def test_update_account_settings_page1(core_session, add_database_with_account, core_admin_ui):
    """
    Test case: C1093 - Update Account Settings page 1
    :param core_session: Authenticated centrify session
    :param add_database_with_account: fixture to create database with account
    :param core_admin_ui: Authenticated centrify ui session
    """
    db_name, db_id, db_account_id, db_data, database_cleaner_list, sql_account_cleaner_list = \
        add_database_with_account(db_class='sql', add_account=True)
    test_description = f'test description of account {db_data["db_account"]} for database {db_name}'

    ui = core_admin_ui
    ui.navigate('Resources', 'Databases')
    ui.search(db_name)
    ui.click_row(GridRowByGuid(db_id))
    ui.tab('Accounts')
    ui.click_row(GridRowByGuid(db_account_id))
    ui.tab('Settings')
    ui.input(name='Description', value=test_description)
    ui.save()
    logger.info('Settings form saved successfully')
    ui.tab('Permissions')
    ui.tab('Settings')
    ui.expect(TextArea(name='Description', contains=test_description), f'failed to update description on settings page '
                                                                       f'for account {db_data["db_account"]} '
                                                                       f'of database {db_name}')
    logger.info(f'Account {db_data["db_account"]} description updated successfully.')
def test_update_system_settings(core_session, pas_windows_setup, core_admin_ui):
    """
    TC:C2166 Update system Settings.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param core_admin_ui: Return a browser session.

    """
    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup()

    # Launch UI.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Settings')

    # Updating the system with new system name and validating that "Accounts" page shows normally.
    new_system_name = f'test_system{guid()}'
    ui.input('Name', new_system_name)
    ui.save()
    ui.tab('Policy')
    ui.tab('Accounts')
    ui.expect(Div('Accounts'), 'Expect to find the title "Accounts" in the Account Page but could not.')
    logger.info('Successfully find the title "Accounts" in the Account Page.')
    assert ui.button_exists("Add", time_to_wait=3), "Add button is not Enabled."
    logger.info('Successfully find "Add button" is enabled and visible.')
    ui.expect(GridRowByGuid(account_id), f"Expect to find account {sys_info[4]} in the Accounts page but "
                                         f"could not.")
    logger.info(f'Successfully find account {sys_info[4]} in the Accounts page.')
def test_check_action_menu(core_session, pas_windows_setup, users_and_roles):
    """
    TC:C2172 Check Actions menu.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param users_and_roles: Returns Authenticated Centrify UI session  with limited rights.
    """

    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # Getting the limited user session with limited rights " Privilege Service Power User right."
    ui = users_and_roles.get_ui_as_user("Privileged Access Service Power User")
    limited_user = ui.get_user()

    # Assigning "Login" permission for system to limited user.
    assign_system_perm_res, assign_system_perm_success = \
        ResourceManager.assign_account_permissions(core_session, "Login",
                                                   limited_user.get_login_name(),
                                                   limited_user.get_id(),
                                                   'User',
                                                   account_id)

    assert assign_system_perm_success, f"Failed to assign 'Edit' permissions to " \
                                       f"user for the  system: API response result: {assign_system_perm_res}."
    logger.info(
        f"Successfully assign 'Edit' permissions to user for the system:{assign_system_perm_res}."
    )

    # UI Launch.
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.check_row_by_guid(account_id)
    ui.switch_context(RenderedTab("Accounts"))
    expected_actions = ['Login', 'Add To Set', 'Verify Credential']
    ui.check_actions(expected_actions, sys_info[4])
    logger.info('Successfully found "Actions" menu in Accounts page.')
    ui.expect(GridRowCheckbox(sys_info[4], True),
              "Not checking the row").try_click()
    logger.info('Successfully uncheck the account row.')
    ui.right_click(GridRowByGuid(account_id))
    Flag = False
    counter = 0
    while Flag:
        list_action_elements = ui.get_list_of_right_click_element_values(
            'Login')
        if 'Verify Credential' in list_action_elements:
            Flag = True
            break
        counter += 1
        if counter == 10:
            break
        assert expected_actions == list_action_elements, f"Expected actions elements are not found in the list"
    logger.info(
        'Successfully found the elements same as in "Actions" menu in Accounts page.'
    )
예제 #4
0
def test_cancel_to_add_manage_proxy_account(core_session, pas_windows_setup,
                                            core_admin_ui):
    """
    TC:C2169 Cancel to add a managed proxy account.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param core_admin_ui: Return a browser session.
    """
    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # Launch UI.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Settings')
    ui.check('undefined')
    proxy_user = f'test_proxy{guid()}'
    proxy_password = f'Pass@{guid()}'
    ui.input('ProxyUser', proxy_user)
    ui.input('ProxyUserPassword', proxy_password)
    ui.check('ProxyUserIsManaged')
    ui.button('Save')
    ui.expect(ConfirmModal(), 'Expect a error modal but could not found it.')
    logger.info('Successfully found error modal after save.')
    ui.expect(
        Span('x'),
        'Expect to found the "x"  on error modal but could not found it.'
    ).try_click()
    logger.info('Successfully Cancel to add a managed proxy account.')
def test_account_case_insensitive(core_session, pas_windows_setup,
                                  core_admin_ui):
    """
    TC:C2191 Account should be case insensitive for Windows.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param core_admin_ui: Return a browser session.
    """
    # Adding a system with account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # Launch UI.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.switch_context(RenderedTab("Accounts"))
    ui.launch_modal("Add", modal_title="Add Account")
    ui.input('User', sys_info[4].upper())
    password = f'Password@123{guid()}'
    ui.input('Password', password)
    ui.button("Add")
    assert ui.check_exists(ErrorModal()), 'Failed to found Error Modal'
    logger.info('Successfully Found Error Modal')
예제 #6
0
def test_system_password_rotation_switch_page(core_session, pas_setup, core_admin_ui):
    """
    Test Case ID: C1672
    :param core_session: Returns API session
    :param pas_setup: Creates System and Account
    :param core_admin_ui: Authenticates Centrify UI session
    """
    # Creating windows system.
    system_id, account_id, sys_info = pas_setup
    system_name = sys_info[0]

    # Navigating to System and enabling the "password rotation duration" option with valid values.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(system_name)
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Advanced')
    ui.switch_context(RenderedTab("Advanced"))
    ui.select_option("AllowPasswordRotation", "Yes")
    expected_password_rotation_duration = 5
    ui.input("PasswordRotateDuration", expected_password_rotation_duration)
    ui.save()
    ui.navigate('Resources', 'Domains')

    # Leaving the page and coming back to the System's page as per the test case.
    ui.navigate('Resources', 'Systems')
    system_list = RedrockController.get_computers(core_session)
    discovered_system = []
    for system in system_list:
        if system['Name'] == sys_info[0]:
            discovered_system.append(system['ID'])
            discovered_system.append(system['PasswordRotateDuration'])
    assert expected_password_rotation_duration == discovered_system[1], f"password rotation duration count {expected_password_rotation_duration} not matched with actual count {discovered_system[1]}"
    logger.info(
        f"Password rotation duration of the system {system_name} with id {system_id} saved with count {discovered_system[1]}")
def test_system_default_management_port(core_session, network_device_setup,
                                        core_admin_ui):
    """
    TC: C2607 - System default management port
    :param core_session: Authenticated Centrify session.
    :param network_device_setup: Adds a network with account and returns UUID of both.
    :param core_admin_ui: Authenticated Centrify browser session.
    """

    system_id, account_id, device_data, system_list, account_list = network_device_setup(
        'paloalto')
    system_info = RedrockController.get_computer_with_ID(
        core_session, system_id)
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(system_info['Name'])
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Settings')
    ui.input("ManagementPort", "1")
    ui.save()
    ui.expect(TextField('ManagementPort'),
              "Unable to locate management port input").clear()
    ui.save()
    management_port = RedrockController.get_computer_with_ID(
        core_session, system_id)['ManagementPort']
    assert management_port is None, "Management port value isn't 443 i.e. default."
    logger.info(
        f'Management port value retrieved via API is {management_port} i.e. placeholder 443 in UI.'
    )
예제 #8
0
def test_select_two_records_in_my_system_account_field(
        core_session, create_resources_with_accounts, core_admin_ui,
        cleanup_accounts):
    """
    Test case id : C14833
    :param core_session: Centrify session
    :param create_resources_with_accounts: fixture to create system with accounts
    :param core_admin_ui: Ui session
    :param cleanup_accounts: cleanup fixture for accounts after test completion
    """
    sys = create_resources_with_accounts(core_session, 1, 'Windows', 2)[0]
    acc = sys['Accounts']
    sys1 = acc[0]["User"]
    sys2 = acc[1]["User"]

    ui = core_admin_ui
    admin_user_uuid = UserManager.get_user_id(
        core_session, ui.user.centrify_user["Username"])

    rights = "View,Login,UserPortalLogin"
    for account in range(len(acc)):
        result, status = ResourceManager.assign_account_permissions(
            core_session,
            rights,
            ui.user.centrify_user["Username"],
            admin_user_uuid,
            pvid=acc[account]['ID'])
        assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}. returned result is: {result}'
        logger.info(
            f'rights {rights} are provided to {ui.user.centrify_user["Username"]} for account {acc[account]["Name"]}'
        )

    ui.user_menu('Reload Rights')
    ui.navigate(('Workspace', 'My System Accounts'))

    # Expecting to find both added systems in My System Account List in workspace
    ui.expect(
        GridRowByGuid(acc[0]["ID"]),
        f'Expected to find system {sys1} in My System Account but did not')
    ui.expect(
        GridRowByGuid(acc[1]["ID"]),
        f'Expected to find system {sys2} in My System Account but did not')
    ui.check_actions(['Rotate credentials', 'Manage Accounts', 'Add To Set'],
                     [sys1, sys2])
    logger.info('Add To set option is available')
예제 #9
0
def test_ends_with_search(core_session, core_admin_ui,
                          cleanup_secrets_and_folders, pas_general_secrets):
    """
           C3061: Ends with search
    :param core_session: Authenticated Centrify Session
    :param core_admin_ui: Fixture to launch the browser with cloud admin
    :param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
    :param pas_general_secrets: Fixture to read secret data from yaml file
    """
    params = pas_general_secrets
    folder_list = cleanup_secrets_and_folders[1]
    secrets_list = cleanup_secrets_and_folders[0]
    suffix = guid()

    # Creating folder
    folder_success, folder_parameters, folder_id = create_folder(
        core_session, params['name'] + suffix, params['description'])
    assert folder_success, f'Failed to create folder, API response result: {folder_id}'
    logger.info(
        f'Folder created successfully: {folder_id} & details are {folder_parameters}'
    )
    folder_list.append(folder_id)
    folder_name = folder_parameters['Name']

    # Creating secret
    added_secret_success, details, added_secret_id = create_text_secret(
        core_session, params['secret_name'] + suffix, params['secret_text'])
    assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
    logger.info(f'Added secrets info: {details, added_secret_id}')
    secrets_list.append(added_secret_id)

    ui = core_admin_ui
    ui.navigate('Resources', 'Secrets')

    # Searching for secrets & folder
    ui.search(suffix)
    ui.expect(GridRow(folder_name),
              f' Expect to find folder {folder_name} but could not')
    ui.expect(
        GridRowByGuid(added_secret_id),
        f' Expect to find secret with id as {added_secret_id} but could not')
    logger.info(
        f'Both folder {folder_name} & secret {added_secret_id} are successfully visible'
    )

    # Getting permissions of folder
    permissions = SetsManager.get_collection_rights(core_session, folder_id)
    assert permissions["Result"], \
        f'Failed to get permissions for folder, API response result:{permissions["Result"]}'
    logger.info(f'Permissions of the folder created: {permissions}')

    # Getting permissions of secret
    permissions_secret = get_users_effective_secret_permissions(
        core_session, added_secret_id)
    assert permissions_secret,\
        f'Failed to get permissions for secret, API response result: {permissions_secret}'
    logger.info(f' Permissions for Secret: {permissions_secret}')
def test_enable_workflow_without_approve(core_session, pas_windows_setup,
                                         core_admin_ui):
    """
    TC:C2192 Enable workflow without approver.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param core_admin_ui: Return a browser session.

    """
    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # Launch UI.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.click_row(GridRowByGuid(account_id))
    ui.tab('Workflow')
    ui.select_option('WorkflowEnabled', 'Yes')
    ui.switch_context(ActiveMainContentArea())
    ui.expect(TreeFolder('Permissions'),
              'Expect to permission tab but failed to find it.').try_click(
                  Modal())
    ui.switch_context(WarningModal())
    warning_message = "Please correct the errors before leaving the page."
    ui.check_exists(Div(warning_message))
    logger.info(
        'Successfully found warning modal when try to navigate to another page.'
    )
    ui.close_modal('Close')
    ui.switch_context(RenderedTab('Workflow'))
    ui.button('Save')
    ui.switch_context(WarningModal())
    save_warning_message = "Please correct the errors in your form before submitting."
    ui.check_exists(Div(save_warning_message))
    logger.info(
        'Successfully found warning modal containing "Please correct the errors in your form before '
        'submitting".')
예제 #11
0
def test_database_account_ui_check(core_session,
                                   create_databases_with_accounts,
                                   core_admin_ui):
    """
    Test case: C1074
    :param core_session: Authenticated Centrify session
    :param create_databases_with_accounts: fixture to create database with account
    """
    database = create_databases_with_accounts(core_session,
                                              databasecount=1,
                                              accountcount=1)
    db_name, db_id, db_account, db_account_id = \
        database[0]['Name'], database[0]['ID'], database[0]['Accounts'][0]['User'], database[0]['Accounts'][0]['ID']

    ui = core_admin_ui
    ui.navigate('Resources', 'Databases')
    ui.search(db_name)
    ui.click_row(GridRowByGuid(db_id))
    ui.tab('Accounts')
    ui.expect(GridRowByGuid(db_account_id),
              f'No database account {db_account} found in database {db_name}')
    ui.click_row(GridRowByGuid(db_account_id))
    ui.tab('Settings')
    assert ui.check_exists(Label('Use a proxy account')) is False, '"Use proxy account" checkbox label is available ' \
                                                                   'in Database account settings page'
    logger.info('No "Use proxy account" checkbox label')
    ui.user_menu('Reload Rights')
    ui.tab('Permissions')
    assert ui.check_exists(
        Span(text='Login')
    ) is False, f'Login column available in Database account permissions page.'
    logger.info(
        'No "Login" column is available in database account permissions page.')
    assert ui.check_exists(
        Span(text='Portal Login')
    ) is False, f'Login column available in Database account permissions page.'
    logger.info(
        'No "Portal Login" column is available in database account permissions page.'
    )
def test_check_system_icon(setup_pas_system_for_unix, core_admin_ui):
    """
    Test Case ID: C2091
    Test Case Description: Check system icon on system Settings page
    :param setup_pas_system_for_unix: Creates Unix System and Account
    :param core_admin_ui: Authenticates Centrify UI session
    """
    system_id, account_id, sys_info = setup_pas_system_for_unix
    system_name = sys_info[0]
    account_name = sys_info[4]
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(system_name)
    ui.switch_context(ActiveMainContentArea())
    ui.click_row(GridRowByGuid(system_id))
    ui.right_click_action(GridRowByGuid(account_id), 'Checkout')
    ui.switch_context(Modal(text=account_name))
    ui.button('Show Password')
    assert ui.check_exists(UnixIconAlert()) is False, 'Alert Icon ! is present'
    logger.info("System icon shows correctly without alert icon i.e. '!'.")
    ui.close_modal('Close')
    assert ui.check_exists(UnixIconAlert()) is False, 'Alert Icon ! is present'
    logger.info("System icon shows correctly without alert icon i.e. '!' after closing the modal.")
예제 #13
0
def test_system_password_rotation(core_session, pas_setup, core_admin_ui):
    """
    Test Case ID: C1671
    :param core_session: Returns API session
    :param pas_setup: Creates System and Account
    :param core_admin_ui: Authenticates Centrify UI session
    """
    # Creating windows system.
    system_id, account_id, sys_info = pas_setup
    system_name = sys_info[0]

    # Navigating to System and enabling the "All Password Rotation" option with valid and invalid values.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(system_name)
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Advanced')
    ui.switch_context(RenderedTab("Advanced"))
    ui.select_option("AllowPasswordRotation", "Yes")
    expected_password_rotation_duration = 1
    ui.input("PasswordRotateDuration", expected_password_rotation_duration)
    ui.expect(Button("Save"), "Save button should enabled")
    logger.info("Save button enabled")
    ui.save()
    logger.info("Valid value 1 is accepted and saved successfully")

    # Checking the value is saved and reflected with the system's settings.
    system_list = RedrockController.get_computers(core_session)
    discovered_system = []
    for system in system_list:
        if system['Name'] == sys_info[0]:
            discovered_system.append(system['ID'])
            discovered_system.append(system['PasswordRotateDuration'])
    actual_password_rotation_duration = discovered_system[1]
    assert expected_password_rotation_duration == actual_password_rotation_duration, f"password rotation duration count {expected_password_rotation_duration} not matched with actual count {actual_password_rotation_duration}"
    logger.info(
        f"Password rotation duration of the system {system_name} with id {system_id} saved with count {actual_password_rotation_duration} ")

    # Changing the value of password rotation duration with invalid value 0.
    ui.tab('Advanced')
    ui.switch_context(RenderedTab("Advanced"))
    ui.select_option("AllowPasswordRotation", "Yes")
    ui.input("PasswordRotateDuration", 0)
    ui.save()
    ui.switch_context(ErrorModal())
    ui.expect(Div("Please correct the errors in your form before submitting."), " Error pop up should appear")
    logger.info("Invalid value 0 is not accepted and thrown error popup successfully")
def test_update_account_permission_without_any_account_permission(
        pas_setup, users_and_roles):
    """
    TCID: C2201  Normal user without any account's permission
    :param pas_setup:
    :param users_and_roles: To login with Previous Admin service power user
    """
    system_id, account_id, sys_info = pas_setup
    ui = users_and_roles.get_ui_as_user("Privileged Access Service Power User")

    # To navigate accounts page and click on added system
    ui.navigate("Resources", "Accounts")
    system_name = sys_info[0]
    ui.search(system_name)
    ui.click_row(GridRowByGuid(account_id))
    ui.check_actions(['Add To Set', 'Verify Credential'])
    logger.info(f"Update Password is not in the Account's action list")
def test_check_dialog(core_admin_ui, add_single_system):
    """
    Test Case ID: C2220
    Test Case Description: Check the dialog for Select User, Group, Role panel
    :param core_admin_ui: Authenticates Centrify UI session
    :param add_single_system: Creates a single system
    """
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    added_system_id, sys_info = add_single_system
    system_name = sys_info[0]
    ui.search(system_name)
    ui.click_row(GridRowByGuid(added_system_id))
    ui.tab('Permissions')
    ui.launch_modal('Add', modal_title='Select User, Group, or Role')

    # Checking Computer is not present in the List
    assert ui.check_exists(Label(
        'Computers')) is False, 'Computers is present in the list of dialog'
    logger.info('Computers is not present in the list of dialog')
def test_check_action_menu_selecting_existing_account(core_session,
                                                      pas_windows_setup,
                                                      users_and_roles):
    """
    TC:C2173 Check Actions menu after selecting an existing account.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param:users_and_roles:Fixture to manage roles and user.
    """

    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # Cloud user session with "'Privileged Access Service Power User'".
    cloud_user_session = users_and_roles.get_session_for_user(
        'Privileged Access Service Power User')
    user_name = cloud_user_session.auth_details['User']
    user_id = cloud_user_session.auth_details['UserId']

    # UI session with 'Privileged Access Service Power User' rights.
    ui = users_and_roles.get_ui_as_user('Privileged Access Service Power User')

    # Assigning system "Edit" permission.
    assign_system_result, assign_system_success = ResourceManager.assign_system_permissions(
        core_session, "Edit", user_name, user_id, 'User', system_id)
    assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}"
    logger.info(
        f'Successfully assigned "Edit" permission to user:{assign_system_result}.'
    )

    # UI Launch.
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.switch_context(RenderedTab("Accounts"))
    ui.check_row(sys_info[4])
    assert ui.button_exists(
        'Actions'), "Failed to find 'Actions'menu button in Accounts page."
    logger.info('Successfully found "Actions" menu in Accounts page. ')
예제 #17
0
def test_ui_check_job_details_page(core_session, core_admin_ui, list_of_created_systems):
    """
         Test case: C1674
               :param core_session: Returns API session
               :param core_admin_ui: Centrify admin Ui session
               :param list_of_created_systems: returns the empty systems list.
               """

    account_name_prefix = f'account_test{guid()}'

    # adding multiple systems with accounts
    result = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems,
                                                                user_prefix=account_name_prefix)

    # arranging the results in the lists
    all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([result])

    # Deleting systems for creating bulk delete scheduled report
    result_acc, success_acc = ResourceManager.del_multiple_accounts(core_session, all_accounts)
    assert success_acc, f"Api did not complete successfully for bulk account delete MSG:{result_acc}"

    # Deleting accounts for creating bulk delete scheduled report
    result, success = ResourceManager.del_multiple_systems(core_session, all_systems)
    assert success, f'Delete systems job failed when expected success'
    logger.info(f"Delete systems job executed successfully {result}")

    # Going to password storage page and click on migration job status link.
    ui = core_admin_ui
    ui.navigate("Settings", "Resources", "Password Storage", check_rendered_tab=False)
    ui.expect(Anchor("View Migration Job Status and Reports "), "Clicking migration job status").try_click(
        Span(text="Type"))
    ui.switch_to_newest_tab()
    ui._waitUntilSettled()
    ui.click_row(GridRowByGuid(result))
    ui.expect(Span("Details"), "Clicking migration job status").try_click(Div("Job Details"))
    ui.expect_value(Div(result), value=None, expected_value=result,
                    wrong_value_message="expected id value is not matched in the report",
                    text=True)
    logger.info("Id value in the Job description appeared correctly")
예제 #18
0
def test_system_delete(pas_setup, core_admin_ui, core_session):
    """C2571 Delete systems
            Steps:
                Pre: Create system with 1 manage account hand
                1. Try to delete system
                    -Assert Failure
                2.check on the SecretName
                   -Assert Failure
        """

    ui = core_admin_ui
    # Step 1: create a system along with on account
    added_system_id, account_id, sys_info = pas_setup
    logger.info(
        f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} "
        f"with UUID: {account_id} associated with it.")
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.right_click_action(GridRowByGuid(added_system_id), 'Delete')
    ui.switch_context('System Delete')
    email_id = ui._searchAndExpect(TextField('SecretName'),
                                   "Not able to get the data from textbox")
    get_email_id = email_id.get_value_from_attribute('value')
    ui.remove_context()
    ui.button('Delete')

    # Step 2: Fetch the all secrets from data vault and compare
    query = 'Select * FROM DataVault'
    rows = RedrockController.get_result_rows(
        RedrockController.redrock_query(core_session, query))
    delete = []
    for row in rows:
        if row['SecretName'].find(get_email_id) == -1:
            delete.append(row['ParentPath'])
        else:
            logger.info(f"no data found:{delete}")
    assert 'Bulk Delete' in delete, "User not deleted system and there is no data"
    logger.info(
        f'Successfully deleted a system and generated bulk delete secret')
def test_access_system_not_allow_from_public_network(core_session,
                                                     pas_windows_setup,
                                                     core_admin_ui,
                                                     update_tenant_remote):
    """
    C1573 : 20180720-02:31:59 system Level
    :param core_session: Authenticated Centrify Session
    :param pas_windows_setup: Added Windows system with Account associated to it.
    :param core_admin_ui: Authenticated Centrify Browser Session
    """
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )
    ui = core_admin_ui

    # Disable 'Allow access from a public network' policy on Global Security Setting page
    result, success = update_tenant_remote(core_session, False)
    assert success, f"Not able to disable 'Allow access from a public network' policy on Global Security Setting " \
                    f"page. API response result: {result}. "
    logger.info(
        f"'Allow access from a public network' policy disabled on Global Security Setting page"
    )

    # Navigating Resources - System page
    ui.navigate("Resources", "Systems")
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.check_row_by_guid(account_id)
    ui.switch_context(RenderedTab("Accounts"))

    # Login to Account using RDP session
    ui.action('Login')
    ui.wait_for_tab_with_name(f"Login session {sys_info[0]}")
    expected_alert_message = "Remote access not allowed. Please enable the 'Allow access from a public network' " \
                             "policy if web login from a public network is required."
    core_admin_ui.switch_context(WarningModal())
    assert core_admin_ui.check_exists(
        (Div(expected_alert_message))
    ), f"pop up warning message for Remote access is not same as : {expected_alert_message}"
    logger.info(f"Correct pop up warning message displayed for Remote access.")
def test_grant_view_portal_login_permission_to_privileged_access_service_user(core_session, system_with_ssh_account,
                                                                              core_admin_ui):
    """
    TC: C2069
    :param core_session: Authenticated Centrify session.
    :param system_with_ssh_account: Valid unix system with ssh account
    :param core_admin_ui: Authenticated browser session.
    """
    system_id, account_id, ssh_id, system_list, account_list, ssh_list = system_with_ssh_account

    ui = core_admin_ui
    user_id = UserManager.get_user_id(core_session, ui.user.centrify_user['Username'])

    result, status = ResourceManager.assign_account_permissions(core_session, rights="View,Login,UserPortalLogin",
                                                                principal=ui.user.centrify_user['Username'],
                                                                principalid=user_id, pvid=account_id)
    assert status, f'failed to assign UserPortalLogin permission of account to user {ui.user.centrify_user["Username"]}'
    logger.info(f'UserPortalLogin permission of account assigned successfully to user '
                f'{ui.user.centrify_user["Username"]}')

    ui = core_admin_ui
    # "SSH Key" on column "Credential Type"
    result, status = ResourceManager.get_workspace_my_system_account(core_session)
    for account in result:
        if account['Host'] == system_id:
            assert account['CredentialType'] == 'SshKey', f'SSH Key not displayed in CredentialType column in ' \
                                                          f'My System Account'
            logger.info('SSH key displayed in Credential type column.')

    # Login to the ssh account
    ui.navigate(('Workspace', 'My System Accounts'))
    ui.right_click_action(GridRowByGuid(account_id), 'Login')
    ui.switch_to_pop_up_window()
    ui.expect_disappear(LoadingMask(), 'RDP session never exited loading state for system', time_to_wait=60)
    ui.switch_to_main_window()

    status, result = ResourceManager.get_my_active_sessions(core_session, account_id)
    assert status, f'failed to retrieve details for active account session data, return result is {result}'
    logger.info(f'details for active account found in My Active sessions, returned row is {result}.')
예제 #21
0
def test_save_changes_clicking_other_tab(core_session, setup_pas_system_for_unix, core_admin_ui):
    """
    TC:C2186 Save the changes after clicking other tabs.
    :param core_ui: Return a browser session.
    :param core_session: Return API session.
    :param: pas_setup: Returning a fixture.
    """
    # Adding a system with account.
    created_system_id, created_account_id, sys_info = setup_pas_system_for_unix
    system_name = sys_info[0]

    # Launch UI.
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(system_name)
    ui.click_row(GridRowByGuid(created_system_id))
    ui.tab('Settings')
    modified_system_name = f'UnixServer{guid()}'
    ui.input('Name', modified_system_name)
    ui.save()
    # Validating that system name is modified.
    system_rows = RedrockController.get_computer_with_ID(core_session, created_system_id)
    assert system_rows['Name'] == modified_system_name, f'Failed to modify system name:{system_rows}'
    logger.info('Successfully modified system name.')
예제 #22
0
def test_check_account_actions(core_session, users_and_roles,
                               pas_windows_setup):
    """
    TC:C2214 Check account's Actions.
    :param:core_session: Returns Authenticated Centrify session.
    :param users_and_roles: Fixture to manage roles and user.
    :param pas_windows_setup: Return a fixture.
    """

    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # UI session with 'Privileged Access Service Power User' rights.
    ui = users_and_roles.get_ui_as_user(
        "Privileged Access Service Administrator")

    # UI Launch
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.switch_context(RenderedTab('Accounts'))
    ui.check_actions(['Add To Set', 'Verify Credential'], sys_info[4])
    logger.info('Successfully show accounts menu rather than system menu.')
def test_check_use_proxy_account_option(setup_pas_system_for_unix, core_admin_ui, pas_config):
    """
        Test case: C2185 Check Use proxy account option
        :param core_admin_ui: Authenticated Centrify Session.
        :param setup_pas_system_for_unix: Add Unix System and Account associated with it
        :param  pas_config: Config file to get data from the yaml.
        """
    created_system_id, created_account_id, sys_info = setup_pas_system_for_unix
    logger.info(f"System added successfully : {created_system_id}")
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(created_system_id))
    ui.tab('Settings')
    ui.check('undefined')
    ui.input("ProxyUser", "test_proxy_user")
    ui.input("ProxyUserPassword", "pass_proxy_1234")
    ui.save()
    ui.tab('Accounts')
    ui.launch_modal('Add', modal_title='Add Account')
    ui.expect(Checkbox("UseWheel"), "Use proxy account option is not shown in add account wizard")
    logger.info(f"Use proxy account option check box exist.")
    ui.expect(CheckedCheckbox("UseWheel"), f'Use proxy account option is not checked on add account wizard')
    logger.info(f"Use proxy account option check box is checked on add account wizard ")
def test_check_dialog_select_user_group_role(core_session, core_admin_ui,
                                             pas_windows_setup):
    """
       TC:C2220 Check the dialog for Select User, Group, Role panel.
       :param:core_session: Returns Authenticated Centrify session.
       :param:core_admin_ui:Returns browser session.
       :param pas_windows_setup: Return a fixture.
    """

    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # UI Launch
    ui = core_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Permissions')
    ui.switch_context(RenderedTab('Permissions'))
    ui.launch_modal('Add', modal_title='Select User, Group, or Role')
    logger.info(
        'Successfully could not find "computer" in "Select User, Group, or Role" dialog list.'
    )
예제 #25
0
def test_retrieve_mfa_policy_on_parent_folder_verify_challenged(
        core_session, core_admin_ui, pas_general_secrets,
        create_secret_inside_folder, clean_up_policy):
    """
             C2985: MFA policy on Parent folder, verify challenged
         1) Set MFA on MFAonParent
         2) Right click "MFAonSecret" then Retrieve.
         3) Verify challenged with MFA popups,
         4) Enter password & verify you can retrieve secret

    :param core_session: Authenticated Centrify Session
    :param core_admin_ui: Fixture to launch ui session for cloud admin
    :param pas_general_secrets: Fixture to read secret data from yaml file
    :param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
    :param clean_up_policy: Fixture to clean up the policy created
    """
    secrets_params = pas_general_secrets
    suffix = guid()
    folder_list, folder_name, secret_list = create_secret_inside_folder
    verify_text = secrets_params['secret_text']

    # Getting details of the secret replaced
    found_secret = get_secret(core_session, secret_list[0])
    assert found_secret['success'], \
        f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
    logger.info(f'Getting details of the secret: {found_secret}')
    secret_name = found_secret['Result']['SecretName']

    challenges = ["UP", ""]
    # Creating new policy
    policy_result = PolicyManager.create_new_auth_profile(
        core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
    assert policy_result, f'Failed to create policy, API response result:{policy_result}'
    logger.info(f' Creating new policy:{policy_result}')
    clean_up_policy.append(policy_result)

    # Applying MFA on Folder
    result = update_folder(core_session,
                           folder_list[0],
                           folder_name,
                           folder_name,
                           policy_id=policy_result)
    assert result[
        'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
    logger.info(f'Applying MFA  for folder: {result}')

    ui = core_admin_ui
    password = ui.get_user().get_password()
    login = Login(ui)
    ui.navigate('Resources', 'Secrets')
    ui.search(folder_name)
    ui.click_row(GridRowByGuid(folder_list[0]))
    ui.click_row(GridRowByGuid(secret_list[0]))
    ui.action('Retrieve')
    ui.switch_context(Modal(text=secret_name))
    ui.button('Show Text')
    ui.switch_context(NoTitleModal())
    login.click_next_on_auth()
    login.enter_login_password(password)
    login.click_next_on_auth()
    ui.switch_context(ActiveMainContentArea())
    ui.expect(InputBoxValue(verify_text),
              f'Expect to find {verify_text} in Retrieve but could not.')
    logger.info(
        f'Text Retrieved with MFA challenge(password only)i.e. MFAonParent successfully: {verify_text}'
    )

    # Removing MFA on Folder
    result = update_folder(
        core_session,
        folder_list[0],
        folder_name,
        secrets_params['mfa_folder_name_update'] + suffix,
        description=secrets_params['mfa_folder_description'])
    assert result[
        'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
    logger.info(f'Applying MFA  for folder: {result}')
def test_help_page_and_tip_message_check(core_admin_ui, add_single_system):
    """
    C1546 : Help page and tip message check
    :param core_admin_ui: Authenticated Centrify Browser Session
    :param add_single_system: Add system and return system details.
    """
    ui = core_admin_ui
    added_system_id, sys_info = add_single_system
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(added_system_id))
    # Navigate Policy page
    ui.tab('Policy')
    ui.switch_context(ActiveMainContentArea())
    ui.button('Learn more')
    ui.wait_for_tab_with_name("Setting system‑specific policies",
                              max_seconds_to_wait=10)
    assert ui.check_exists(PageWithTitle("Setting system‑specific policies")), "Setting system‑specific policies, " \
                                                                               "page not found. "
    logger.info(
        "Clicking on 'Learn More' button launched 'Setting system‑specific policies' tab successfully"
    )
    ui.switch_first_tab()
    ui.mouse_hover_element(HoverToolTip("Allow access from a public"))
    assert ui.check_exists(Div("Specifies whether remote connections")), "Could not able to find the tool tip value " \
                                                                         "for Allow access from a public network "
    logger.info(
        "'Specifies whether remote connections' tool tip message found")
    ui.mouse_hover_element(HoverToolTip("Checkout lifetime"))
    assert ui.check_exists(Div("Specifies the number of minutes")), "Could not able to find the tool tip value for " \
                                                                    "Checkout lifetime "
    logger.info("'Specifies the number of minutes' tool tip message found")
    # Navigate Advanced page
    ui.tab('Advanced')
    ui.switch_context(ActiveMainContentArea())
    ui.button('Learn more')
    ui.wait_for_tab_with_name("Setting system‑specific advanced options",
                              max_seconds_to_wait=10)
    assert ui.check_exists(PageWithTitle("Setting system‑specific advanced options")), "Setting system‑specific " \
                                                                                       "advanced options, " \
                                                                                       "page not found "
    logger.info(
        "Clicking on 'Learn More' button launched 'Setting system‑specific advanced options' tab successfully"
    )
    ui.switch_first_tab()

    ui.mouse_hover_element(HoverToolTip("Allow multiple password"))
    assert ui.check_exists(Div("Specifies whether multiple users")), "Could not able to find the tool tip value for " \
                                                                     "Multiple password checkouts"
    logger.info("'Specifies whether multiple users' tool tip message found")

    ui.mouse_hover_element(HoverToolTip("password history cleanup"))
    assert ui.check_exists(Div("Specifies whether retired passwords"), 30), "Could not able to find the tool tip " \
                                                                            "value for Password History Cleanup"
    logger.info("'Specifies whether retired passwords' tool tip message found")

    ui.mouse_hover_element(HoverToolTip("Enable password rotation"))
    assert ui.check_exists(Div("Specifies whether managed password")), "Could not able to find the tool tip value " \
                                                                       "for Password rotation after checkin "
    logger.info("'Specifies whether managed password' tool tip message found")
    ui.mouse_hover_element(HoverToolTip("Enable periodic password"))
    assert ui.check_exists(Div("Specifies whether managed password")), "Could not able to find the tool tip value " \
                                                                       "for Periodic password rotation "
    logger.info("'Specifies whether managed password' tool tip message found")
    ui.mouse_hover_element(HoverToolTip("Minimum Password Age"))
    assert ui.check_exists(Div("Minimum amount of days old")), "Could not able to find the tool tip value for " \
                                                               "Minimum Password Age "
    logger.info("'Minimum amount of days old' tool tip message found")
    ui.navigate('Settings', 'Resources', 'Security', 'Security Settings',
                False)
    ui.switch_context(ActiveMainContentArea())
    ui.button('Learn more')
    ui.wait_for_tab_with_name("Setting global security options", 20)
    assert ui.check_exists(PageWithTitle("Setting global security options"), 20), "Setting global security options, " \
                                                                                  "page not found. "
    logger.info(
        "Clicking on 'Learn More' button launched 'Setting global security options' tab successfully"
    )
    ui.switch_first_tab()

    ui.mouse_hover_element(
        HoverCkeckboxToolTip("Enable periodic password history cleanup"))
    assert ui.check_exists(Div("Specifies whether retired passwords"), 20), "Could not able to find the tool tip " \
                                                                            "value for Password history cleanup "
    logger.info("'Specifies whether retired passwords' tool tip message found")

    ui.mouse_hover_element(
        HoverCkeckboxToolTip("password rotation after checkin"))
    assert ui.check_exists(Div("password should be rotated after it's checked"), 20), "Could not able to find the " \
                                                                                      "tool tip value for Password " \
                                                                                      "rotation after checkin "
    logger.info(
        "'Password should be rotated after it's checked' tool tip message found"
    )

    ui.mouse_hover_element(
        HoverCkeckboxToolTip("password rotation at specified interval"))
    assert ui.check_exists(Div("password should be rotated periodically"), 20), "Could not able to find the tool " \
                                                                                "tip value for Password rotation at " \
                                                                                "specified interval "
    logger.info(
        "'Password should be rotated periodically' tool tip message found")

    ui.mouse_hover_element(HoverToolTip("password checkout lifetime"))
    assert ui.check_exists(Div("Specifies the number of minutes"), 20), "Could not able to find the tool tip value " \
                                                                        "for Default account password checkout " \
                                                                        "lifetime "
    logger.info("'Specifies the number of minutes' tool tip message found")

    ui.mouse_hover_element(HoverToolTip("Minimum Password Age"))
    assert ui.check_exists(Div("Minimum amount of days old"), 20), "Could not able to find the tool tip value for " \
                                                                   "Minimum Password Age "
    logger.info("'Minimum amount of days old' tool tip message found")

    ui.mouse_hover_element(HoverToolTip("SSH Gateway"))
    assert ui.check_exists(Div("message to users at SSH session login"), 20), "Could not able to find the tool tip " \
                                                                              "value for SSH Gateway Banner "
    logger.info(
        "'Message to users at SSH session login' tool tip message found")

    ui.mouse_hover_element(
        HoverCkeckboxToolTip("requests for password checkouts"))
    assert ui.check_exists(Div("allows users to request permanent access"), 20), "Could not able to find the tool " \
                                                                                 "tip value for Requests for " \
                                                                                 "password checkouts "
    logger.info(
        "'When enabled, allows users to request permanent access passwords' tool tip message found"
    )

    ui.mouse_hover_element(HoverCkeckboxToolTip("requests for login"))
    assert ui.check_exists(Div("allows users to request permanent login access"), 20), "Could not able to find the " \
                                                                                       "tool tip value for Requests " \
                                                                                       "for login "
    logger.info(
        "'allows users to request permanent login access' tool tip message found"
    )

    ui.mouse_hover_element(
        HoverCkeckboxToolTip("Allow multiple password checkouts"))
    assert ui.check_exists(Div("Specifies whether multiple users can"), 20), "Could not able to find the tool tip " \
                                                                             "value for Allow multiple password " \
                                                                             "checkouts "
    logger.info(
        "'Specifies whether multiple users can' tool tip message found")

    ui.mouse_hover_element(HoverCkeckboxToolTip("Allow access from"))
    assert ui.check_exists(Div("Specifies whether remote connections"), 20), "Could not able to find the tool tip " \
                                                                             "value for Allow access from a public" \
                                                                             " network "
    logger.info(
        "'Specifies whether remote connections' tool tip message found")
예제 #27
0
def test_check_ui_for_privilege_service_power_user_right(
        add_single_system, users_and_roles):
    """
    C1545 : UI Check for Privilege Service Power User right
    :param users_and_roles: Gets user and role on demand.
    :param add_single_system: Add system and return system details.
    """
    ui = users_and_roles.get_ui_as_user("Privileged Access Service Power User")
    added_system_id, sys_info = add_single_system
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(added_system_id))

    # Navigate Policy page
    ui.tab('Policy')
    assert ui.expect(
        DisabledTextBox("DefaultCheckoutTime"),
        'Drop down Element "DefaultCheckoutTime" is not disabled')
    logger.info("'DefaultCheckoutTime' Element in Policy page are gray out")
    assert ui.expect(DisabledTextBox("AllowRemote"),
                     'Drop down Element "AllowRemote" is not disabled')
    logger.info("'AllowRemote' Element in Policy page are gray out")

    # Navigate Global Settings page
    ui.navigate('Settings', 'Resources', 'Security', 'Security Settings',
                False)
    ui.switch_context(ActiveMainContentArea())
    assert ui.expect(DisabledCheckbox("AllowRemote"),
                     'Check box Element "AllowRemote" is not disabled')
    logger.info(
        "Allow Remote check box is grey out in Global Security Setting Page")
    assert ui.expect(
        DisabledCheckbox("AllowMultipleCheckouts"),
        'Check box Element "AllowMultipleCheckouts" '
        'is not disabled')
    logger.info(
        "Allow Multiple Checkouts check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledCheckbox("AllowPermanentCheckoutWorkflow"),
        'Check box Element '
        '"AllowPermanentCheckoutWorkflow" '
        'is not disabled')
    logger.info(
        "Allow Permanent Checkout Workflow check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledCheckbox("AllowPermanentLoginWorkflow"),
        'Check box Element "AllowPermanentLoginWorkflow"'
        ' is not disabled')
    logger.info(
        "Allow Permanent Login Workflow check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledCheckbox("AllowPasswordHistoryCleanUp"),
        'Check box Element "AllowPasswordHistoryCleanUp"'
        ' is not disabled')
    logger.info(
        "Allow Password History CleanUp check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledCheckbox("AllowPasswordRotation"),
        'Check box Element "AllowPasswordRotation"'
        ' is not disabled')
    logger.info(
        "Allow Password Rotation check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledCheckbox("AllowPasswordRotationAfterCheckin"),
        'Check box Element '
        '"AllowPasswordRotationAfterCheckin" '
        'is not disabled')
    logger.info(
        "Allow Password  Rotation After Checkin check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledCheckbox("SSHGatewayCustomBannerEnabled"), 'Check box Element '
        '"SSHGatewayCustomBannerEnabled" '
        'is not disabled')
    logger.info(
        "SSH Gateway Custom Banner Enabled check box is grey out in Global Security Setting Page"
    )
    assert ui.expect(DisabledTextBox("DefaultCheckoutTime"),
                     'Text box Element "DefaultCheckoutTime" is not disabled')
    logger.info(
        "Default Checkout Time text box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        ReadOnlyTextField("PasswordHistoryCleanUpDuration"),
        'Text Field Element '
        '"PasswordHistoryCleanUpDuration" '
        'is not disabled')
    logger.info(
        "Password History CleanUp Duration Text Field is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        DisabledTextBox("PasswordRotateDuration"),
        'Text box Element "PasswordRotateDuration" '
        'is not disabled')
    logger.info(
        "Password Rotate Duration text box is grey out in Global Security Setting Page"
    )
    assert ui.expect(
        ReadOnlyTextField("MinimumPasswordAge"),
        'Text field Element "MinimumPasswordAge" is '
        'not disabled')
    logger.info(
        "Minimum Password Age text field is grey out in Global Security Setting Page"
    )
예제 #28
0
def test_connector_setting(core_session, pas_windows_setup, users_and_roles,
                           core_pas_admin_ui):
    """
    TC:C2170 Check connectors setting.
    :param core_session: Returns a API session.
    :param pas_windows_setup: Returns a fixture.
    :param users_and_roles: Gets user and role on demand.
    :param core_pas_admin_ui: Returns browser session.
    """

    # Creating a system and account.
    system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
    )

    # Cloud user session with "Privileged Access Service Administrator".
    cloud_user_session = users_and_roles.get_session_for_user(
        'Privileged Access Service Administrator')
    user_name = cloud_user_session.auth_details['User']
    user_id = cloud_user_session.auth_details['UserId']

    # Assigning "Edit" permission for system to limited user.
    assign_system_perm_res, assign_system_perm_success = ResourceManager.assign_system_permissions(
        core_session, "Edit", user_name, user_id, 'User', system_id)

    assert assign_system_perm_success, f"Failed to assign 'Edit' permissions to user for the system: API Response " \
                                       f"result: {assign_system_perm_res}. "
    logger.info(
        f"Successfully assign 'Edit' permissions to user for the system: {assign_system_perm_res}."
    )

    # Getting the connectors Details.
    connector_details = Configs.get_environment_node('connector_data',
                                                     'automation_main')
    connector_name = connector_details['connector']
    list_connectors_id = []
    connectors_details = RedrockController.get_all_proxy(cloud_user_session)
    for connector_detail in connectors_details:
        if connector_detail['Name'] == connector_name:
            list_connectors_id.append(connector_detail['ID'])

    # Choosing the connector for the system.
    update_system_result, update_system_success = ResourceManager.update_system(
        cloud_user_session,
        system_id=system_id,
        name=sys_info[0],
        fqdn=sys_info[1],
        computerclass=sys_info[2],
        proxycollectionlist=connector_id,
        chooseConnector="on",
        filterConnectorCombo="all",
    )
    assert update_system_success, f'Failed to save the connector for the system:' \
                                  f'API response result:{update_system_result}. '
    logger.info(
        f'Successfully save the connector {update_system_result} for the system.'
    )

    # UI Launch
    ui = core_pas_admin_ui
    ui.navigate('Resources', 'Systems')
    ui.search(sys_info[0])
    ui.click_row(GridRowByGuid(system_id))
    ui.tab('Connectors', check_rendered_tab=False)
    assert ui.check_exists(GridRowCheckbox(connector_name, checked=True)), 'Expect the find connector checked but ' \
                                                                           'failed to find it. '
    logger.info(
        f'Successfully found the correct connector setting:{connector_name}.')
def test_cloud_admin_login_from_my_system_account(core_session, pas_config,
                                                  core_admin_ui,
                                                  cleanup_accounts,
                                                  cleanup_resources,
                                                  remote_users_qty1):
    """
    Test case: C14831
    :param core_session: centrify session
    :param core_admin_ui: Centrify UI session
    """
    maximum_event_wait_time = 120
    account_list = cleanup_accounts[0]
    system_list = cleanup_resources[0]

    systems = ServerManager.get_all_resources(core_session)
    accounts = ServerManager.get_all_accounts(core_session)

    for system in systems:
        system_list.append(system['ID'])
    for account in accounts:
        account_list.append(account['ID'])

    system_list = cleanup_resources[0]
    accounts_list = cleanup_accounts[0]
    # Getting system details.
    sys_name = f'{"Win-2012"}{guid()}'
    user_password = '******'
    sys_details = pas_config
    add_user_in_target_system = remote_users_qty1
    fdqn = sys_details['Windows_infrastructure_data']['FQDN']
    # Adding system.
    add_sys_result, add_sys_success = ResourceManager.add_system(
        core_session, sys_name, fdqn, 'Windows', "Rdp")
    assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
    logger.info(f"Successfully added system:{add_sys_result}")
    system_list.append(add_sys_result)

    # Adding account in portal.
    acc_result, acc_success = ResourceManager.add_account(
        core_session,
        add_user_in_target_system[0],
        password=user_password,
        host=add_sys_result)
    assert acc_success, f"Failed to add account in the portal: {acc_result}"
    logger.info(
        f"Successfully added account {add_user_in_target_system[0]} in the portal"
    )
    accounts_list.append(acc_result)

    ui = core_admin_ui
    admin_user_uuid = UserManager.get_user_id(
        core_session, ui.user.centrify_user["Username"])

    # assigning cloud admin workspace login permission
    rights = "View,Login,UserPortalLogin"
    result, status = ResourceManager.assign_account_permissions(
        core_session,
        rights,
        ui.user.centrify_user["Username"],
        admin_user_uuid,
        pvid=acc_result)
    assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \
                   f'returned result is: {result}'

    # Updating allow remote to enable RDP session for targeted system
    result, success = ResourceManager.update_system(core_session,
                                                    add_sys_result,
                                                    sys_name,
                                                    fdqn,
                                                    "Windows",
                                                    allowremote=True)
    assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}'

    ui.navigate(('Workspace', 'My System Accounts'))
    ui.expect(
        GridRow(sys_name),
        f'Expected to find system {sys_name} in My System Account but did not')
    ui.right_click_action(GridRow(sys_name), 'Login')

    ui.switch_to_pop_up_window()
    ui.expect_disappear(
        LoadingMask(),
        'Error occurred while launching workspace login session',
        time_to_wait=250)
    ui.switch_to_main_window()

    # wait for manged password change event
    filter = [['AccountName', add_user_in_target_system[0]]]
    RedrockController.wait_for_event_by_type_filter(
        core_session,
        "Cloud.Server.LocalAccount.RDPSession.Start",
        filter=filter,
        maximum_wait_second=maximum_event_wait_time)  # wait for 20 seonds
    # Api call to get details of account active session
    status, result = ResourceManager.get_my_active_sessions(
        core_session, acc_result)
    assert status, f'failed to retrieve details for active account session data, return result is {result}'
    logger.info(
        f'details for active account {add_user_in_target_system[0]} are {result}'
    )

    ui.navigate('Resources', 'Systems')
    ui.search(sys_name)
    ui.expect(GridRowByGuid(add_sys_result),
              expectation_message=
              f'failed to search for the system by id {add_sys_result}')
    ui.click_row(GridRowByGuid(add_sys_result))

    # fetching Active session value from system view page
    ui.inner_text_of_element(ActiveSessionTextCount(),
                             expectation_message='1',
                             warning_message="RDP Not taken from user")
    logger.info(f'Active session value incremented to 1: Active Sessions:1')
예제 #30
0
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1,
                              cleanup_resources, cleanup_accounts,
                              core_admin_ui):
    """C2541 Settings on Policy page
       trying to get rdp through system account with in 15 minute
            Steps:
                Pre: Create system with 1 account hand
                1. Try to take rdp for system
                    -Assert Failure
                2. Try to checkout password for account
                    -Assert Failure
        """
    core_ui = core_admin_ui
    user_name = core_ui.get_user().get_login_name()
    system_list = cleanup_resources[0]
    accounts_list = cleanup_accounts[0]
    # Getting system details.
    sys_name = f'{"Win-2012"}{guid()}'
    user_password = '******'
    sys_details = pas_config
    add_user_in_target_system = remote_users_qty1
    fdqn = sys_details['Windows_infrastructure_data']['FQDN']
    # Adding system.
    add_sys_result, add_sys_success = ResourceManager.add_system(
        core_session, sys_name, fdqn, 'Windows', "Rdp")
    assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
    logger.info(f"Successfully added system:{add_sys_result}")
    system_list.append(add_sys_result)

    success, response = ResourceManager.update_system(core_session,
                                                      add_sys_result,
                                                      sys_name,
                                                      fdqn,
                                                      'Windows',
                                                      allowremote=True,
                                                      defaultcheckouttime=15)
    assert success, f"failed to change the management mode:API response result:{response}"
    logger.info(f"Successfully updated the system:{add_sys_result}")

    # Adding account in portal.
    acc_result, acc_success = ResourceManager.add_account(
        core_session,
        add_user_in_target_system[0],
        password=user_password,
        host=add_sys_result,
        ismanaged=True)
    assert acc_success, f"Failed to add account in the portal: {acc_result}"
    logger.info(
        f"Successfully added account {add_user_in_target_system[0]} in the portal"
    )
    accounts_list.append(acc_result)
    core_ui.navigate('Resources', 'Accounts')
    core_ui.search(add_user_in_target_system[0])
    core_ui.right_click_action(GridRowByGuid(acc_result), 'Login')
    core_ui.switch_to_pop_up_window()
    core_ui.expect_disappear(
        LoadingMask(),
        f'RDP session never exited loading state for system {sys_name}',
        time_to_wait=50)
    core_ui.switch_to_main_window()
    row = ResourceManager.get_system_activity(core_session, add_sys_result)
    assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \
           f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp"
    password_checkout_result, password_checkout_success = \
        ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
    new_cid = password_checkout_result['COID']
    assert password_checkout_result['Password'] is not user_password, \
        f"expected password equal to actual password: {password_checkout_result}"
    logger.info(f"password successfully checkout Account password: {new_cid}")