def test_mfa_policy_on_parent_folder_verify_not_challenged_on_settings_update(core_session,
pas_general_secrets,
create_secret_inside_folder,
clean_up_policy):
"""
test method to verify that mfa does not exist on updating the settings & policy for an existing
parent folder "MFAOnParentFolder" with already assigned mfa for that folder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
prefix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
# creating new policy
policy_result = PolicyManager.create_new_auth_profile(core_session,
prefix + secrets_params['policy_name'],
["UP", None],
None,
"30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# updating settings & policy for Folder
result = update_folder(core_session, folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + prefix,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
# Getting details of the Folder updated
result_folder = get_folder(core_session, folder_list[0])
description_updated = result_folder["Result"]["Results"][0]["Row"]["Description"]
name_updated = result_folder["Result"]["Results"][0]["Row"]["Name"]
assert 'MFAOnParentFolderUpdate' in name_updated,\
f'Failed to update the name{result_folder["Result"]["Results"][0]["Row"]["Name"]}'
assert 'mfa_description' in description_updated, \
f'Failed to update the description{result_folder["Result"]["Results"][0]["Row"]["Description"]}'
# Removing MFA for Folder
result = update_folder(core_session, folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + prefix,
description=secrets_params['mfa_folder_description'])
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
def test_update_settings_and_verify_that_it_is_logged_in_activity(
core_session, create_secret_folder, users_and_roles,
pas_general_secrets):
"""
C3070 : Update Settings and verify that it’s logged in activity
:param core_session: Authenticated Centrify Session
:param create_secret_folder: Fixture to create secret folder & yields folder details
:param users_and_roles: Fixture to create a random user with PAS Power rights
:param pas_general_secrets: Fixture to read secrets related data from yaml
"""
secrets_params = pas_general_secrets
suffix = guid()
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
# Updating settings of the Folder(Applying MFA)
result = update_folder(
core_session,
folder_id,
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to update settings of the folder, API response result: {result["Message"]} '
logger.info(f'Updating settings of the folder: {result}')
# Getting activity of the folder updated
activity_rows = get_folder_activity(core_session, folder_id)
verify_folder_update = 'updated the folder'
assert verify_folder_update in activity_rows[0]['Detail'], \
f'Failed to verify the activity, API response result::{activity_rows}'
logger.info(
f'Update activity for folder, API response result: {activity_rows}')
def test_edit_folder_permission_to_rename_folder(core_session,
create_secret_folder,
pas_general_secrets,
users_and_roles,
cleanup_secrets_and_folders):
"""
C3031:test method to login with cloud admin
2) Enable Edit folder permission for UserA, Login with User A
3) Edit the name of the folder created
4) Verify the folder name is edited successfully.
:param core_session: Authenticated Centrify session
:param create_secret_folder: Fixture to create secret inside folder & yields secret & folder details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param users_and_roles: Fixture to create random user with PAS Power Rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
folder_prefix = guid()
folder_params = pas_general_secrets
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder(EDIT Enabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id, 'View,Edit')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Edit the name of the folder created
result = update_folder(
pas_power_user_session, folder_id, folder_name,
folder_prefix + folder_params['mfa_folder_name_update'])
assert result[
'success'], f'Folder name is not updated: {result["Message"]} '
logger.info(
f'Folder name is updated: {result["success"]} {result["Message"]}')
# Getting details of the Folder updated
result_folder = get_folder(core_session, folder_id)
logger.info(f'Updated Folder details: {result_folder}')
name_updated = result_folder["Result"]["Results"][0]["Row"]["Name"]
assert 'MFAOnParentFolderUpdate' in name_updated, \
f'Failed to update the name{result_folder["Result"]["Results"][0]["Row"]["Name"]}'
def test_delete_secret_with_mfa_on_parent(core_session, pas_general_secrets,
clean_up_policy, users_and_roles,
create_secret_inside_folder,
cleanup_secrets_and_folders):
"""
C283963: MFA policy on Parent folder, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: fixture to read secrets related data from yaml file
:param clean_up_policy: Fixture to cleanup the policy created
:param users_and_roles: Fixture to create new user with restricted rights
:param create_secret_inside_folder: Fixture to create secrets inside folder & yields secrets & folders data
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_id_list, folder_name, secret_id_list = create_secret_inside_folder
secrets_list = cleanup_secrets_and_folders[0]
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Updating the Folder(Applying MFA)
result = update_folder(
core_session,
folder_id_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f' Failed to apply MFA on folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Folder: {result}')
# Getting new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id_list[0], 'View')
assert user_permissions_result, f'Failed to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to set DELETE permissions folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'Grant,View,Delete,Retrieve', user_id,
folder_id_list[0])
assert member_perm_success, f'Failed to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Delete secret with Mfa Authentication
del_success, del_result = del_secret(pas_power_user_session,
secret_id_list[0])
# StartChallenge MFA Authentication
session, mechanism = pas_power_user_session.start_mfa_authentication(
user_name, del_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
result = pas_power_user_session.advance_authentication(
answer=pas_power_user_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
assert result, "Password Authentication Failed"
# After Authentication of MFA delete the secret under folder
del_secret_success, del_secret_result = del_secret_mfa(
pas_power_user_session,
secret_id_list[0],
ChallengeStateId=del_result['ChallengeId'])
assert del_secret_success, f'Failed to delete secret with MFA {del_secret_result} with User: {user_name}'
logger.info(
f'Successfully deleted secret with MFA {del_secret_result} for User: {user_name} '
)
secrets_list.remove(secret_id_list[0])
# Updating the Folder(Removing MFA)
result = update_folder(
core_session,
folder_id_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on folder, API response result: {result["Message"]} '
logger.info(f'Successfully Removed MFA on Folder: {result}')
def test_retrieve_mfa_on_closest_parent_should_override_mfa(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy):
"""
C283926: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
secret_name = folder_params['folder_name_with_frwdslashes'] + suffix
user_name = core_session.auth_details['User']
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, secret_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Failed to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Failed to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
# Move Secret with Mfa Authentication
retrieve_success, retrieve_result = retrieve_secret_contents(
core_session, secret_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, retrieve_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info(
f'Successfully applied password authentication with closest parent: {mfa_result}'
)
# After Authenticating of MFA move secret with challenge password
retrieve_secret_success, retrieve_secret_result = retrieve_secret_contents_with_mfa(
core_session,
secret_id,
ChallengeStateId=retrieve_result['ChallengeId'])
assert retrieve_secret_success, f'Failed to retrieve secret with closest parent challenge: {retrieve_secret_result}'
logger.info(
f'Successfully retrieved secret with closest parent challenge: {retrieve_secret_result}'
)
# Removing MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA removed on Nested Folder: {result}')
# Removing MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA removed on Parent Folder: {result}')
def test_move_mfa_on_closest_parent_should_override(
core_session, pas_general_secrets, create_folder_inside_folder,
cleanup_secrets_and_folders, clean_up_policy, users_and_roles):
"""
C283938: MFA on closest parent should override MFA on higher levels
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
:param users_and_roles: Fixture to create New user with PAS Power Rights
"""
secrets_params = pas_general_secrets
suffix = guid()
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
parent_folder_id = parent_folder_info['ID']
parent_folder_name = parent_folder_info['Name']
secret_list = cleanup_secrets_and_folders[0]
challenges1 = ["UP", ""]
challenges2 = ["SQ", ""]
# Api to create secret within folder
added_text_secret_success, secret_id = create_text_secret_within_folder(
core_session, secrets_params['secret_name'] + suffix,
secrets_params['secret_text'], secrets_params['secret_description'],
nested_folder_id)
assert added_text_secret_success, f'Unable to create secret {secret_id}'
logger.info(f'Secret Created successfully: {added_text_secret_success}')
secret_list.append(secret_id)
# creating a new Authentication profile for nested folder
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges1, 0,
0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# creating another Authentication profile for parent folder
policy_result_v1 = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + "V1" + suffix,
challenges2, 0, 0)
assert policy_result_v1, f'Failed to create policy, API response result:{policy_result_v1}'
logger.info(f' Creating new policy:{policy_result_v1}')
clean_up_policy.append(policy_result_v1)
# Applying MFA on Nested Folder
result = update_folder(
core_session,
nested_folder_id,
nested_folder_info['Name'],
nested_folder_info['Name'],
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(
core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result_v1)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Getting User with PAS Power User rights
pas_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name = pas_user_session.auth_details['User']
user_id = pas_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name:{user_name}'
)
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give member permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'View, Edit', user_id, parent_folder_id)
assert member_perm_success, f'Not Able to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Move Secret with Mfa Authentication
result_secret = move_secret(pas_user_session, secret_id)
# StartChallenge MFA Authentication
session, mechanism = pas_user_session.start_mfa_authentication(
user_name, result_secret['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = pas_user_session.advance_authentication(
answer=pas_user_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info(f'successfully applied password authentication: {mfa_result}')
# After Authenticating of MFA move secret with challenge password
moved_success, moved_result = move_secret_by_using_mfa(
pas_user_session,
secret_id,
ChallengeStateId=result_secret['Result']['ChallengeId'])
assert moved_success, f'User: {user_name} Failed to move secret with closest parent challenge: {moved_result}'
logger.info(
f'User: {user_name} successfully moved secret with closest parent challenge: {moved_result}'
)
# Removing MFA on Nested Folder
result = update_folder(
core_session,
nested_folder_id,
nested_folder_info['Name'],
nested_folder_info['Name'],
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result: {result["Message"]} '
logger.info(f'Removing MFA for Nested folder: {result}')
# Removing MFA on Parent Folder
result = update_folder(
core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result: {result["Message"]} '
logger.info(f'Removing MFA for Parent folder: {result}')
def test_retrieve_mfa_policy_on_parent_folder_verify_challenged(
core_session, core_admin_ui, pas_general_secrets,
create_secret_inside_folder, clean_up_policy):
"""
C2985: MFA policy on Parent folder, verify challenged
1) Set MFA on MFAonParent
2) Right click "MFAonSecret" then Retrieve.
3) Verify challenged with MFA popups,
4) Enter password & verify you can retrieve secret
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch ui session for cloud admin
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
verify_text = secrets_params['secret_text']
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
folder_name,
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
ui = core_admin_ui
password = ui.get_user().get_password()
login = Login(ui)
ui.navigate('Resources', 'Secrets')
ui.search(folder_name)
ui.click_row(GridRowByGuid(folder_list[0]))
ui.click_row(GridRowByGuid(secret_list[0]))
ui.action('Retrieve')
ui.switch_context(Modal(text=secret_name))
ui.button('Show Text')
ui.switch_context(NoTitleModal())
login.click_next_on_auth()
login.enter_login_password(password)
login.click_next_on_auth()
ui.switch_context(ActiveMainContentArea())
ui.expect(InputBoxValue(verify_text),
f'Expect to find {verify_text} in Retrieve but could not.')
logger.info(
f'Text Retrieved with MFA challenge(password only)i.e. MFAonParent successfully: {verify_text}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_mfa_of_target_folder_once_secret_is_moved(core_session,
pas_general_secrets,
create_secret_folder,
added_secrets,
clean_up_policy):
"""
C283940: MFA of the target folder will apply once secret is moved to it
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_folder: Fixture to create secret folder & yields folder related details
:param added_secrets: Fixture to create text type secrets & yields secrets details
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
secret_id, secret_name = added_secrets
challenges1 = ["UP", ""]
user_name = core_session.auth_details['User']
# creating a new Authentication profile for nested folder
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges1, 0,
0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id,
secret_folder_details['Name'],
secret_folder_details['Name'],
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move Secret with Mfa Authentication
result_secret = move_secret(core_session,
secret_id[0],
folder_info=folder_id)
assert result_secret[
'success'], f'Failed to move secret into folder,API Response Result: {result_secret["Result"]}'
# Moving Secret with new parent inherited policies
secret_new_permissions = move_secret(core_session, secret_id[0])
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, secret_new_permissions['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info(f'successfully applied password authentication: {mfa_result}')
# After Authenticating of MFA move secret with challenge password
moved_success, moved_result = move_secret_by_using_mfa(
core_session,
secret_id[0],
ChallengeStateId=secret_new_permissions['Result']['ChallengeId'])
assert moved_success, f'Failed to move secret with new parent inherited policies: {moved_result}'
logger.info(
f'User: {user_name} successfully moved secret with new parent inherited policies: {moved_result}'
)
# Applying MFA on Folder
result = update_folder(core_session, folder_id,
secret_folder_details['Name'],
secret_folder_details['Name'])
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_move_mfa_enabled_folder_to_non_mfa_enabled_folder(
core_session, pas_general_secrets, create_secret_inside_folder,
create_folder_inside_folder, cleanup_secrets_and_folders,
clean_up_policy):
"""
C284026: test method to move Source parent has MFA, destination no MFA, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
suffix = guid()
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
update_folder_name = secrets_params['mfa_folder_name_update'] + suffix
challenges = ["UP", ""]
# creating a new Authentication profile
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id_list[1],
folder_name,
update_folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move Folder with Mfa Authentication
result_folder_result = move_folder(core_session, folder_id_list[1],
nested_folder_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_folder_result['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
# After Authenticating of MFA move mfa enabled folder to the non mfa enabled folder.
moved_success, moved_result = move_folder_by_using_mfa(
core_session,
folder_id_list[1],
target_folder_info=nested_folder_id,
ChallengeStateId=result_folder_result['Result']['ChallengeId'])
assert moved_success, f'User: {user_name} Not Able to move mfa enabled folder' \
f' to the non mfa enabled folder: {moved_result}'
logger.info(
f'User: {user_name} moved mfa enabled folder: {update_folder_name} successfully '
f'to the non mfa enabled folder:')
folder_list.insert(0, folder_list.pop(1))
# Verifying mfa enabled folder moved successfully or not, inside non mfa enabled folder.
moved_folder = get_secrets_and_folders_in_folders(core_session,
nested_folder_id)
moved_folder_name = moved_folder["Result"]["Results"][0]["Row"]["Name"]
assert moved_folder_name == update_folder_name, f'Failed to get the moved folder{moved_folder_name} ' \
f'inside the folder'
logger.info(
f'Moved folder {moved_folder_name} get successfully inside the folder')
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_list[0],
update_folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_set_update_policy_verify_displayed_on_activity(
core_session, create_secret_folder, users_and_roles,
pas_general_secrets, clean_up_policy):
"""
C3069: test method to Set/Update policy verify it’s displayed on Activity
:param core_session: Authenticated Centrify Session
:param create_secret_folder: Fixture to create secret folder & yields folder details
:param users_and_roles: Fixture to create a random user with PAS Power rights
:param pas_general_secrets: Fixture to read secrets related data from yaml
:param clean_up_policy: Fixture to cleanup the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Updating the Folder(Applying MFA)
result = update_folder(
core_session,
folder_id,
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Folder: {result}')
# API to get new session for User A
pas_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_user_session.auth_details, 'Failed to Login with PAS User'
user_name_user = pas_user_session.auth_details['User']
user_id_user = pas_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name_user}'
)
# Api to give user permissions to folder
permissions_user = give_user_permissions_to_folder(core_session,
user_name_user,
user_id_user, folder_id,
'View')
assert permissions_user['success'], \
f'Not Able to set user permissions to folder, API response result:{permissions_user["Result"]}'
logger.info(f'User Permissions to folder: {permissions_user}')
# API to get new session for User A
pas_admin_session = users_and_roles.get_session_for_user(
'Privileged Access Service Administrator')
assert pas_admin_session.auth_details, 'Failed to Login with PAS Admin'
user_name_admin = pas_admin_session.auth_details['User']
user_id_admin = pas_admin_session.auth_details['UserId']
logger.info(
f'User with PAS Admin Rights login successfully: user_Name:{user_name_admin}'
)
# Api to give user permissions to folder
permissions_admin = give_user_permissions_to_folder(
core_session, user_name_admin, user_id_admin, folder_id, 'View')
assert permissions_admin['success'], \
f'Not Able to set user permissions to folder, API response result:{permissions_admin["Result"]}'
logger.info(f'User Permissions to folder: {permissions_admin}')
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name_power_user = pas_power_user_session.auth_details['User']
user_id_power_user = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name:{user_name_power_user}'
)
# Api to give user permissions to folder
permissions_admin = give_user_permissions_to_folder(
core_session, user_name_power_user, user_id_power_user, folder_id,
'View')
assert permissions_admin['success'], \
f'Not Able to set user permissions to folder, API response result:{permissions_admin["Result"]}'
logger.info(f'User Permissions to folder: {permissions_admin}')
# Updating the Folder(Removing MFA)
result = update_folder(core_session, folder_id, folder_name, folder_name)
assert result[
'success'], f'Not Able to apply MFA on folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Folder: {result}')
# Getting activity of the folder(updating folder permissions multiple times)
activity_rows = get_folder_activity(core_session, folder_id)
verify_folder_update = 'updated the folder'
verify_folder_permissions_user = f'granted User "{user_name_user}" to have "View" permissions on'
verify_folder_permissions_power_user = f'granted User "{user_name_power_user}" to have "View" permissions on'
verify_folder_permissions_admin = f'granted User "{user_name_admin}" to have "View" permissions on'
assert verify_folder_permissions_user in activity_rows[3]['Detail'], \
f'Failed to verify the activity, API response result::{activity_rows}'
assert verify_folder_permissions_power_user in activity_rows[1]['Detail'], \
f'Failed to verify the activity:{activity_rows}'
assert verify_folder_permissions_admin in activity_rows[2]['Detail'], \
f'Failed to verify the activity, API response result::{activity_rows}'
assert verify_folder_update in activity_rows[0]['Detail'], \
f'Failed to verify the activity, API response result::{activity_rows}'
logger.info(
f'Replace activity found for secret, API response result: {activity_rows}'
)
def test_both_source_and_destination_have_mfa(core_session,
pas_general_secrets,
create_secret_inside_folder,
create_secret_folder,
clean_up_policy):
"""
C284028: Both source and destination have MFA
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_secret_folder: Fixture to create Folder & yields folder related details
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
suffix = guid()
folder_id_source, folder_name_source, secret_list = create_secret_inside_folder
secret_folder_details = create_secret_folder
folder_id_destination = secret_folder_details['ID']
folder_name_destination = secret_folder_details['Name']
challenges = ["UP", ""]
challenges_v2 = ["SQ", ""]
# creating a new Authentication profile
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# creating a new Authentication profile
policy_result_v2 = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + "v2" + suffix,
challenges_v2, 0, 0)
assert policy_result_v2, f'Failed to create policy, API response result:{policy_result_v2}'
logger.info(f' Creating new policy:{policy_result_v2}')
clean_up_policy.append(policy_result_v2)
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id_source[0],
folder_name_source,
folder_name_source,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Applying MFA on Folder
result = update_folder(
core_session,
folder_id_destination,
folder_name_destination,
folder_name_destination,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result_v2)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move Folder with Mfa Authentication
result_folder_result = move_folder(core_session, folder_id_source[0],
folder_id_destination)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_folder_result['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
# After Authenticating of MFA move source folder with mfa to destination folder with mfa.
moved_success, moved_result = move_folder_by_using_mfa(
core_session,
folder_id_source[0],
target_folder_info=folder_id_destination,
ChallengeStateId=result_folder_result['Result']['ChallengeId'])
assert moved_success, f'Failed to verify Mfa challenged by source folder, API response result:{mfa_result} '
logger.info(
f'Successfully verified Mfa challenged by source folder: {moved_result}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_source[0],
folder_name_source,
folder_name_source,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result: {result["Message"]} '
logger.info(f'Successfully removed MFA for folder: {result}')
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_destination,
folder_name_destination,
folder_name_destination,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result: {result["Message"]} '
logger.info(f'Successfully removed MFA for folder: {result}')
def test_mfa_on_moved_folder(core_session, pas_general_secrets,
create_secret_inside_folder,
create_folder_inside_folder,
cleanup_secrets_and_folders, clean_up_policy):
"""
C284029: MFA on moved folder should challenge and be moved over too.
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
challenges1 = ["UP", ""]
challenges2 = ["UP,SQ", ""]
# creating First Authentication profile
create_first_profile = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + guid(), challenges1, 0,
0)
assert create_first_profile, f'Failed to create policy, API response result:{create_first_profile}'
logger.info(f' Creating first policy:{create_first_profile}')
clean_up_policy.append(create_first_profile)
# creating second Authentication profile
create_second_profile = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + guid(), challenges2, 0,
0)
assert create_second_profile, f'Failed to create policy, API response result:{create_second_profile}'
logger.info(f' Creating second policy:{create_second_profile}')
clean_up_policy.append(create_second_profile)
# Applying MFA on Folder
result = update_folder(
core_session,
parent_folder_info['ID'],
parent_folder_info['Name'],
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'],
policy_id=create_second_profile)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Applying MFA on another Folder
result = update_folder(
core_session,
folder_id_list[1],
folder_name,
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'],
policy_id=create_first_profile)
assert result[
'success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move one mfa enabled folder to another mfa enabled folder.
logger.info(
f'Moving Folder {folder_name} into Folder:{parent_folder_info}')
result_folder_result = move_folder(core_session, folder_id_list[1],
parent_folder_info['ID'])
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_folder_result['Result']['ChallengeId'])
assert session, "Failed to ask MFA"
logger.info("Successfully asked MFA")
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
logger.info("Password Authentication Success")
# After Authenticating of MFA move mfa enabled folder to the mfa enabled folder.
moved_success, moved_result = move_folder_by_using_mfa(
core_session,
folder_id_list[1],
target_folder_info=parent_folder_info['ID'],
ChallengeStateId=result_folder_result['Result']['ChallengeId'])
assert moved_success, f'User: {user_name} Not Able to move mfa enabled folder' \
f' to the other mfa enabled folder: {moved_result}'
logger.info(f'User: {user_name} moved mfa enabled folder: successfully '
f'to the other mfa enabled folder:')
folder_list.insert(0, folder_list.pop(1))
# Removing MFA on Folder
result = update_folder(
core_session,
folder_id_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Removing MFA on Folder
result = update_folder(
core_session,
parent_folder_info['ID'],
parent_folder_info['Name'],
secrets_params['mfa_folder_name_update'] + guid(),
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove MFA, API response result: {result["success"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_replace_mfa_on_both_parent_folder_and_secret_verify_challenged(
core_session, pas_general_secrets, create_secret_inside_folder,
core_session_unauthorized, clean_up_policy):
"""
C2981: test method to MFA policy on both Parent folder and Secret, verify secret MFA
1) Set MFA on MFAonSecret & MFAOnParentFolder
2) Right click "MFAonSecret" then Replace.
3) Verify challenged with MFA popups,
4) Enter password & verify you can replace secret
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param core_session_unauthorized: Fixture to start authentication MFA
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
prefix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(
core_session, prefix + secrets_params['policy_name'], challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Secret
result = update_secret(
core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
# Applying MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Folder: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication starts on the secret to be replaced:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(f'MFA popups before secret gets replaced:{mfa_result}')
# Replacing the text of the secret
result = update_secret(core_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + prefix,
secret_text=secrets_params['secret_text_replaced'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA
result = update_secret(core_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + prefix,
secret_text=secrets_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to update the folder, API response result:: {result["Message"]} '
logger.info(f'Updating the folder: {result}')
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
assert 'MFAOnSecretUpdate' in secret_name, \
f'Failed to update the secret, API response result:{found_secret["success"]}'
def test_edit_folder_permission_to_update_folder(core_session,
create_secret_folder,
pas_general_secrets,
users_and_roles,
cleanup_secrets_and_folders):
"""
C3030:test method to login with cloud admin
1) Disable Edit folder permission for UserA, Login with User A and verify that "Edit" is not visible
2) Enable Edit folder permission for UserA, Login with User A and verify that "Edit" is visible
:param core_session: Authenticated Centrify session
:param create_secret_folder: Fixture to create secret inside folder & yields secret & folder details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param users_and_roles: Fixture to create random user with PAS Power Rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
folder_prefix = guid()
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder(EDIT Disabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id, 'View')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Checking EDIT permission is Disabled
result = update_folder(pas_power_user_session,
folder_id,
folder_name,
folder_params['mfa_folder_name_update'],
description=folder_params['mfa_folder_description'])
assert result['success'] is False, f'Edit is Enabled: {result["Message"]} '
logger.info(
f'Edit is Not Visible: {result["success"]} {result["Message"]}')
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success is True, f'Failed to create a folder{secret_folder_id} '
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
folders_list.append(secret_folder_id)
secret_folder_name = secret_folder_parameters['Name']
# Api to give user permissions to folder(EDIT Enabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, secret_folder_id, 'View,Edit')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Checking EDIT permission is Enabled
result = update_folder(pas_power_user_session,
secret_folder_id,
secret_folder_name,
folder_prefix +
folder_params['mfa_folder_name_update'],
description=folder_params['mfa_folder_description'])
assert result['success'], f'Edit is not enabled: {result["Message"]} '
logger.info(f'Edit is Visible: {result["success"]} {result["Message"]}')
def test_move_no_mfa_enabled_folder_to_mfa_enabled_folder(
core_session,
pas_general_secrets,
create_secret_inside_folder,
create_folder_inside_folder,
cleanup_secrets_and_folders,
clean_up_policy):
"""
C284027: test method to Move no mfa enabled folder to mfa enabled folder, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_list = cleanup_secrets_and_folders[1]
update_folder_name = secrets_params['mfa_folder_name_update'] + suffix
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(core_session, secrets_params['policy_name'] + suffix,
challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session, parent_folder_info['ID'],
parent_folder_info['Name'],
update_folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result['success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move no mfa enabled folder to mfa enabled folder.
logger.info(f'Moving Folder {folder_name} into Folder:{parent_folder_info}')
result_move = move_folder(core_session, folder_id_list[1], nested_folder_id)
assert result_move['success'], \
f'Not Able to move no mfa enabled folder to mfa enabled folder, API response result: {result_move["Result"]}'
logger.info(f'Moved successfully non mfa enabled Folder {folder_id_list[1]} to'
f'mfa enabled folder:{nested_folder_id}')
folder_list.insert(0, folder_list.pop(1))
# Verifying non mfa enabled folder moved successfully or not , inside mfa enabled folder.
moved_folder = get_secrets_and_folders_in_folders(core_session, nested_folder_id)
moved_folder_name = moved_folder["Result"]["Results"][0]["Row"]["Name"]
assert moved_folder_name == folder_name, f'Failed to get the moved folder{moved_folder_name} ' \
f'inside the folder'
logger.info(f'Moved folder {moved_folder_name} get successfully inside the folder')
# Removing MFA on Folder
result = update_folder(core_session, parent_folder_info['ID'],
parent_folder_info['Name'],
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result['success'], f'Not Able to remove MFA, API response result: {result["success"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_mfa_on_closest_parent_should_override_mfa_on_higher_levels(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
clean_up_policy, core_session_unauthorized):
"""
C2982: MFA on closest parent should override MFA on higher levels
1) Create a multilevel folder "Folder/Subfolder/secretName"
2) Assign different MFA to parent(Folder) & Nested Folder(Subfolder)
3) Verify secretName inherits challenge of subfolder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param clean_up_policy: Fixture to cleanup the policy created
:param core_session_unauthorized: Fixture to start authentication MFA
"""
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
folder_params = pas_general_secrets
suffix = guid()
folder_name = folder_params['folder_name_with_frwdslashes'] + suffix
# creating multilevel folder "Folder/Subfolder/secretName"
added_secret_success, details, secret_id = create_text_secret(
core_session, folder_name, folder_params['secret_text'])
assert added_secret_success, "Added Multilevel folder Failed,API response result: {secret_id} "
logger.info(f'Added Multilevel folder info: {details, secret_id}')
secrets_list.append(secret_id)
# Getting details of the secret
found_secret = get_secret(core_session, secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
nested_folder_id = found_secret['Result']['FolderId']
nested_folder_path = found_secret['Result']['ParentPath']
parent_folder_list = nested_folder_path.split('\\')
parent_folder_name = parent_folder_list[0]
# Getting details of Parent Folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
nested_folder_name = parent_folder["Result"]["Results"][0]["Row"][
"SecretName"]
logger.info(f'Parent Folder details: {parent_folder}')
if folder_list != []:
folder_list[0] = nested_folder_id
folder_list[1] = parent_folder_id
else:
folder_list.append(nested_folder_id)
folder_list.append(parent_folder_id)
challenges = ["UP", ""]
challenges_v2 = ["UP,EMAIL", ""]
# Creating new policy with Password
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Creating new policy with Password & Email
policy_result_email = PolicyManager.create_new_auth_profile(
core_session, folder_params['policy_name'] + "V2" + suffix,
challenges_v2, 0, 0)
assert policy_result_email, f'Failed to create another policy, API response result:{policy_result_email}'
logger.info(f' Creating another policy:{policy_result_email}')
clean_up_policy.append(policy_result_email)
# Applying MFA on Nested Folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA on Nested folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Nested Folder: {result}')
# Applying MFA on Parent Folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'],
policy_id=policy_result_email)
assert result[
'success'], f'Not Able to apply MFA on parent folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Parent Folder: {result}')
user = core_session.get_user()
user_name = user.get_login_name()
password = user.get_password()
# MFA Authentication starts on the secret to be replaced
mfa_authentication = core_session_unauthorized.start_authentication(
user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(
f'MFA Authentication applies for closest parent,Password Only:{mfa_authentication.json()}'
)
# Advance MFA Authentication starts on the secret to be replaced
up_result = core_session_unauthorized.advance_authentication(
password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result[
'success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(
f'MFA applies for closest parent,popups before secret gets replaced: {mfa_result}'
)
# Replacing the text of the secret
result = update_secret(core_session,
secret_id,
folder_params['mfa_secret_name_update'] + suffix,
secret_text=folder_params['secret_text_replaced'])
assert result[
'success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from Nested folder
result = update_folder(core_session,
nested_folder_id,
nested_folder_name,
nested_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Removing MFA from Parent folder
result = update_folder(core_session,
parent_folder_id,
parent_folder_name,
parent_folder_name,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to remove mfa from folder, API response result:: {result["Message"]} '
logger.info(f'Removing mfa from folder: {result}')
# Getting details of the Secret Replaced
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, secret_id)
assert get_secret_text == folder_params['secret_text_replaced'], \
f'Failed to replace the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_delete_folder_with_mfa_enabled(core_session, create_secret_folder,
pas_general_secrets, clean_up_policy,
cleanup_secrets_and_folders):
"""
C284042: Delete folder that has an MFA enabled
:param core_session: Authenticated Centrify Session.
:param create_secret_folder: Fixture to create folder & yields folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param clean_up_policy: Fixture to clean up the policy created
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
params = pas_general_secrets
suffix = guid()
challenges1 = ["UP", ""]
user_name = core_session.auth_details['User']
folders_list = cleanup_secrets_and_folders[1]
# creating a new Authentication profile for folder
policy_result = PolicyManager.create_new_auth_profile(
core_session, params['policy_name'] + suffix, challenges1, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Updating the Folder(Applying MFA)
result = update_folder(core_session,
folder_id,
folder_name,
folder_name,
description=params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f' Failed to apply MFA on folder, API response result: {result["Message"]} '
logger.info(f'MFA Applied on Folder: {result}')
# Delete folder with Mfa Authentication
del_result = del_folder(core_session, folder_id)
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, del_result['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
assert result, "Password Authentication Failed"
# After Authentication of MFA delete folder
del_secret_result = del_folder_mfa(
core_session,
folder_id,
ChallengeStateId=del_result['Result']['ChallengeId'])
assert del_secret_result[
'success'], f'Failed to delete folder with mfa, API response result: {del_secret_result}'
logger.info(
f'Successfully deleted folder with MFA & get challenged: {del_secret_result}'
)
folders_list.remove(folder_id)
def test_replace_mfa_policy_on_parent_folder_verify_challenged(
core_session,
pas_general_secrets,
create_secret_inside_folder,
core_session_unauthorized,
clean_up_policy,
users_and_roles):
"""
C2980: test method to MFA policy on Parent folder, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param core_session_unauthorized: Fixture to start authentication MFA
:param clean_up_policy: Fixture to clean up the policy created
:param users_and_roles: Fixture to create random user with pas user rights
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
challenges = ["UP", ""]
policy_result = PolicyManager.create_new_auth_profile(core_session, secrets_params['policy_name'] + suffix,
challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session, folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result['success'], f'Not Able to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'{pas_power_user_session.auth_details}')
logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Getting password for MFA
password = users_and_roles.get_default_user_password()
# Api to give user permissions to folder
user_permissions_alpha = give_user_permissions_to_folder(core_session, user_name, user_id, folder_list[0], 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give member permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View, Edit',
user_id,
folder_list[0])
assert member_perm_success, f'Not Able to set member permissions to Folder: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# MFA Authentication starts on the secret to be replaced
mfa_authentication = pas_power_user_session.start_authentication(user_name)
result = mfa_authentication.json()['Result']
success = mfa_authentication.json()['success']
assert success, f'Failed to start MFA Authentication on the secret to be replaced, API response result:{result}'
challenge_value = result['Challenges'][0]['Mechanisms'][0]['Name']
assert challenge_value == 'UP', f'Challenge "Password" is not set, API response result:{result}'
logger.info(f'MFA Authentication with "Password" starts on the secret to be replaced:{mfa_authentication.json()}')
# Advance MFA Authentication starts on the secret to be replaced
up_result = pas_power_user_session.advance_authentication(password, challenge_index=0, mechanism_name='UP')
mfa_result = up_result.json()
assert mfa_result['success'], f'Failed to respond to challenge, API response result:{mfa_result["Result"]}'
logger.info(f'MFA popups before secret gets replaced:{mfa_result}')
# Replacing the text of the secret
result = update_secret(pas_power_user_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + suffix,
secret_text=secrets_params['secret_text_replaced'],
policy_id=policy_result)
assert result['success'], f'Not Able to replace the text of the secret, API response result:{result["Message"]} '
logger.info(f'Secret gets replaced: {result}')
# Removing MFA from secret
result = update_secret(pas_power_user_session,
secret_list[0],
secrets_params['mfa_secret_name_update'] + suffix,
secret_text=secrets_params['secret_text_replaced']
)
assert result['success'], f'Not Able to remove MFA, API response result:{result["Message"]} '
logger.info(f'Removing MFA from secret: {result}')
# Removing MFA from folder
result = update_folder(core_session, folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix
)
assert result['success'], f'Not Able to remove MFA, API response result:: {result["Message"]} '
logger.info(f'Removing MFA from folder: {result}')
# Getting details of the Secret Replaced
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session,
secret_list[0])
assert get_secret_text == secrets_params['secret_text_replaced'], \
f'Failed to replace the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Replaced: {get_secret_details}')
def test_edit_folder_permission_to_update_settings_and_policy(
core_session, create_secret_folder, pas_general_secrets,
users_and_roles, cleanup_secrets_and_folders, clean_up_policy):
"""
C3032:test method to login with cloud admin
1) Enable Edit folder permission for UserA,
2) Login with User A
3) Update the Settings and Policy on the folder and
4) Verify that you can edit settings and policy
:param core_session: Authenticated Centrify session
:param create_secret_folder: Fixture to create secret inside folder & yields secret & folder details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param users_and_roles: Fixture to create random user with PAS Power Rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param clean_up_policy: Fixture to cleanup the policy created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
folder_prefix = guid()
folder_params = pas_general_secrets
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, folder_prefix + folder_params['policy_name_new'],
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to give user permissions to folder(EDIT Enabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id, 'View,Edit')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Updating settings & policy of the folder created
result = update_folder(pas_power_user_session,
folder_id,
folder_name,
folder_params['mfa_folder_name_update'] +
folder_prefix,
description=folder_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Updating settings & policy Failed: {result["Message"]} '
logger.info(f'Updating settings & policy: {result["success"]} {result}')
# Getting details of the Folder updated
result_folder = get_folder(core_session, folder_id)
logger.info(f'Updated Folder details: {result_folder}')
description_updated = result_folder["Result"]["Results"][0]["Row"][
"Description"]
name_updated = result_folder["Result"]["Results"][0]["Row"]["Name"]
assert 'MFAOnParentFolderUpdate' in name_updated, \
f'Failed to update the name{result_folder["Result"]["Results"][0]["Row"]["Name"]}'
assert 'mfa_description' in description_updated, \
f'Failed to update the description{result_folder["Result"]["Results"][0]["Row"]["Description"]}'
# Removing policy of the folder
result = update_folder(pas_power_user_session,
folder_id,
folder_name,
folder_params['mfa_folder_name_update'] +
folder_prefix,
description=folder_params['mfa_folder_description'])
assert result[
'success'], f'Updating settings & policy Failed: {result["Message"]}'
logger.info(f'Updating settings & policy: {result["success"]} {result}')
def test_mfa_policy_parent_folder_and_secret_verify_not_challenged_on_settings_update(
core_session,
pas_general_secrets,
users_and_roles,
create_secret_inside_folder,
clean_up_policy):
"""
test method to verify that mfa does not exist on updating the settings & policy for an existing
parent folder "MFAOnParentFolder" & secret "MFAOnSecrets" with already assigned
mfa for that folder & secret
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
prefix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
pas_power_user = users_and_roles.get_user('Privileged Access Service Power User')
user_name = pas_power_user.get_login_name()
user_id = pas_power_user.get_id()
text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session,
user_name,
'View,Edit',
user_id,
secret_list[0])
assert text_type_secret_success, f'setting permissions for text type secret:{text_type_secret_result}'
logger.info(f'setting permissions for text type secret: : {text_type_secret_success}')
# Api to create new policy
policy_result_sq = PolicyManager.create_new_auth_profile(core_session,
prefix + secrets_params['policy_name'],
["SQ",
None],
None,
"30")
assert policy_result_sq is not None, f'Failed to create policy:{policy_result_sq}'
logger.info(f' Creating new policy:{policy_result_sq}')
clean_up_policy.append(policy_result_sq)
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(core_session,
prefix + secrets_params['policy_name_new'],
["UP", None],
None,
"30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Update settings & policy for Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + prefix,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result_sq)
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
# Update settings for secret
result = update_secret(core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
# Removing policy for Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + prefix,
description=secrets_params['mfa_folder_description'])
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
# Removing policy for secret
result = update_secret(core_session,
secret_list[0],
prefix + secrets_params['mfa_secret_name_update'],
description=secrets_params['mfa_secret_description'])
assert result['success'], f'Not Able to update the settings: {result["Message"]} '
logger.info(f'Update settings for secret: {result}')
# Getting details of the Folder updated
result_folder = get_folder(core_session, folder_list[0])
logger.info(f'Updated Folder details: {result_folder}')
description_updated = result_folder["Result"]["Results"][0]["Row"]["Description"]
name_updated = result_folder["Result"]["Results"][0]["Row"]["Name"]
assert 'MFAOnParentFolderUpdate' in name_updated, \
f'Failed to update the name{result_folder["Result"]["Results"][0]["Row"]["Name"]}'
assert 'mfa_description' in description_updated, \
f'Failed to update the description{result_folder["Result"]["Results"][0]["Row"]["Description"]}'
# Getting details of the Secret updated
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session,
secret_list[0])
description_updated = get_secret_details['Description']
name_updated = get_secret_details['SecretName']
assert 'MFAOnSecretUpdate' in name_updated, f'Failed to update the name{get_secret_success}'
assert 'mfa_description' in description_updated, f'Failed to update the description{get_secret_success}'
logger.info(f'Details of the secret updated: {get_secret_details}')
def test_move_mfa_on_parent_folder(core_session, pas_general_secrets,
create_secret_inside_folder,
cleanup_secrets_and_folders,
clean_up_policy):
"""
C283936: MFA policy on Parent folder, verify challenged
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret inside folder & yields folder & secret details
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param clean_up_policy: Fixture to clean up the policy created
"""
user_detail = core_session.__dict__
user_name = user_detail['auth_details']['User']
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
challenges = ["UP", ""]
# creating a new Authentication profile
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'],
policy_id=policy_result)
assert result[
'success'], f'Failed to apply MFA, API response result:: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
# Move Secret with Mfa Authentication
result_secret = move_secret(core_session, secret_list[0])
# StartChallenge MFA Authentication
session, mechanism = core_session.start_mfa_authentication(
user_name, result_secret['Result']['ChallengeId'])
# AdvanceAuthentication MFA to Password
advance_auth_result = core_session.advance_authentication(
answer=core_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
mfa_result = advance_auth_result.json()
assert advance_auth_result, f'Password Authentication Failed, API response result:{mfa_result["success"]}'
# After Authenticating of move secret with mfa on parent folder
moved_success, moved_result = move_secret_by_using_mfa(
core_session,
secret_list[0],
ChallengeStateId=result_secret['Result']['ChallengeId'])
assert moved_success, f'Moving secret not challenged by mfa:{moved_result}'
logger.info(
f'Moving secret challenged by mfa on parent successfully:{moved_result} {moved_success}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
folder_name,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Failed to remove MFA, API response result:: {result["Message"]} '
logger.info(f'Successfully removed MFA on folder: {result}')
def test_sub_folders_will_have_a_union_of_all_permissions(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles):
"""
C3048: test method Sub folders will have a union of all it’s permissions
1)create multilevel folder /alpha/beta/charlie/delta
2) Login as Admin, set folder permissions "View" for alpha,"Edit" for beta, "Delete" for charlie,"Add" for delta
3) Login as pas user
4) verify sub folder permissions will have a union of all parent folders
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session, folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(
f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
assert charlie_folder['success'], \
f'Failed to retrieve charlie folder details, API response result:{charlie_folder["Message"]}'
logger.info(f'charlie folder details:{charlie_folder}')
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
child_folder_name = charlie_folder['Result']['Results'][0]['Row'][
'SecretName']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
assert parent_folder['success'], \
f'Failed to retrieve parent folder details, API response result:{parent_folder["Message"]}'
logger.info(f'Parent folder details:{parent_folder}')
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session,
parent_folder_id)
assert alpha_folder['success'], \
f'Failed to retrieve alpha folder id, API response result: {alpha_folder["Result"]}'
logger.info(f'Details of Alpha Folder Retrieved:{alpha_folder}')
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0][
"Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session,
alpha_folder_id)
assert folder_beta['success'], \
f'Failed to retrieve beta folder id, API response result: {folder_beta["Result"]}'
logger.info(f'Details of Beta Folder Retrieved:{folder_beta}')
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id, 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give user permissions to folder beta
user_permissions_beta = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_beta_id, 'Edit')
assert user_permissions_beta['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_beta["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_beta}')
# Api to give user permissions to folder charlie
user_permissions_charlie = give_user_permissions_to_folder(
core_session, user_name, user_id, charlie_id, 'Delete')
assert user_permissions_charlie['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_charlie["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_charlie}')
# Api to give user permissions to folder delta(child folder)
user_permissions_child = give_user_permissions_to_folder(
core_session, user_name, user_id, child_folder_id, 'Add')
assert user_permissions_child['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_child["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_child}')
# Updating the Folder delta
result = update_folder(pas_power_user_session,
child_folder_id,
child_folder_name,
updated_name=folder_prefix +
params['delta_folder_name_new'],
description=params['mfa_folder_description'])
assert result[
'success'], f'Failed to update the folder, API response result: {result["Message"]} '
logger.info(f'Folder updated successfully: {result}')
# Getting details of the Folder updated
result_folder = get_folder(pas_power_user_session, child_folder_id)
logger.info(f'Updated Folder details: {result_folder}')
description_updated = result_folder["Result"]["Results"][0]["Row"][
"Description"]
name_updated = result_folder["Result"]["Results"][0]["Row"]["Name"]
assert 'delta_updated_v1' in name_updated, \
f'Failed to update the name, API response result:{result_folder["Result"]["Results"][0]["Row"]["Name"]}'
assert 'mfa_description' in description_updated, \
f'Failed to update the description, ' \
f'API response result:{result_folder["Result"]["Results"][0]["Row"]["Description"]}'
# Adding new folder inside delta
new_folder_success, new_folder_parameters, new_folder_id = create_folder(
pas_power_user_session,
folder_prefix + params['name'],
params['description'],
parent=child_folder_id)
assert new_folder_success, f'Failed to create multilevel folder, API response result: {new_folder_id}'
logger.info(
f'Multilevel Folder created successfully: {new_folder_success} & details are {new_folder_id}'
)
# Delete newly created folder
del_result = del_folder(pas_power_user_session, new_folder_id)
assert del_result[
"success"], f'Failed to delete the folder(DELETE), API response result: {del_result["Result"]}'
logger.info(f'Deleting the folder successfully (DELETE):{del_result}')
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders are deleted successfully: {folders_list}')
