def test_ends_with_search(core_session, core_admin_ui,
cleanup_secrets_and_folders, pas_general_secrets):
"""
C3061: Ends with search
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch the browser with cloud admin
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
params = pas_general_secrets
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
suffix = guid()
# Creating folder
folder_success, folder_parameters, folder_id = create_folder(
core_session, params['name'] + suffix, params['description'])
assert folder_success, f'Failed to create folder, API response result: {folder_id}'
logger.info(
f'Folder created successfully: {folder_id} & details are {folder_parameters}'
)
folder_list.append(folder_id)
folder_name = folder_parameters['Name']
# Creating secret
added_secret_success, details, added_secret_id = create_text_secret(
core_session, params['secret_name'] + suffix, params['secret_text'])
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {details, added_secret_id}')
secrets_list.append(added_secret_id)
ui = core_admin_ui
ui.navigate('Resources', 'Secrets')
# Searching for secrets & folder
ui.search(suffix)
ui.expect(GridRow(folder_name),
f' Expect to find folder {folder_name} but could not')
ui.expect(
GridRowByGuid(added_secret_id),
f' Expect to find secret with id as {added_secret_id} but could not')
logger.info(
f'Both folder {folder_name} & secret {added_secret_id} are successfully visible'
)
# Getting permissions of folder
permissions = SetsManager.get_collection_rights(core_session, folder_id)
assert permissions["Result"], \
f'Failed to get permissions for folder, API response result:{permissions["Result"]}'
logger.info(f'Permissions of the folder created: {permissions}')
# Getting permissions of secret
permissions_secret = get_users_effective_secret_permissions(
core_session, added_secret_id)
assert permissions_secret,\
f'Failed to get permissions for secret, API response result: {permissions_secret}'
logger.info(f' Permissions for Secret: {permissions_secret}')
def test_add_nested_secret(core_session, pas_general_secrets,
cleanup_secrets_and_folders):
"""
C283806: Can add nested secret
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
params = pas_general_secrets
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
suffix = guid()
# Creating nested secrets
added_secret_success, details, added_secret_id = create_text_secret(
core_session, params['nested_secret_name_new'] + suffix,
params['secret_text'])
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {details, added_secret_id}')
folders_and_secret_name = details['SecretName']
# Getting details of nested secrets
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_secret_id)
logger.info(f'Secret created details: {get_secret_details}')
secret_name = get_secret_details['SecretName']
child_folder_id = get_secret_details['FolderId']
parent_path = get_secret_details['ParentPath']
parent_folder_and_child_folder = parent_path.split('\\')
parent_name = parent_folder_and_child_folder[0]
child_folder_name = parent_folder_and_child_folder[1]
# Getting added secret status
secret_activity = UserManager.get_secret_activity(core_session,
added_secret_id)
logger.info(f'Secret Created activity:{secret_activity} ')
added_secret_status = False
for rows in secret_activity:
if 'added a secret' in rows['Detail']:
added_secret_status = True
assert added_secret_status, f'Failed to add secret: {added_secret_status}'
assert parent_name in folders_and_secret_name, f'Failed to verify parent folder name: {parent_name}'
assert child_folder_name in folders_and_secret_name, f'Failed to verify child folder name: {child_folder_name}'
assert secret_name in folders_and_secret_name, f'Failed to verify secret name: {secret_name}'
# Getting details of the parent folder & child folder
parent_id = get_folder(core_session, parent_name)
logger.info(
f'parent folder id::{parent_id["Result"]["Results"][0]["Row"]["ID"]}')
secrets_list.append(added_secret_id)
folder_list.append(child_folder_id)
folder_list.append(parent_id['Result']['Results'][0]['Row']['ID'])
logger.info(f'Added folder deleted successfully : {folder_list}')
logger.info(f'Added Secret deleted successfully : {secrets_list}')
def test_create_folder_as_part_of_a_new_secret(core_session,
cleanup_secrets_and_folders,
pas_general_secrets):
"""
test method to create a folder with ADD Secret API
with secret name as "Folder/Subfolder/secretName" & verify
Folder, Subfolder & Secrets are created properly.
:param core_session: Authenticated Centrify Session
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
secrets_data = pas_general_secrets
secrets_list = cleanup_secrets_and_folders[0]
folders_list = cleanup_secrets_and_folders[1]
prefix = guid()
added_secret_success, details, added_secret_id = create_text_secret(
core_session, prefix + secrets_data['folder_name_with_frwdslashes'],
secrets_data['secret_text'])
assert added_secret_success, "Added Secret Failed "
logger.info(
f'Added secrets info: {added_secret_success, details, added_secret_id}'
)
secrets_list.append(added_secret_id)
# Getting contents & details of secrets added
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_secret_id)
child_id = get_secret_details['FolderId']
logger.info(f'child id :{child_id}')
parent_path = get_secret_details['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["ID"]
assert parent_folder_id, f'Failed to retrieve super parent id :{parent_folder_id}'
logger.info(f'Super parent folder id:{parent_folder_id}')
# Getting id of nested folder
nested_folder = get_secrets_and_folders_in_folders(core_session,
parent_folder_id)
nested_folder_id = nested_folder["Result"]["Results"][0]["Row"]["ID"]
assert nested_folder_id, 'Failed to retrieve nested folder id'
logger.info(f'Nested Folder id:{nested_folder}')
folders_list.append(nested_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Secret deleted successfully: {secrets_list}')
logger.info(f'Added Folders deleted successfully: {folders_list}')
def test_add_to_set_during_secret_creation(core_session, create_set_manual,
pas_general_secrets,
cleanup_secrets_and_folders):
"""test method to add a set while creating a new secret"""
secrets_params = pas_general_secrets
prefix = guid()
set_success, set_id = create_set_manual
secrets_list = cleanup_secrets_and_folders[0]
added_secret_success, added_secret_details, added_secret_id = create_text_secret(
core_session, prefix + secrets_params['secret_name'],
secrets_params['secret_text'], set_id)
logger.info(
f'Added secrets info {added_secret_success, added_secret_details, added_secret_id}'
)
assert added_secret_success, "Adding Secret with set Failed "
assert added_secret_details[
'SetID'] is not None, f"Secret with set not Added successfully:{added_secret_success}"
logger.info(f'secret added with set id:{added_secret_details["SetID"]}')
secrets_list.append(added_secret_id)
logger.info(f'Added Secret deleted successfully{secrets_list}')
def test_a_folder_cannot_have_two_secrets_or_sub_folders_with_the_same_name(
core_session, pas_general_secrets, cleanup_secrets_and_folders):
"""
C3027:test method to
1) add secrets with same name within same folder should fail
2) add sub folder with same name in same path should fail
3) add sub folder with same name (caps) in same path should fail
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
params = pas_general_secrets
secrets_list = cleanup_secrets_and_folders[0]
folders_list = cleanup_secrets_and_folders[1]
prefix = guid()
# Creating secret inside folder
added_secret_success, details, added_secret_id = create_text_secret(
core_session, prefix + params['nested_secret_name'],
params['secret_text'])
assert added_secret_success, f"Adding Secret inside folder Failed:{added_secret_id}"
logger.info(
f'Adding Secret inside folder: {added_secret_success, details, added_secret_id}'
)
secrets_list.append(added_secret_id)
# Getting id of Parent Folder
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_secret_id)
folder_id = get_secret_details['FolderId']
folders_list.append(folder_id)
# Adding secret with same name(caps) in same path should fail
added_secret_success, details, added_secret_id = create_text_secret(
core_session, prefix + params['nested_secret_name_in_caps'],
params['secret_text'])
assert added_secret_success is False, f"Adding same Secret(with caps) successful:{added_secret_id}"
logger.info(
f'Should not add same(caps) secrets: {added_secret_success, details, added_secret_id}'
)
# Creating Sub folder
success, folder_details, nested_folder_id = create_folder(
core_session, prefix + params['sub_folder_name'],
params['description'])
assert success, f'Failed to add sub folder:{folder_details["Message"]}'
logger.info(f'Should able to create sub folder:{success}{folder_details} ')
nested_folder_name = folder_details['Name']
folders_list.append(nested_folder_id)
# Getting details of parent folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
assert parent_folder_id, f'Failed to get parent folder id:{parent_folder_id}'
logger.info(f'Parent Folder details: {parent_folder}')
folders_list.append(parent_folder_id)
# Adding Sub folder with same name in same path should fail
success, folder_details, nested_folder_id = create_folder(
core_session, nested_folder_name, params['description'])
assert success is False, f'Same sub folder is added successfully:{folder_details["Message"]}'
logger.info(f'Should not add same sub folder:{success}')
# Adding Sub folder with same name(caps) in same path should fail
success, folder_details, nested_folder_id = create_folder(
core_session, prefix + params['sub_folder_name_in_caps'],
params['description'])
assert success is False, f'Same sub folder with caps is added successfully:{folder_details["Message"]}'
logger.info(f'Should not add same sub folder with caps:{success} ')
def test_mfa_on_closest_parent_should_override_mfa_on_higher_levels(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy, core_session_unauthorized):
"""
C2982: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
:param core_session_unauthorized: Fixture to start authentication MFA
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
folder_name = folder_params['folder_name_with_frwdslashes'] + suffix
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, folder_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Not Able to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication applies for closest parent,Password Only:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(
f'MFA applies for closest parent,popups before secret gets replaced: {mfa_result}'
)
# Replacing the text of the secret
result = update_secret(core_session,
secret_id,
folder_params['mfa_secret_name_update'] + suffix,
secret_text=folder_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from Nested folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Removing MFA from Parent folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Getting details of the Secret Replaced
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, secret_id)
assert get_secret_text == folder_params['secret_text_replaced'], \
f'Failed to replace the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_retrieve_mfa_on_closest_parent_should_override_mfa(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy):
"""
C283926: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
secret_name = folder_params['folder_name_with_frwdslashes'] + suffix
user_name = core_session.auth_details['User']
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, secret_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Failed to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Failed to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
# Move Secret with Mfa Authentication
retrieve_success, retrieve_result = retrieve_secret_contents(
core_session, secret_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, retrieve_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info(
f'Successfully applied password authentication with closest parent: {mfa_result}'
)
# After Authenticating of MFA move secret with challenge password
retrieve_secret_success, retrieve_secret_result = retrieve_secret_contents_with_mfa(
core_session,
secret_id,
ChallengeStateId=retrieve_result['ChallengeId'])
assert retrieve_secret_success, f'Failed to retrieve secret with closest parent challenge: {retrieve_secret_result}'
logger.info(
f'Successfully retrieved secret with closest parent challenge: {retrieve_secret_result}'
)
# Removing MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA removed on Nested Folder: {result}')
# Removing MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA removed on Parent Folder: {result}')
def test_create_type_secret_at_root_level(core_session, create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
TC ID's :- C283795
test method to add text type secret at root level.
"""
secrets_list = cleanup_secrets_and_folders[0]
secret_details = create_secret_folder
secrets_params = pas_general_secrets
logger.info(
f'Creating secrets with text type secret name : {secret_details["Name"]}'
)
added_text_secret_success, added_text_secret_parameters, added_text_secret_result = create_text_secret(
core_session, secrets_params['secret_name'],
secrets_params['secret_text'], secrets_params['secret_description'])
assert added_text_secret_success, f"Unable to create secret{added_text_secret_result}"
logger.info(
f'Secret Created at root level successfully: {added_text_secret_success}'
)
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_text_secret_result)
logger.info(f'Secret created details: {get_secret_details}')
secrets_list.append(added_text_secret_result)
logger.info(f'Added Secret deleted successfully: {secrets_list}')
def test_privilege_service_user_with_view_permission(core_session, pas_setup,
get_limited_user_module):
"""
Test case: C286564 :- Privilege Service User with view permission should can see the related activity
:param core_session: Authenticated Centrify session
:param pas_setup: fixture to create system with account
:param get_limited_user_module: creating cloud user with "Privileged Access Service Power User" right
"""
system_id, account_id, sys_info = pas_setup
cloud_user_session, cloud_user = get_limited_user_module
username = cloud_user.get_login_name()
user_id = cloud_user.get_id()
# "View" permission to cloud user for system
result, success = ResourceManager.assign_system_permissions(core_session,
"View",
username,
user_id,
pvid=system_id)
assert success, f'failed to assign view permission to user {username} for system {sys_info[0]}'
logger.info(
f'view permission for system {sys_info[0]} assigned to user {username}'
)
# Activity validation of system by cloud user
rows = ResourceManager.get_system_activity(cloud_user_session, system_id)
assert rows[0][
'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on system ' \
f'"{sys_info[0]}"({sys_info[1]})', 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of system {sys_info[0]}'
)
# "View" permission to cloud user for account
result, success = ResourceManager.assign_account_permissions(
core_session, "View", username, user_id, pvid=account_id)
assert success, f'failed to assign permissions "View" to {username} for account {sys_info[4]} ' \
f'for system {sys_info[0]}'
logger.info(
f'View permission for account {sys_info[4]} of system {sys_info[0]} to user {username}'
)
# Activity validation of account by cloud user
activity = RedrockController.get_account_activity(cloud_user_session,
account_id)
assert activity[0][
'Detail'] == f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on local account' \
f' "{sys_info[4]}" for "{sys_info[0]}"({sys_info[1]}) with credential ' \
f'type Password ', 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of account {sys_info[4]} of system {sys_info[0]}'
)
# Created secret
secret_name = f"test_secret{guid()}"
status, parameters, secret_result = create_text_secret(
core_session, secret_name, "test_secret_text")
assert status, f'failed to create secret with returned result: {result}'
logger.info(
f'secret created successfully {result}, returned parameters are {parameters}'
)
# Assigning view permission to secret to cloud user
result, success = set_users_effective_permissions(core_session, username,
"View", user_id,
secret_result)
assert success, f'failed to set permissions of secret for user {username}'
logger.info(
f'successfully granted "View" permission for secret to {secret_name} to user {username}'
)
# Activity validation of secret by cloud user
secret_activity = get_secret_activity(cloud_user_session, secret_result)
assert f'{core_session.auth_details["User"]} granted User "{username}" to have "View" permissions on the ' \
f'secret "{secret_name}"' in secret_activity[0]['Detail'], 'No activity related to view permission found '
logger.info(
f'cloud user {username} can see all the activities of secret of {secret_name}'
)