def test_add_managed_account_without_password_when_policy_is_not_enabled(
core_session, ad_session, domain_config_data,
set_domain_administrative_account, cleanup_accounts):
"""
TC ID: C1332
Add a managed account without password when automatic maintenance policy is not enabled
:param core_session: Centrify authentication session
:param set_domain_administrative_account: Fixture to set administrative account
"""
session, api_user = ad_session
account_list = cleanup_accounts[0]
directory_service_Name, directory_service_Admin_ID, directory_service_ID = set_domain_administrative_account
account_id, success_status = ResourceManager.add_account(
core_session,
api_user.user_input.name,
password='',
ismanaged=True,
domainid=directory_service_ID)
assert success_status is False, f'failed to add account{account_id}'
account_list.append(account_id)
logger.info(
f'Cannot add managed account or update account from un managed to managed without '
f'password as automatic account maintenance is not enabled:{account_id}'
)
def test_update_unmanaged_account(core_session,
set_domain_administrative_account,
cleanup_accounts):
"""
TC ID: C1333, Update an unmanaged account without password to managed when automatic maintenance policy is set as
:param set_domain_administrative_account: To open a browser and login with the admin account
:param core_session: To create a session
"""
directory_service_Name, directory_service_Admin_ID, directory_service_ID = set_domain_administrative_account
accounts_list = cleanup_accounts[0]
unmanaged_account = f'user{guid()}'
account_id, success_status = ResourceManager.add_account(
core_session,
unmanaged_account,
password='',
domainid=directory_service_ID)
assert success_status, f'failed to add account{account_id}'
logger.info(f'Successfully add the account{account_id}')
result, success = ResourceManager.update_account(
core_session,
account_id,
unmanaged_account,
domainid=directory_service_ID,
ismanaged=True)
assert success is False, f'Successfully update the account:{result}'
logger.info(
f'Cannot add managed account or update account from unmanaged to managed '
f'without password as automatic account maintenance is not enabled:{result}'
)
accounts_list.append(account_id)
def test_add_account_without_add_account_permission(core_session,
domain_config_data,
create_domain,
cleanup_accounts):
"""
TC:- C1325 Add account without Add Account permission
Steps for this scenario using API:
1) Add Domain Accounts without Add Account Permission
System configuration received through test_pas_bat_domain.yaml stored in config/tests/PAS/PAS_BAT
"""
user_details = core_session.__dict__
domain_id = create_domain
account_list = cleanup_accounts[0]
assert domain_id, f'failed to create domain with response {domain_id}'
conf = domain_config_data
data = conf['pas_scenario1_new_accounts'][0]
permissions = "Grant,View,Edit,Delete"
result, add_domain_account_success = ResourceManager.set_domain_account_permissions(
core_session,
permissions,
user_details["auth_details"]["User"],
user_details["auth_details"]["UserId"],
pvid=domain_id)
assert add_domain_account_success, f'Failed to set add account permission in the domain {result}'
logger.info(f"add account permission set successfully in the Domain.")
new_account_id, add_account_success = ResourceManager.add_account(
core_session, data['User_name'], data['Password'], domainid=domain_id)
assert add_account_success is False, (
f"Successfully added domain account: {data['User_name']}")
account_list.append(new_account_id)
logger.info(
f"Failed to add Account in the Domain, Add Account permission for this domain is required: {new_account_id}"
)
def test_add_system_account_with_win_rm(core_session, pas_windows_setup):
"""C2536 Add system with managed account with WinRM http setting
validate the added Account with win rm and check out password after 5 minutes"""
# Getting system details.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
True)
# Verifying Default management mode should be 'RpcOverTcp'
system_rows = RedrockController.get_computer_with_ID(
core_session, system_id)
assert system_rows[
'ManagementMode'] == 'RpcOverTcp', "Default Management mode is not RpcOverTcp"
logger.info("Default Management mode is RPC Over TCP")
# Checkout Password
checkout_password_result, checkout_password_success = ResourceManager. \
check_out_password(core_session,
lifetime=1,
accountid=account_id)
assert checkout_password_success, f"Failed to checkout password due to {checkout_password_result}"
logger.info("Password checkout successfully")
assert checkout_password_result[
'Password'] != user_password, "Password is same after adding managed account"
logger.info("Password updated after adding managed account")
success, response = ResourceManager.update_system(
core_session,
system_id,
sys_info[0],
sys_info[1],
'Windows',
proxycollectionlist=connector_id,
chooseConnector="on",
managementmode="WinRMOverHttp")
assert success, "Failed to update system"
logger.info(f"Successfully updated system '{sys_info[0]}'")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
sys_info[6],
password=user_password,
host=system_id,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(f"Successfully added account {sys_info[6]} in the portal")
# Checkout Password after changing management mode to WinRMOverHttp
checkout_password_winrm, checkout_password_success = ResourceManager. \
check_out_password(core_session,
lifetime=1,
accountid=acc_result)
assert checkout_password_success, f"Failed to checkout password due to {checkout_password_winrm}"
logger.info("Password checkout successfully")
assert checkout_password_winrm[
'Password'] != user_password, "Password is same after adding managed account"
logger.info("Password updated after adding managed account")
def test_add_oracle_sap_ase_account_with_double_quotation_mark(
core_session, database_config, add_database_with_account):
"""
Test case: C1148
:param core_session: Centrify authenticated session
:param add_database_with_account: fixture to create database with account as optional
:param core_admin_ui: Centrify authenticated ui session
"""
# Create a oracle DB with account.
db_name, db_id, db_account_id, db_data, database_cleaner_list, account_cleaner_list = \
add_database_with_account(db_class='oracle', add_account=False)
logger.info(f"Successfully created oracle Database: {db_name}")
# Create a SAP DB with account.
sap_db_name, sap_db_id, db_account_id, sap_db_data, database_cleaner_list, account_cleaner_list = \
add_database_with_account(db_class='sapase', add_account=False)
logger.info(f"Successfully created sap Database: {sap_db_name}")
ora_account = f'"{db_data["db_account"]}"'
sp_account = f'"{sap_db_data["db_account"]}"'
# trying to add Oracle db account with using of double quote string
db_account_id, status = ResourceManager.add_account(
core_session,
user=ora_account,
password=db_data['password'],
ismanaged=db_data['is_managed'],
description=db_data['account_desc'],
databaseid=db_id)
assert status is False, f'able to add account in database {db_data["db_name"]}, returned status is {status} ' \
f'and id is: {db_account_id}'
logger.info(f"Failed to add account in oracle Database: {db_name}")
# trying to add sap db account with using of double quote string
db_account_id, status = ResourceManager.add_account(
core_session,
user=sp_account,
password=sap_db_data['password'],
ismanaged=sap_db_data['is_managed'],
description=sap_db_data['account_desc'],
databaseid=sap_db_id)
assert status is False, \
f'failed to add account in database {sap_db_name}, ' \
f'returned status is {status} and id is {sap_db_id}'
logger.info(f"Failed to add account in sap Database: {sap_db_name}")
def test_delete_accounts(core_session, pas_config, remote_users_qty1,
cleanup_resources):
"""
TC C283234: Delete accounts.
:param cleanup_resources: cleanup for systems.
:param core_session: Authenticates API session
:param pas_config: returns yaml object
:param remote_users_qty1: Creates account in target system.
:param cleanup_resources:clean up system.
"""
# Clean up system
systems_list = cleanup_resources[0]
# Getting system details.
sys_name = f"{'Win-2012'}{guid()}"
sys_details = pas_config
sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN']
add_user_in_target_system = remote_users_qty1
user_password = '******'
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, sys_fqdn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
systems_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
# Delete Account.
del_account_result, del_account_success = ResourceManager.del_account(
core_session, acc_result)
assert del_account_success, f'Failed to delete account:API response result:{del_account_result}'
logger.info(f"Successfully deleted account:{del_account_result}")
# Getting deletion activity.
sys_activity = ResourceManager.get_system_activity(core_session,
add_sys_result)
assert f'{core_session.auth_details["User"]} deleted local account "{add_user_in_target_system[0]}" for' \
f' "{sys_name}"({sys_fqdn}) with credential type Password' in \
sys_activity[0]['Detail'], f"Failed to get the delete account activity:API response result:{sys_activity}"
logger.info(
f"Successfully found deletion activity in system activity:{sys_activity}"
)
def test_add_system_with_root_with_managed_proxy_account(
core_session, unix_machine_environment_config,
cleanup_resources_with_admin, cleanup_accounts, create_unix_users,
ssh_session_as_root):
"""
Test case : C279340
:param ssh_session_as_root: session to create a user_account in unix
:param cleanup_accounts: to delete all accounts
:param cleanup_resources_with_admin: to delete the all the systems from portal
:param unix_machine_environment_config: to get the unix system details
:param core_session: Centrify session manager
:param create_unix_users: fixture that provide created unix system data
"""
systems_list = cleanup_resources_with_admin
accounts_list = cleanup_accounts[0]
conf = unix_machine_environment_config
hostname = conf['host'] + "_" + Util.random_string(5)
# add users on target system
users = create_unix_users(ssh_session_as_root, "manage-unix", 2)
logger.info("Users created " + str(len(users)))
proxy_user = users[0]
accountuser = users[1]
new_system_id, add_system_success = ResourceManager.add_system(
core_session, hostname, conf["ipaddress"], "Unix", "Ssh",
"Unix system")
assert add_system_success, "Add System Failed"
logger.info(f"Added system Id {new_system_id}")
systems_list.append(new_system_id)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
new_system_id,
hostname,
conf["ipaddress"],
'Unix',
proxyuser=proxy_user['Name'],
proxyuserpassword=proxy_user['Password'],
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
admin_account_id, add_account_success = ResourceManager.add_account(
core_session, accountuser['Name'], accountuser['Password'],
new_system_id)
assert add_account_success, "Failed to create Account user: root"
logger.info(f"Added root Account. Id {admin_account_id}")
accounts_list.append(admin_account_id)
# Get computer details for update
result = RedrockController.get_system(core_session, new_system_id)
system = result[0]["Row"]
is_managed = system['ProxyUserIsManaged']
assert is_managed, f"Added account is not managed account"
def test_add_unmanaged_account_using_unlock_account_permission(
core_session, domain_config_data, get_admin_user_module,
cleanup_accounts):
"""
Steps for this scenario using API:
1)Get the domain that needs to be added managed account with add account permission
2)Set the domain account permission
3)Add unmanaged account in that particular domain
"""
conf = domain_config_data
limited_sesh, limited_user = get_admin_user_module
name = conf['pas_bat_scenario1_infrastructure_data'][0]
data = conf['pas_scenario1_new_accounts'][0]
script = "Select * FROM VaultDomain"
account_name = f'{data["User_name"]}{guid()}'
account_list = cleanup_accounts[0]
request = RedrockController.redrock_query(core_session, script)
for directory_service in request:
if directory_service['Row']['Name'] == name["Domain_name2"]:
directory_service = directory_service['Row']['ID']
break
permissions = "Grant,View,Edit,Delete,AddAccount,UnlockAccount"
result, add_domain_account_success = ResourceManager.set_domain_account_permissions(
core_session,
permissions,
limited_user.get_login_name(),
limited_user.get_id(),
id=directory_service,
pvid=directory_service,
rowkey=directory_service)
assert add_domain_account_success, f'Failed to set add account permission in the domain {result}'
logger.info(f"add account permission set successfully in the Domain.")
request, add_account_success = ResourceManager.add_account(
core_session,
account_name,
data["Password"],
ismanaged=data["Ismanaged"],
domainid=directory_service,
description=None)
assert add_account_success, f'Failed to set unmanaged account in the domain {request}'
logger.info(f"unmanaged account set successfully in the Domain.")
account_list.append(request)
result = ResourceManager.del_account(core_session, request)
assert result, f'failed to delete account with response {result}'
logger.info(f"unmanaged account deleted successfully in the Domain.")
def test_add_managed_account(core_session, unix_machine_environment_config,
ssh_session_as_root, create_unix_users,
cleanup_resources_with_admin, cleanup_accounts):
"""
Test case: C279345
:param core_session: Centrify session
:param ssh_session_as_root: session to create a user_account in unix
:param cleanup_accounts: to delete all accounts
:param cleanup_resources_with_admin: to delete the all the systems from portal
:param unix_machine_environment_config: to get the unix system details
:param create_unix_users: add system with account and yeild system ID, account ID, and system information
"""
systems_list = cleanup_resources_with_admin
accounts_list = cleanup_accounts[0]
conf = unix_machine_environment_config
hostname = conf['host'] + "_" + Util.random_string(5)
# add users on target system
users = create_unix_users(ssh_session_as_root, "manage-unix", 1)
logger.info("Users created " + str(len(users)))
accountuser = users[0]
new_system_id, add_system_success = ResourceManager.add_system(
core_session, hostname, conf["ipaddress"], "Unix", "Ssh",
"Unix system")
assert add_system_success, "Add System Failed"
logger.info(f"Added system Id {new_system_id}")
systems_list.append(new_system_id)
admin_account_id, add_account_success = ResourceManager.add_account(
core_session,
accountuser['Name'],
accountuser['Password'],
new_system_id,
ismanaged=True)
assert add_account_success, "Failed to create Account user: root"
logger.info(f"Added root Account. Id {admin_account_id}")
accounts_list.append(admin_account_id)
# Fetching account information to validate desired account is managed or not
result, status = ResourceManager.get_account_information(
core_session, admin_account_id)
assert status, f"failed to retrieve account information, returned result is {result}"
is_managed = result['VaultAccount']['Row']['IsManaged']
assert is_managed, "Added account is not managed account"
def test_check_button_status_after_canceling_account_deleted(
core_session, add_single_system, pas_config, users_and_roles):
"""
TC:C2217 Check button status after canceling account deleted with user who just has Delete permission.
:param core_session: Returns a API session.
:param add_single_system: Returns a fixture.
:param users_and_roles: Fixture to manage roles and user.
:param pas_config: Read yaml data.
"""
# Creating a system.
created_system_id, system_details = add_single_system
# Creating a account.
payload_data = pas_config['Windows_infrastructure_data']
account_id, account_success = ResourceManager.add_account(
core_session, payload_data['account_name'], payload_data['password'],
created_system_id, payload_data['account_type'])
assert account_success, f'Failed to create account: API response result:{account_id}'
logger.info(f'Successfully created account:{account_id}')
# Cloud user session with "Privileged Access Service Power User".
cloud_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
user_name = cloud_user_session.auth_details['User']
user_id = cloud_user_session.auth_details['UserId']
# Assigning account "Delete" permission.
assign_account_result, assign_account_success = ResourceManager.assign_account_permissions(
core_session, "Delete", user_name, user_id, 'User')
assert assign_account_success, f"Failed to assign account permissions: API response result: {assign_account_result}"
logger.info(
f'Successfully assigned "Delete" permission to user:{assign_account_result}.'
)
# Deleting a account by cloud user.
del_account_result, del_account_success = ResourceManager.del_account(
cloud_user_session, account_id)
assert del_account_success, f"Could not delete account:API response result:{del_account_result}"
logger.info(f"Successfully deleted account: {del_account_result}")
def test_create_domain_account(core_session, create_domain,
domain_config_data):
"""
Steps for this scenario using API:
1) Add new Domain
2) Add new Domain Accounts
System configuration received through test_pas_bat_domain.yaml stored in config/tests/PAS/PAS_BAT
"""
domain_id = create_domain
conf = domain_config_data
data = conf['pas_scenario1_new_accounts'][0]
new_account_id, add_account_success = ResourceManager.add_account(
core_session,
data['User_name'],
data['Password'],
domainid=domain_id,
description="This domain should be "
"removed by test automation.")
assert add_account_success, f"Failed to add Domain account: {data['User_name']}"
logger.info(f"domain account added successfully: {new_account_id}")
result = ResourceManager.del_account(core_session, new_account_id)
assert result, f'failed to delete account with response {result}'
def test_verify_rule_work_correct(core_session, cleanup_accounts,
create_basic_pass_profile, pas_setup,
remote_users_qty1, cleanup_password_profile):
"""
TC C281498: Verify the rule (Min number of non-alpha characters)
:param core_session: Authenticates API session
:param create_basic_pass_profile: Creates a password profile
:param pas_setup: Creates system and account
:param remote_users_qty1: Creates account in target system
:param cleanup_password_profile: Deletes password profile
:param cleanup_accounts: Deletes Account
"""
accounts_list = cleanup_accounts[0]
added_system_id, account_id, sys_info = pas_setup
logger.info(
f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} "
f"with UUID: {account_id} associated with it.")
profile_list = cleanup_password_profile
# Adding user in target machine
add_user_in_target_system = remote_users_qty1
user_password = "******"
# Adding account in portal
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=added_system_id,
ismanaged=True)
assert acc_success, f"Failed to add account: {acc_result}"
logger.info("Successfully added account in system")
# Cleanup Account
accounts_list.append(acc_result)
# Creating Password Profile
profile = create_basic_pass_profile(core_session, 1)[0]
profile_name_cps = profile[0]['Name']
cps_prof_id = profile[0]['_RowKey']
# Deleting Password Profile
profile_list.append(cps_prof_id)
cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id(
core_session, cps_prof_id)
assert cps_prof_success, f"Failed to create Profile due to {cps_prof_result}"
logger.info(f'System successfully updated with result: {cps_prof_result}')
# Updating Password Profile
update_cps_prof_success = ResourceManager.update_password_profile(
core_session,
cps_prof_id,
profile_name_cps,
8,
20,
one_lwr_case=False,
one_upp_case=False,
one_digit=False,
consecutive_chars=False,
one_special_char=False,
min_alphabetic_char=5,
max_alphabetic_char=3,
)
assert update_cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user"
logger.info(f'Profile {profile_name_cps} successfully updated')
cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id(
core_session, cps_prof_id)
assert cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user"
assert cps_prof_result['MinimumPasswordLength'] == 8, \
f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MinimumPasswordLength']} " \
f"instead of 8"
logger.info("Successfully updated minimum password length as 8")
assert cps_prof_result['MaximumPasswordLength'] == 20, \
f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MaximumPasswordLength']} " \
f"instead of 20"
logger.info("Successfully updated minimum password length as 20")
assert cps_prof_result['MinimumAlphabeticCharacterCount'] == 5, \
f"Getting Min Password length for Profile {cps_prof_id} is " \
f"{cps_prof_result['MinimumAlphabeticCharacterCount']} instead of 5"
logger.info("Updated Minimum Alphabetic Character Count successfully")
assert cps_prof_result['MinimumNonAlphabeticCharacterCount'] == 3, \
f"Getting Min Password length for Profile {cps_prof_id} is " \
f"{cps_prof_result['MinimumNonAlphabeticCharacterCount']} instead of 3"
logger.info("Updated Minimum Alphabetic Character Count successfully")
update_result, update_success = ResourceManager.update_system(
core_session,
added_system_id,
sys_info[0],
sys_info[1],
sys_info[2],
passwordprofileid=cps_prof_id)
assert update_success, f"Failed to update system sue to {update_result}"
logger.info(f"Successfully update system {sys_info[0]}")
# Rotate Password
rotate_password_result, rotate_password_success = ResourceManager.rotate_password(
core_session, acc_result)
assert rotate_password_success, f"Failed to rotate password due to {rotate_password_result}"
logger.info("Rotate password successfully")
# Checkout Password
check_out_password_result, check_out_password_success = ResourceManager.check_out_password(
core_session, lifetime=1, accountid=acc_result)
assert check_out_password_success, f"Failed to checkout password due to {check_out_password_result}"
logger.info("Password checkout successfully")
# Getting password value after checkout
co_password_value = check_out_password_result['Password']
# Finding all non alpha characters after check out password
get_non_alpha_characters = re.findall('[^a-zA-Z]', co_password_value)
assert len(
get_non_alpha_characters
) >= 3, "Length of Minimum Alphabetic Character Count is less than 3"
logger.info(
"Minimum Non Alphabetic Character Count is greater than or equal to 3")
# Removing Password Profile from system so that profile can be deleted
update_result, update_success = ResourceManager.update_system(
core_session,
added_system_id,
sys_info[0],
sys_info[1],
sys_info[2],
passwordprofileid=None)
assert update_success, f"Failed to remove password profile from system {sys_info[0]}"
logger.info(
f"Successfully removed password profile from system {sys_info[0]}")
def test_checkout_password(core_session, pas_config, cleanup_resources,
cleanup_accounts, remote_users_qty1):
"""TC C2554 - Checkout password for a windows managed account from Accounts page
trying to Checkout password for a windows managed account from Accounts page
Steps:
Pre: Create system with 1 manage account hand
1. Try to Checkout password for an account
-Assert Failure
2. Try to check my password checkouts in workspace
-Assert Failure
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
success, response = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='RpcOverTcp')
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{add_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, add_user_in_target_system[0])
assert server_id == add_sys_result, "Server was not created"
assert acc_id == acc_result, "Account was not created"
res, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Failed to add account in the portal: {res}"
password_checkout_result, password_checkout_success = \
ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
assert password_checkout_result['Password'] != user_password, \
f"expected password equal to actual password: {password_checkout_result}"
logger.info(
f"password successfully checkout Account password: {password_checkout_result}"
)
my_password_checkout = RedrockController.get_total_checkouts(core_session)
created_date_json = str(my_password_checkout[0]['LoanDate'])
ResourceManager.get_date(created_date_json)
check_out_details = []
for i in my_password_checkout:
if i['Summary'] in f'{add_user_in_target_system[0]} ({sys_name})':
check_out_details.append(i['Summary'])
assert check_out_details[0] == f'{add_user_in_target_system[0]} ({sys_name})',\
"fail to checkout password from workspace"
logger.info(
f"password successfully checkout Account password::{my_password_checkout}"
)
accounts_list.append(acc_result)
password_check_in_result, password_check_in_success = ResourceManager.check_in_password(
core_session, coid=password_checkout_result['COID'])
assert password_check_in_success, f"password check-in Failed. API response result: {password_check_in_result}"
logger.info(
f"password successfully check in for account: {add_user_in_target_system[0]}"
)
def test_cloud_admin_login_from_my_system_account(core_session, pas_config,
core_admin_ui,
cleanup_accounts,
cleanup_resources,
remote_users_qty1):
"""
Test case: C14831
:param core_session: centrify session
:param core_admin_ui: Centrify UI session
"""
maximum_event_wait_time = 120
account_list = cleanup_accounts[0]
system_list = cleanup_resources[0]
systems = ServerManager.get_all_resources(core_session)
accounts = ServerManager.get_all_accounts(core_session)
for system in systems:
system_list.append(system['ID'])
for account in accounts:
account_list.append(account['ID'])
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
ui = core_admin_ui
admin_user_uuid = UserManager.get_user_id(
core_session, ui.user.centrify_user["Username"])
# assigning cloud admin workspace login permission
rights = "View,Login,UserPortalLogin"
result, status = ResourceManager.assign_account_permissions(
core_session,
rights,
ui.user.centrify_user["Username"],
admin_user_uuid,
pvid=acc_result)
assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \
f'returned result is: {result}'
# Updating allow remote to enable RDP session for targeted system
result, success = ResourceManager.update_system(core_session,
add_sys_result,
sys_name,
fdqn,
"Windows",
allowremote=True)
assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}'
ui.navigate(('Workspace', 'My System Accounts'))
ui.expect(
GridRow(sys_name),
f'Expected to find system {sys_name} in My System Account but did not')
ui.right_click_action(GridRow(sys_name), 'Login')
ui.switch_to_pop_up_window()
ui.expect_disappear(
LoadingMask(),
'Error occurred while launching workspace login session',
time_to_wait=250)
ui.switch_to_main_window()
# wait for manged password change event
filter = [['AccountName', add_user_in_target_system[0]]]
RedrockController.wait_for_event_by_type_filter(
core_session,
"Cloud.Server.LocalAccount.RDPSession.Start",
filter=filter,
maximum_wait_second=maximum_event_wait_time) # wait for 20 seonds
# Api call to get details of account active session
status, result = ResourceManager.get_my_active_sessions(
core_session, acc_result)
assert status, f'failed to retrieve details for active account session data, return result is {result}'
logger.info(
f'details for active account {add_user_in_target_system[0]} are {result}'
)
ui.navigate('Resources', 'Systems')
ui.search(sys_name)
ui.expect(GridRowByGuid(add_sys_result),
expectation_message=
f'failed to search for the system by id {add_sys_result}')
ui.click_row(GridRowByGuid(add_sys_result))
# fetching Active session value from system view page
ui.inner_text_of_element(ActiveSessionTextCount(),
expectation_message='1',
warning_message="RDP Not taken from user")
logger.info(f'Active session value incremented to 1: Active Sessions:1')
def test_update_manage_proxy_account(pas_config, core_session, winrm_engine,
remote_users_qty3, test_proxy,
cleanup_accounts, cleanup_resources):
"""
TC: C2549 - Update managed account with using proxy account
trying to Update managed account with using proxy account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to update invalid password for proxy account
-Assert Failure
2. Try to update valid password for proxy account
-Assert Failure
3. Try to check activity log's
-Assert Failure
4. Try to check password history
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
user_password = '******'
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Update system with proxy user password.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=guid(),
proxyuserismanaged=True)
assert update_sys_result is False, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
# set a different password for the user
update_user_password(winrm_engine, add_user_in_target_system[1],
user_password)
user_name = core_session.get_user().get_login_name()
# rotate password for manage account
result, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Did not Rotate Password {result}"
logger.info(
f'account activity logs for un manage account API response:{result}')
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert success, f"Did not retrieve password {result}"
logger.info(
f'account activity logs for un manage account API response:{result}')
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in \
row[0]['Detail'], "user not able to update un managed account password"
logger.info(
f'account activity logs for un manage account API response:{row}')
query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \
f"'{acc_result}' and StateUpdatedBy='{user_name}' and State='Retired'"
password_history = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))[0]
assert len(
password_history
) > 0, f"Password history table did not update {password_history}"
logger.info(f'Password history table API response:{password_history}')
def test_update_manage_account_win_rm(pas_config, winrm_engine, core_session,
remote_users_qty1, cleanup_accounts,
test_proxy, cleanup_resources):
"""
:param pas_config: to get the data from yaml files.
:param remote_users_qty1: to create a manage account in windows system
:param cleanup_resources: cleanup the system from portal
:param cleanup_accounts: cleanup the accounts from portal
:param winrm_engine: session to update manage account
:param core_session: Authenticated Centrify Session.
TC: C2551 - Update managed account password with winRM https configured
trying to Update managed account password with winRM https configured
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to update invalid password for manage account
-Assert Failure
"""
sys_details = pas_config
system_data_values = sys_details['Windows_infrastructure_data']
add_user_in_target_system = remote_users_qty1
password = "******"
# set a different password for the user
update_user_password(winrm_engine, add_user_in_target_system[0], password)
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, system_data_values['FQDN'], 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with management mode 'WinRMOverHttp'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
system_data_values['FQDN'],
'Windows',
managementmode='WinRMOverHttps')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
managementMode = RedrockController.get_computer_with_ID(
core_session, add_sys_result)
assert managementMode['ManagementMode'] == "WinRMOverHttps", \
f"management mode is failed because of system doesnt have proxy account. API response result: {managementMode}"
logger.info(
f"Fetch management mode successfully: {managementMode['ManagementMode']}"
)
Result, success = ResourceManager.update_password(core_session, acc_result,
guid())
assert success is False, f"Did not update password {Result}"
logger.info(f"user not able to update password API response: {Result}")
def test_rotate_password(core_session, pas_config, remote_users_qty3,
test_proxy, cleanup_resources, cleanup_accounts):
"""
TC: C2577 - Rotate Password for managed account
trying to Rotate Password for managed account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to rotate password
-Assert Failure
2. Try to check activity of manage account
-Assert Failure
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
user_name = core_session.get_user().get_login_name()
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
# Update system with management mode 'Smb'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='Smb')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
result, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Did not rotate password, API response: {result}"
logger.info(f"User able to rotate the password: {result}")
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} rotated local account "{add_user_in_target_system[0]}" credential for "{sys_name}"({fdqn})' \
in row[0]['Detail'], "Did not retrieve the activity of rotate password"
logger.info(f"User able to get the activity: {row[0]['Detail']}")
accounts_list.append(acc_result)
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1,
cleanup_resources, cleanup_accounts,
core_admin_ui):
"""C2541 Settings on Policy page
trying to get rdp through system account with in 15 minute
Steps:
Pre: Create system with 1 account hand
1. Try to take rdp for system
-Assert Failure
2. Try to checkout password for account
-Assert Failure
"""
core_ui = core_admin_ui
user_name = core_ui.get_user().get_login_name()
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
success, response = ResourceManager.update_system(core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
allowremote=True,
defaultcheckouttime=15)
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{add_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
core_ui.navigate('Resources', 'Accounts')
core_ui.search(add_user_in_target_system[0])
core_ui.right_click_action(GridRowByGuid(acc_result), 'Login')
core_ui.switch_to_pop_up_window()
core_ui.expect_disappear(
LoadingMask(),
f'RDP session never exited loading state for system {sys_name}',
time_to_wait=50)
core_ui.switch_to_main_window()
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \
f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp"
password_checkout_result, password_checkout_success = \
ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
new_cid = password_checkout_result['COID']
assert password_checkout_result['Password'] is not user_password, \
f"expected password equal to actual password: {password_checkout_result}"
logger.info(f"password successfully checkout Account password: {new_cid}")
def test_add_unmanaged_account_for_database(core_session,
add_database_with_account,
cleanup_accounts):
"""
Test case: C1092 - Add an un manage account for Database
:param core_session: Centrify authenticated session
:param add_database_with_account: fixture to create database in portal with account if required
:param core_admin_ui: Centrify authenticated ui session
"""
accounts_list = cleanup_accounts[0]
db_name, db_id, db_account_id, db_data, database_cleaner_list, account_cleaner_list = \
add_database_with_account(db_class='oracle', add_account=True)
sql_db_name, sql_db_id, sql_db_account_id, sql_db_data, sql_database_cleaner_list, sql_account_cleaner_list = \
add_database_with_account(db_class='sql', add_account=True)
db_account1, db_account2 = 'TEST_ACCOUNT1', 'test_account1'
# Creates a account on an existing database. (Connector required)
database_account_id, database_account_success = ResourceManager.add_account(
core_session,
user=db_account1,
password='******',
ismanaged=False,
databaseid=db_id)
assert database_account_success, f"Adding database account failed with API response Result:" \
f"{database_account_id}"
logger.info(
f"Managed database account added successfully with API response result : {database_account_id}"
)
accounts_list.append(database_account_id)
# try to add Duplicate account
database_account_id, database_account_success = ResourceManager.add_account(
core_session,
user=db_account2,
password='******',
ismanaged=False,
databaseid=db_id)
assert database_account_success is False, f"Adding database account with API response Result:" \
f"{database_account_id}"
logger.info(
f"Managed database account not added successfully with API response result : {database_account_id}"
)
# Creates a account on an existing database. (Connector required)
database_account_id, database_account_success = ResourceManager.add_account(
core_session,
user=db_account1,
password='******',
ismanaged=False,
databaseid=sql_db_id)
assert database_account_success, f"Adding database account failed with API response Result:" \
f"{database_account_id}"
logger.info(
f"Managed database account added successfully with API response result : {database_account_id}"
)
accounts_list.append(database_account_id)
# try to add Duplicate account
database_account_id, database_account_success = ResourceManager.add_account(
core_session,
user=db_account2,
password='******',
ismanaged=False,
databaseid=sql_db_id)
assert database_account_success is False, f"Adding database account with API response Result:" \
f"{database_account_id}"
logger.info(
f"database account not added with API response result : {database_account_id}"
)
def test_add_manage_account_with_proxy_account(core_session, pas_config,
remote_users_qty3,
cleanup_resources,
cleanup_accounts, test_proxy):
"""
TC: C2574 - Add system with managed account using proxy account
trying to Add system with managed account using proxy account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to checkout password
-Assert Failure
2. Try to check activity of manage account
-Assert Failure
"""
user_name = core_session.get_user().get_login_name()
logger.info(f'core sessoin user {core_session.get_user()}')
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Update system with management mode 'Smb'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='Smb')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, add_user_in_target_system[0])
assert server_id == add_sys_result, "Server was not created"
assert acc_id == acc_result, "Account was not created"
res, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Failed to add account in the portal: {res}"
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert result['Password'] != "Hello123", \
f"password checkout Failed. API response result: {result}"
logger.info(
f"password successfully checkout Account password: {result['COID']}")
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \
"Did not retrieve the activity of rotate password"
logger.info(f"User able to get the activity logs: {row[0]['Detail']}")
accounts_list.append(acc_result)
def test_add_account_existing_system(core_session, pas_config,
remote_users_qty1, test_proxy,
cleanup_resources, cleanup_accounts):
"""
TC: C2575 - Add managed account to existing system
trying to Add managed account to existing system
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to checkout password
-Assert Failure
2. Try to check activity of manage account
-Assert Failure
"""
user_details = core_session.__dict__['auth_details']
user_name = core_session.get_user().get_login_name()
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
rights = "Owner,View,Manage,Delete,Login,Naked,RotatePassword,FileTransfer"
result, success = ResourceManager.assign_account_permissions(
core_session,
rights,
user_details['User'],
user_details['UserId'],
pvid=acc_result)
assert success, f"Did not rotate password, API response: {result}"
# Update system with management mode 'Smb'.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
managementmode='Smb')
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
res, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Failed to add account in the portal: {res}"
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert result['Password'] != "Hello123", \
f"password checkout Failed. API response result: {result}"
logger.info(
f"password successfully checkout Account password: {result['COID']}")
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in row[0]['Detail'], \
"Did not retrieve the activity of rotate password"
logger.info(f"User able to get the activity logs: {row[0]['Detail']}")
accounts_list.append(acc_result)
def test_Change_Account_managed(core_session, pas_config, remote_users_qty1,
detect_proxy):
"""
:param core_session: Authenticated Centrify Session.
:param pas_config: fixture reading data from resources_data.yaml file.
TC: C2544 - Change Account to be a managed account and verify password changed in 5 minutes
trying to validate the added manage Account password Activity log's
Steps:
1. Try to add a system along with an manage account
-Assert Failure
2. Try to check in the account password is rotated
-Assert Failure
3. Try to validate account activity log's
"""
user = core_session.get_user()
user_name = user.get_login_name()
sys_name = f"Automatedsystem{guid()}"
res_data = pas_config
user = remote_users_qty1
sys_result, status = ResourceManager.add_system(
core_session, sys_name,
res_data['Windows_infrastructure_data']['FQDN'], 'Windows', "Rdp")
assert status, f"failed to add system"
success, response = ResourceManager.update_system(
core_session,
sys_result,
sys_name,
res_data['Windows_infrastructure_data']['FQDN'],
'Windows',
managementmode='RpcOverTcp')
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{response}")
account_id, status = ResourceManager.add_account(core_session, user[0],
'Hello123', sys_result)
assert status, f'failed to add account'
success, response = ResourceManager.update_account(core_session,
account_id,
user[0],
host=sys_result,
ismanaged=True)
assert success, f'Updating account failed. API response: {response}'
server_id = ResourceManager.wait_for_server_to_exist_return_id(
core_session, sys_name)
acc_id = ResourceManager.wait_for_account_to_exist_return_id(
core_session, user[0])
assert server_id == sys_result, "Server was not created"
assert acc_id == account_id, "Account was not created"
res, success = ResourceManager.rotate_password(core_session, account_id)
assert success, f"Failed to add account in the portal: {res}"
checkout_password, response = ResourceManager.check_out_password(
core_session, 1, accountid=account_id)
assert checkout_password[
'Password'] != 'Hello123', f'Checkout Password Failed. API response: {response}'
row = ResourceManager.get_system_activity(core_session, sys_result)
checkout_activity = row[0]['Detail']
created_date_json = str(row[0]['When'])
ResourceManager.get_date(created_date_json)
assert f'{user_name} checked out local account "{user[0]}" password for system "{sys_name}"' \
f'({res_data["Windows_infrastructure_data"]["FQDN"]})' == checkout_activity, "No system activity data "
logger.info(f"account activity list:{row}")
def test_system_local_account_level(core_session, pas_config,
remote_users_qty1, cleanup_accounts,
cleanup_resources):
"""
TC C282671: System Local Account Level.
:param cleanup_resources: cleanup for systems.
:param core_session: Authenticates API session
:param pas_config: returns yaml object
:param remote_users_qty1: Creates account in target system.
:param cleanup_accounts: cleanup for account.
"""
systems_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f"{'Win-2012'}{guid()}"
sys_details = pas_config
sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN']
add_user_in_target_system = remote_users_qty1
user_password = '******'
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, sys_fqdn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
systems_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
# Setting the lifetime checkout for account to 15 min.
default_checkout_lifetime = 15
updated_account_result, update_account_success = \
ResourceManager.update_account(core_session,
acc_result,
add_user_in_target_system[0],
host=add_sys_result,
default_checkout_time=default_checkout_lifetime)
assert update_account_success, f"Failed to add default checkout time: API response result:{updated_account_result}"
logger.info(
f'Successfully added default checkout time: {updated_account_result}"')
# Setting the lifetime checkout for system to 60 min.
updated_sys_result, update_sys_success = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
sys_fqdn,
'Windows',
defaultcheckouttime=60)
assert update_sys_success, f"Failed to add default checkout time: API response result:{updated_account_result}"
logger.info(
f'Successfully added default checkout time: {updated_sys_result}"')
# Checking the default account password set to default ie 60 min.
default_account_password_chk_lifetime = 60
results, success = ServerManager.get_server_settings(core_session,
key='policy')
assert results['DefaultCheckoutTime'] == default_account_password_chk_lifetime, \
f"account password checkout lifetime is not {default_account_password_chk_lifetime} "
# Checkout account.
checkout_result, checkout_success = ResourceManager.check_out_password(
core_session, 15, acc_result)
assert checkout_success, f"Fail to checkout account : {acc_result} : API response " \
f"result: {checkout_result}"
logger.info(f"Successfully checked account : {checkout_result}")
# Checking the checkout in the workspace and validating the checkout lifetime.
checkout_remaining_time = str(default_checkout_lifetime - 1)
checkout_accounts = RedrockController.get_password_checkout_from_workspace(
core_session, core_session.auth_details['UserId'])
for checkout_account in checkout_accounts:
if checkout_account['ID'] == checkout_result['COID']:
assert checkout_account['Remaining'].split()[0] == checkout_remaining_time,\
f"Fail to find the remaining checkout time equal to {checkout_remaining_time} "
logger.info(
" Successfully found the checkout activity in workspace.")
# Trying to checkout once again,expecting a null checkout ID.
failed_checkout_result, failed_checkout_success = ResourceManager.check_out_password(
core_session, 15, acc_result)
assert failed_checkout_result['COID'] is None, f"checkout account ID generated for : " \
f"{add_user_in_target_system[0]}:" \
f"API response result: {failed_checkout_result}"
logger.info(f"Check in option is action enable : {failed_checkout_result}")
# Checking out checkout activity.
acc_activity = RedrockController.get_account_activity(
core_session, acc_result)
assert f'{core_session.auth_details["User"]} checked out local account "{add_user_in_target_system[0]}" password ' \
f'for system "{sys_name}"({sys_fqdn})' in \
acc_activity[0]['Detail'], f"no activity of checkout found for account {add_user_in_target_system[0]}"
logger.info(
f"There is a checkout record for the account {add_user_in_target_system[0]} in activity"
)
def test_verify_rule_restrict_character(core_session, cleanup_accounts,
create_basic_pass_profile, pas_setup,
remote_users_qty1):
"""
TC C281499: Verify the rule(Restrict number of character occurrences) work correct
:param core_session: Authenticates API session
:param create_basic_pass_profile: Creates a password profile
:param pas_setup: Creates system and account
:param remote_users_qty1: Creates account in target system
:param cleanup_accounts: Deletes Accounts
"""
accounts_list = cleanup_accounts[0]
added_system_id, account_id, sys_info = pas_setup
logger.info(
f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} "
f"with UUID: {account_id} associated with it.")
# Adding user in target machine
add_user_in_target_system = remote_users_qty1
user_password = "******"
# Adding account in portal
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=added_system_id,
ismanaged=True)
assert acc_success, f"Failed to add account: {acc_result}"
logger.info("Successfully added account in system")
# Cleanup Account
accounts_list.append(acc_result)
# Creating Password Profile
profile = create_basic_pass_profile(core_session, 1)[0]
profile_name_cps = profile[0]['Name']
cps_prof_id = profile[0]['_RowKey']
cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id(
core_session, cps_prof_id)
assert cps_prof_success, f"Failed to create Profile due to {cps_prof_result}"
logger.info(f'System successfully updated with result: {cps_prof_result}')
# Updating Password Profile
update_cps_prof_success = ResourceManager.update_password_profile(
core_session,
cps_prof_id,
profile_name_cps,
58,
128,
one_lwr_case=False,
one_upp_case=False,
one_digit=False,
consecutive_chars=False,
one_special_char=False,
min_alphabetic_char=5,
max_alphabetic_char=3,
restrict_occurrence=1)
assert update_cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user"
logger.info(f'Profile {profile_name_cps} successfully updated')
cps_prof_result, cps_prof_success = ResourceManager.get_password_profile_by_id(
core_session, cps_prof_id)
assert cps_prof_success, f"Getting Password Profile Failed for Profile {cps_prof_id} for core user"
assert cps_prof_result['MinimumPasswordLength'] == 58, \
f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MinimumPasswordLength']} " \
f"instead of 8"
logger.info("Successfully updated minimum password length as 8")
assert cps_prof_result['MaximumPasswordLength'] == 128, \
f"Getting Min Password length for Profile {cps_prof_id} is {cps_prof_result['MaximumPasswordLength']} " \
f"instead of 20"
logger.info("Successfully updated minimum password length as 20")
assert cps_prof_result['MinimumAlphabeticCharacterCount'] == 5, \
f"Getting Min Password length for Profile {cps_prof_id} is " \
f"{cps_prof_result['MinimumAlphabeticCharacterCount']} instead of 5"
logger.info("Updated Minimum Alphabetic Character Count successfully")
assert cps_prof_result['MinimumNonAlphabeticCharacterCount'] == 3, \
f"Getting Min Password length for Profile {cps_prof_id} is " \
f"{cps_prof_result['MinimumNonAlphabeticCharacterCount']} instead of 3"
logger.info("Updated Minimum Alphabetic Character Count successfully")
assert cps_prof_result['MaximumCharOccurrenceCount'] == 1, \
f"Getting Min Password length for Profile {cps_prof_id} is " \
f"{cps_prof_result['MinimumNonAlphabeticCharacterCount']} instead of 3"
logger.info("Updated Minimum Alphabetic Character Count successfully")
update_result, update_success = ResourceManager.update_system(
core_session,
added_system_id,
sys_info[0],
sys_info[1],
sys_info[2],
passwordprofileid=cps_prof_id)
assert update_success, f"Failed to update system sue to {update_result}"
logger.info(f"Successfully update system {sys_info[0]}")
# Rotate Password
rotate_password_result, rotate_password_success = ResourceManager.rotate_password(
core_session, acc_result)
assert rotate_password_success, f"Failed to rotate password due to {rotate_password_result}"
logger.info("Rotate password successfully")
# Checkout Password
check_out_password_result, check_out_password_success = ResourceManager.check_out_password(
core_session, lifetime=1, accountid=acc_result)
assert check_out_password_success, f"Failed to checkout password due to {check_out_password_result}"
logger.info("Password checkout successfully")
# Getting check out password value
co_password_value = check_out_password_result['Password']
# Getting all the alpha characters in password check out
get_alpha_characters = re.findall('[a-zA-Z]', co_password_value)
# Checking the maximum occurrence of characters in a list
count_alpha_chars = Counter(get_alpha_characters)
for item, ct in count_alpha_chars.items():
assert len(item) == 1, "Item is grater than 1"
logger.info('%s occurred %d times' % (item, ct))
# Removing password profile from system
update_result, update_success = ResourceManager.update_system(
core_session,
added_system_id,
sys_info[0],
sys_info[1],
sys_info[2],
passwordprofileid=None)
assert update_success, f"Failed to remove password profile from system {sys_info[0]}"
logger.info(
f"Successfully removed password profile from system {sys_info[0]}")
def agent_enrolled_unix_system_with_users(core_tenant, core_session_global,
agent_enrolled_unix_system,
users_and_roles, cleanup_accounts,
create_unix_users, proxy_start_stop,
detect_proxy):
config = Configs().get_yaml_node_as_tuple("agents", "generic_cagent_unix")
accounts_list = cleanup_accounts[0]
proxycontrol = proxy_start_stop
logger.info("adding users on the enrolled system")
system_id = agent_enrolled_unix_system["ResourceId"]
ssh_session = agent_enrolled_unix_system["Session"]
adminuser = {"Name": config.username, "Password": config.password}
# add users on target system
accountusers = create_unix_users(ssh_session, "agent_", 2)
logger.info("Users created " + str(len(accountusers)))
for i, val in enumerate(accountusers):
logger.info(
str(i) + ", Name: " + val["Name"] + "Password:"******"Password"])
right_data = ("Privileged Access Service Power User",
"role_Privileged Access Service Power User")
requester_session = users_and_roles.get_session_for_user(right_data[0])
role_info = users_and_roles.get_role(right_data[0])
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount'
result, success = ResourceManager.assign_system_permissions(
core_session_global, permission_string, role_info['Name'],
role_info['ID'], "Role", system_id)
assert success, "Did not set system permissions " + result
# Step 3 Create Accounts for testing
logger.info("Adding root account")
admin_account_id, add_account_success = ResourceManager.add_account(
requester_session,
adminuser['Name'],
adminuser["Password"],
system_id,
ismanaged=False)
assert add_account_success, "Failed to create Account user: root"
logger.info(f"Added root Account. Id {admin_account_id}")
accounts_list.append(admin_account_id)
logger.info("Adding user for reconciliation")
new_account_id, add_account_success = ResourceManager.add_account(
requester_session,
accountusers[0]['Name'],
accountusers[0]['Password'],
system_id,
ismanaged=True)
assert add_account_success, "Failed to create manged Account user: "******", Verify CC or agent settings and status"
logger.info(f"Added Account for testing. Id {new_account_id}")
accounts_list.append(new_account_id)
permission_string = "Owner,View,Manage,Delete,Login,Naked,UpdatePassword,RotatePassword,FileTransfer,UserPortalLogin"
result, success = ResourceManager.assign_account_permissions(
core_session_global, permission_string, role_info['Name'],
role_info['ID'], "Role", new_account_id)
assert success, "Did not set account permissions " + result
# Get computer details for update
result = RedrockController.get_system(requester_session, system_id)
system = result[0]["Row"]
# wait for managed password change event
filter = [['AccountName', accountusers[0]['Name']]]
RedrockController.wait_for_event_by_type_filter(
requester_session,
"Cloud.Server.LocalAccount.PasswordChange",
filter=filter,
maximum_wait_second=120) # wait for 20 seonds
accounts = [{
"Name": adminuser['Name'],
"Password": adminuser["Password"],
"Id": admin_account_id
}, {
"Name": accountusers[0]["Name"],
"Password": accountusers[0]["Password"],
"Id": new_account_id
}]
proxy = start_proxy_with_machinename(requester_session, proxycontrol,
config.proxy_name)
assert proxy != None, (
f'Failed to find the connector {config.proxy_name}, Setup the connector properly.'
)
# Set Admin Account and enable local account maintenance
result, success = ResourceManager.update_system(
requester_session,
system_id,
system["Name"],
system["FQDN"],
'Unix',
proxycollectionlist=proxy,
adminaccountid=admin_account_id,
allowautomaticlocalaccountmaintenance=True)
assert success, (f'Failed to set administrative account {result}')
# return acount ids, computer,
yield [{
"ResourceId": system_id,
"ProxyId": proxy,
"ResourceName": system["Name"],
"Accounts": accounts,
"Session": ssh_session
}]
result, success, message = ResourceManager.set_system_administrative_account(
requester_session, system_id)
assert success, f'Failed to remove administrative account on {message}'
def test_add_root_using_managed_password(
core_session, unix_machine_environment_config, ssh_session_as_root,
create_unix_users, cleanup_resources_with_admin, cleanup_accounts):
"""
Test case C283102: Add system with root using managed proxy account
:param core_session: Authorised centrify session.
:param ssh_session_as_root: session to create a user_account in unix
:param cleanup_accounts: cleanup all accounts
:param cleanup_resources_with_admin: to delete the all the systems from portal
:param unix_machine_environment_config: to get the unix system details
:param create_unix_users: add system with account and yield system ID, account ID, and system information
"""
# Getting yaml data.
systems_list = cleanup_resources_with_admin
accounts_list = cleanup_accounts[0]
conf = unix_machine_environment_config
hostname = conf['host'] + "_" + Util.random_string(5)
# add users on target system.
users = create_unix_users(ssh_session_as_root, "manage-unix", 1)
logger.info("Users created " + str(len(users)))
proxy_user = users[0]
# Adding system with managed proxy.
new_system_id, add_system_success = ResourceManager.add_system(
core_session,
hostname,
conf["ipaddress"],
"Unix",
"Ssh",
"Unix system",
proxyuserismanaged=True,
proxyuser=proxy_user['Name'],
proxyuserpassword=proxy_user['Password'])
assert add_system_success, f"Failed to add system with managed proxy:API response result:{new_system_id}"
logger.info(f"Successfully added with managed proxy: {new_system_id}")
systems_list.append(new_system_id)
# Adding local account to the system.
admin_account_id, add_account_success = ResourceManager.add_account(
core_session,
'root',
conf['rootpassword'],
new_system_id,
ismanaged=False)
assert add_account_success, f"Failed to add root user:API response result:{admin_account_id}"
logger.info(
f"Successfully added root account to the system: {admin_account_id}")
accounts_list.append(admin_account_id)
# checking added system in the system list.
computer_lists = RedrockController.get_computers(core_session)
for computer_detail in computer_lists:
if computer_detail['ID'] == new_system_id:
assert computer_detail['Name'] == hostname, f'Failed to found created system in the list:' \
f'API response result:{computer_lists}'
logger.info(
f"Successfully found created system in the list:{computer_lists}"
)
break
def agent_enrolled_windows_system_with_users(
core_session_global, agent_enrolled_windows_system, users_and_roles,
remote_users_qty1, cleanup_accounts, pas_ad_domain,
pas_ad_administrative_account, cleanup_lapr_systems_and_domains,
proxy_start_stop):
config = Configs().get_yaml_node_as_tuple("agents", "generic_cagent_win")
accounts_list = cleanup_accounts[0]
domains_list = cleanup_lapr_systems_and_domains[1]
systems_list = cleanup_lapr_systems_and_domains[0]
user = remote_users_qty1
proxycontrol = proxy_start_stop
accountusers = [{"Name": user[0], "Password": "******"}]
logger.info("Users created " + str(len(accountusers)))
for i, val in enumerate(accountusers):
logger.info(
str(i) + ", Name: " + val["Name"] + "Password:"******"Password"])
logger.info("adding users on the enrolled system")
system_id = agent_enrolled_windows_system["ResourceId"]
winrm_session_as_admin = agent_enrolled_windows_system["Session"]
adminuser = {
"Name": config.admin_username,
"Password": config.admin_password
}
domain_id = pas_ad_domain['ID']
admin_id = pas_ad_administrative_account['ID']
right_data = ("Privileged Access Service Power User",
"role_Privileged Access Service Power User")
requester_session = users_and_roles.get_session_for_user(right_data[0])
role_info = users_and_roles.get_role(right_data[0])
domains_list.append(pas_ad_domain)
systems_list.append(system_id)
logger.info(
"Setting Domain Administrator user as Administrative Account on domain."
)
result, success, response = ResourceManager.set_administrative_account(
core_session_global, [pas_ad_domain['Name']],
pas_ad_administrative_account['User'],
pas_ad_administrative_account['ID'])
logger.info(
"Setting Administrative Account on domain, but with no lapr settings enabled."
)
result, success = ResourceManager.update_domain_accounts(
core_session_global,
pas_ad_domain['Name'],
admin_id,
domain_id,
allowautomaticlocalaccountmaintenance=True,
allowmanuallocalaccountunlock=True)
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount'
result, success = ResourceManager.assign_system_permissions(
core_session_global, permission_string, role_info['Name'],
role_info['ID'], "Role", system_id)
assert success, f"Did not set system permissions {result}"
# Step 3 Create Accounts for testing
logger.info("Adding Admin account")
admin_account_id, add_account_success = ResourceManager.add_account(
requester_session,
adminuser['Name'],
adminuser["Password"],
system_id,
ismanaged=False)
assert add_account_success, "Failed to create admin user"
logger.info(f"Added root Account. Id {admin_account_id}")
accounts_list.append(admin_account_id)
logger.info("Adding user for reconciliation")
new_account_id, add_account_success = ResourceManager.add_account(
requester_session,
accountusers[0]['Name'],
accountusers[0]['Password'],
system_id,
ismanaged=True)
assert add_account_success, "Failed to create manged Account user: "******", Verify CC or agent settings and status"
logger.info(f"Added Account for testing. Id {new_account_id}")
accounts_list.append(new_account_id)
permission_string = "Owner,View,Manage,Delete,Login,Naked,UpdatePassword,RotatePassword,FileTransfer,UserPortalLogin"
result, success = ResourceManager.assign_account_permissions(
core_session_global, permission_string, role_info['Name'],
role_info['ID'], "Role", new_account_id)
assert success, "Did not set account permissions " + result
# Get computer details for update
result = RedrockController.get_system(requester_session, system_id)
system = result[0]["Row"]
# wait for managed password change event
filter = [['AccountName', accountusers[0]['Name']]]
RedrockController.wait_for_event_by_type_filter(
requester_session,
"Cloud.Server.LocalAccount.PasswordChange",
filter=filter,
maximum_wait_second=120) # wait for 120 seonds
accounts = [{
"Name": adminuser['Name'],
"Password": adminuser["Password"],
"Id": admin_account_id
}, {
"Name": accountusers[0]["Name"],
"Password": accountusers[0]["Password"],
"Id": new_account_id
}]
# set proxy
proxy = start_proxy_with_machinename(requester_session, proxycontrol,
config.proxy_name)
assert proxy != None, (
f'Failed to find the connector {config.proxy_name}, Setup the connector properly before the test'
)
result, success = ResourceManager.update_system(requester_session,
system_id,
system["Name"],
system["FQDN"],
'Windows',
domainid=domain_id,
proxycollectionlist=proxy)
assert success, (f'Failed to set reconciliation settings {result}')
result, success = ResourceManager.update_system(
requester_session,
system_id,
system["Name"],
system["FQDN"],
'Windows',
proxycollectionlist=proxy,
allowautomaticlocalaccountmaintenance=True,
allowmanuallocalaccountunlock=True)
assert success, (f'Failed to set reconciliation settings {result}')
# update_system reset the proxycollectionlist setting? Set it again.
result, success = ResourceManager.update_system(requester_session,
system_id,
system["Name"],
system["FQDN"],
'Windows',
domainid=domain_id,
proxycollectionlist=proxy)
assert success, (f'Failed to set reconciliation settings {result}')
# return acount ids, computer,
yield [{
"ResourceId": system_id,
"ProxyId": proxy,
"ResourceFQDN": system["FQDN"],
"Accounts": accounts,
"Session": winrm_session_as_admin
}]
result, success, message = ResourceManager.set_system_administrative_account(
requester_session, system_id)
assert success, f'Failed to remove administrative account on {message}'
