def test_update_managed_account(pas_setup, core_session, pas_config):
"""
:param pas_config:
:param pas_setup: Fixture for adding a system and an account associated with it.
:param core_admin_ui: Authenticated Centrify Session.
:param core_session: Authenticated Centrify Session.
TC: C2547 - Update managed account
trying to Update managed account password
Steps:
Pre: Create system with 1 manage account hand
1. Try to update invalid password
-Assert Failure
2. Try to update valid password
-Assert Failure
3. Try to check password history
"""
user_name = core_session.get_user().get_login_name()
System_configurations_from_yaml = pas_config
system_data = System_configurations_from_yaml[
'Windows_infrastructure_data']
added_system_id, account_id, sys_info = pas_setup
Result, success = ResourceManager.update_password(core_session, account_id,
guid())
assert success, "Did not update password"
Result, success = ResourceManager.update_password(core_session, account_id,
system_data['password'])
assert success, "Did not update password"
result, success = ResourceManager.check_out_password(
core_session, 1, account_id)
assert success, "Did not retrieve password"
query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \
f"'{account_id}' and StateUpdatedBy='{user_name}' and State='Retired'"
password_history = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))[0]
assert len(password_history) > 0, "Password history table did not update"
def test_check_ui_on_subnet_mapping_page(core_session, cleanup_system_subnet_mapping):
"""
TC:C2197 Check UI on Subnet Mappings page.
1) Login Admin Portal as cloud admin
2) Add System subnet mapping by calling API add_system_subnet_mapping
3) Checking through UI for assertion
:param core_session: Authenticated Centrify session.
:param core_admin_ui: Authenticated Centrify browser session.
:param: cleanup_system_subnet_mapping: cleanup for created system subnet.
"""
subnet = Configs.get_environment_node('update_discovery_profile',
'automation_main')['port_scan_scope']['subnet_mask']
subnet_list = cleanup_system_subnet_mapping
# Adding System Subnet Mapping.
result, success, message = ResourceManager.add_system_subnet_mapping(core_session, subnet, chooseConnector="on")
system_subnet_id = result['ID']
assert success, f'Failed to add System subnet mapping with API response: {message}'
subnet_list.append(system_subnet_id)
logger.info(f"System subnet mapping added successfully, {system_subnet_id}")
# Checking on ui for assertion
query = "select * from ProxyGroup"
results = RedrockController.get_result_rows(RedrockController.redrock_query(core_session, query))
assert results[0]['Subnet'] == subnet, \
f'Failed to see the detail of System Subnet Mapping with API response: {message}'
def _validate_aapm_agent_details(session, agent_ids, expected):
query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM')
results = RedrockController.get_result_rows(
RedrockController.redrock_query(session, query))
# make sure num of systems match
assert len(results) == len(agent_ids)
for row in results:
assert row["FeatureAAPM"] is expected
def _wait_for_systems_validation(session, agent_ids, expected, intervals_to_wait=600, delay=1):
while intervals_to_wait > 0:
query = RedrockController.get_query_for_ids('centrifyclients', agent_ids, columns='ResourceID, FeatureAAPM')
results = RedrockController.get_result_rows(
RedrockController.redrock_query(session, query))
logger.info(results)
# make sure num of systems match
assert len(results) == len(agent_ids)
row = results[0]
if row["FeatureAAPM"] is expected:
return True
if delay > 0:
time.sleep(delay)
intervals_to_wait = intervals_to_wait - 1
return False
def start_proxy_with_machinename(core_session, start_stop_proxy, machineName):
proxycontrol = start_stop_proxy
proxy_query = f"select ID, Online, Version, MachineName from Proxy order by Online DESC"
rows = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, proxy_query))
for item in rows:
try:
if str(item['MachineName']).lower() == machineName.lower():
if item['Online'] == True:
return item["ID"]
proxycontrol(item["ID"], True)
return item["ID"]
except Exception: # there will be multiple proxies with same machine name
logger.debug(
f"Failed to start connector {item['ID']}, Name {item['MachineName']}, ignoring "
)
return None
def test_update_un_managed_account(pas_windows_setup, core_session):
"""
:param pas_windows_setup: Fixture for adding a system and an account associated with it.
:param core_session: Authenticated Centrify Session.
TC: C2548 - Update un managed account
trying to Update un managed account password
Steps:
Pre: Create system with 1 un manage account hand
1. Try to update valid password
-Assert Failure
2. Try to get activity of updated password
-Assert Failure
3. Try to check password history
"""
user_name = core_session.get_user().get_login_name()
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
logger.info(
f"System: {sys_info[0]} successfully added with UUID: {system_id} and account: {sys_info[4]} "
f"with UUID: {account_id} associated with it.")
Result, success = ResourceManager.update_password(core_session, account_id,
guid())
assert success, f"Did not update password, API Response: {Result}"
logger.info(f'user not able to update password, API Response::{Result}')
row = ResourceManager.get_system_activity(core_session, system_id)
assert f'{user_name} updated local account "{sys_info[4]}" password for "{sys_info[0]}"' in row[0]['Detail'], \
"user not able to update un managed account password"
logger.info(
f'account activity logs for un manage account API response:{row}')
result, success = ResourceManager.check_out_password(
core_session, 1, account_id)
assert success, f"Did not retrieve password API response: {result}"
logger.info(f'user not able to retrieve password API response:{result}')
query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \
f"'{account_id}' and StateUpdatedBy='{user_name}' and State='Retired'"
password_history = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))[0]
assert len(
password_history
) > 0, f"Password history table did not update {password_history}"
logger.info(f'Password history table API response:{password_history}')
def test_iam_account_correct_data(core_session,
fake_cloud_provider_iam_account):
account_id, username = fake_cloud_provider_iam_account
query = f"SELECT VaultAccount.CredentialType, VaultAccount.ID, VaultAccount.User FROM VaultAccount WHERE ID='{account_id}'"
results = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))
assert len(results) == 1, f"Expected exactly one result {results}"
result = results[0]
expected_result = {
'ID': account_id,
'User': username,
'CredentialType': 'AwsAccessKey'
}
if '_TableName' in result:
del result['_TableName']
assert result == expected_result, f"Unexpected data in results {result}"
def test_system_delete(pas_setup, core_admin_ui, core_session):
"""C2571 Delete systems
Steps:
Pre: Create system with 1 manage account hand
1. Try to delete system
-Assert Failure
2.check on the SecretName
-Assert Failure
"""
ui = core_admin_ui
# Step 1: create a system along with on account
added_system_id, account_id, sys_info = pas_setup
logger.info(
f"System: {sys_info[0]} successfully added with UUID: {added_system_id} and account: {sys_info[4]} "
f"with UUID: {account_id} associated with it.")
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.right_click_action(GridRowByGuid(added_system_id), 'Delete')
ui.switch_context('System Delete')
email_id = ui._searchAndExpect(TextField('SecretName'),
"Not able to get the data from textbox")
get_email_id = email_id.get_value_from_attribute('value')
ui.remove_context()
ui.button('Delete')
# Step 2: Fetch the all secrets from data vault and compare
query = 'Select * FROM DataVault'
rows = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))
delete = []
for row in rows:
if row['SecretName'].find(get_email_id) == -1:
delete.append(row['ParentPath'])
else:
logger.info(f"no data found:{delete}")
assert 'Bulk Delete' in delete, "User not deleted system and there is no data"
logger.info(
f'Successfully deleted a system and generated bulk delete secret')
def test_root_account(core_session, fake_cloud_provider_root_account):
account_id, username, password, cloud_provider_id, test_did_cleaning = fake_cloud_provider_root_account
query = f"SELECT VaultAccount.CredentialType, VaultAccount.ID, VaultAccount.User FROM VaultAccount WHERE ID='{account_id}'"
results = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))
assert len(results) == 1, f"Expected exactly one result {results}"
result = results[0]
expected_result = {
'ID': account_id,
'User': username,
'CredentialType': 'Password'
}
if '_TableName' in result:
del result['_TableName']
assert result == expected_result, f"Unexpected data in results {result}"
# todo cloud provider ID appears in secret (it doesn't, which is a problem)
def test_update_database_settings_page(core_session, database_config,
cleanup_resources):
"""
TC: C281881 Update Database Settings page
:param core_session: Authenticated Centrify session
:param database_config:fixture to create database with accounts
:param cleanup_resources:cleans up resources
"""
# Creating a database
database_list = cleanup_resources[2]
db_data = database_config['sql_db_config']
db_name = f"{db_data['db_name']}{guid()}"
db_description = "Test Description"
default_checkout_time = 15
db_result, db_success = ResourceManager.add_database(
core_session,
name=db_name,
port=None,
fqdn=db_data['hostname'],
databaseclass=db_data['databaseclass'],
description=db_description,
instancename=db_data['instancename'],
servicename=db_data['servicename'])
assert db_success, f'Failed to create database without defined port:API response result:{db_result}'
logger.info(
f'Successfully created database without defined port :{db_result}')
database_list.append(db_result)
# Updating the database setting
update_db_res, update_db_success = ResourceManager.update_database(
core_session,
db_result,
db_name,
db_data['hostname'],
db_data['port'],
db_description,
db_data['instancename'],
DefaultCheckoutTime=default_checkout_time,
allowmultiplecheckouts=True)
assert update_db_success, f"Fail to update database: API response result:{update_db_res}"
logger.info(f"Successfully updated database with port:{update_db_res}")
# Query for database description
query_description = f"SELECT VaultDatabase.Description FROM VaultDatabase where VaultDatabase.Name='{db_name}'"
description_check = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query_description))
assert description_check[0][
'Description'] == db_description, "Password history table did not update"
logger.info('Password history table API response')
# Query for database default checkout time
query_default_checkout_time = f"SELECT VaultDatabase.DefaultCheckoutTime FROM VaultDatabase where " \
f"VaultDatabase.Name='{db_name}' "
checkout_value_check = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session,
query_default_checkout_time))
assert checkout_value_check[0]['DefaultCheckoutTime'] == default_checkout_time, "Password history table did not " \
"update "
logger.info('Password history table API response')
# Query for allow multiple checkouts
query_allow_multiple_checkouts = f"SELECT VaultDatabase.AllowMultipleCheckouts FROM VaultDatabase where " \
f"VaultDatabase.Name='{db_name}' "
allow_multiple_checkouts_value_check = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session,
query_allow_multiple_checkouts))
assert allow_multiple_checkouts_value_check[0]['AllowMultipleCheckouts'] is True, "Allow multiple " \
"checkouts value is False"
logger.info('Allow multiple checkouts value is True')
def test_update_manage_proxy_account(pas_config, core_session, winrm_engine,
remote_users_qty3, test_proxy,
cleanup_accounts, cleanup_resources):
"""
TC: C2549 - Update managed account with using proxy account
trying to Update managed account with using proxy account
Steps:
Pre: Create system with 1 proxy and manage account hand
1. Try to update invalid password for proxy account
-Assert Failure
2. Try to update valid password for proxy account
-Assert Failure
3. Try to check activity log's
-Assert Failure
4. Try to check password history
"""
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
sys_details = pas_config
add_user_in_target_system = remote_users_qty3
user_password = '******'
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Update system with proxy user
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=user_password,
proxyuserismanaged=True)
assert update_sys_success, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Update system with proxy user password.
update_sys_success, update_sys_result = ResourceManager.update_system(
core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
proxyuser=add_user_in_target_system[1],
proxyuserpassword=guid(),
proxyuserismanaged=True)
assert update_sys_result is False, f'Fail to update the system:API response result: {update_sys_result}'
logger.info(f"Successfully update the system:{update_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
# set a different password for the user
update_user_password(winrm_engine, add_user_in_target_system[1],
user_password)
user_name = core_session.get_user().get_login_name()
# rotate password for manage account
result, success = ResourceManager.rotate_password(core_session, acc_result)
assert success, f"Did not Rotate Password {result}"
logger.info(
f'account activity logs for un manage account API response:{result}')
result, success = ResourceManager.check_out_password(
core_session, 1, acc_result)
assert success, f"Did not retrieve password {result}"
logger.info(
f'account activity logs for un manage account API response:{result}')
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} checked out local account "{add_user_in_target_system[0]}" ' \
f'password for system "{sys_name}"({fdqn})' in \
row[0]['Detail'], "user not able to update un managed account password"
logger.info(
f'account activity logs for un manage account API response:{row}')
query = f"select EntityId, State, StateUpdatedBy, StateUpdatedTime from PasswordHistory where EntityId=" \
f"'{acc_result}' and StateUpdatedBy='{user_name}' and State='Retired'"
password_history = RedrockController.get_result_rows(
RedrockController.redrock_query(core_session, query))[0]
assert len(
password_history
) > 0, f"Password history table did not update {password_history}"
logger.info(f'Password history table API response:{password_history}')
