def test_assign_view_permission_to_shared_report(core_session, create_report, users_and_roles): """ TCID: C6351 Assign 'View' permission to shared report :param core_session: Centrify Authentication session :param create_report: To create the report :param users_and_roles: To open an UI and assign specific right to user """ my_report = create_report(core_session, "Select Name From Server", dir="/Reports") report_name = my_report['Name'] grant_str = "0000000000000000000000000000000000000000000000000000000010000100" ui = users_and_roles.get_ui_as_user("Application Management") user_details = ui.get_user() user_name = user_details.get_login_name() user_id = user_details.get_id() role = UserManager.get_user_role_rights(core_session, user_id) assign_result = ReportsManager.assign_directory_rights_to_role( core_session, "/Reports", [{ "Role": role['Result']['Results'][0]['Entities'][0]['Key'], "Rights": ["Read"] }, { "Role": "Everybody", "Rights": ["Read"] }]) assert assign_result, f'Failed to give the read the permission to Shared Folder' result, success, message = ReportsManager.update_report_permission( core_session, user_name, user_id, grant_str, report_name, ['Read']) assert success, f'Failed to assign View permission to Application Management user:{message}' logger.info( f'Successfully assign the View permission to Application Management user:{result}' ) ui.navigate("Reports", check_rendered_tab=False) ui.expect_disappear(LoadingMask(), "Reports page did not loaded properly") ui.expect(RestCallComplete(), "Expected rest call to complete.") ui.expect(TreeFolder("Shared Reports"), "Failed to find shared Reports Tab under Reports", time_to_wait=60) shared_reports_button = ui._searchAndExpect( TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=60) shared_reports_button.try_click() ui.expect( GridCell(report_name), f'Can not see the shared report which assigned View permission to federation user' ) ui.check_actions(["Copy", "Details", "Export Report", "Email Report"], report_name) ui.action("Details", report_name) session = users_and_roles.get_session_for_user('Application Management') query = "Select * from role" result, success, message = ReportsManager.modify_report( session, "/Reports", report_name, query) assert success is False, f'Report modified:{result}' logger.info(f'Report can not modified, API response: {message}')
def test_assign_edit_permission_to_shared_report(core_session, create_report, users_and_roles): """ TCID: C6352 Assign 'Edit' permission to shared report :param core_session: Centrify Authentication session :param create_report: To create the report :param users_and_roles: To open an UI and assign specific right to user """ my_report = create_report(core_session, "Select Name From Server", dir="/Reports") report_name = my_report['Name'] grant_str = "0000000000000000000000000000000000000000000000000000000011101100" ui = users_and_roles.get_ui_as_user("MFA Unlock") user = ui.get_user() user_name = user.get_login_name() user_id = user.get_id() role = UserManager.get_user_role_rights(core_session, user_id) assign_result = ReportsManager.assign_directory_rights_to_role(core_session, "/Reports", [{"Role": role['Result']['Results'][0]['Entities'][0][ 'Key'], "Rights": ["Read"]}, {"Role": "Everybody", "Rights": ["Read"] }]) assert assign_result, f'Failed to give the read the permission to Shared Folder' result, success, message = ReportsManager.update_report_permission(core_session, user_name, user_id, grant_str, report_name, ['ReadWrite']) assert success, f'Failed to assign Edit permission to MFA user:{message}' logger.info(f'Successfully assign the Edit permission to MFA user:{result}') ui.navigate("Reports", check_rendered_tab=False) ui.expect_disappear(LoadingMask(), "Report page did not load properly", 60) ui.expect(RestCallComplete(), "Expected rest call to complete.") ui.expect(TreeFolder("Shared Reports"), "Failed to find shared Reports Tab under Reports", time_to_wait=60) shared_reports_button = ui._searchAndExpect(TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=60) shared_reports_button.try_click() ui.expect(GridCell(report_name), f'Can not see the shared report which assigned Edit permission to MFA user') ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name) ui.action("Modify", report_name) session = users_and_roles.get_session_for_user('MFA Unlock') query = "Select * From role" result, success, message = ReportsManager.modify_report(session, "/Reports", report_name, query) assert success, f'Script editor could not modified successfully:{message}' logger.info(f'Script editor could not modified successfully:{result}') ui.tab("Permissions") ui.expect(DisabledButton("Add"), "Add is not grey can edit the permission") logger.info(f"'Add' button is grey, and cannot modify the existing permission")
def test_cannot_edit_reports_permissions_under_my_reports(core_session, create_report, core_admin_ui, cleanup_reports): """ TCID: C6337 Cannot edit report's permissions under My reports :param core_session: Centrify Authentication session :param create_report: To create a report :param core_admin_ui: To open the browser :param cleanup_reports: To clean the shared report """ my_report = create_report(core_session, "Select Name From Server") report_name = my_report['Name'] logger.info(f'Successfully created reports:{my_report}') ui = core_admin_ui ui.navigate("Reports") ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name) ui.navigate("Reports") ui.action("Modify", report_name) ui.tab("Permissions") expected_msg = "The current report must be moved out of the home " \ "directory before permissions can be set for other users and roles." ui.expect(Div(expected_msg), f'Failed to get the expected message:{expected_msg}') logger.info(f'Expectation message is:{expected_msg}') ui.expect(DisabledButton("Add"), f'Add button is enable and can edit the permission') ui.navigate("Reports") ui.action("Copy", report_name) copy_modal = f'Copy : Copy {report_name}' ui.switch_context(Modal(copy_modal)) ui.expect(Button("Save File"), f"Expected to see a Save File button but could not") # Down method is used select the Shared Reports folder ui.down() ui.close_modal("Save File") ui.navigate("Reports") ui.expect_disappear(LoadingMask(), f'Report page did not load properly') ui.expect(TreeFolder("Shared Reports"), f'Expected to see the Shared Reports but could not') shared_reports_button = ui._searchAndExpect(TreeFolder("Shared Reports"), f'Expected find shared Folder but could not') shared_reports_button.try_click() logger.info(f'Successfully copy report to shared reports folder "Copy {report_name}"') ui.action("Modify", "Copy " + report_name) ui.tab("Permissions") ui.expect(Button("Add"), f'Add button is disable, Report permissions can not be edited under "Shared Reports" folder') reports = Reports(core_session, f"Copy {report_name}.report") found_report = reports.get_report_by_name(core_session, f"Copy {report_name}.report", dir="/Reports/") cleanup_reports.append(found_report['Path'])
def test_check_ui_system_login_dialog(core_session, core_admin_ui, pas_setup): """ TC : C2072 Check UI on system login dialog param:core_admin_ui: Returns browser Session param: core_session: Returns Api session. param: pas_setup: Return fixture """ # Launch UI. ui = core_admin_ui created_system_id, created_account_id, system_details = pas_setup system_name = system_details[0] ui.navigate('Resources', 'Systems') ui.search(system_name) ui.right_click_action(GridCell(system_name), 'Select/Request Account') ui.expect_disappear(LoadingMask(), 'Expected to find account but it did not', 30) ui.switch_context(Modal(system_name + ' Login')) logger.info("Successfully show loading before all account display")
def test_assign_grant_permission_to_shared_reports(core_session, create_report, users_and_roles): """ TCID: C6353 Assign 'Grant' permission to shared report :param core_session: Centrify Authentication Session """ my_report = create_report(core_session, "Select Name From Server", dir="/Reports") report_name = my_report['Name'] session_user = core_session.get_user() session_user_name = session_user.get_login_name() session_user_id = session_user.get_id() grant_str = "0000000000000000000000000000000000000000000000000000000011101101" ui = users_and_roles.get_ui_as_user("Federation Management") user_details = ui.get_user() user_name = user_details.get_login_name() user_id = user_details.get_id() role = UserManager.get_user_role_rights(core_session, user_id) assign_result = ReportsManager.assign_directory_rights_to_role(core_session, "/Reports", [{"Role": role['Result']['Results'][0]['Entities'][0][ 'Key'], "Rights": ["Read"]}, {"Role": "Everybody", "Rights": ["Read"] }]) assert assign_result, f'Failed to give the read the permission to Shared Folder' result, success, message = ReportsManager.update_report_permission(core_session, user_name, user_id, grant_str, report_name, ['Owner']) assert success, f'Failed to assign grant permission to Federation user:{message}' logger.info(f'Successfully assign the grant permission to federation user:{result}') ui.navigate("Reports", check_rendered_tab=False) ui.expect_disappear(LoadingMask(), 'Report page did not load properly') ui.expect(TreeFolder("My Reports"), "Failed to find Shared Reports Tab under Reports", time_to_wait=30) ui.expect(TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=30).try_click() ui.expect(GridCell(report_name), f'Can not see the shared report which assigned grant permission to federation user') ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name) ui.action("Modify", report_name) ui.expect(Div("Report Builder"), f'Failed to enter report detail page') session = users_and_roles.get_session_for_user('Federation Management') result, success, message = ReportsManager.update_report_permission(session, session_user_name, session_user_id, grant_str, report_name, ['Owner']) assert success, f'Failed to save permission, API response: {message}' logger.info(f'Permission saved successfully:{result}')
def test_cannot_create_folder_with_invalid_name(core_admin_ui): """ TCID: #C6364 Cannot create folder with invalid folder name :param core_admin_ui: To open the browser """ ui = core_admin_ui ui.navigate("Reports") ui.expect_disappear(LoadingMask(), 'Reports page did not load properly') ui.expect(TreeFolder("My Reports"), "Unable to find My Reports Tab under Reports") ui.right_click_action(TreeFolder("My Reports"), "New folder") # 1st Case folder_name = "<new_folder>" ui.switch_context(Modal("Create new folder")) ui.input('file-name', folder_name) ui.expect(Anchor(button_text="Save"), "Folder Name is created").try_click() alert_text = "The report name can include alpha numeric and special characters " ui.expect(InvalidInputAlert(alert_text), "Invalid Input alert tooltip appears") logger.info(f'Invalid file name') # 2nd Case folder_name = ' ' ui.input('file-name', folder_name) ui.expect(Anchor(button_text="Save"), "Failed to find the save button").try_click() ui.expect(WarningModal(), "Folder is created with space") logger.info(f'Invalid file name') ui.switch_context(WarningModal()) ui.button("Close") ui.remove_context() # 3rd Case folder_name = " name" ui.input('file-name', folder_name) ui.expect(Anchor(button_text="Save"), "Failed to find the save button").try_click() ui.expect(WarningModal(), "Folder is created space with name") logger.info(f'Invalid file name') ui.switch_context(WarningModal()) ui.button("Close") ui.remove_context() ui.close_modal("Cancel")
def test_grant_view_portal_login_permission_to_privileged_access_service_user(core_session, system_with_ssh_account, core_admin_ui): """ TC: C2069 :param core_session: Authenticated Centrify session. :param system_with_ssh_account: Valid unix system with ssh account :param core_admin_ui: Authenticated browser session. """ system_id, account_id, ssh_id, system_list, account_list, ssh_list = system_with_ssh_account ui = core_admin_ui user_id = UserManager.get_user_id(core_session, ui.user.centrify_user['Username']) result, status = ResourceManager.assign_account_permissions(core_session, rights="View,Login,UserPortalLogin", principal=ui.user.centrify_user['Username'], principalid=user_id, pvid=account_id) assert status, f'failed to assign UserPortalLogin permission of account to user {ui.user.centrify_user["Username"]}' logger.info(f'UserPortalLogin permission of account assigned successfully to user ' f'{ui.user.centrify_user["Username"]}') ui = core_admin_ui # "SSH Key" on column "Credential Type" result, status = ResourceManager.get_workspace_my_system_account(core_session) for account in result: if account['Host'] == system_id: assert account['CredentialType'] == 'SshKey', f'SSH Key not displayed in CredentialType column in ' \ f'My System Account' logger.info('SSH key displayed in Credential type column.') # Login to the ssh account ui.navigate(('Workspace', 'My System Accounts')) ui.right_click_action(GridRowByGuid(account_id), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear(LoadingMask(), 'RDP session never exited loading state for system', time_to_wait=60) ui.switch_to_main_window() status, result = ResourceManager.get_my_active_sessions(core_session, account_id) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info(f'details for active account found in My Active sessions, returned row is {result}.')
def test_login_stored_account(core_session, setup_pas_system_for_unix, set_cleaner, core_admin_ui): """ Test Case ID: C2087 Test Case Description: Login as stored account after proxy account enabled :param core_session: Returns API session :param setup_pas_system_for_unix: Creates Unix System and Account :param set_cleaner: Delete Set :param core_admin_ui: Authenticates Centrify UI session """ system_id, account_id, sys_info = setup_pas_system_for_unix system_name = sys_info[0] FQDN = sys_info[1] computer_class = sys_info[2] account_name = sys_info[4] systems_data = Configs.get_environment_node('resources_data', 'automation_main') expected_system_class = systems_data['Unix_infrastructure_data'] result, success = ResourceManager.update_system( core_session, system_id, system_name, FQDN, computer_class, proxyuser=expected_system_class['proxy_user'], proxyuserpassword=expected_system_class['proxy_password'], proxyuserismanaged=False, allowremote=True) assert success, 'Failed to update system' logger.info(f'System successfully updated with result: {result}') ui = core_admin_ui name_of_set = f'Set{guid()}' ui.navigate('Resources', 'Systems') ui.launch_add('Add', 'Create Set') ui.input('Name', name_of_set) ui.tab('Members') ui.launch_modal('Add', 'Add System') ui.search(system_name) ui.check_row(system_name) ui.close_modal('Add') ui.save() id_of_set = SetsManager.get_collection_id(core_session, name_of_set, 'Server') assert id_of_set, 'Set creation Failed' logger.info(f"Set: '{name_of_set}' created successfully") set_cleaner.append(id_of_set) # Login into Stored Account ui._waitUntilSettled() ui.switch_context(ActiveMainContentArea()) ui.right_click_action(Div(system_name), 'Select/Request Account') ui.switch_context(Modal(system_name + ' Login')) ui.expect_disappear(LoadingMask(), 'Expected to find account but it did not', 30) ui.search(account_name) ui.expect(GridCell(account_name), 'Expected to find account name but it did not.').try_click() ui.close_modal('Select') ui.switch_to_pop_up_window() ui.expect_disappear(LoadingMask(), 'Expected to login in account but it did not', 30) logger.info(f'Successfully logged in Account:{account_name}.') ui.switch_to_main_window()
def test_cloud_admin_login_from_my_system_account(core_session, pas_config, core_admin_ui, cleanup_accounts, cleanup_resources, remote_users_qty1): """ Test case: C14831 :param core_session: centrify session :param core_admin_ui: Centrify UI session """ maximum_event_wait_time = 120 account_list = cleanup_accounts[0] system_list = cleanup_resources[0] systems = ServerManager.get_all_resources(core_session) accounts = ServerManager.get_all_accounts(core_session) for system in systems: system_list.append(system['ID']) for account in accounts: account_list.append(account['ID']) system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) ui = core_admin_ui admin_user_uuid = UserManager.get_user_id( core_session, ui.user.centrify_user["Username"]) # assigning cloud admin workspace login permission rights = "View,Login,UserPortalLogin" result, status = ResourceManager.assign_account_permissions( core_session, rights, ui.user.centrify_user["Username"], admin_user_uuid, pvid=acc_result) assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \ f'returned result is: {result}' # Updating allow remote to enable RDP session for targeted system result, success = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, "Windows", allowremote=True) assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}' ui.navigate(('Workspace', 'My System Accounts')) ui.expect( GridRow(sys_name), f'Expected to find system {sys_name} in My System Account but did not') ui.right_click_action(GridRow(sys_name), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear( LoadingMask(), 'Error occurred while launching workspace login session', time_to_wait=250) ui.switch_to_main_window() # wait for manged password change event filter = [['AccountName', add_user_in_target_system[0]]] RedrockController.wait_for_event_by_type_filter( core_session, "Cloud.Server.LocalAccount.RDPSession.Start", filter=filter, maximum_wait_second=maximum_event_wait_time) # wait for 20 seonds # Api call to get details of account active session status, result = ResourceManager.get_my_active_sessions( core_session, acc_result) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info( f'details for active account {add_user_in_target_system[0]} are {result}' ) ui.navigate('Resources', 'Systems') ui.search(sys_name) ui.expect(GridRowByGuid(add_sys_result), expectation_message= f'failed to search for the system by id {add_sys_result}') ui.click_row(GridRowByGuid(add_sys_result)) # fetching Active session value from system view page ui.inner_text_of_element(ActiveSessionTextCount(), expectation_message='1', warning_message="RDP Not taken from user") logger.info(f'Active session value incremented to 1: Active Sessions:1')
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1, cleanup_resources, cleanup_accounts, core_admin_ui): """C2541 Settings on Policy page trying to get rdp through system account with in 15 minute Steps: Pre: Create system with 1 account hand 1. Try to take rdp for system -Assert Failure 2. Try to checkout password for account -Assert Failure """ core_ui = core_admin_ui user_name = core_ui.get_user().get_login_name() system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) success, response = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, 'Windows', allowremote=True, defaultcheckouttime=15) assert success, f"failed to change the management mode:API response result:{response}" logger.info(f"Successfully updated the system:{add_sys_result}") # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) core_ui.navigate('Resources', 'Accounts') core_ui.search(add_user_in_target_system[0]) core_ui.right_click_action(GridRowByGuid(acc_result), 'Login') core_ui.switch_to_pop_up_window() core_ui.expect_disappear( LoadingMask(), f'RDP session never exited loading state for system {sys_name}', time_to_wait=50) core_ui.switch_to_main_window() row = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \ f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp" password_checkout_result, password_checkout_success = \ ResourceManager.check_out_password(core_session, 1, accountid=acc_result) new_cid = password_checkout_result['COID'] assert password_checkout_result['Password'] is not user_password, \ f"expected password equal to actual password: {password_checkout_result}" logger.info(f"password successfully checkout Account password: {new_cid}")
def test_check_total_session(core_session, pas_setup, get_admin_user_function, users_and_roles): """ Test case: C2117 :param core_session: Authenticated Centrify session manager :param pas_setup: fixture to create system with accounts :param users_and_roles: fixture to create user with roles """ system_id, account_id, sys_info = pas_setup cloud_user_session, user = get_admin_user_function cloud_user, user_id, user_password = user.get_login_name(), user.get_id( ), user.get_password() user = {"Username": cloud_user, "Password": user_password} result, status = ResourceManager.assign_system_permissions( core_session, "View", principal=cloud_user, principalid=user_id, pvid=system_id) assert status, f'failed to assign view permission to user {cloud_user} for system {sys_info[0]}' logger.info( f'View permission assigned to user {cloud_user} for system {sys_info[0]}' ) result, status = ResourceManager.assign_account_permissions( core_session, "View,Login", principal=cloud_user, principalid=user_id, pvid=account_id) assert status, f'failed to assign view permission to user {cloud_user} for account {sys_info[4]}' logger.info( f'View permission assigned to user {cloud_user} for account {sys_info[4]}' ) # update system to allow system for RDP connections result, success = ResourceManager.update_system(core_session, system_id, sys_info[0], sys_info[1], sys_info[2], allowremote=True) assert success, f"failed to update system {sys_info[0]}, result is {result}" logger.info('system updated for remote connection') ui = users_and_roles.get_ui_as_user(user_properties=user, user_already_exists=True) ui.navigate('Resources', 'Systems') ui.search(sys_info[0]) ui.right_click_action(GridRowByGuid(system_id), 'Select/Request Account') ui.switch_context(Modal(text=f'{sys_info[0]} Login')) account_row = ui.expect( GridCell(sys_info[4]), f'Expected to find account row {sys_info[4]} but did not.') account_row.try_click() ui.close_modal('Select') ui.switch_to_pop_up_window() ui.expect_disappear(LoadingMask(), f'RDP session never exited loading state', time_to_wait=60) ui.switch_to_main_window() ui.user_menu('Reload Rights') # Api call to get details of account active session result, success = ResourceManager.get_active_sessions(core_session) active_session_list = [] for i in range(len(result)): if result[i]["HostName"] == sys_info[0]: active_session_list.append(result[i]["SessionID"]) assert active_session_list, f'Failed to find the login record with "System Name: {active_session_list}"' logger.info(f'Active session details:{active_session_list}')