def test_bulk_account_delete_performs_quickly(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
# test constants
large_number_for_stress_testing = 50 # tested once with higher numbers but reduced for quick execution
reasonable_amount_of_time_to_execute = 90
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, large_number_for_stress_testing // 2,
list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, large_number_for_stress_testing // 2,
list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2])
start_time = time.time()
result, success = ResourceManager.del_multiple_accounts(
core_session, all_accounts)
assert success, "Api did not complete successfully for bulk account delete " + result
end_time = time.time()
elapsed_time = end_time - start_time
assert elapsed_time <= reasonable_amount_of_time_to_execute, \
"Did not complete operation in a reasonable amount of time"
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == 0, "Expected 0 added accounts found"
assert len(
ResourceManager.get_multi_added_system_ids(
core_session, all_systems)) == 2, "Expected 2 added systems found"
def test_delete_live_aws_access_keys_stores_secret_when_deleting_account(core_session, cloud_provider_ec2_account_config, live_aws_cloud_provider, secret_cleaner, user):
cloud_provider_id, test_deleted_provider, _populate_iam_user_with_access_keys = live_aws_cloud_provider
account_id = _populate_iam_user_with_access_keys(user)
secret_name = f"aws_cloud_provider_api_{guid()}"
result, success = ResourceManager.del_multiple_accounts(core_session, [account_id], save_passwords=True, secret_name=secret_name, run_sync=True)
assert success, "Api did not complete successfully for bulk account delete MSG: " + result
secret_file_contents = ResourceManager.fetch_and_delete_secret(core_session, secret_name, secret_cleaner)
iam_user = cloud_provider_ec2_account_config[user]
access_key_1 = iam_user['access_key_1']
access_key_2 = iam_user['access_key_2']
cloud_account_id = cloud_provider_ec2_account_config['id']
assert cloud_account_id in secret_file_contents, f"Cloud Account ID absent from secret file {secret_file_contents}"
assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
assert access_key_1['id'] in secret_file_contents, f"Access key absent from secret file {secret_file_contents}"
assert access_key_1['secret'] in secret_file_contents, f"Access key secret absent from secret file {secret_file_contents}"
assert access_key_2['id'] in secret_file_contents, f"Access key 2 absent from secret file {secret_file_contents}"
assert access_key_1['secret'] in secret_file_contents, f"Access key 2 secret absent from secret file {secret_file_contents}"
def test_bulk_account_delete_accounts_activity_fast_track(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
delete_ids, _ = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
ResourceManager.del_multiple_accounts(core_session, delete_ids)
row = ResourceManager.get_system_activity(core_session, all_systems.pop())
activity_details = []
for system_activity in row:
if system_activity['EventType'] == "Cloud.Server.ServerAdd":
activity_details.append(system_activity["Detail"])
assert len(activity_details
) == 1, "Wrong dumber of delete activities for the account"
def test_bulk_account_delete_generates_secret_with_ssh_accounts(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems, secret_cleaner, core_tenant):
batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts(
core_session,
2,
2,
list_of_created_systems,
system_prefix=f'test_ssh',
user_prefix=f'test_usr_ssh')
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1])
secret_name = "TestSecret-" + str(
ResourceManager.time_mark_in_hours()) + "-" + guid()
result, success = ResourceManager.del_multiple_accounts(
core_session,
all_accounts,
save_passwords=True,
secret_name=secret_name)
assert success, "Api did not complete successfully for bulk account delete MSG: " + result
ResourceManager.wait_for_secret_to_exist_or_timeout(
core_session, secret_name)
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is not None, "Secret not found"
secret_cleaner.append(secret_id)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == 0, "Expected zero added accounts remain"
user_name = core_tenant['admin_user']
user_id = UserManager.get_user_id(core_session, user_name)
result, success = set_users_effective_permissions(core_session, user_name,
"View,Edit,Retrieve",
user_id, secret_id)
assert success, f"Did not set secret permission successfully with message {result}"
secret_file_contents = get_file_secret_contents(core_session, secret_id)
assert secret_file_contents.count("\n") == 1 + len(
all_accounts
), f"Secret file contained the wrong number of lines {secret_file_contents}"
assert secret_file_contents.count("AutomationTestKey") == len(
all_accounts
), f"Secret file contained the wrong number of keys {secret_file_contents}"
for server_id in all_systems:
assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}"
for account_id in all_accounts:
assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_bulk_account_delete_multiple_accounts_activity(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 3, list_of_created_systems)
all_systems, _ = DataManipulation.aggregate_lists_in_dict_values([batch])
delete_ids = ResourceManager.get_multi_added_account_ids(
core_session, all_systems)
ResourceManager.del_multiple_accounts(core_session, delete_ids)
system_activities = ResourceManager.get_system_activity(
core_session, all_systems.pop())
activity_details = []
for activity in system_activities:
if activity['EventType'] == "Cloud.Server.ServerAdd":
activity_details.append(activity["Detail"])
assert len(activity_details
) == 1, "Wrong number of delete activities for the account"
def test_app_management_user_can_create_job_but_not_delete_accounts(
clean_bulk_delete_systems_and_accounts, core_session, core_tenant,
clean_users, users_and_roles, list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
assert len(
ResourceManager.get_multi_added_system_ids(
core_session,
all_systems)) == 2, "Added systems not reflected in search"
assert len(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == 4, "Added accounts not reflected in search"
requestor_session = users_and_roles.get_session_for_user(
'Application Management')
job_id, result = ResourceManager.del_multiple_accounts(
requestor_session, all_accounts)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
assert len(ResourceManager.get_multi_added_system_ids(core_session,
all_systems)) == 2, \
"Expected 2 added systems to be found, but received different number"
assert len(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == 4, \
"Expected 4 added accounts to be found, but received different number"
user_info = requestor_session.get_current_session_user_info().json(
)['Result']
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Start.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Failure.Multi'
start_message = f'{username} initiated delete of {len(all_accounts)} accounts'
end_message = f'{username} failed to delete {len(all_accounts)} of {len(all_accounts)} accounts'
RedrockController.expect_event_message_by_type(core_session, start_type,
start_message)
RedrockController.expect_event_message_by_type(core_session, end_type,
end_message)
def test_ui_check_bulk_delete_account_caution(core_session, core_admin_ui,
list_of_created_systems):
"""
Test case: C3086
:param core_session: Returns API session
:param core_admin_ui: Centrify admin Ui session
:param list_of_created_systems: creating a empty list of created systems.
"""
account_name_prefix = f'account_test{guid()}'
# adding multiple systems with accounts
result = ResourceManager.add_multiple_systems_with_accounts(
core_session,
1,
2,
list_of_created_systems,
user_prefix=account_name_prefix)
# arranging the results in the lists
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[result])
ui = core_admin_ui
ui.navigate('Resources', 'Accounts')
account_names = []
for account in all_accounts:
# getting the account information
query_result, query_success = ResourceManager.get_account_information(
core_session, account)
account_names.append(query_result['VaultAccount']['Row']['User'])
ui.search(account_name_prefix)
ui.action('Delete accounts', account_names)
ui.switch_context(Modal('Bulk Account Delete'))
ui.expect(Label("Save password to secret"),
"Expected to see the label of save the password")
ui.expect(
Div("Deleting an account means we will no longer know the password."
" Saving deleted account passwords to a secret is recommended until you are sure they are "
"no longer needed."), "Expected to see the Caution message.")
result, success = ResourceManager.del_multiple_systems(
core_session, all_systems)
assert success is True, f'Delete systems job failed when expected success'
logger.info(f"Delete systems job executed successfully {result}")
result_acc, success_acc = ResourceManager.del_multiple_accounts(
core_session, all_accounts)
assert success_acc, f"Api did not complete successfully for bulk account delete MSG:{result_acc}"
def test_bulk_account_delete_by_ids_only_deletes_correct_accounts(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 2, list_of_created_systems)
batch3 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 4, 6, list_of_created_systems)
batch4 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 8, list_of_created_systems)
batch5 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 5, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2, batch3, batch4, batch5])
delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
result, success = ResourceManager.del_multiple_accounts(
core_session, delete_ids)
assert success, "Api did not complete successfully for bulk account delete MSG: " + result
assert set(
ResourceManager.get_multi_added_system_ids(
core_session, all_systems).values()) == set(
all_systems), "Wrong set of added systems found"
assert set(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == set(keep_ids), "Wrong set of added accounts found"
user_info = core_session.get_current_session_user_info().json()['Result']
username = user_info['Name']
start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Start.Multi'
end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Success.Multi'
start_message = f'{username} initiated delete of {len(delete_ids)} accounts'
end_message = f'{username} successfully deleted {len(delete_ids)} accounts'
RedrockController.expect_event_message_by_type(core_session, start_type,
start_message)
RedrockController.expect_event_message_by_type(core_session, end_type,
end_message)
def test_missing_permissions_on_bulk_account_delete(
clean_bulk_delete_systems_and_accounts, core_session, core_tenant,
clean_users, users_and_roles, list_of_created_systems):
right_data = [
"Privileged Access Service Power User",
"role_Privileged Access Service Power User"
]
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 3, 3, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
has_permission_ids, missing_permission_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
requester_session = users_and_roles.get_session_for_user(right_data[0])
results_role = users_and_roles.get_role(right_data[0])
permissions_dict = dict.fromkeys(
has_permission_ids,
'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin'
)
permissions_dict.update(
dict.fromkeys(
missing_permission_ids,
'Owner,View,Manage,Login,Naked,UpdatePassword,FileTransfer,'
'UserPortalLogin'))
for account_id, permission_string in permissions_dict.items():
result, success = ResourceManager.assign_account_permissions(
core_session, permission_string, results_role['Name'],
results_role['ID'], "Role", account_id)
assert success, "Did not set account permissions " + str(result)
api_results, success = ResourceManager.del_multiple_accounts(
requester_session, all_accounts, run_sync=True)
assert not success, f"Expected fail result from missing permissions during test_missing_permissions_on_bulk_account_delete {api_results}"
assert set(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == set(missing_permission_ids)
def test_ui_check_job_details_page(core_session, core_admin_ui, list_of_created_systems):
"""
Test case: C1674
:param core_session: Returns API session
:param core_admin_ui: Centrify admin Ui session
:param list_of_created_systems: returns the empty systems list.
"""
account_name_prefix = f'account_test{guid()}'
# adding multiple systems with accounts
result = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems,
user_prefix=account_name_prefix)
# arranging the results in the lists
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([result])
# Deleting systems for creating bulk delete scheduled report
result_acc, success_acc = ResourceManager.del_multiple_accounts(core_session, all_accounts)
assert success_acc, f"Api did not complete successfully for bulk account delete MSG:{result_acc}"
# Deleting accounts for creating bulk delete scheduled report
result, success = ResourceManager.del_multiple_systems(core_session, all_systems)
assert success, f'Delete systems job failed when expected success'
logger.info(f"Delete systems job executed successfully {result}")
# Going to password storage page and click on migration job status link.
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Password Storage", check_rendered_tab=False)
ui.expect(Anchor("View Migration Job Status and Reports "), "Clicking migration job status").try_click(
Span(text="Type"))
ui.switch_to_newest_tab()
ui._waitUntilSettled()
ui.click_row(GridRowByGuid(result))
ui.expect(Span("Details"), "Clicking migration job status").try_click(Div("Job Details"))
ui.expect_value(Div(result), value=None, expected_value=result,
wrong_value_message="expected id value is not matched in the report",
text=True)
logger.info("Id value in the Job description appeared correctly")
def test_overlapping_redundant_requests_succeed(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 16, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 15, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch1, batch2])
all_accounts_list = list(all_accounts)
random.shuffle(all_accounts_list)
delete_ids1, keep_ids1 = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts_list[1::]
) # by excluding the first, we ensure one account is guaranteed to remain
delete_ids2, _ = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts_list[1::])
delete_ids3, _ = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts_list[1::])
ResourceManager.del_multiple_accounts(core_session,
delete_ids1,
wait_time=-60)
ResourceManager.del_multiple_accounts(core_session,
delete_ids2,
wait_time=-60)
ResourceManager.del_multiple_accounts(core_session,
delete_ids3) # wait on final call
all_delete = set(delete_ids1).union(delete_ids2).union(delete_ids3)
assert len(
ResourceManager.get_multi_added_account_ids(
core_session, all_systems)) == len(all_accounts) - len(
all_delete), "Wrong number of remaining added accounts found"
assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 2, \
"Wrong number of remaining added systems found"
def test_other_user_cant_see_secret_created_by_first_user_in_bad(
core_session, users_and_roles, created_system_id_list, swap_roles):
roles = [
"Privileged Access Service Administrator",
"Privileged Access Service Power User"
]
if swap_roles:
roles_new = [roles[1], roles[0]]
roles = roles_new
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 2, created_system_id_list)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
deleter_user_0_session = users_and_roles.get_session_for_user(roles[0])
deleter_user_0_role = users_and_roles.get_role(roles[0])
other_user_1_session = users_and_roles.get_session_for_user(roles[1])
for account_id in all_accounts:
permission_string = 'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin'
result, success = ResourceManager.assign_account_permissions(
core_session, permission_string, deleter_user_0_role['Name'],
deleter_user_0_role['ID'], "Role", account_id)
assert success, "Did not set account permissions " + str(result)
for system_id in all_systems:
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount'
result, success = ResourceManager.assign_system_permissions(
core_session, permission_string, deleter_user_0_role['Name'],
deleter_user_0_role['ID'], "Role", system_id)
assert success, "Did not set system permissions " + result
parent_folder = get_folder(deleter_user_0_session, "Bulk Delete")
assert not parent_folder[
'success'], "Should not be able to see folder before bulk delete operation as new user"
secret_name = f"secret{guid()}"
job_id, result = ResourceManager.del_multiple_accounts(
deleter_user_0_session,
all_accounts,
save_passwords=True,
secret_name=secret_name)
result = ResourceManager.get_job_state(core_session, job_id)
assert result == "Succeeded", "Job did not execute"
parent_folder = get_folder(deleter_user_0_session, "Bulk Delete")
assert parent_folder[
'success'], "Should be able to see folder before bulk delete operation as new user"
remaining_accounts = set(
ResourceManager.get_multi_added_account_ids(core_session,
created_system_id_list))
assert remaining_accounts == set(
), "Remaining accounts did not match expectation"
secret_id = RedrockController.get_secret_id_by_name(
deleter_user_0_session, secret_name)
assert secret_id is not None, f"Secret was not visible to creator '{roles[0]}' user, either because it " \
f"wasn't created or because of a permissions issue"
secret_id = RedrockController.get_secret_id_by_name(
other_user_1_session, secret_name)
assert secret_id is None, f"Secret should not be '{roles[1]}' user when created by '{roles[0]}' user"
secret_id = RedrockController.get_secret_id_by_name(
core_session, secret_name)
assert secret_id is not None, f"Sys admin should be able to see secret created by {roles[0]}"
def test_ui_check_job_details_page_values(core_session, core_admin_ui, list_of_created_systems):
"""
Test case: C1670
:param core_session: Returns API session
:param core_admin_ui: Centrify admin Ui session
:param list_of_created_systems: returns the empty systems list.
"""
account_name_prefix = f'account_test{guid()}'
# adding multiple systems with accounts
result = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems,
user_prefix=account_name_prefix)
# arranging the results in the lists
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([result])
# Deleting systems for creating bulk delete scheduled report
result_acc, success_acc = ResourceManager.del_multiple_accounts(core_session, all_accounts)
assert success_acc, f"Api did not complete successfully for bulk account delete MSG:{result_acc}"
# Deleting accounts for creating bulk delete scheduled report
result_sys, success = ResourceManager.del_multiple_systems(core_session, all_systems)
assert success, f'Delete systems job failed when expected success'
logger.info(f"Delete systems job executed successfully {result_sys}")
# Going to password storage page and click on migration job status link.
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Password Storage", check_rendered_tab=False)
ui.expect(Anchor("View Migration Job Status and Reports "), "Clicking migration job status").try_click()
ui.switch_to_newest_tab()
ui._waitUntilSettled()
ui.click_row(GridRowByGuid(result_sys))
ui.expect(Span("Details"), "Clicking migration job status").try_click(Div("Job Details"))
# Checking the Job Id of system.
ui.expect_value(Div(result_sys), value=None, expected_value=result_sys,
wrong_value_message="expected id value is not matched in the report",
text=True)
logger.info("Id value in the Job description appeared correctly")
# List of the Expected text from Job Details
list_of_text = ['Job Information', 'Type', 'ID', 'Description', 'Submitted', 'Started', 'Completed',
'Retry Count', 'Items Synced', 'Items Failed']
# Getting the Job history
job_history = JobManager.get_job_history(core_session)
# Validating the Job history expected title appeared correctly on UI.
for label in list_of_text:
ui.expect_value(Label(label), value=None, expected_value=label,
wrong_value_message=f"expected {label} value is not matched in the report",
text=True)
logger.info(f"expected {label} value is matched in the report")
delete_scheduled_job = []
check_text = []
if job_history[1]['JobName'] == 'BulkSystemDelete':
account_bulk_delete_schedule_id = job_history[0]['ID']
System_bulk_delete_schedule_id = job_history[1]['ID']
System_jobdescription = job_history[1]['JobDescription']
System_jobName = job_history[1]['JobName']
check_text.append(System_bulk_delete_schedule_id)
check_text.append(System_jobdescription)
check_text.append(System_jobName)
check_text.append(account_bulk_delete_schedule_id)
delete_scheduled_job.append(System_bulk_delete_schedule_id)
ui.switch_context(RenderedTab("Job Details"))
# Validating the Job history results from API appeared correctly on UI.
for text in check_text:
ui.expect_value(Div(text), value=None, expected_value=text,
wrong_value_message=f"expected {text} value is not matched in the report",
text=True)
logger.info(f"expected {text} value is matched in the report")
# Deleting the Scheduled jobs of Bulk System's and Account's
for delete in delete_scheduled_job:
result_account_delete, success, response = Discovery.delete_job_history(core_session, delete)
assert success, f"Failed to delete Job history profile {result_account_delete}"
logger.info(f"delete Job history profile with id {delete} successful {success}")
