def test_delete_cloud_provider_fails_without_permission( core_session, fake_cloud_provider_root_account, fake_cloud_provider, cds_session): account_id, username, password, cloud_provider_id, test_did_cleaning = fake_cloud_provider_root_account name, desc, cloud_provider_id, cloud_account_id, test_did_cleaning = fake_cloud_provider account_name = f"acctname{guid()}" account_id, success = ResourceManager.add_account_cloud_provider( core_session, account_name, "", cloud_provider_id) assert success, f"Account addition failed with API response result {account_id}" pas_user_session, limited_user = cds_session result, success = CloudProviderManager.delete_cloud_providers( pas_user_session, [cloud_provider_id], save_passwords=False) assert not success, f"Delete should not have succeeded {result}" result, success = CloudProviderManager.delete_cloud_providers( pas_user_session, cloud_provider_id) assert not success, f"Delete should not have succeeded {result}" result, success = ResourceManager.del_account(pas_user_session, account_id) assert not success, f"Deleting IAM account failed with API response result: {result}" result, success = ResourceManager.del_account(pas_user_session, account_id) assert not success, f"Deleting IAM account failed with API response result: {result}"
def test_delete_administrative_account(core_session, network_device_setup): """ TC: C2623 - Delete administrative account :param core_session: Authenticated Centrify session. :param network_device_setup: Adds a network with account and returns UUID of both. """ system_id, account_id, device_data, system_list, account_list = network_device_setup( 'checkpoint') system_info = RedrockController.get_computer_with_ID( core_session, system_id) # setting up Admin account for system result, success, message = ResourceManager.set_system_administrative_account( core_session, system_id, account_id) assert success, f"Failed to update Administrative account for system {system_info['Name']}" logger.info( f"Successfully added an administrative account for system {system_info['Name']}" ) # deleting administrative account del_result, del_success = ResourceManager.del_account( core_session, account_id) assert del_success is False, f"Admin account deleted successfully, unexpected behaviour as Admin account " \ f"should not be deleted. API response result: {del_success}" logger.info( f'Admin account could not be deleted as expected, API response result: {del_success}' ) # finding all systems for cleanup: acc_script = "@/lib/server/get_accounts.js(mode:'AllAccounts', newcode:true, localOnly:true, colmemberfilter:" \ "'Select ID from VaultAccount WHERE Host IS NOT NULL')" acc = RedrockController.redrock_query(core_session, acc_script) for account in acc: if account['Row']['FQDN'] == "Check.Point": # Removing Admin Account for successful cleanup of system and account result, success, message = ResourceManager.set_administrative_account( core_session, systems=[account['Row']['Host']]) assert success, f"Failed to update Administrative account for system {account['Row']['Name']}" # Removing Admin Account for successful cleanup of system and account ResourceManager.update_system( core_session, account['Row']['Host'], account['Row']['Name'], account['Row']['FQDN'], 'CheckPointGaia', sessiontype=account['Row']['SessionType']) # deleting administrative account from this system ResourceManager.del_account(core_session, account['Row']['ID']) # Removing Admin Account for successful cleanup of system and account result, success, message = ResourceManager.set_administrative_account( core_session, systems=[account['Row']['Host']]) assert success, f"Failed to update Administrative account for system {account['Row']['Name']}"
def test_delete_system_with_stored_account(core_session, network_device_setup): """ TC: C2608 - Delete system with stored account :param core_session: Authenticated Centrify session. :param network_device_setup: Adds a network with account and returns UUID of both. """ system_id, account_id, device_data, system_list, account_list = network_device_setup( 'checkpoint') # Deleting system without deleting associated account. result, success = ResourceManager.del_system(core_session, system_id) assert not success, f"System successfully deleted though system have active accounts. API response result: {result}" logger.info("Unable to delete the system. System has active accounts.") # Deleting associated account result, success = ResourceManager.del_account(core_session, account_id) assert success, f"Unable to delete account {account_id}, API response result: {result}." logger.info(f"Account :{account_id} successfully deleted.") account_list.remove(account_id) # To avoid error during account cleanup. # Deleting system after deleting the associated account. result, success = ResourceManager.del_system(core_session, system_id) assert success, f"System: {system_id} successfully deleted. API response result: {result}" logger.info( "System successfully deleted after deleting the associated accounts.") system_list.remove(system_id) # To avoid error during resource cleanup.
def test_manage_account_for_valid_domain_account(domain_config_data, core_ui, core_session): """ TCID: C1330: Manage password using administrative account for a valid domain account :param core_ui: To Open the UI :param core_session: To create the session """ conf = domain_config_data name = conf['pas_bat_scenario1_infrastructure_data'][0] domain_name = name["Domain_name3"] data = conf['pas_scenario1_new_accounts'][0] account_name = data['Managed_account'] ui = core_ui ui.navigate("Resources", "Domains") ui.search(domain_name) ui.click_row(GridRow(domain_name)) ui.user_menu("Reload Rights") ui._waitUntilSettled() ui.launch_modal("Add", modal_title="Add Account") ui.input("User", account_name) ui.uncheck("IsManaged") ui.input("Password", "aaa") ui.check("IsManaged") check_disabled_textbox = ui.expect(DisabledTextBox("Password"), f'Text box is still enabled') assert check_disabled_textbox, f'Password Text Box is not disabled' ui.button("Add") ui.user_menu("Reload Rights") ui._waitUntilSettled() account_id = None results = ServerManager.get_all_accounts(core_session) for result in results: if result['User'] == account_name: account_id = result['ID'] while True: result, success = ResourceManager.get_account_information( core_session, account_id) if result['VaultAccount']['Row']['Status'] != "Missing Password": break else: continue activity = RedrockController.get_account_activity(core_session, account_id) detail = [] for activity_detail in activity: detail.append(activity_detail['Detail']) assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name}' in detail[ 0], f'could not able to change password' logger.info(f"detail list are: , {detail}") result, success = ResourceManager.del_account(core_session, account_id) assert success, f'Account did not get delete ' logger.info(f"result is, {result}")
def test_bulk_account_delete_one_account_at_a_time( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names \ (core_session, list_of_created_systems, ssh=False) for i in all_accounts: ResourceManager.del_account(core_session, i) ResourceManager.wait_for_accounts_to_delete_or_timeout( core_session, all_systems, all_accounts) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "All added accounts not removed" assert len( ResourceManager.get_multi_added_system_ids( core_session, all_systems)) == 1, "Wrong number of added systems remain"
def test_delete_accounts(core_session, pas_config, remote_users_qty1, cleanup_resources): """ TC C283234: Delete accounts. :param cleanup_resources: cleanup for systems. :param core_session: Authenticates API session :param pas_config: returns yaml object :param remote_users_qty1: Creates account in target system. :param cleanup_resources:clean up system. """ # Clean up system systems_list = cleanup_resources[0] # Getting system details. sys_name = f"{'Win-2012'}{guid()}" sys_details = pas_config sys_fqdn = sys_details['Windows_infrastructure_data']['FQDN'] add_user_in_target_system = remote_users_qty1 user_password = '******' # Adding system. add_sys_result, add_sys_success = ResourceManager.add_system( core_session, sys_name, sys_fqdn, 'Windows', "Rdp") assert add_sys_success, f"failed to add system:API response result:{add_sys_result}" logger.info(f"Successfully added system:{add_sys_result}") systems_list.append(add_sys_result) # Adding account in portal. acc_result, acc_success = ResourceManager.add_account( core_session, add_user_in_target_system[0], password=user_password, host=add_sys_result, ismanaged=True) assert acc_success, f"Failed to add account in the portal: {acc_result}" logger.info( f"Successfully added account {add_user_in_target_system[0]} in the portal" ) # Delete Account. del_account_result, del_account_success = ResourceManager.del_account( core_session, acc_result) assert del_account_success, f'Failed to delete account:API response result:{del_account_result}' logger.info(f"Successfully deleted account:{del_account_result}") # Getting deletion activity. sys_activity = ResourceManager.get_system_activity(core_session, add_sys_result) assert f'{core_session.auth_details["User"]} deleted local account "{add_user_in_target_system[0]}" for' \ f' "{sys_name}"({sys_fqdn}) with credential type Password' in \ sys_activity[0]['Detail'], f"Failed to get the delete account activity:API response result:{sys_activity}" logger.info( f"Successfully found deletion activity in system activity:{sys_activity}" )
def test_check_account_name_delete_user_account_dialog(core_session, pas_windows_setup): """ TC:C2193 Check account name on Delete User Account dialog. :param core_session: Returns a API session. :param pas_windows_setup: Returns a fixture. """ # Creating a system and account. system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup() # Deleting account from above system success, result = ResourceManager.del_account(core_session, account_id) assert success, f'failed to delete account with response {result}' logger.info(f"un managed account deleted successfully from the System.")
def test_delete_system_with_account(core_session, pas_setup): """ Test case: C279343 :param core_session: CENTRIFY session :param pas_setup: fixture to add system and account :return: """ system_id, account_id, sys_info = pas_setup result, status = ResourceManager.del_system(core_session, system_id) assert status is False, f'system {sys_info[0]} is deleted despite system having active accounts, returned result is {result}' result, status, = ResourceManager.del_account(core_session, account_id) assert status, f"Failed to delete account with result {result}" result, status = ResourceManager.del_system(core_session, system_id) assert status, f"Failed to delete system with status {status}, returned result is {result}"
def test_add_unmanaged_account_using_unlock_account_permission( core_session, domain_config_data, get_admin_user_module, cleanup_accounts): """ Steps for this scenario using API: 1)Get the domain that needs to be added managed account with add account permission 2)Set the domain account permission 3)Add unmanaged account in that particular domain """ conf = domain_config_data limited_sesh, limited_user = get_admin_user_module name = conf['pas_bat_scenario1_infrastructure_data'][0] data = conf['pas_scenario1_new_accounts'][0] script = "Select * FROM VaultDomain" account_name = f'{data["User_name"]}{guid()}' account_list = cleanup_accounts[0] request = RedrockController.redrock_query(core_session, script) for directory_service in request: if directory_service['Row']['Name'] == name["Domain_name2"]: directory_service = directory_service['Row']['ID'] break permissions = "Grant,View,Edit,Delete,AddAccount,UnlockAccount" result, add_domain_account_success = ResourceManager.set_domain_account_permissions( core_session, permissions, limited_user.get_login_name(), limited_user.get_id(), id=directory_service, pvid=directory_service, rowkey=directory_service) assert add_domain_account_success, f'Failed to set add account permission in the domain {result}' logger.info(f"add account permission set successfully in the Domain.") request, add_account_success = ResourceManager.add_account( core_session, account_name, data["Password"], ismanaged=data["Ismanaged"], domainid=directory_service, description=None) assert add_account_success, f'Failed to set unmanaged account in the domain {request}' logger.info(f"unmanaged account set successfully in the Domain.") account_list.append(request) result = ResourceManager.del_account(core_session, request) assert result, f'failed to delete account with response {result}' logger.info(f"unmanaged account deleted successfully in the Domain.")
def test_check_button_status_after_canceling_account_deleted( core_session, add_single_system, pas_config, users_and_roles): """ TC:C2217 Check button status after canceling account deleted with user who just has Delete permission. :param core_session: Returns a API session. :param add_single_system: Returns a fixture. :param users_and_roles: Fixture to manage roles and user. :param pas_config: Read yaml data. """ # Creating a system. created_system_id, system_details = add_single_system # Creating a account. payload_data = pas_config['Windows_infrastructure_data'] account_id, account_success = ResourceManager.add_account( core_session, payload_data['account_name'], payload_data['password'], created_system_id, payload_data['account_type']) assert account_success, f'Failed to create account: API response result:{account_id}' logger.info(f'Successfully created account:{account_id}') # Cloud user session with "Privileged Access Service Power User". cloud_user_session = users_and_roles.get_session_for_user( 'Privileged Access Service Power User') user_name = cloud_user_session.auth_details['User'] user_id = cloud_user_session.auth_details['UserId'] # Assigning account "Delete" permission. assign_account_result, assign_account_success = ResourceManager.assign_account_permissions( core_session, "Delete", user_name, user_id, 'User') assert assign_account_success, f"Failed to assign account permissions: API response result: {assign_account_result}" logger.info( f'Successfully assigned "Delete" permission to user:{assign_account_result}.' ) # Deleting a account by cloud user. del_account_result, del_account_success = ResourceManager.del_account( cloud_user_session, account_id) assert del_account_success, f"Could not delete account:API response result:{del_account_result}" logger.info(f"Successfully deleted account: {del_account_result}")
def test_create_domain_account(core_session, create_domain, domain_config_data): """ Steps for this scenario using API: 1) Add new Domain 2) Add new Domain Accounts System configuration received through test_pas_bat_domain.yaml stored in config/tests/PAS/PAS_BAT """ domain_id = create_domain conf = domain_config_data data = conf['pas_scenario1_new_accounts'][0] new_account_id, add_account_success = ResourceManager.add_account( core_session, data['User_name'], data['Password'], domainid=domain_id, description="This domain should be " "removed by test automation.") assert add_account_success, f"Failed to add Domain account: {data['User_name']}" logger.info(f"domain account added successfully: {new_account_id}") result = ResourceManager.del_account(core_session, new_account_id) assert result, f'failed to delete account with response {result}'
def test_add_managed_account_without_password(domain_config_data, core_session, core_ui): """ TCID: C1329: Add a managed account without password :param core_ui: To Open the UI :param core_session: To create the session """ conf = domain_config_data name = conf['pas_bat_scenario1_infrastructure_data'][0] domain_name = name["Domain_name3"] data = conf['pas_scenario1_new_accounts'][0] account_name = data['Managed_account'] ui = core_ui ui.navigate("Resources", "Domains") ui.search(domain_name) ui.click_row(GridRow(domain_name)) ui.user_menu("Reload Rights") ui._waitUntilSettled() ui.launch_modal("Add", modal_title="Add Account") ui.expect(CheckedCheckbox("IsManaged"), f'Checkbox is not checked already') expected_tooltip_value = "When enabled, the domain administrative account is used to set and manage a password for this account." ui.input("User", account_name) tooltip_element = ui._searchAndExpect( HoverOnToolTip("x-img tooltip-icon x-box-item x-img-default"), f'Could not able to get the tooltip value') tooltip_element.try_click() actual_tooltip_value = ui._searchAndExpect( Div(expected_tooltip_value), f'could not able to find the tool tip value') actual_tooltip_message = actual_tooltip_value.text assert expected_tooltip_value in actual_tooltip_message, f'tooltip text is not matching' logger.info(f"ToolTip text: {actual_tooltip_value}") ui.button("Add") ui.user_menu("Reload Rights") ui._waitUntilSettled() account_id = None results = ServerManager.get_all_accounts(core_session) for result in results: if result['User'] == account_name: account_id = result['ID'] ui.expect(GridCell("Missing Password"), f'Password is not missing') while True: result, success = ResourceManager.get_account_information( core_session, account_id) if result['VaultAccount']['Row']['Status'] != "Missing Password": break else: continue activity = RedrockController.get_account_activity(core_session, account_id) detail = [] for activity_logs in activity: detail.append(activity_logs['Detail']) assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name}' in detail[0], \ f'could not able to change password' logger.info(f"ToolTip text: {detail}") result, success = ResourceManager.del_account(core_session, account_id) assert success, f"Account did not get deleted" logger.info(f"deleted account response: {success}")
def test_changed_unmanaged_to_managed(domain_config_data, get_admin_user_function, core_session, core_ui): """ TCID: C1331, Add an unmanaged account without password and changed unmanaged to managed :return: """ conf = domain_config_data name = conf['pas_bat_scenario1_infrastructure_data'][0] domain_name = name["Domain_name3"] script = "Select * FROM VaultDomain" request = RedrockController.redrock_query(core_session, script) directory_service_ID = None directory_service_Name = None directory_service_Admin_ID = None for directory_service in request: directory_service = directory_service['Row'] if directory_service['Name'] == name["Domain_name3"]: directory_service_ID = directory_service['ID'] directory_service_Name = directory_service['Name'] directory_service_Admin_ID = directory_service['Administrator'] break permissions = "Grant,View,Edit,Delete,AddAccount" result, add_domain_account_success = ResourceManager.set_domain_account_permissions(core_session, permissions, "System Administrator", "sysadmin", id=directory_service_ID, ptype="Role", pvid=directory_service_ID, rowkey=directory_service_ID) assert add_domain_account_success, f'Failed to set add account permission in the domain {result}' logger.info(f"add account permission set successfully in the Domain.") account, add_domain_success = ResourceManager.get_administrative_account(core_session, "administrator") logger.info(f" Successfully get Domain for adding Administrative account.") assert add_domain_success, f'Failed to get Domain account {account}' name = conf['pas_bat_scenario1_infrastructure_data'] pvid = account[0] domains_name = account[0] domain_name_list = [] for domain_name in name: for key, value in domain_name.items(): domain_name_list.append(value) logger.info(f"Set Administrative account for Domain. {domain_name_list}") result, add_admin_account_success, message = ResourceManager.set_administrative_account(core_session, domain_name_list, pvid=pvid['PVID'], user=domains_name[ 'FullyQualifiedName']) assert add_admin_account_success, f'Failed to set administrative account {message}' logger.info(f"Administrative account Set successfully in the Domain.{message}") result, success = ResourceManager.update_domain_accounts(core_session, directory_service_Name, directory_service_Admin_ID, directory_service_ID, allowautomaticaccountmaintenance=True) assert success, f'failed to update the domain' logger.info(f"update account successfully in the Domain{result}") data = conf['pas_scenario1_new_accounts'][0] account_name = data['Managed_account'] ui = core_ui ui.navigate("Resources", "Domains") ui.search(domain_name['Domain_name3']) ui.click_row(GridRow(domain_name['Domain_name3'])) ui.user_menu("Reload Rights") ui._waitUntilSettled() ui.launch_modal("Add", modal_title="Add Account") ui.input("User", account_name) ui.uncheck("IsManaged") ui.button("Add") ui.expect(GridCell("Missing Password"), f'Password is not missing') ui.right_click(GridCell(account_name)) right_click_values = ui.get_list_of_right_click_element_values("Update Password") assert "Checkout" not in right_click_values, f'Checkout option is appeared' logger.info(f"All right click option:{right_click_values}") account_id = None results = ServerManager.get_all_accounts(core_session) for result in results: if result['User'] == account_name: account_id = result['ID'] added_account = ui._searchAndExpect(GridCell(account_name), f'account is not getting added') added_account.try_click() ui._waitUntilSettled() ui.tab("Settings") ui.check("IsManaged") ui.save() ui._waitUntilSettled() ui.expect(DisabledButton("Save"), f'Account did not get managed') result = RedrockController.get_account_activity(core_session, account_id) counter = 0 while counter < 10: result = RedrockController.get_account_activity(core_session, account_id) if result[0]['Detail'].__contains__("SYSTEM$"): break counter += 1 assert f'SYSTEM$ changed domain account "{account_name}" password for {domain_name["Domain_name3"]}' in result[0]['Detail'], f'could not able to change password' logger.info(f"All Activity's are: , {result}") result, success = ResourceManager.del_account(core_session, account_id) assert success, f'Account did not get delete{result}' logger.info(f"Account got deleted successfully, {result}")
def test_check_message_no_system(core_session, users_and_roles): """ TC:C2047 Check message when there are no systems. :param:core_session:Returns a API session. :param:users_and_roles:Fixture to manage roles and user. :param:cleanup_resources: Fixture for cleanup resources. """ # finding all systems for cleanup: acc_script = "@/lib/server/get_accounts.js(mode:'AllAccounts', newcode:true, localOnly:true, colmemberfilter:" \ "'Select ID from VaultAccount WHERE Host IS NOT NULL')" acc = RedrockController.redrock_query(core_session, acc_script) for account in acc: if account['Row']['FQDN'] == "Check.Point": # Removing Admin Account for successful cleanup of system and account result, success, message = ResourceManager.set_administrative_account( core_session, systems=[account['Row']['Host']]) assert success, f"Failed to update Administrative account for system {account['Row']['Name']}" # Removing Admin Account for successful cleanup of system and account update_result, update_success = ResourceManager.update_system( core_session, account['Row']['Host'], account['Row']['Name'], account['Row']['FQDN'], 'CheckPointGaia', sessiontype=account['Row']['SessionType']) assert update_success, f"Unable to remove admin account from this system: {account['Row']['Host']}" logger.info(f'System successfully updated with result: {result}') # deleting administrative account from this system del_result, del_success = ResourceManager.del_account( core_session, account['Row']['ID']) assert del_success, "Account could not be deleted" logger.info( f'account successfully deleted with result: {del_result}') # Removing Admin Account for successful cleanup of system and account result, success, message = ResourceManager.set_administrative_account( core_session, systems=[account['Row']['Host']]) assert success, f"Failed to update Administrative account for system {account['Row']['Name']}" accounts = RedrockController.redrock_query(core_session, acc_script) for account in accounts: ResourceManager.del_account(core_session, account['Row']['ID']) # Delete computers from tenant system = RedrockController.get_computers(core_session) for SYS in system: ResourceManager.del_system(core_session, SYS["ID"]) # Trying to get the data from system_by_type on dashboard and expecting no data or an empty list. get_system_type_result = RedrockController.get_system_type_dashboard_pie_chart( core_session) assert len(get_system_type_result) == 0, f"Data found in system_by_type in dashboard:" \ f"API response result:{get_system_type_result}" logger.info( f"Could not found any data in system_by_type on" f" dashboard in without any system in tenant{get_system_type_result}") # Trying to get the data form system health on dashboard and expecting no data or an empty list. get_system_health_dashboard = RedrockController.get_systems_health_dashboard( core_session) assert len(get_system_health_dashboard) == 0, f"Data found in system health in dashboard:" \ f" API response result:{get_system_health_dashboard}" logger.info( f"Could not found any data in system health on " f"dashboard without any system in tenant{get_system_health_dashboard}")