def test_update_secret_with_invalid_path_or_name_negative( core_session, added_secrets, pas_general_secrets): """ test method to update the secret with invalid path & invalid name :param core_session: Authenticated Centrify session :param added_secrets: Fixture to create text type secret & yield secret id, secret_name :param pas_general_secrets: Fixture to read secret data from yaml file """ added_text_secret_id, added_text_secret_name = added_secrets secrets_params = pas_general_secrets prefix = guid() # Api to update the secret with invalid path result = update_secret( core_session, added_text_secret_id, prefix + secrets_params['nested_secret_backslashes']) assert result[ 'success'] is False, f'Able to update with invalid path name { result["Result"]} ' logger.info( f'Unable to update with invalid path name:{result["success"]} & {result["Exception"]} ' ) # Api to update the secret with invalid name result = update_secret(core_session, added_text_secret_id, prefix + secrets_params['invalid_name']) assert result[ 'success'] is False, f'Able to update with invalid name {result["Result"]} ' logger.info( f'Unable to update with invalid name: {result["success"]} & {result["Exception"]}' )
def test_adding_several_items_during_creation(core_session, added_secrets_file, added_secrets, users_and_roles, pas_general_secrets, clean_up_policy): secret_prefix = guid() secrets_params = pas_general_secrets added_secret_id = added_secrets_file added_text_secret_id, added_text_secret_name = added_secrets application_management_user = users_and_roles.get_user('Privileged Access Service Power User') user_name = application_management_user.get_login_name() user_id = application_management_user.get_id() # setting permissions for User A set_permission_result, set_permission_success = set_users_effective_permissions(core_session, user_name, 'View,Grant', user_id, added_secret_id) assert set_permission_success, f'Failed to set permission: {set_permission_result}' logger.info(f'Setting permission:{set_permission_result}{set_permission_success}') # creating new policy policy_result = PolicyManager.create_new_auth_profile(core_session, secret_prefix + secrets_params['policy_name'], ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Getting details of file type secrets get_secret_details, get_secret_success, get_secret_created_date = get_file_type_secret_contents(core_session, added_secret_id) assert get_secret_success, f'Failed to get the file type secret contents:{get_secret_success}' logger.info(f'Secret created details: {get_secret_details}') secrete_file = {'Type': '', 'SecretFilePassword': '******', 'SecretFilePath': '', 'SecretFileSize': '', 'SecretName': get_secret_details['SecretName'], 'ID': added_secret_id, 'DataVaultDefaultProfile': '' } local_secret_path = get_asset_path('secret_upload.txt') # Assigning policy to file type secrets policy_assigned = update_file_type_secret(core_session, added_secret_id, secrete_file, local_secret_path, policy_result) assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f'Policy assigned to secret : {policy_assigned}') # Removing policy to file type secrets policy_assigned = update_file_type_secret(core_session, added_secret_id, secrete_file, local_secret_path) assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f'Policy assigned to secret : {policy_assigned}') # Setting permissions for text type secrets set_permission_result, set_permission_success = set_users_effective_permissions(core_session, user_name, 'View,Grant', user_id, added_text_secret_id[0]) assert set_permission_success, f'Failed to set permission: {set_permission_result}' logger.info(f'Setting permission:{set_permission_result}{set_permission_success}') # Applying Policy policy_assigned = update_secret(core_session, added_text_secret_id[0], added_text_secret_name, policy_id=policy_result) assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}') # Removing policy policy_assigned = update_secret(core_session, added_text_secret_id[0], added_text_secret_name) assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}')
def test_mfa_policy_on_secret_verify_not_challenged_on_settings_update(core_session, pas_general_secrets, users_and_roles, create_secret_inside_folder, clean_up_policy): """ test method to verify that mfa does not exist on updating the settings for an existing secret "MFAOnSecret" with already assigned mfa for that secret :param core_session: Authenticated Centrify Session :param pas_general_secrets: Fixture to read secret data from yaml file :param users_and_roles: Fixture to create New user with PAS Power Rights :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder" :param clean_up_policy: Fixture to clean up the policy created """ secrets_params = pas_general_secrets prefix = guid() folder_list, folder_name, secret_list = create_secret_inside_folder pas_power_user = users_and_roles.get_user('Privileged Access Service Power User') user_name = pas_power_user.get_login_name() user_id = pas_power_user.get_id() text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session, user_name, 'View,Edit', user_id, secret_list[0]) assert text_type_secret_success, f'setting permissions for text type secret:{text_type_secret_result}' logger.info(f'setting permissions for text type secret: : {text_type_secret_success}') # Api to create new policy policy_result = PolicyManager.create_new_auth_profile(core_session, prefix + secrets_params['policy_name'], ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Api to get the details of the secret get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, secret_list[0]) assert get_secret_success, f'Failed to get the details of the secret:{get_secret_success}' logger.info(f'Details of the secret returned:{get_secret_details}') # Api to assign MFA & update settings of secret policy_assigned = update_secret(core_session, secret_list[0], prefix + secrets_params['mfa_secret_name_update'], description=secrets_params['mfa_secret_description'], secret_text=get_secret_text, policy_id=policy_result) assert policy_assigned['success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}') # Api to Remove MFA from secret result = update_secret(core_session, secret_list[0], prefix + secrets_params['mfa_secret_name_update'], description=secrets_params['mfa_secret_description']) assert result['success'], f'Not Able to update the settings: {result["Message"]} ' logger.info(f'Update settings for secret: {result}') # Api to get details of the secret updated get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, secret_list[0]) description_updated = get_secret_details['Description'] name_updated = get_secret_details['SecretName'] assert 'MFAOnSecretUpdate' in name_updated, f'Failed to update the name{get_secret_success}' assert 'mfa_description' in description_updated, f'Failed to update the description{get_secret_success}' logger.info(f'Details of the secret updated: {get_secret_details}')
def test_move_mfa_on_secrets_should_apply(core_session, pas_general_secrets, create_secret_folder, added_secrets, clean_up_policy): """ C283939: MFA on secret should still apply once moved to another folder :param core_session: Authenticated Centrify Session :param pas_general_secrets: Fixture to read secret data from yaml file :param create_secret_folder: Fixture to create secret folder & yields folder related details :param added_secrets: Fixture to create text type secrets & yields secrets details :param clean_up_policy: Fixture to clean up the policy created """ secrets_params = pas_general_secrets suffix = guid() secret_folder_details = create_secret_folder folder_id = secret_folder_details['ID'] secret_id, secret_name = added_secrets challenges1 = ["UP", ""] user_name = core_session.auth_details['User'] # creating a new Authentication profile for nested folder policy_result = PolicyManager.create_new_auth_profile( core_session, secrets_params['policy_name'] + suffix, challenges1, 0, 0) assert policy_result, f'Failed to create policy, API response result:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Applying MFA to secret result = update_secret( core_session, secret_id[0], secret_name, description=secrets_params['mfa_secret_description'], policy_id=policy_result) assert result[ 'success'], f'Failed to apply mfa to secret, API response result: {result["Message"]} ' logger.info(f'Successfully applied MFA to Secret: {result}') # Move Secret with Mfa Authentication result_secret = move_secret(core_session, secret_id[0], folder_info=folder_id) # StartChallenge MFA Authentication session, mechanism = core_session.start_mfa_authentication( user_name, result_secret['Result']['ChallengeId']) # AdvanceAuthentication MFA to Password advance_auth_result = core_session.advance_authentication( answer=core_session.user.user_input.password, session_id=session, mechanism_id=mechanism) mfa_result = advance_auth_result.json() assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}' logger.info(f'successfully applied password authentication: {mfa_result}') # After Authenticating of MFA move secret with challenge password moved_success, moved_result = move_secret_by_using_mfa( core_session, secret_id[0], target_folder_info=folder_id, ChallengeStateId=result_secret['Result']['ChallengeId']) assert moved_success, f'User: {user_name} Failed to move secret to another folder: {moved_result}' logger.info( f'User: {user_name} successfully moved secret to another folder: {moved_result}' ) # Move Secret with Mfa Authentication result_secret = move_secret(core_session, secret_id[0]) assert result_secret['success'] is False, \ f'Failed to preserve MFA Policy,API Response result:{result_secret["Message"]}' logger.info(f'MFA Policy is preserved successfully: {result_secret}') # Removing mfa from secret result = update_secret( core_session, secret_id[0], secret_name, description=secrets_params['mfa_secret_description']) assert result[ 'success'], f'Failed to remove mfa from secret, API response result: {result["Message"]} ' logger.info(f'Successfully removed mfa from secret: {result}')
def test_delete_mfa_policy_on_secret(core_session, pas_general_secrets, clean_up_policy, users_and_roles): """ C283962: MFA policy on Secret, verify challenged :param core_session: Authenticated Centrify session :param pas_general_secrets: Fixture to read secrets data from yaml file :param clean_up_policy: Fixture to cleanup the policy created :param users_and_roles: Fixture to create new user with restricted rights """ secrets_params = pas_general_secrets suffix = guid() # Create a folder A secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder( core_session, secrets_params['mfa_folder_name'] + suffix, secrets_params['description']) assert secret_folder_success, f'Failed to create a folder {secret_folder_id}' logger.info(f' Folder created successfully: {secret_folder_success} ') secret_folder_parameters['ID'] = secret_folder_id # Create a secret under A folder added_secret_success, added_secret_id = create_text_secret_within_folder( core_session, secrets_params['mfa_secret_name'] + suffix, secrets_params['secret_text'], secrets_params['secret_description'], secret_folder_id) assert added_secret_success, f"Added Secret Failed {added_secret_id}" logger.info(f'Added secrets info {added_secret_success, added_secret_id}') # Getting details of the secret found_secret = get_secret(core_session, added_secret_id) assert found_secret['success'], \ f'Failed to get the details of the secret , API response result:{found_secret["Message"]}' logger.info(f'Getting details of the secret: {found_secret}') secret_name = found_secret['Result']['SecretName'] challenges = ["UP", ""] # Creating new policy policy_result = PolicyManager.create_new_auth_profile( core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0) assert policy_result, f'Failed to create policy, API response result:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Applying MFA on Secret result = update_secret( core_session, added_secret_id, secret_name, description=secrets_params['mfa_secret_description'], policy_id=policy_result) assert result[ 'success'], f' Failed to apply MFA on the secret, API response result:{result["Message"]} ' logger.info(f'MFA Applied on the secret: {result}') # Getting new session for User pas_power_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service Power User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User' user_name = pas_power_user_session.auth_details['User'] user_id = pas_power_user_session.auth_details['UserId'] logger.info( f'User with PAS Power User Rights login successfully: user_Name: {user_name}' ) # Api to give user permissions to folder user_permissions_result = give_user_permissions_to_folder( core_session, user_name, user_id, secret_folder_id, 'Grant,View,Delete') assert user_permissions_result, f'Failed to set user permissions to folder{user_permissions_result}' logger.info(f'User Permissions to folder: {user_permissions_result}') # Api to set DELETE permissions to folder member_perm_result, member_perm_success = set_member_permissions_to_folder( core_session, user_name, 'Grant,View,Delete,Retrieve', user_id, secret_folder_id) assert member_perm_success, f'Failed to set member permissions to Folder{member_perm_result["Result"]}' logger.info(f'Member permissions to folder:{member_perm_result}') # Delete secret with Mfa Authentication del_success, del_result = del_secret(pas_power_user_session, added_secret_id) # StartChallenge MFA Authentication session, mechanism = pas_power_user_session.start_mfa_authentication( user_name, del_result['ChallengeId']) # AdvanceAuthentication MFA to Password result = pas_power_user_session.advance_authentication( answer=pas_power_user_session.user.user_input.password, session_id=session, mechanism_id=mechanism) assert result, "Password Authentication Failed" logger.info(f'Advance authentication: {result}') # After Authentication of MFA delete the secret under folder del_secret_success, del_secret_result = del_secret_mfa( pas_power_user_session, added_secret_id, ChallengeStateId=del_result['ChallengeId']) assert del_secret_success, f'User: {user_name} failed to delete secret from this folder: {secret_folder_id}' logger.info( f'User: {user_name} deleted secret: ' f'{added_secret_id} successfully from this folder: {secret_folder_id}') # Delete folder del_folder_res = del_folder(core_session, secret_folder_id) assert del_folder_res, f'User: {user_name} failed to delete folder: {secret_folder_id}' logger.info( f'User: {user_name} successfully deleted folder: {secret_folder_id}')
def test_need_to_have_edit_permission_on_secret_to_update_settings_and_policy( core_session, users_and_roles, added_secrets_file, added_secrets, pas_general_secrets, clean_up_policy): """ test method to set permissions on secrets(with Edit/Without Edit) to update the settings & policy. :param core_session: Authenticated Centrify Session :param users_and_roles: Fixture to create New user with PAS Power Rights :param added_secrets_file: Fixture to create file type secret & yield secret id :param added_secrets: Fixture to create text type secret & yield secret id, secret_name :param pas_general_secrets: Fixture to read secret data from yaml file :param clean_up_policy: Fixture to clean up the policy created """ added_file_secret_id = added_secrets_file added_text_secret_id, added_text_secret_name = added_secrets secrets_params = pas_general_secrets secret_prefix = guid() pas_power_user = users_and_roles.get_user( 'Privileged Access Service Power User') user_name = pas_power_user.get_login_name() user_id = pas_power_user.get_id() # API to set user permissions (Edit)for file_type_secret""" file_type_secret_result, file_type_secret_success = set_users_effective_permissions( core_session, user_name, 'View,Grant,Edit', user_id, added_file_secret_id) assert file_type_secret_success, f'setting permissions for file type secret failed: {file_type_secret_result}' logger.info( f'Setting permissions for file type secret: {file_type_secret_success}' ) # API to set user permissions (without Edit)for text_type_secret""" text_type_secret_result, text_type_secret_success = set_users_effective_permissions( core_session, user_name, 'View,Grant', user_id, added_text_secret_id[0]) assert text_type_secret_success, f'setting permissions for text type secret failed:{text_type_secret_result}' logger.info( f'Setting permissions for text type secret: : {text_type_secret_success}' ) # API to get new session for User A""" pas_power_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service Power User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User' logger.info( f'User with PAS Power User Rights login successfully :user_Name: {user_name}' f' & Password: {pas_power_user.get_password()} ') # Api to update the name of the secret(file_type) result = update_secret( pas_power_user_session, added_file_secret_id, secret_prefix + secrets_params['updated_secret_name']) assert result[ 'success'], f'Not Able to update the settings {result["Result"]} ' logger.info( f'Updating the settings for secret: {result["success"]} & {result["Exception"]}' ) # Api to create new policy policy_result = PolicyManager.create_new_auth_profile( core_session, secret_prefix + secrets_params['policy_name'], ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Api to assign policy to file type secret policy_assigned = update_secret(pas_power_user_session, added_file_secret_id, added_text_secret_name, policy_id=policy_result) assert policy_assigned[ 'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to secret: {policy_assigned}') # Api to update settings for text type secret result = update_secret( pas_power_user_session, added_text_secret_id[0], secret_prefix + secrets_params['updated_secret_name']) assert result[ 'success'] is False, f'Able to update the settings: {result["Message"]} ' logger.info(f'Not able to Update settings for secret: {result}') # Api to assign policy for text type secret policy_assigned = update_secret(pas_power_user_session, added_text_secret_id[0], added_text_secret_name, policy_id=policy_result) assert policy_assigned[ 'success'] is False, f'Able to assign policy to secret: {policy_assigned["Message"]}' logger.info( f' Not able to assign Policy to text type secret: {policy_assigned}') # Api to Remove policy for file type secret policy_removed = update_secret(pas_power_user_session, added_file_secret_id, added_text_secret_name) assert policy_removed[ 'success'], f'Failed to remove policy to secret: {policy_removed["Message"]}' logger.info( f'Successfully removed Policy to text type secret: {policy_removed}')
def test_replace_mfa_policy_on_secret_verify_challenged( core_session, pas_general_secrets, create_secret_inside_folder, core_session_unauthorized, clean_up_policy): """ C2979: test method to MFA policy on Secret, verify challenged 1) Set MFA on MFAonSecret 2) Right click "MFAonSecret" then Replace. 3) Verify challenged with MFA popups, 4) Enter password & verify you can replace secret :param core_session: Authenticated Centrify Session :param pas_general_secrets: Fixture to read secret data from yaml file :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder" :param core_session_unauthorized: Fixture to start authentication MFA :param clean_up_policy: Fixture to clean up the policy created """ secrets_params = pas_general_secrets prefix = guid() folder_list, folder_name, secret_list = create_secret_inside_folder challenges = ["UP", ""] policy_result = PolicyManager.create_new_auth_profile( core_session, prefix + secrets_params['policy_name'], challenges, 0, 0) assert policy_result, f'Failed to create policy, API response result:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Applying MFA on Secret result = update_secret( core_session, secret_list[0], prefix + secrets_params['mfa_secret_name_update'], description=secrets_params['mfa_secret_description'], policy_id=policy_result) assert result[ 'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} ' logger.info(f'MFA Applied on the secret: {result}') user = core_session.get_user() user_name = user.get_login_name() password = user.get_password() # MFA Authentication starts on the secret to be replaced mfa_authentication = core_session_unauthorized.start_authentication( user_name) result = mfa_authentication.json()['Result'] success = mfa_authentication.json()['success'] assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}' challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name'] assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}' logger.info( f'MFA Authentication starts on the secret to be replaced:{mfa_authentication.json()}' ) # Advance MFA Authentication starts on the secret to be replaced up_result = core_session_unauthorized.advance_authentication( password, challenge_index=0, mechanism_name='UP') mfa_result = up_result.json() assert mfa_result[ 'success'], f'Failed to respond to challenge, API response result:{ mfa_result["Result"]}' logger.info(f'MFA popups before secret gets replaced:{mfa_result}') # Replacing text of the secret & Removing MFA result = update_secret(core_session, secret_list[0], prefix + secrets_params['mfa_secret_name_update'], secret_text=secrets_params['secret_text_replaced']) assert result[ 'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} ' logger.info(f'Secret gets replaced: {result}')
def test_multiple_updates_in_permissions_policy_name_verify_all_2( core_session, added_secrets, pas_general_secrets, users_and_roles, clean_up_policy): """ test method to verify multiple updates like (permissions, policy, name ..) for a secret :param core_session: Authenticated Centrify Session :param added_secrets: Fixture to create text type secret & yield secret id, secret_name :param pas_general_secrets: Fixture to read secret data from yaml file :param users_and_roles: Fixture to create New user with PAS Power Rights :param clean_up_policy: Fixture to clean up the policy created """ secret_prefix = guid() added_text_secret_id, added_text_secret_name = added_secrets secrets_params = pas_general_secrets application_management_user = users_and_roles.get_user( 'Privileged Access Service Power User') user_name = application_management_user.get_login_name() user_id = application_management_user.get_id() # API to set user permissions for text_type_secret set_permissions_result, set_permissions_success = set_users_effective_permissions( core_session, user_name, 'View,Grant,Edit', user_id, added_text_secret_id[0]) assert set_permissions_success, f'setting permissions for file type secret failed: {set_permissions_result}' logger.info( f'setting permissions for text type secret: {set_permissions_success} {set_permissions_result}' ) # Api to create new policy policy_result = PolicyManager.create_new_auth_profile( core_session, secret_prefix + secrets_params['policy_name'], ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Api to assign policy to the secret policy_assigned = update_secret(core_session, added_text_secret_id[0], added_text_secret_name, policy_id=policy_result) assert policy_assigned[ 'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}') # Api to update settings(secret_name) of the secret result = update_secret( core_session, added_text_secret_id[0], secret_prefix + secrets_params['updated_secret_name']) assert result[ 'success'], f'Not Able to update the settings {result["Result"]} ' logger.info( f'Updating the settings for secret: {result["success"]} & {result["Exception"]}' ) # Api to retrieve the activity of the secret rows_result = UserManager.get_secret_activity(core_session, added_text_secret_id[0]) assert rows_result is not None, f'Unable to fetch Secret updated details & activity fetched:{rows_result}' logger.info(f'activity list:{rows_result}') verify_name = 'update_secret1' verify_permissions = 'View , Grant , Edit' permissions_updated = False assert verify_name in rows_result[0][ "Detail"], f'Unable to update the name:{rows_result[0]["Detail"]}' logger.info(f'Secret Updated details: {rows_result[0]["Detail"]}') for x in rows_result: if verify_permissions in x['Detail']: permissions_updated = True assert permissions_updated, f'Unable to update the permissions: {permissions_updated}'
def test_retrieve_mfa_policy_on_both_parent_folder_and_secret_verify_secret_mfa( core_session, core_admin_ui, pas_general_secrets, create_secret_inside_folder, clean_up_policy): """ C2986: MFA policy on both Parent folder and Secret, verify secret MFA 1) Set MFA on both MFAonSecret & MFAOnParent 2) Right click "MFAonSecret" then Retrieve. 3) Verify challenged with MFA should be from "MFAonSecret" 4) Enter password & verify you can retrieve secret :param core_session: Authenticated Centrify Session :param core_admin_ui: Fixture to launch ui session for cloud admin :param pas_general_secrets: Fixture to read secret data from yaml file :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder" :param clean_up_policy: Fixture to clean up the policy created """ params = pas_general_secrets suffix = guid() folder_list, folder_name, secret_list = create_secret_inside_folder verify_text = params['secret_text'] # Getting details of the secret replaced found_secret = get_secret(core_session, secret_list[0]) assert found_secret['success'], \ f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}' logger.info(f'Getting details of the secret: {found_secret}') secret_name = found_secret['Result']['SecretName'] challenges_v2 = ["UP,EMAIL", ""] # Creating new policy with Password & Email policy_result_email = PolicyManager.create_new_auth_profile( core_session, params['policy_name'] + "V2" + suffix, challenges_v2, 0, 0) assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}' logger.info(f' Creating new policy:{policy_result_email}') clean_up_policy.append(policy_result_email) challenges = ["UP", ""] # Creating another policy with password only policy_result = PolicyManager.create_new_auth_profile( core_session, params['policy_name'] + suffix, challenges, 0, 0) assert policy_result, f'Failed to create policy, API response result:{policy_result}' logger.info(f' Creating another policy:{policy_result}') clean_up_policy.append(policy_result) # Applying MFA on Folder result = update_folder(core_session, folder_list[0], folder_name, folder_name, policy_id=policy_result_email) assert result[ 'success'], f'Not Able to apply MFA, API response result: {result["Message"]} ' logger.info(f'Applying MFA for folder: {result}') # Applying MFA on Secret result = update_secret(core_session, secret_list[0], secret_name, description=params['mfa_secret_description'], policy_id=policy_result) assert result[ 'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} ' logger.info(f'MFA Applied on the secret: {result}') ui = core_admin_ui password = ui.get_user().get_password() login = Login(ui) ui.navigate('Resources', 'Secrets') ui.search(folder_name) ui.click_row(GridRowByGuid(folder_list[0])) ui.click_row(GridRowByGuid(secret_list[0])) ui.action('Retrieve') ui.switch_context(Modal(text=secret_name)) ui.button('Show Text') ui.switch_context(NoTitleModal()) login.click_next_on_auth() login.enter_login_password(password) login.click_next_on_auth() ui.switch_context(ActiveMainContentArea()) ui.expect(InputBoxValue(verify_text), f'Expect to find {verify_text} in Retrieve but could not.') logger.info( f'Text Retrieved with MFA challenge(password only)i.e. MFAOnSecret successfully: {verify_text}' ) # Removing MFA on Folder result = update_folder(core_session, folder_list[0], folder_name, params['mfa_folder_name_update'] + suffix) assert result[ 'success'], f'Not Able to remove MFA, API response result: {result["Message"]} ' logger.info(f'MFA Removed for folder: {result}') # Removing MFA on Secret result = update_secret(core_session, secret_list[0], params['mfa_secret_name_update'] + suffix) assert result[ 'success'], f'Not Able to remove MFA, API response result:{result["Message"]} ' logger.info(f'MFA Removed on secret: {result}')
def test_update_retrieve_replace_activity_logged(core_session, added_secrets, pas_general_secrets, users_and_roles, clean_up_policy): """ C3071: Update, retrieve, replace activity logged :param core_session: Authenticated Centrify Session :param added_secrets: Fixture to create text type secret & yield secret id, secret_name :param pas_general_secrets: Fixture to read secret data from yaml file :param users_and_roles: Fixture to create New user with PAS Power Rights :param clean_up_policy: Fixture to clean up the policy created """ secret_suffix = guid() added_text_secret_id, added_text_secret_name = added_secrets secrets_params = pas_general_secrets # API to get new session for User A pas_power_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS User' user_name = pas_power_user_session.auth_details['User'] user_id = pas_power_user_session.auth_details['UserId'] logger.info( f'User with PAS User Rights login successfully: user_Name:{user_name}') # Api to give user permissions to secrets set_permission_result, set_permission_success = set_users_effective_permissions( core_session, user_name, 'View,Grant', user_id, added_text_secret_id[0]) assert set_permission_success, f'Failed to set permission: {set_permission_result}' logger.info( f'Setting permission:{set_permission_result}{set_permission_success}') # Retrieving details(text) of the secret get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, added_text_secret_id[0]) assert get_secret_success, f'Failed to retrieve the secret:{get_secret_text}' logger.info(f' Retrieved secret details: {get_secret_details} ') # Api to create new policy policy_result = PolicyManager.create_new_auth_profile( core_session, secrets_params['policy_name'] + secret_suffix, ["UP", None], None, "30") assert policy_result is not None, f'Failed to create policy:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Api to update secret(assign policy & update name) policy_assigned = update_secret(core_session, added_text_secret_id[0], secrets_params['updated_secret_name'] + secret_suffix, policy_id=policy_result) assert policy_assigned[ 'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy assigned to text type secret: {policy_assigned}') # Api to retrieve the activity of the secret rows_result = UserManager.get_secret_activity(core_session, added_text_secret_id[0]) assert rows_result, f'Failed to fetch Secret updated details & activity fetched:{rows_result}' logger.info(f'Activity list:{rows_result}') assert 'updated the secret' in rows_result[0][ "Detail"], f'Failed to update the secret:{rows_result[0]["Detail"]}' assert 'viewed the secret' in rows_result[1][ "Detail"], f'Failed to retrieve the secret :{rows_result[1]["Detail"]}' added_secret_status = False added_permissions_status = False for rows in rows_result: if 'added a secret' in rows['Detail']: added_secret_status = True assert added_secret_status, f'Failed to add secret: {added_secret_status}' for rows in rows_result: if 'granted User' in rows['Detail']: added_permissions_status = True assert added_permissions_status, f'Failed to add permissions: {added_permissions_status}' # Api to remove policy from the secret policy_assigned = update_secret(core_session, added_text_secret_id[0], added_text_secret_name) assert policy_assigned[ 'success'], f'Failed to remove policy from secret: {policy_assigned["Result"]["ID"]}' logger.info(f' Policy removed from secret: {policy_assigned}')
def test_needs_edit_permission_to_replace_contents(core_session, users_and_roles, added_secrets_file, added_secrets, pas_general_secrets): """ C283887: User needs edit permission on the secret to replace the contents. :param core_session: Authenticated Centrify Session :param users_and_roles: Fixture to create New user with PAS Power User & PAS User Rights :param added_secrets_file: Fixture to create file type secret :param added_secrets: Fixture to create text type secret :param pas_general_secrets: Fixture to read secret data from yaml file """ secrets_params = pas_general_secrets added_file_secret_id = added_secrets_file added_text_secret_id, added_text_secret_name = added_secrets suffix = guid() # API to get new session for User A pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service Power User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User' user_name = pas_power_user_session.auth_details['User'] user_id = pas_power_user_session.auth_details['UserId'] logger.info(f'User with PAS Power User Rights login successfully: user_Name:{user_name}') # setting user permissions for file_type_secret""" file_type_secret_result, file_type_secret_success = set_users_effective_permissions(core_session, user_name, 'View,Grant', user_id, added_file_secret_id) assert file_type_secret_success, f'setting permissions for file type secret failed: {file_type_secret_result}' logger.info(f'setting permissions for file type secret: {file_type_secret_success}') # setting user permissions for file_type_secret""" text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session, user_name, 'View,Grant,Edit', user_id, added_text_secret_id[0]) assert text_type_secret_success, f'setting permissions for text type secret:{text_type_secret_result}' logger.info(f'setting permissions for text type secret: : {text_type_secret_success}') # Replacing the content of the secret secret_updated = update_secret(pas_power_user_session, added_text_secret_id[0], secrets_params['mfa_secret_name_update'] + suffix, description=secrets_params['mfa_secret_description'], secret_text=secrets_params['secret_text_updated'] + suffix) assert secret_updated['success'], f'Failed to update secret: {secret_updated["Result"]["ID"]}' logger.info(f' Successfully updated text type secret: {secret_updated}') # Verifying replaced secret get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, added_text_secret_id[0]) logger.info(f'Secret Updated details: {get_secret_details}') replaced_content = get_secret_details['SecretText'] assert secrets_params['secret_text_updated'] in replaced_content, \ f'Failed to replace the secrets:{replaced_content}' secret_name = get_secret_details['SecretName'] # creating set manually success, set_id = SetsManager.create_manual_collection(pas_power_user_session, secrets_params['set_name'] + suffix, 'DataVault') assert success, f'Failed to create manual set: {set_id}' logger.info(f'creating manual set:{success} with setid as: {set_id}') # Adding set to secret added_to_set_success, added_to_set_result = SetsManager.update_members_collection(pas_power_user_session, 'add', [added_text_secret_id[0]], "DataVault", set_id) assert added_to_set_success, f'Failed to add secret to set: {added_to_set_result}' logger.info(f'Adding secret to set: {added_to_set_success}') # Redrock query to fetch "Add to set" related details get_set_info = RedrockController.verify_set_secret(pas_power_user_session, set_id, added_text_secret_id[0]) logger.info(f'{get_set_info}') assert get_set_info[0]["Row"]["SecretName"] == secret_name, f' Failed to get "ADD to Set" inside "Actions"' logger.info(f'Verifiying secret name {get_set_info[0]["Row"]["SecretName"]} in ' f'set with ID {get_set_info[0]["Row"]["CollectionID"]} ')
def test_mfa_on_closest_parent_should_override_mfa_on_higher_levels( core_session, pas_general_secrets, cleanup_secrets_and_folders, clean_up_policy, core_session_unauthorized): """ C2982: MFA on closest parent should override MFA on higher levels 1) Create a multilevel folder "Folder/Subfolder/secretName" 2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder) 3) Verify secretName inherits challenge of subfolder :param core_session: Authenticated Centrify Session :param pas_general_secrets: Fixture to read secret data from yaml file :param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created :param clean_up_policy: Fixture to cleanup the policy created :param core_session_unauthorized: Fixture to start authentication MFA """ folder_list = cleanup_secrets_and_folders[1] secrets_list = cleanup_secrets_and_folders[0] folder_params = pas_general_secrets suffix = guid() folder_name = folder_params['folder_name_with_frwdslashes'] + suffix # creating multilevel folder "Folder/Subfolder/secretName" added_secret_success, details, secret_id = create_text_secret( core_session, folder_name, folder_params['secret_text']) assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} " logger.info(f'Added Multilevel folder info: {details, secret_id}') secrets_list.append(secret_id) # Getting details of the secret found_secret = get_secret(core_session, secret_id) assert found_secret['success'], \ f'Failed to get the details of the secret, API response result:{found_secret["Message"]}' logger.info(f'Getting details of the secret: {found_secret}') nested_folder_id = found_secret['Result']['FolderId'] nested_folder_path = found_secret['Result']['ParentPath'] parent_folder_list = nested_folder_path.split('\\') parent_folder_name = parent_folder_list[0] # Getting details of Parent Folder parent_folder = get_folder(core_session, nested_folder_id) parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"] nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][ "SecretName"] logger.info(f'Parent Folder details: {parent_folder}') if folder_list != []: folder_list[0] = nested_folder_id folder_list[1] = parent_folder_id else: folder_list.append(nested_folder_id) folder_list.append(parent_folder_id) challenges = ["UP", ""] challenges_v2 = ["UP,EMAIL", ""] # Creating new policy with Password policy_result = PolicyManager.create_new_auth_profile( core_session, folder_params['policy_name'] + suffix, challenges, 0, 0) assert policy_result, f'Failed to create policy, API response result:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Creating new policy with Password & Email policy_result_email = PolicyManager.create_new_auth_profile( core_session, folder_params['policy_name'] + "V2" + suffix, challenges_v2, 0, 0) assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}' logger.info(f' Creating another policy:{policy_result_email}') clean_up_policy.append(policy_result_email) # Applying MFA on Nested Folder result = update_folder(core_session, nested_folder_id, nested_folder_name, nested_folder_name, description=folder_params['mfa_folder_description'], policy_id=policy_result) assert result[ 'success'], f'Not Able to apply MFA on Nested folder, API response result: {result["Message"]} ' logger.info(f'MFA Applied on Nested Folder: {result}') # Applying MFA on Parent Folder result = update_folder(core_session, parent_folder_id, parent_folder_name, parent_folder_name, description=folder_params['mfa_folder_description'], policy_id=policy_result_email) assert result[ 'success'], f'Not Able to apply MFA on parent folder, API response result: {result["Message"]} ' logger.info(f'MFA Applied on Parent Folder: {result}') user = core_session.get_user() user_name = user.get_login_name() password = user.get_password() # MFA Authentication starts on the secret to be replaced mfa_authentication = core_session_unauthorized.start_authentication( user_name) result = mfa_authentication.json()['Result'] success = mfa_authentication.json()['success'] assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}' challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name'] assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}' logger.info( f'MFA Authentication applies for closest parent,Password Only:{mfa_authentication.json()}' ) # Advance MFA Authentication starts on the secret to be replaced up_result = core_session_unauthorized.advance_authentication( password, challenge_index=0, mechanism_name='UP') mfa_result = up_result.json() assert mfa_result[ 'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}' logger.info( f'MFA applies for closest parent,popups before secret gets replaced: {mfa_result}' ) # Replacing the text of the secret result = update_secret(core_session, secret_id, folder_params['mfa_secret_name_update'] + suffix, secret_text=folder_params['secret_text_replaced']) assert result[ 'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} ' logger.info(f'Secret gets replaced: {result}') # Removing MFA from Nested folder result = update_folder(core_session, nested_folder_id, nested_folder_name, nested_folder_name, description=folder_params['mfa_folder_description']) assert result[ 'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} ' logger.info(f'Removing mfa from folder: {result}') # Removing MFA from Parent folder result = update_folder(core_session, parent_folder_id, parent_folder_name, parent_folder_name, description=folder_params['mfa_folder_description']) assert result[ 'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} ' logger.info(f'Removing mfa from folder: {result}') # Getting details of the Secret Replaced get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, secret_id) assert get_secret_text == folder_params['secret_text_replaced'], \ f'Failed to replace the secret, API response result: {get_secret_success}' logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_union_of_all_its_permissions(core_session, pas_general_secrets, cleanup_secrets_and_folders, users_and_roles): """ C3056: test method Union of all its permissions 1)create multilevel folder /alpha/beta/charlie/delta 2) Login as Admin, set folder permissions "View" for alpha,"Edit" for beta, "Delete" for charlie,"Add" for delta 3) Login as pas user 4) verify sub folder permissions will have a union of all parent folders :param core_session: Authenticated Centrify session :param pas_general_secrets: Fixture to read secrets related data from yaml file :param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created :param users_and_roles: Fixture to create random user with PAS User Rights """ params = pas_general_secrets folder_prefix = guid() folders_list = cleanup_secrets_and_folders[1] secrets_list = cleanup_secrets_and_folders[0] # creating multilevel folder /alpha/beta/charlie/delta child_folder_success, child_folder_parameters, child_folder_id = create_folder( core_session, folder_prefix + params['multi_level_folder_name'], params['description']) assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}' logger.info(f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}') # Getting details of Folder Charlie charlie_folder = get_folder(core_session, child_folder_id) assert charlie_folder['success'], \ f'Failed to retrieve charlie folder details, API response result:{charlie_folder["Message"]}' logger.info(f'charlie folder details:{charlie_folder}') charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent'] # Getting details of parent folder parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath'] parent_folder_name = parent_path.split('\\') parent_folder_sliced = parent_folder_name[0] # Getting id of parent folder parent_folder = get_folder(core_session, parent_folder_sliced) assert parent_folder['success'], \ f'Failed to retrieve parent folder details, API response result:{parent_folder["Message"]}' logger.info(f'Parent folder details:{parent_folder}') parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID'] # Getting details of Folder alpha alpha_folder = get_secrets_and_folders_in_folders(core_session, parent_folder_id) assert alpha_folder['success'], f'Failed to retrieve alpha folder id, API response result: {alpha_folder["Result"]}' logger.info(f'Details of Alpha Folder Retrieved:{alpha_folder}') alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0]["Key"] # Getting details of Folder beta folder_beta = get_secrets_and_folders_in_folders(core_session, alpha_folder_id) assert folder_beta['success'], f'Failed to retrieve beta folder id, API response result: {folder_beta["Result"]}' logger.info(f'Details of Beta Folder Retrieved:{folder_beta}') folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"] # API to get new session for User A pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS User' user_name = pas_power_user_session.auth_details['User'] user_id = pas_power_user_session.auth_details['UserId'] logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}') # Adding secrets inside child folder added_secret_success, added_secret_id = create_text_secret_within_folder(core_session, params['mfa_secret_name'] + folder_prefix, params['secret_text'], params['secret_description'], child_folder_id) assert added_secret_success, f"Added Secret Failed, API response result {added_secret_id}" logger.info(f'Added secrets info: {added_secret_id}') # Api to give user permissions to folder alpha user_permissions_alpha = give_user_permissions_to_folder(core_session, user_name, user_id, alpha_folder_id, 'View') assert user_permissions_alpha['success'], \ f'Not Able to set user permissions to folder, API response result: {user_permissions_alpha["Result"]}' logger.info(f'User Permissions to folder: {user_permissions_alpha}') # Api to give user permissions to folder beta user_permissions_beta = give_user_permissions_to_folder(core_session, user_name, user_id, folder_beta_id, 'Edit') assert user_permissions_beta['success'], \ f'Not Able to set user permissions to folder, API response result: {user_permissions_beta["Result"]}' logger.info(f'User Permissions to folder: {user_permissions_beta}') # Api to give member permissions(View, Edit) to folder beta member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session, user_name, 'View, Edit', user_id, folder_beta_id) assert member_perm_success,\ f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}' logger.info(f'Member permissions to folder:{member_perm_result}') # Api to give member permissions(Delete, Retrieve) to folder member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session, user_name, 'Delete,Retrieve', user_id, charlie_id) assert member_perm_success,\ f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}' logger.info(f'Member permissions to folder:{member_perm_result}') # Updating the secret name & description result = update_secret(pas_power_user_session, added_secret_id, folder_prefix + params['mfa_secret_name_update'], description=params['mfa_secret_description']) assert result['success'], f'Not Able to update the secret, API response result: {result["Message"]} ' logger.info(f'Secret Updated Details: {result}') # Getting details of the Secret updated get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( pas_power_user_session, added_secret_id) description_updated = get_secret_details['Description'] name_updated = get_secret_details['SecretName'] assert 'MFAOnSecretUpdate' in name_updated,\ f'Failed to update the name, API response result:{get_secret_success}' assert 'mfa_description' in description_updated,\ f'Failed to update the description, API response result:{get_secret_success}' logger.info(f'Details of the secret updated: {get_secret_details}') # Deleting newly created secrets del_success, del_result = del_secret(pas_power_user_session, added_secret_id) assert del_success, f'Failed to delete the secret with pas user, API response result: {del_result}' logger.info(f'Secret deleted successfully with pas user:{del_result}') folders_list.append(child_folder_id) folders_list.append(charlie_id) folders_list.append(folder_beta_id) folders_list.append(alpha_folder_id) folders_list.append(parent_folder_id) logger.info(f'Added Folders are deleted successfully: {folders_list}') logger.info(f'Added Secrets deleted successfully: {secrets_list}')
def test_replace_mfa_policy_on_parent_folder_verify_challenged( core_session, pas_general_secrets, create_secret_inside_folder, core_session_unauthorized, clean_up_policy, users_and_roles): """ C2980: test method to MFA policy on Parent folder, verify challenged :param core_session: Authenticated Centrify Session :param pas_general_secrets: Fixture to read secret data from yaml file :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder" :param core_session_unauthorized: Fixture to start authentication MFA :param clean_up_policy: Fixture to clean up the policy created :param users_and_roles: Fixture to create random user with pas user rights """ secrets_params = pas_general_secrets suffix = guid() folder_list, folder_name, secret_list = create_secret_inside_folder challenges = ["UP", ""] policy_result = PolicyManager.create_new_auth_profile(core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0) assert policy_result, f'Failed to create policy, API response result:{policy_result}' logger.info(f' Creating new policy:{policy_result}') clean_up_policy.append(policy_result) # Applying MFA on Folder result = update_folder(core_session, folder_list[0], folder_name, secrets_params['mfa_folder_name_update'] + suffix, description=secrets_params['mfa_folder_description'], policy_id=policy_result) assert result['success'], f'Not Able to apply MFA, API response result:: {result["Message"]} ' logger.info(f'Applying MFA for folder: {result}') # API to get new session for User A pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User') assert pas_power_user_session.auth_details, 'Failed to Login with PAS User' user_name = pas_power_user_session.auth_details['User'] user_id = pas_power_user_session.auth_details['UserId'] logger.info(f'{pas_power_user_session.auth_details}') logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}') # Getting password for MFA password = users_and_roles.get_default_user_password() # Api to give user permissions to folder user_permissions_alpha = give_user_permissions_to_folder(core_session, user_name, user_id, folder_list[0], 'View') assert user_permissions_alpha['success'], \ f'Not Able to set user permissions to folder{user_permissions_alpha["Result"]}' logger.info(f'User Permissions to folder: {user_permissions_alpha}') # Api to give member permissions to folder member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session, user_name, 'View, Edit', user_id, folder_list[0]) assert member_perm_success, f'Not Able to set member permissions to Folder: {member_perm_result}' logger.info(f'Member permissions to folder:{member_perm_result}') # MFA Authentication starts on the secret to be replaced mfa_authentication = pas_power_user_session.start_authentication(user_name) result = mfa_authentication.json()['Result'] success = mfa_authentication.json()['success'] assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}' challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name'] assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}' logger.info(f'MFA Authentication with "Password" starts on the secret to be replaced:{mfa_authentication.json()}') # Advance MFA Authentication starts on the secret to be replaced up_result = pas_power_user_session.advance_authentication(password, challenge_index=0, mechanism_name='UP') mfa_result = up_result.json() assert mfa_result['success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}' logger.info(f'MFA popups before secret gets replaced:{mfa_result}') # Replacing the text of the secret result = update_secret(pas_power_user_session, secret_list[0], secrets_params['mfa_secret_name_update'] + suffix, secret_text=secrets_params['secret_text_replaced'], policy_id=policy_result) assert result['success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} ' logger.info(f'Secret gets replaced: {result}') # Removing MFA from secret result = update_secret(pas_power_user_session, secret_list[0], secrets_params['mfa_secret_name_update'] + suffix, secret_text=secrets_params['secret_text_replaced'] ) assert result['success'], f'Not Able to remove MFA, API response result:{result["Message"]} ' logger.info(f'Removing MFA from secret: {result}') # Removing MFA from folder result = update_folder(core_session, folder_list[0], folder_name, secrets_params['mfa_folder_name_update'] + suffix ) assert result['success'], f'Not Able to remove MFA, API response result:: {result["Message"]} ' logger.info(f'Removing MFA from folder: {result}') # Getting details of the Secret Replaced get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents( core_session, secret_list[0]) assert get_secret_text == secrets_params['secret_text_replaced'], \ f'Failed to replace the secret, API response result: {get_secret_success}' logger.info(f'Details of the secret Replaced: {get_secret_details}')