mechanism_id=mechanism)
    mfa_result = advance_auth_result.json()
    assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
    logger.info(
        f'Successfully applied password authentication with closest parent: {mfa_result}'
    )

    # After Authenticating of MFA move secret with challenge password
    retrieve_secret_success, retrieve_secret_result = retrieve_secret_contents_with_mfa(
        core_session,
        secret_id,
        ChallengeStateId=retrieve_result['ChallengeId'])
    assert retrieve_secret_success, f'Failed to retrieve secret with closest parent challenge: {retrieve_secret_result}'
    logger.info(
        f'Successfully retrieved secret with closest parent challenge: {retrieve_secret_result}'
    )

    # Removing MFA on Nested Folder
    result = update_folder(core_session,
                           nested_folder_id,
                           nested_folder_name,
                           nested_folder_name,
                           description=folder_params['mfa_folder_description'])
    assert result[
        'success'], f'Failed to remove MFA on Nested folder, API response result: {result["Message"]} '
    logger.info(f'MFA removed on Nested Folder: {result}')

    # Removing MFA on Parent Folder
    result = update_folder(core_session,
                           parent_folder_id,
                           parent_folder_name,
                           parent_folder_name,
                           description=folder_params['mfa_folder_description'])
    assert result[
        'success'], f'Failed to remove MFA on parent folder, API response result: {result["Message"]} '
    logger.info(f'MFA removed on Parent Folder: {result}')