def test_move_folder_into_a_similarly_named_folder(core_session,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
C3042: test method to create folders B1,B11,B1.1 at same level
1) Move Folder B1 to B11 & verify move is successful.
2) Move Folder B1 to B1.1 & verify move is successful.
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
params = pas_general_secrets
prefix = guid()
folder_list = cleanup_secrets_and_folders[1]
# Creating folder B1
folder_success, folder_parameters, folder_id = create_folder(
core_session,
prefix + params['folder_name_move'],
params['description'])
assert folder_success, f'Failed to create a folder with b1:{folder_parameters["Message"]}'
logger.info(f' Folder b1 created successfully: {folder_success} & details are {folder_parameters}')
folder_list.insert(0, folder_id)
# Creating folder B11
new_folder_success, new_folder_parameters, new_folder_id = create_folder(
core_session,
prefix + params['folder_name_move_simi'],
params['description'])
assert new_folder_success, f'Failed to create a folder with b11:{new_folder_id}'
logger.info(f' New Folder b11 created successfully: {new_folder_success} & details are {new_folder_parameters}')
folder_list.insert(1, new_folder_id)
# Creating folder B1.1
success, parameters, id_folder = create_folder(
core_session,
prefix + params['folder_name_move_similar'],
params['description'])
assert success, f'Failed to create a folder with b1.1 {parameters["Message"]}'
logger.info(f' Folder b1.1 created successfully: {success} & details are {parameters}')
# As the cleanup is not working accordingly due to multiple moves so ids are
# inserted like this
folder_list.insert(2, id_folder)
# Moving Folder B1 into B11
result_move = move_folder(core_session, folder_id, new_folder_id)
assert result_move['success'], f'Not Able to Move Folder B1 into B11: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
# Moving Folder B1 into B1.1
result_move = move_folder(core_session, folder_id, id_folder)
assert result_move['success'], f'Not Able to Move Folder B1 into B1.1: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
def test_add_a_sub_folder_with_add_permission_on_the_parent_folder(
core_session, create_secret_folder, pas_general_secrets,
cleanup_secrets_and_folders):
"""
test method to add a Sub Folder inside a Parent Folder
when ADD permissions are enabled for the Parent Folder
:param core_session: Authenticated Centrify Session
:param create_secret_folder: Fixture to create a folder & yields folder related details
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
folder_prefix = guid()
folder_success, folder_parameters, sub_folder_id = create_folder(
core_session,
folder_prefix + folder_params['name'],
folder_params['description'],
parent=folder_id)
assert folder_success, \
f'Failed to add another folder means No ADD permissions for the folder:{folder_parameters["Result"]}'
logger.info(f'Folder added successfully: {folder_success}')
folders_list.insert(0, sub_folder_id)
def test_move_secret_to_different_folder_with_member_permission_edit_on_source_folder_for_user_a(
core_session, users_and_roles, create_secret_inside_folder,
pas_general_secrets, cleanup_secrets_and_folders):
"""
test method to move a secret to another folder with "EDIT" member permissions on source folder for User A
:param core_session: Authenticated Centrify Session.
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_inside_folder: Fixture to create text type secret inside folder &
yields folder & secret details.
:param pas_general_secrets: Fixture to read secret data from yaml file.
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folder_id_list, folder_name, secret_id_list = create_secret_inside_folder
folders_list = cleanup_secrets_and_folders[1]
params = pas_general_secrets
prefix = guid()
pas_power_user = users_and_roles.get_user(
'Privileged Access Service Power User')
user_name = pas_power_user.get_login_name()
user_id = pas_power_user.get_id()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
logger.info(
f'User with PAS Power User Rights login successfully :user_Name: {user_name}'
f' & Password: {pas_power_user.get_password()} ')
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id_list[0], 'View,Grant')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give member permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'View,Grant,Edit', user_id, folder_id_list[0])
assert member_perm_success, f'Not Able to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Api to create secret folder for User A
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
pas_power_user_session, prefix + params['name'], params['description'])
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
assert secret_folder_success is True, f'Failed to create a folder {secret_folder_id}'
folders_list.append(secret_folder_id)
# Api to move secret into another Folder
result_move = move_secret(pas_power_user_session, secret_id_list[0],
secret_folder_id)
assert result_move[
'success'], f'Not Able to move the secret into Folder: {result_move["Result"]}'
logger.info(
f'Moving secret with edit permissions to another folder:{result_move}')
def test_ends_with_search(core_session, core_admin_ui,
cleanup_secrets_and_folders, pas_general_secrets):
"""
C3061: Ends with search
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch the browser with cloud admin
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param pas_general_secrets: Fixture to read secret data from yaml file
"""
params = pas_general_secrets
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
suffix = guid()
# Creating folder
folder_success, folder_parameters, folder_id = create_folder(
core_session, params['name'] + suffix, params['description'])
assert folder_success, f'Failed to create folder, API response result: {folder_id}'
logger.info(
f'Folder created successfully: {folder_id} & details are {folder_parameters}'
)
folder_list.append(folder_id)
folder_name = folder_parameters['Name']
# Creating secret
added_secret_success, details, added_secret_id = create_text_secret(
core_session, params['secret_name'] + suffix, params['secret_text'])
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {details, added_secret_id}')
secrets_list.append(added_secret_id)
ui = core_admin_ui
ui.navigate('Resources', 'Secrets')
# Searching for secrets & folder
ui.search(suffix)
ui.expect(GridRow(folder_name),
f' Expect to find folder {folder_name} but could not')
ui.expect(
GridRowByGuid(added_secret_id),
f' Expect to find secret with id as {added_secret_id} but could not')
logger.info(
f'Both folder {folder_name} & secret {added_secret_id} are successfully visible'
)
# Getting permissions of folder
permissions = SetsManager.get_collection_rights(core_session, folder_id)
assert permissions["Result"], \
f'Failed to get permissions for folder, API response result:{permissions["Result"]}'
logger.info(f'Permissions of the folder created: {permissions}')
# Getting permissions of secret
permissions_secret = get_users_effective_secret_permissions(
core_session, added_secret_id)
assert permissions_secret,\
f'Failed to get permissions for secret, API response result: {permissions_secret}'
logger.info(f' Permissions for Secret: {permissions_secret}')
def test_view_on_folders_but_not_members(core_session,
create_secret_inside_folder,
pas_general_secrets, users_and_roles,
cleanup_secrets_and_folders):
"""
C3054: test method to View on folders, but not members
1) create multiple secrets & folders inside parent folder
2) Login as Admin, set folder permissions "View" for parent folder
3) Login as pas user
4) Verify can view folder but not secrets
:param core_session: Authenticated Centrify session
:param create_secret_inside_folder: Fixture to create secret inside folder
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param users_and_roles: Fixture to create random user with PAS User Rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
folder_id_list, folder_name, secret_id = create_secret_inside_folder
folders_list = cleanup_secrets_and_folders[1]
params = pas_general_secrets
# creating nested folder
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
params['name'],
params['description'],
parent=folder_id_list[0])
assert child_folder_success, f'Failed to create nested folder, API response result: {child_folder_id}'
logger.info(
f'Nested Folder created successfully, details are: {child_folder_parameters}'
)
folders_list.insert(0, child_folder_id)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id_list[1], 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting the secret for pas user should fail
found_secret = get_secret(pas_power_user_session, secret_id[0])
verify_msg = 'You are not authorized to perform this operation.'
assert found_secret['success'] is False and verify_msg in found_secret["Message"], \
f'Able to find the secret without view permissions, API response result:{found_secret["Message"]}'
logger.info(
f'Not able to find th secret with pas user: {found_secret["Message"]}')
def test_add_folder_permission_on_destination_folder_to_move_into_it(
core_session, users_and_roles, create_secret_folder,
pas_general_secrets, cleanup_secrets_and_folders):
"""
C3033:test method to Login as Cloud admin
1) Disable "ADD" permissions for user A
2) Login As User A
3) Move an existing folder to a destination folder(without ADD permissions) should Fail
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_folder: Fixture to create secret Folder & yield folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folders_list = cleanup_secrets_and_folders[1]
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folder_prefix = guid()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to set permissions with folder
permissions = give_user_permissions_to_folder(core_session, user_name,
user_id, folder_id,
'View,Edit')
assert permissions[
'success'], f'Not able to set permissions to folder:{permissions["Result"]}'
logger.info(f'Permissions to folder: {permissions}')
# Creating new folder with pas_power_user_session
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
pas_power_user_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder{secret_folder_parameters["Message"]} '
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
folders_list.append(secret_folder_id)
# Api to move Folder(without ADD permissions) into Folder
result_move = move_folder(pas_power_user_session, secret_folder_id,
folder_id)
assert result_move[
'success'] is False, f'Able to move the secret into Folder: {result_move["Result"]}'
logger.info(
f'Moving Folder without ADD permissions:{result_move["Message"]}')
def test_cant_add_folder_if_you_dont_have_add_permission_on_parent_folder(
core_session, create_secret_folder, pas_general_secrets,
users_and_roles):
"""
test method to not able to add a child Folder inside a Parent Folder
when ADD permissions are not enabled for the Parent Folder
:param core_session: Authenticated Centrify Session
:param create_secret_folder: Fixture to create a folder & yields folder related details
:param pas_general_secrets: Fixture to read secret data from yaml file
:param users_and_roles: Fixture to create a random user with PAS Power Rights
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id, 'View')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give member permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'View,Grant', user_id, folder_id)
assert member_perm_success, f'Not Able to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
folder_prefix = guid()
# Creating ChildFolder for PAS Power User
folder_success, folder_parameters, child_folder_id = create_folder(
pas_power_user_session,
folder_prefix + folder_params['name'],
folder_params['description'],
parent=folder_id)
assert folder_success is False, \
f'Added subfolder without ADD permissions for the folder:{child_folder_id}'
logger.info(
f'Add Folder without ADD permissions: {folder_success}{folder_parameters}'
)
def test_ok_to_move_secret_to_root_level(core_session, create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
test method to move child secret into root folder
should work
:param core_session: Authenticated Centrify Session.
:param create_secret_folder: Fixture to create secret folder & yields folder_id
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to clean up secrets & folders
"""
secrets_list = cleanup_secrets_and_folders[0]
folders_list = cleanup_secrets_and_folders[1]
secret_folder_details = create_secret_folder
root_folder_id = secret_folder_details['ID']
prefix = guid()
params = pas_general_secrets
# Creating nested folder inside root folder
nested_folder_success, nested_folder_parameters, nested_folder_id = create_folder(
core_session,
prefix + params['name'],
params['description'],
parent=root_folder_id)
assert nested_folder_success, f'Failed to create a folder:{nested_folder_id} '
logger.info(
f' Folder created successfully: {nested_folder_success} & details are:{nested_folder_parameters}'
)
folders_list.insert(0, nested_folder_id)
# Creating a secret inside nested folder
added_secret_success, added_secret_result = create_text_secret_within_folder(
core_session, params['secret_name'], params['secret_text'],
params['secret_description'], nested_folder_id)
assert added_secret_success, f"Unable to create secret{added_secret_result}"
logger.info(f'Secret Created successfully: {added_secret_success}')
secrets_list.append(added_secret_result)
# Moving secret into root Folder
result_move = move_secret(core_session, added_secret_result,
root_folder_id)
assert result_move[
'success'], f'Not Able to move the secret into Root Folder: {result_move["Result"]}'
logger.info(
f'Able to move the secret into root folder :{result_move["Message"]}')
def test_add_new_sub_folder_and_set_with_same_name(core_session,
set_cleaner,
create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
test method to add a set with same name as Sub Folder
:param core_session: Authenticated Centrify Session
:param set_cleaner: Fixture to cleanup the sets created
:param create_secret_folder: Fixture to create a folder & yields folder related details
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
folder_prefix = guid()
folder_success, folder_parameters, sub_folder_id = create_folder(core_session,
folder_prefix + folder_params['name'],
folder_params['description'],
parent=folder_id)
assert folder_success, f'Failed to add sub folder:{folder_parameters["Result"]}'
logger.info(f'Folder added successfully: {folder_success}')
folders_list.insert(0, sub_folder_id)
success, set_id = SetsManager.create_manual_collection(core_session,
folder_prefix + folder_params['name'],
'DataVault')
assert success is True, f'Failed to create manual set with same name as Sub Folder {set_id}'
logger.info(f'creating manual set:{success} with setid as: {set_id}')
set_cleaner.append(set_id)
logger.info(f'Added set deleted successfully:{set_cleaner}')
# Getting permissions of the set created
permissions = SetsManager.get_collection_rights(core_session, set_id)
verify_permissions = 'View, Edit, Delete, Grant'
assert verify_permissions == permissions["Result"], \
f'Failed to verify permissions for the set:{permissions["Result"]}'
logger.info(f'Permissions of the set created: {permissions}')
def test_move_top_level_folder_into_another_folder(
core_session, create_secret_inside_folder, create_folder_inside_folder,
pas_general_secrets, cleanup_secrets_and_folders):
"""
C3035: test method to Move top level folder into another folder
1) Move top level folder into another top level folder & Verify move is successful
2) Move top level folder into a sub folder & Verify move is successful
:param core_session: Authenticated Centrify Session
:param create_secret_inside_folder: Fixture to create secret inside Folder & yields folder & secret related details
:param create_folder_inside_folder: Fixture to create nested Folder & yields folder & sub folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folder_id_list, folder_name, secret_list = create_secret_inside_folder
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
folder_params = pas_general_secrets
folder_prefix = guid()
folder_list = cleanup_secrets_and_folders[1]
# Creating folder
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder, API response result:{secret_folder_id}'
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
folder_list.insert(2, secret_folder_id)
# Moving Top Level Folder into another Sub Folder
result_move = move_folder(core_session, folder_id_list[1],
nested_folder_id)
assert result_move['success'], \
f'Not Able to move Folder into Sub Folder, API response result: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move["Message"]}')
folder_list.insert(0, folder_list.pop(1))
# Moving Top Level Folder into another Root Folder
result_move = move_folder(core_session, secret_folder_id,
folder_id_list[3])
assert result_move['success'], \
f'Not Able to move Folder into Root Folder, API response result: {result_move["Result"]}'
logger.info(f'Moving Folder into Root Folder:{result_move["Message"]}')
def test_all_pas_roles_should_be_able_to_add_folders(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles, administrative_right):
"""
test method to
1) create folder with PAS Power User should work & verify sys_adm has Grant, View, Edit, and delete
permissions for same folder
2) create folder with PAS Admin User should work & verify sys_adm has Grant, View, Edit, and delete
permissions for same folder
3)create folder with PAS User should work & verify sys_adm has Grant, View, Edit, and delete
permissions for same folder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param users_and_roles: Fixture to create a random user with PAS Power Rights
"""
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
folder_prefix = guid()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
administrative_right)
assert pas_power_user_session.auth_details, f'Failed to Login with {administrative_right}'
logger.info(f'{pas_power_user_session}')
# Creating Folder with all PAS Roles
folder_success, folder_parameters, folder_id = create_folder(
pas_power_user_session, folder_prefix + folder_params['name'],
folder_params['description'])
folders_list.append(folder_id)
assert folder_success, f'Failed to create Folder with {administrative_right}:{folder_id}'
logger.info(
f'Creating Folder with {administrative_right} : {folder_success}')
# Getting permissions of the Folder Created
permissions = get_users_effective_folder_permissions(
pas_power_user_session, folder_id)
verify_permissions = ['View', 'Edit', 'Delete', 'Grant', 'Add']
assert permissions == verify_permissions, f'Failed to verify {administrative_right} permissions:{permissions}'
logger.info(f'Permissions for the Folder created:{permissions}')
def test_create_secret_folder_with_valid_parameters(
users_and_roles, pas_general_secrets, administrative_right,
cleanup_secrets_and_folders):
"""
TC ID's :- C283804
Creates a secret inside folder,by each of the user privilege rights.
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param pas_general_secrets: Fixture to read secret data from yaml file.
:param cleanup_secrets_and_folders: Fixture to clean up secrets & folders
:param administrative_right: Assign users to different rights
"""
session = users_and_roles.get_session_for_user(administrative_right)
secrets_params = pas_general_secrets
secrets_list = cleanup_secrets_and_folders[0]
folder_list = cleanup_secrets_and_folders[1]
folder_params = pas_general_secrets
folder_name = "my_new_folder" + guid()
# Creating a folder
success, folder_details, folder_id = create_folder(
session, folder_name, folder_params['description'])
assert success, f'Failed to create folders:{folder_id}'
logger.info(f'Creating folders successfully:{folder_details} ')
folder_list.append(folder_id)
# creating a secret inside the folder.
added_text_secret_success, added_text_secret_result = create_text_secret_within_folder(
session, secrets_params['secret_name'], secrets_params['secret_text'],
secrets_params['secret_description'], folder_id)
assert added_text_secret_success, f"Unable to create secret{added_text_secret_result}"
logger.info(f'Secret Created successfully: {added_text_secret_success}')
secrets_list.append(added_text_secret_result)
# Call get folder API to verify folder is created or not.
parent_folder = get_folder(session, folder_id)
parent_folder_name = parent_folder["Result"]["Results"][0]["Row"]["Name"]
assert parent_folder_name == folder_details[
'Name'], f'Failed to verify the folder name:{parent_folder}'
logger.info(f'Folders Verified successfully. :{parent_folder_name}')
def test_add_nested_secret_while_drilled_into_folder(
core_session, create_secret_folder, pas_general_secrets,
cleanup_secrets_and_folders):
"""test method to add a secret into nested folder"""
secrets_list = cleanup_secrets_and_folders[0]
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
params = pas_general_secrets
prefix = guid()
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session,
prefix + params['name'],
params['description'],
parent=folder_id)
logger.info(
f'Nested Folder created successfully:{secret_folder_success} & details are:{secret_folder_parameters}'
)
assert secret_folder_success is True, f'Failed to create Nested folder :{secret_folder_id}'
nested_folder_id = secret_folder_id
logger.info(
f'Creating secrets in Nested Folder : {secret_folder_parameters}')
added_text_secret_success, added_text_secret_result = create_text_secret_within_folder(
core_session, prefix + params['secret_name'], params['secret_text'],
params['secret_description'], nested_folder_id)
logger.info(f'Secret Created successfully: {added_text_secret_success}')
assert added_text_secret_success, f'Unable to create secret {added_text_secret_result}'
secret_delete_result = core_session.post(EndPoints.SECRET_DELETE, {
'ID': added_text_secret_result
}).json()
logger.info(
f'Added Secret deleted successfully: {secrets_list} & success:{secret_delete_result}'
)
delete_nested_folder = core_session.post(EndPoints.SECRET_FOLDER_DELETE, {
'ID': nested_folder_id
}).json()
logger.info(
f'Added Nested Folder deleted successfully: {delete_nested_folder} {delete_nested_folder["success"]}'
)
assert delete_nested_folder[
'success'], f'Unable to delete nested folder:{delete_nested_folder["success"]}'
def test_sysadmin_by_default_has_grant_view_edit_and_delete_on_everyone_secret_or_folder(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles):
"""
C283794: Sysadmin by default has Grant, View, Edit and Delete on everyone's secret/folder
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
:param users_and_roles: Fixture to create a random user with PAS Power Rights
"""
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
folder_prefix = guid()
# Creating Folder for Non-Admin User
folder_success, folder_parameters, folder_id = create_folder(
pas_power_user_session, folder_prefix + folder_params['name'],
folder_params['description'])
folders_list.append(folder_id)
assert folder_success, f'Failed to Add Folder with Non-Admin user:{folder_id}'
logger.info(
f'Adding Folder with Non-Admin user : {folder_success}{folder_parameters}'
)
permissions = get_users_effective_folder_permissions(
pas_power_user_session, folder_id)
verify_permissions = ['View', 'Edit', 'Delete', 'Grant', 'Add']
assert permissions == verify_permissions, f'Failed to verify sys_admin permissions:{permissions}'
logger.info(f'Sys_admin Permissions for the Folder added:{permissions}')
def test_view_permission_on_folder_then_removed(core_session,
create_folder_inside_folder,
users_and_roles,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
C3047: test method to create a multilevel folder
Case I 1) As an admin disable "View" folder permission for a pas user.
2) Login as pas user & verify Should not be able to view folders
Case II 1) As an admin enable "View" folder permission for a pas user.
2) Login as pas user & verify Should be able to view folders & sub folders.
:param core_session: Authenticated Centrify session
:param create_folder_inside_folder: Fixture to create folder inside folder & yields nested_folder &
parent_folder details
:param users_and_roles: Fixture to create random user with PAS User Rights
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
parent_folder_id = parent_folder_info['ID']
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['nested_folder_name'],
params['description'],
parent=nested_folder_id)
assert child_folder_success, f'Failed to create nested folder: {child_folder_id}'
logger.info(
f'Nested Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
folders_list.insert(0, child_folder_id)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Getting details of Parent Folder with PAS User (with View Disabled)
result_folder = get_folder(pas_power_user_session, parent_folder_id)
assert result_folder[
'success'] is False, f'Able to find Parent folder:{result_folder["Message"]}'
logger.info(
f'Unable to find Parent Folder with (View Disabled):{result_folder}')
# Api to give user permissions to folder(View Enabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to folder{user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to get pas user nested folder details
pas_nested_folder = get_secrets_and_folders_in_folders(
pas_power_user_session, parent_folder_id)
pas_nested_folder_id = pas_nested_folder["Result"]["Results"][0]["Row"][
"ID"]
assert pas_nested_folder_id == nested_folder_id, \
f'Failed to retrieve nested folder with PAS User:{pas_nested_folder_id}'
logger.info(
f'Able to find Nested Folder with (View Enabled):{pas_nested_folder_id}'
)
# Api to get pas user child folder details
pas_child_folder = get_secrets_and_folders_in_folders(
pas_power_user_session, nested_folder_id)
pas_child_folder_id = pas_child_folder["Result"]["Results"][0]["Row"]["ID"]
assert pas_child_folder_id == child_folder_id, \
f'Failed to retrieve child folder with PAS User:{pas_child_folder_id}'
logger.info(
f'Able to find child Folder with (View Enabled):{pas_child_folder_id}')
def test_a_folder_cannot_have_two_secrets_or_sub_folders_with_the_same_name(
core_session, pas_general_secrets, cleanup_secrets_and_folders):
"""
C3027:test method to
1) add secrets with same name within same folder should fail
2) add sub folder with same name in same path should fail
3) add sub folder with same name (caps) in same path should fail
:param core_session: Authenticated Centrify Session
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folder created
"""
params = pas_general_secrets
secrets_list = cleanup_secrets_and_folders[0]
folders_list = cleanup_secrets_and_folders[1]
prefix = guid()
# Creating secret inside folder
added_secret_success, details, added_secret_id = create_text_secret(
core_session, prefix + params['nested_secret_name'],
params['secret_text'])
assert added_secret_success, f"Adding Secret inside folder Failed:{added_secret_id}"
logger.info(
f'Adding Secret inside folder: {added_secret_success, details, added_secret_id}'
)
secrets_list.append(added_secret_id)
# Getting id of Parent Folder
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_secret_id)
folder_id = get_secret_details['FolderId']
folders_list.append(folder_id)
# Adding secret with same name(caps) in same path should fail
added_secret_success, details, added_secret_id = create_text_secret(
core_session, prefix + params['nested_secret_name_in_caps'],
params['secret_text'])
assert added_secret_success is False, f"Adding same Secret(with caps) successful:{added_secret_id}"
logger.info(
f'Should not add same(caps) secrets: {added_secret_success, details, added_secret_id}'
)
# Creating Sub folder
success, folder_details, nested_folder_id = create_folder(
core_session, prefix + params['sub_folder_name'],
params['description'])
assert success, f'Failed to add sub folder:{folder_details["Message"]}'
logger.info(f'Should able to create sub folder:{success}{folder_details} ')
nested_folder_name = folder_details['Name']
folders_list.append(nested_folder_id)
# Getting details of parent folder
parent_folder = get_folder(core_session, nested_folder_id)
parent_folder_id = parent_folder["Result"]["Results"][0]["Row"]["Parent"]
assert parent_folder_id, f'Failed to get parent folder id:{parent_folder_id}'
logger.info(f'Parent Folder details: {parent_folder}')
folders_list.append(parent_folder_id)
# Adding Sub folder with same name in same path should fail
success, folder_details, nested_folder_id = create_folder(
core_session, nested_folder_name, params['description'])
assert success is False, f'Same sub folder is added successfully:{folder_details["Message"]}'
logger.info(f'Should not add same sub folder:{success}')
# Adding Sub folder with same name(caps) in same path should fail
success, folder_details, nested_folder_id = create_folder(
core_session, prefix + params['sub_folder_name_in_caps'],
params['description'])
assert success is False, f'Same sub folder with caps is added successfully:{folder_details["Message"]}'
logger.info(f'Should not add same sub folder with caps:{success} ')
def test_move_secret_without_edit_member_permission_on_source_folder_should_not_be_allowed(
core_session, users_and_roles, create_secret_folder,
pas_general_secrets, cleanup_secrets_and_folders):
"""
test method to move a secret to another folder without "EDIT" member permissions & Folder permissions
on source folder for User A should not be allowed
:param core_session: Authenticated Centrify Session.
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_folder: Fixture to create secret folder & yields folder details.
:param pas_general_secrets: Fixture to read secret data from yaml file.
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
secret_folder_details = create_secret_folder
secret_list = cleanup_secrets_and_folders[0]
folders_list = cleanup_secrets_and_folders[1]
params = pas_general_secrets
prefix = guid()
folder_id = secret_folder_details['ID']
pas_power_user = users_and_roles.get_user(
'Privileged Access Service Power User')
user_name = pas_power_user.get_login_name()
user_id = pas_power_user.get_id()
# Api to create text type secret within folder
added_text_secret_success, added_text_secret_result = create_text_secret_within_folder(
core_session, prefix + params['secret_name'], params['secret_text'],
params['secret_description'], folder_id)
assert added_text_secret_success, f'Unable to create secret {added_text_secret_result}'
logger.info(f'Secret Created successfully: {added_text_secret_success}')
secret_list.append(added_text_secret_result)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
logger.info(
f'User with PAS Power User Rights login successfully :user_Name: {user_name}'
f' & Password: {pas_power_user.get_password()} ')
# Api to give user permissions to folder(without EDIT)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id, 'View,Grant')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give member permissions to folder(without EDIT)
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'View,Grant', user_id, folder_id)
assert member_perm_success, f'Not Able to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Api to create secret folder for User A
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
pas_power_user_session, prefix + params['name'], params['description'])
assert secret_folder_success, f'Failed to create a folder:{secret_folder_id}'
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_id}'
)
folders_list.append(secret_folder_id)
# Api to move secret into another Folder
result_move = move_secret(pas_power_user_session, added_text_secret_result,
secret_folder_id)
assert result_move[
'success'] is False, f'Able to move the secret into Folder: {result_move["Result"]}'
logger.info(
f'Not Able to move the secret into another folder without Edit permissions:{result_move["Message"]}'
)
def test_user_need_retrieve_secret_permission_to_delete(
core_session,
pas_general_secrets,
cleanup_secrets_and_folders,
users_and_roles):
"""
C283961: User needs Retrieve Secret permission to retrieve secret contents
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create random user with pas user rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
:param pas_general_secrets: Fixture to read secrets data from yaml file
"""
folder_params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session,
folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder{secret_folder_id} '
logger.info(f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}')
folders_list.append(secret_folder_id)
added_text_secret_success, added_text_secret_result = create_text_secret_within_folder(
core_session, folder_prefix + folder_params['secret_name'], folder_params['secret_text'],
folder_params['secret_description'], secret_folder_id)
logger.info(f'Secret Created successfully: {added_text_secret_success}')
assert added_text_secret_success, f'Unable to create secret {added_text_secret_result}'
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'{pas_power_user_session.auth_details}')
logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to folder
user_permissions = give_user_permissions_to_folder(core_session, user_name, user_id, secret_folder_id,
'View')
assert user_permissions['success'], \
f'Not Able to set user permissions to folder{user_permissions["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions}')
# Api to disable member permissions Retrieve in folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View,Delete',
user_id,
secret_folder_id)
assert member_perm_success, f'Not Able to set member permissions to Folder: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Deleting secret without Retrieve permission in folder.
retrieve_success, retrieve_result, retrieve_message = retrieve_secret(pas_power_user_session,
added_text_secret_result)
assert retrieve_success is False, f'Users {user_name} have permission to retrieve the secret: {retrieve_result}'
logger.info(f'No longer to delete as you have "Retrieve" '
f'permission which is required prior to delete:{retrieve_message}')
# Api to give member permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View,Delete,Retrieve',
user_id,
secret_folder_id)
assert member_perm_success, f'Not Able to set member permissions to Folder: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
del_success, del_result = del_secret(pas_power_user_session, added_text_secret_result)
assert del_success, f'Not Able to delete the child secret: {del_result}'
logger.info(f'Secret is Successfully deleted:{del_result}')
def test_union_of_all_its_permissions(core_session,
pas_general_secrets,
cleanup_secrets_and_folders,
users_and_roles):
"""
C3056: test method Union of all its permissions
1)create multilevel folder /alpha/beta/charlie/delta
2) Login as Admin, set folder permissions "View" for alpha,"Edit" for beta, "Delete" for charlie,"Add" for delta
3) Login as pas user
4) verify sub folder permissions will have a union of all parent folders
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}')
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
assert charlie_folder['success'], \
f'Failed to retrieve charlie folder details, API response result:{charlie_folder["Message"]}'
logger.info(f'charlie folder details:{charlie_folder}')
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
assert parent_folder['success'], \
f'Failed to retrieve parent folder details, API response result:{parent_folder["Message"]}'
logger.info(f'Parent folder details:{parent_folder}')
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session, parent_folder_id)
assert alpha_folder['success'], f'Failed to retrieve alpha folder id, API response result: {alpha_folder["Result"]}'
logger.info(f'Details of Alpha Folder Retrieved:{alpha_folder}')
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0]["Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session, alpha_folder_id)
assert folder_beta['success'], f'Failed to retrieve beta folder id, API response result: {folder_beta["Result"]}'
logger.info(f'Details of Beta Folder Retrieved:{folder_beta}')
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Adding secrets inside child folder
added_secret_success, added_secret_id = create_text_secret_within_folder(core_session,
params['mfa_secret_name'] + folder_prefix,
params['secret_text'],
params['secret_description'],
child_folder_id)
assert added_secret_success, f"Added Secret Failed, API response result {added_secret_id}"
logger.info(f'Added secrets info: {added_secret_id}')
# Api to give user permissions to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(core_session, user_name, user_id, alpha_folder_id, 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result: {user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give user permissions to folder beta
user_permissions_beta = give_user_permissions_to_folder(core_session, user_name, user_id, folder_beta_id, 'Edit')
assert user_permissions_beta['success'], \
f'Not Able to set user permissions to folder, API response result: {user_permissions_beta["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_beta}')
# Api to give member permissions(View, Edit) to folder beta
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View, Edit',
user_id,
folder_beta_id)
assert member_perm_success,\
f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Api to give member permissions(Delete, Retrieve) to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'Delete,Retrieve',
user_id,
charlie_id)
assert member_perm_success,\
f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Updating the secret name & description
result = update_secret(pas_power_user_session,
added_secret_id,
folder_prefix + params['mfa_secret_name_update'],
description=params['mfa_secret_description'])
assert result['success'], f'Not Able to update the secret, API response result: {result["Message"]} '
logger.info(f'Secret Updated Details: {result}')
# Getting details of the Secret updated
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
pas_power_user_session,
added_secret_id)
description_updated = get_secret_details['Description']
name_updated = get_secret_details['SecretName']
assert 'MFAOnSecretUpdate' in name_updated,\
f'Failed to update the name, API response result:{get_secret_success}'
assert 'mfa_description' in description_updated,\
f'Failed to update the description, API response result:{get_secret_success}'
logger.info(f'Details of the secret updated: {get_secret_details}')
# Deleting newly created secrets
del_success, del_result = del_secret(pas_power_user_session, added_secret_id)
assert del_success, f'Failed to delete the secret with pas user, API response result: {del_result}'
logger.info(f'Secret deleted successfully with pas user:{del_result}')
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders are deleted successfully: {folders_list}')
logger.info(f'Added Secrets deleted successfully: {secrets_list}')
def test_add_single_folder_then_append_multilevel_folder_to_it(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles, create_secret_folder):
"""
C3051: test method to Add single folder then append multilevel folder to it
1) create multilevel folder dogs/labradors/yellow inside a parent folder
2) Login as Admin, set folder permissions "View,Delete" for parent folder
3) Login as pas user
4) verify pas user can view all folders i.e. "animals/dogs/labradors/yellow"
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
:param create_secret_folder: Fixture to create folder & yields folder details
"""
params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
folder_parameters = create_secret_folder
parent_folder_id = folder_parameters['ID']
# creating multilevel folder dogs/labradors/yellow
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
params['folder_multiple_level'],
params['description'],
parent=parent_folder_id)
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(
f'Multilevel Folder created successfully, details are: {child_folder_parameters}'
)
# Getting details of Folder Labradors
labradors_folder = get_folder(core_session, child_folder_id)
logger.info(f'labradors folder details:{labradors_folder}')
labradors_folder_id = labradors_folder['Result']['Results'][0]['Row'][
'Parent']
# Getting id of Folder Dogs
dogs_folder = get_folder(core_session, labradors_folder_id)
logger.info(f'Dogs folder details:{dogs_folder}')
dogs_folder_id = dogs_folder['Result']['Results'][0]['Row']['Parent']
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View, Delete')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting id of Folder Dog
dog_folder = get_secrets_and_folders_in_folders(pas_power_user_session,
parent_folder_id)
logger.info(f'Details of Dog Folder Retrieved with pas user:{dog_folder}')
dog_id = dog_folder["Result"]["Results"][0]["Entities"][0]["Key"]
assert dog_id == dogs_folder_id, f' Failed to view dog folder with pas user, API response result:' \
f'{dog_folder["success"]} & {dog_folder["Result"]}'
# Getting id of parent folder
labradors_folder = get_secrets_and_folders_in_folders(
pas_power_user_session, dog_id)
logger.info(
f'Details of labradors Folder Retrieved with pas user:{labradors_folder}'
)
labradors_id = labradors_folder["Result"]["Results"][0]["Entities"][0][
"Key"]
assert labradors_id == labradors_folder_id, f' Failed to view labradors folder with pas user, API response result:' \
f'{labradors_folder["success"]} & {labradors_folder["Result"]}'
# Getting id of parent folder
yellow_folder = get_secrets_and_folders_in_folders(pas_power_user_session,
labradors_id)
logger.info(
f'Details of yellow Folder Retrieved with pas user:{yellow_folder}')
yellow_id = yellow_folder["Result"]["Results"][0]["Entities"][0]["Key"]
assert \
yellow_id == child_folder_id, f' Failed to view yellow folder with pas user, API response result:' \
f'{yellow_folder["success"]} & {yellow_folder["Result"]}'
# cleanup of folders accordingly
folders_list.insert(0, child_folder_id)
folders_list.insert(1, labradors_folder_id)
folders_list.insert(2, dogs_folder_id)
def test_delete_mfa_policy_on_secret(core_session, pas_general_secrets,
clean_up_policy, users_and_roles):
"""
C283962: MFA policy on Secret, verify challenged
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets data from yaml file
:param clean_up_policy: Fixture to cleanup the policy created
:param users_and_roles: Fixture to create new user with restricted rights
"""
secrets_params = pas_general_secrets
suffix = guid()
# Create a folder A
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, secrets_params['mfa_folder_name'] + suffix,
secrets_params['description'])
assert secret_folder_success, f'Failed to create a folder {secret_folder_id}'
logger.info(f' Folder created successfully: {secret_folder_success} ')
secret_folder_parameters['ID'] = secret_folder_id
# Create a secret under A folder
added_secret_success, added_secret_id = create_text_secret_within_folder(
core_session, secrets_params['mfa_secret_name'] + suffix,
secrets_params['secret_text'], secrets_params['secret_description'],
secret_folder_id)
assert added_secret_success, f"Added Secret Failed {added_secret_id}"
logger.info(f'Added secrets info {added_secret_success, added_secret_id}')
# Getting details of the secret
found_secret = get_secret(core_session, added_secret_id)
assert found_secret['success'], \
f'Failed to get the details of the secret , API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Secret
result = update_secret(
core_session,
added_secret_id,
secret_name,
description=secrets_params['mfa_secret_description'],
policy_id=policy_result)
assert result[
'success'], f' Failed to apply MFA on the secret, API response result:{result["Message"]} '
logger.info(f'MFA Applied on the secret: {result}')
# Getting new session for User
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, secret_folder_id,
'Grant,View,Delete')
assert user_permissions_result, f'Failed to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to set DELETE permissions to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(
core_session, user_name, 'Grant,View,Delete,Retrieve', user_id,
secret_folder_id)
assert member_perm_success, f'Failed to set member permissions to Folder{member_perm_result["Result"]}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Delete secret with Mfa Authentication
del_success, del_result = del_secret(pas_power_user_session,
added_secret_id)
# StartChallenge MFA Authentication
session, mechanism = pas_power_user_session.start_mfa_authentication(
user_name, del_result['ChallengeId'])
# AdvanceAuthentication MFA to Password
result = pas_power_user_session.advance_authentication(
answer=pas_power_user_session.user.user_input.password,
session_id=session,
mechanism_id=mechanism)
assert result, "Password Authentication Failed"
logger.info(f'Advance authentication: {result}')
# After Authentication of MFA delete the secret under folder
del_secret_success, del_secret_result = del_secret_mfa(
pas_power_user_session,
added_secret_id,
ChallengeStateId=del_result['ChallengeId'])
assert del_secret_success, f'User: {user_name} failed to delete secret from this folder: {secret_folder_id}'
logger.info(
f'User: {user_name} deleted secret: '
f'{added_secret_id} successfully from this folder: {secret_folder_id}')
# Delete folder
del_folder_res = del_folder(core_session, secret_folder_id)
assert del_folder_res, f'User: {user_name} failed to delete folder: {secret_folder_id}'
logger.info(
f'User: {user_name} successfully deleted folder: {secret_folder_id}')
def test_updates_by_admin_are_reflected_on_sub_folders(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles):
"""
C3049: test method to Updates and changes by admin are reflected on sub folders through inheritance
1) create multilevel folder /alpha/beta/charlie/delta
2)Login as Admin, add & update different folder permissions for alpha
3) Login as pas user
4) verify permissions are saved and propagated to the child folders.
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session, folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(
f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session,
parent_folder_id)
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0][
"Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session,
alpha_folder_id)
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to assign all the permissions(View, Edit, Delete, Grant, Add) to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id,
'View, Edit, Delete, Grant, Add')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting permissions of the folder delta(should inherit from parent)
permissions_delta = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Edit, Delete, Grant, Add'
assert verify_permissions_all == permissions_delta["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_delta["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_delta}')
# Api to assign selected permissions(View, Edit, Delete) to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id,
'View, Edit, Delete')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting permissions of the folder delta(should inherit from parent)
permissions_delta = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_selected = 'View, Edit, Delete'
assert verify_permissions_selected == permissions_delta["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_delta["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_delta}')
# Api to give permissions(View,Add) to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id, 'View, Add')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Getting permissions of the folder delta(should inherit from parent)
permissions_delta = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_view_add = 'View, Add'
assert verify_permissions_view_add == permissions_delta["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_delta["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_delta}')
# cleanup of folders accordingly
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders deleted successfully: {folders_list}')
def test_edit_permission_on_source_to_move_folder(core_session,
users_and_roles,
create_secret_folder,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
C3034: test method to Login as Cloud Admin
1) Enable "Edit" permission on a folder for UserA Then Login as UserA
Move folder for User A & verify the move is successful
2) Disable "Edit" permission on a folder for UserA Then Login as UserA
Move folder for User A & verify the move is unavailable & unsuccessful
:param core_session: Authenticated Centrify Session
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param create_secret_folder: Fixture to create secret Folder & yield folder related details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
folders_list = cleanup_secrets_and_folders[1]
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_params = pas_general_secrets
folder_prefix = guid()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to set permissions with folder(without EDIT)
permissions = give_user_permissions_to_folder(core_session, user_name,
user_id, folder_id, 'View')
assert permissions[
'success'], f'Not able to set permissions to folder:{permissions["Result"]}'
logger.info(f'Permissions to folder: {permissions}')
# Creating new folder with pas_power_user_session
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
pas_power_user_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success, f'Failed to create a folder{secret_folder_id} '
logger.info(
f'Folder created for pas_power_user_session: {secret_folder_success}')
folders_list.append(secret_folder_id)
# Api to move Folder should Fail
result_move = move_folder(pas_power_user_session, folder_id,
secret_folder_id)
assert result_move[
'success'] is False, f'Able to move the Folder: {result_move["Result"]}'
logger.info(f'Failed to Move the Folder :{result_move["Message"]}')
# Api to set permissions with folder(with EDIT)
permissions = give_user_permissions_to_folder(core_session, user_name,
user_id, folder_id,
'View,Edit')
assert permissions[
'success'], f'Not able to set permissions to folder:{permissions["Result"]}'
logger.info(f'Permissions to folder: {permissions}')
# Api to move Folder should pass
result_move = move_folder(pas_power_user_session, folder_id,
secret_folder_id)
assert result_move[
'success'], f'Not Able to move the folder: {result_move["Result"]}'
logger.info(f'Folder Moved successfully :{result_move["Message"]}')
def test_inherited_folder_permissions_should_be_removed_if_you_move_away_from_parent(
core_session, create_folder_inside_folder, pas_general_secrets,
cleanup_secrets_and_folders, users_and_roles):
"""
C3052: Inherited folder permissions should be removed if you move away from parent
:param core_session: Authenticated Centrify Session
:param create_folder_inside_folder: Fixture to create folder inside parent folder
:param pas_general_secrets: Fixture to read secret data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User rights
"""
parent_folder_info, nested_folder_info, nested_folder_id = create_folder_inside_folder
parent_folder_id = parent_folder_info['ID']
folder_prefix = guid()
params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['name'],
params['description'],
parent=nested_folder_id)
assert child_folder_success, f'Failed to create child folder, API response result:: {child_folder_id}'
logger.info(
f'Child Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
folders_list.insert(0, child_folder_id)
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder(View,Delete,Edit)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, parent_folder_id, 'View,Delete,Edit')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Api to give user permissions to nested folder(View,Add )
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, nested_folder_id, 'View,Add')
assert user_permissions_result['success'], \
f'Not Able to set user permissions to , API response result: {user_permissions_result["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Getting permissions of child folder(should inherit from parent)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Edit, Delete, Add'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
# Moving Nested Folder into Top Level Secrets
result_move = move_folder(pas_power_user_session, nested_folder_id)
assert result_move[
'success'], f'Not Able to Move Folder B1 into B11, API response result:: {result_move["Result"]}'
logger.info(f'Moving Folder into Sub Folder:{result_move}')
# Getting permissions of child folder(should inherit from nested folder)
permissions_yellow = SetsManager.get_collection_rights(
pas_power_user_session, child_folder_id)
verify_permissions_all = 'View, Add'
assert verify_permissions_all == permissions_yellow["Result"], \
f'Failed to verify permissions for the folder, API response result:{permissions_yellow["Result"]}'
logger.info(f'Permissions of the folder created: {permissions_yellow}')
def test_user_needs_edit_permission_on_secret_move_a_secret(core_session,
users_and_roles,
added_secrets,
added_secrets_file,
pas_general_secrets,
cleanup_secrets_and_folders):
"""
test method to set permissions to secret for User A(With Edit/Without Edit) &
then to check Secret is movable to folder(Should movable/Not able to move)
:param core_session: Authenticated centrify session
:param users_and_roles: Fixture to create new user with specified roles
:param added_secrets: Fixture to add text type secret & yields secret id, secret name
:param added_secrets_file: Fixture to add file type secret & yields secret id
:param pas_general_secrets: Fixture to read secrets data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created.
"""
added_text_secret_id, added_text_secret_name = added_secrets
added_secret_id = added_secrets_file
folder_params = pas_general_secrets
prefix = guid()
folder_list = cleanup_secrets_and_folders[1]
pas_power_user = users_and_roles.get_user('Privileged Access Service Power User')
user_name = pas_power_user.get_login_name()
user_id = pas_power_user.get_id()
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service Power User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS Power User'
logger.info(f'User with PAS Power User Rights login successfully :user_Name: {user_name}'
f' & Password: {pas_power_user.get_password()} ')
# Api to create secret folder
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(pas_power_user_session,
prefix + folder_params['name'],
folder_params['description'])
folder_list.append(secret_folder_id)
# Api to set permissions to secret (without Edit)
text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session,
user_name,
'View,Grant',
user_id,
added_text_secret_id[0])
assert text_type_secret_success, f'Failed to set permissions for text type secret:{text_type_secret_result}'
logger.info(f'Setting permissions for text type secret: {text_type_secret_success}')
# Api to move secret without Edit permissions
result_move = move_secret(pas_power_user_session, added_text_secret_id[0], secret_folder_id)
assert result_move['success'] is False, f'Able to move the secret without edit permissions{result_move["Result"]}'
logger.info(f'Moving secret without edit permissions:{result_move["Message"]}')
# Api to set Edit permissions to secret
text_type_secret_result, text_type_secret_success = set_users_effective_permissions(core_session,
user_name,
'View,Grant,Edit',
user_id,
added_secret_id)
assert text_type_secret_success, f'Failed to set permissions for file type secret:{text_type_secret_result}'
logger.info(f'Setting permissions for file type secret: : {text_type_secret_success}')
# Api to move secret with Edit permissions
result_move = move_secret(pas_power_user_session, added_secret_id, secret_folder_id)
assert result_move['success'], f'Not Able to move the secret with edit permissions{result_move["Result"]}'
logger.info(f'Moving secret with edit permissions:{result_move}')
def test_member_permission_from_parent_or_higher_should_propagate(core_session,
pas_general_secrets,
cleanup_secrets_and_folders,
users_and_roles):
"""
C3053: test method Member permission from parent or higher should propagate all the way down hierarchy
1) create multilevel folder /alpha/beta/charlie/delta
2) Login as Admin, set folder permissions "View" & member permissions "View, Retrieve" for parent folder
3) Add new folder inside delta
4) Login as pas user
5) Verify you can view and retrieve secret under the "delta" folder
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session,
folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result {child_folder_id}'
logger.info(f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}')
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
assert charlie_folder['success'],\
f'Failed to retrieve charlie folder details, API response result:{charlie_folder["Message"]}'
logger.info(f'charlie folder details:{charlie_folder}')
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
assert parent_folder['success'],\
f'Failed to retrieve parent folder details, API response result:{parent_folder["Message"]}'
logger.info(f'Parent folder details:{parent_folder}')
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session, parent_folder_id)
assert alpha_folder['success'], f'Failed to retrieve alpha folder id, API response result: {alpha_folder["Result"]}'
logger.info(f'Details of Alpha Folder Retrieved:{alpha_folder}')
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0]["Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session, alpha_folder_id)
assert folder_beta['success'], f'Failed to retrieve beta folder id, API response result: {folder_beta["Result"]}'
logger.info(f'Details of Beta Folder Retrieved:{folder_beta}')
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user('Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to parent folder
user_permissions_alpha = give_user_permissions_to_folder(core_session,
user_name,
user_id,
parent_folder_id,
'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result: {user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give member permissions(View, Retrieve) to folder
member_perm_result, member_perm_success = set_member_permissions_to_folder(core_session,
user_name,
'View,Retrieve',
user_id,
parent_folder_id)
assert member_perm_success,\
f'Not Able to set "View" member permissions to Folder, API response result: {member_perm_result}'
logger.info(f'Member permissions to folder:{member_perm_result}')
# Adding secrets inside child folder
added_secret_success, added_secret_id = create_text_secret_within_folder(core_session,
params['mfa_secret_name'] + folder_prefix,
params['secret_text'],
params['secret_description'],
child_folder_id)
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {added_secret_id}')
secrets_list.append(added_secret_id)
# Getting details of the Secret Added
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
pas_power_user_session,
added_secret_id)
secret_name_pas = get_secret_details['SecretName']
assert 'MFAOnSecret' in secret_name_pas, f'Failed to view the secret, API response result: {get_secret_success}'
logger.info(f'Details of the secret Retrieved: {get_secret_details}')
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders are deleted successfully: {folders_list}')
logger.info(f'Added Secret deleted successfully: {secrets_list}')
def test_edit_folder_permission_to_update_folder(core_session,
create_secret_folder,
pas_general_secrets,
users_and_roles,
cleanup_secrets_and_folders):
"""
C3030:test method to login with cloud admin
1) Disable Edit folder permission for UserA, Login with User A and verify that "Edit" is not visible
2) Enable Edit folder permission for UserA, Login with User A and verify that "Edit" is visible
:param core_session: Authenticated Centrify session
:param create_secret_folder: Fixture to create secret inside folder & yields secret & folder details
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param users_and_roles: Fixture to create random user with PAS Power Rights
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
secret_folder_details = create_secret_folder
folder_id = secret_folder_details['ID']
folder_name = secret_folder_details['Name']
folder_prefix = guid()
folder_params = pas_general_secrets
folders_list = cleanup_secrets_and_folders[1]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Power User')
assert pas_power_user_session.auth_details is not None, 'Failed to Login with PAS Power User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS Power User Rights login successfully: user_Name: {user_name}'
)
# Api to give user permissions to folder(EDIT Disabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_id, 'View')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Checking EDIT permission is Disabled
result = update_folder(pas_power_user_session,
folder_id,
folder_name,
folder_params['mfa_folder_name_update'],
description=folder_params['mfa_folder_description'])
assert result['success'] is False, f'Edit is Enabled: {result["Message"]} '
logger.info(
f'Edit is Not Visible: {result["success"]} {result["Message"]}')
secret_folder_success, secret_folder_parameters, secret_folder_id = create_folder(
core_session, folder_params['name'] + folder_prefix,
folder_params['description'])
assert secret_folder_success is True, f'Failed to create a folder{secret_folder_id} '
logger.info(
f' Folder created successfully: {secret_folder_success} & details are {secret_folder_parameters}'
)
folders_list.append(secret_folder_id)
secret_folder_name = secret_folder_parameters['Name']
# Api to give user permissions to folder(EDIT Enabled)
user_permissions_result = give_user_permissions_to_folder(
core_session, user_name, user_id, secret_folder_id, 'View,Edit')
assert user_permissions_result, f'Not Able to set user permissions to folder{user_permissions_result}'
logger.info(f'User Permissions to folder: {user_permissions_result}')
# Checking EDIT permission is Enabled
result = update_folder(pas_power_user_session,
secret_folder_id,
secret_folder_name,
folder_prefix +
folder_params['mfa_folder_name_update'],
description=folder_params['mfa_folder_description'])
assert result['success'], f'Edit is not enabled: {result["Message"]} '
logger.info(f'Edit is Visible: {result["success"]} {result["Message"]}')
def test_sub_folders_will_have_a_union_of_all_permissions(
core_session, pas_general_secrets, cleanup_secrets_and_folders,
users_and_roles):
"""
C3048: test method Sub folders will have a union of all it’s permissions
1)create multilevel folder /alpha/beta/charlie/delta
2) Login as Admin, set folder permissions "View" for alpha,"Edit" for beta, "Delete" for charlie,"Add" for delta
3) Login as pas user
4) verify sub folder permissions will have a union of all parent folders
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets related data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
:param users_and_roles: Fixture to create random user with PAS User Rights
"""
params = pas_general_secrets
folder_prefix = guid()
folders_list = cleanup_secrets_and_folders[1]
# creating multilevel folder /alpha/beta/charlie/delta
child_folder_success, child_folder_parameters, child_folder_id = create_folder(
core_session, folder_prefix + params['multi_level_folder_name'],
params['description'])
assert child_folder_success, f'Failed to create multilevel folder, API response result: {child_folder_id}'
logger.info(
f'Multilevel Folder created successfully: {child_folder_success} & details are {child_folder_id}'
)
# Getting details of Folder Charlie
charlie_folder = get_folder(core_session, child_folder_id)
assert charlie_folder['success'], \
f'Failed to retrieve charlie folder details, API response result:{charlie_folder["Message"]}'
logger.info(f'charlie folder details:{charlie_folder}')
charlie_id = charlie_folder['Result']['Results'][0]['Row']['Parent']
child_folder_name = charlie_folder['Result']['Results'][0]['Row'][
'SecretName']
# Getting details of parent folder
parent_path = charlie_folder['Result']['Results'][0]['Row']['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
# Getting id of parent folder
parent_folder = get_folder(core_session, parent_folder_sliced)
assert parent_folder['success'], \
f'Failed to retrieve parent folder details, API response result:{parent_folder["Message"]}'
logger.info(f'Parent folder details:{parent_folder}')
parent_folder_id = parent_folder['Result']['Results'][0]['Row']['ID']
# Getting details of Folder alpha
alpha_folder = get_secrets_and_folders_in_folders(core_session,
parent_folder_id)
assert alpha_folder['success'], \
f'Failed to retrieve alpha folder id, API response result: {alpha_folder["Result"]}'
logger.info(f'Details of Alpha Folder Retrieved:{alpha_folder}')
alpha_folder_id = alpha_folder["Result"]["Results"][0]["Entities"][0][
"Key"]
# Getting details of Folder beta
folder_beta = get_secrets_and_folders_in_folders(core_session,
alpha_folder_id)
assert folder_beta['success'], \
f'Failed to retrieve beta folder id, API response result: {folder_beta["Result"]}'
logger.info(f'Details of Beta Folder Retrieved:{folder_beta}')
folder_beta_id = folder_beta["Result"]["Results"][0]["Entities"][0]["Key"]
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to folder alpha
user_permissions_alpha = give_user_permissions_to_folder(
core_session, user_name, user_id, alpha_folder_id, 'View')
assert user_permissions_alpha['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_alpha["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_alpha}')
# Api to give user permissions to folder beta
user_permissions_beta = give_user_permissions_to_folder(
core_session, user_name, user_id, folder_beta_id, 'Edit')
assert user_permissions_beta['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_beta["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_beta}')
# Api to give user permissions to folder charlie
user_permissions_charlie = give_user_permissions_to_folder(
core_session, user_name, user_id, charlie_id, 'Delete')
assert user_permissions_charlie['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_charlie["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_charlie}')
# Api to give user permissions to folder delta(child folder)
user_permissions_child = give_user_permissions_to_folder(
core_session, user_name, user_id, child_folder_id, 'Add')
assert user_permissions_child['success'], \
f'Not Able to set user permissions to folder, API response result:{user_permissions_child["Result"]}'
logger.info(f'User Permissions to folder: {user_permissions_child}')
# Updating the Folder delta
result = update_folder(pas_power_user_session,
child_folder_id,
child_folder_name,
updated_name=folder_prefix +
params['delta_folder_name_new'],
description=params['mfa_folder_description'])
assert result[
'success'], f'Failed to update the folder, API response result: {result["Message"]} '
logger.info(f'Folder updated successfully: {result}')
# Getting details of the Folder updated
result_folder = get_folder(pas_power_user_session, child_folder_id)
logger.info(f'Updated Folder details: {result_folder}')
description_updated = result_folder["Result"]["Results"][0]["Row"][
"Description"]
name_updated = result_folder["Result"]["Results"][0]["Row"]["Name"]
assert 'delta_updated_v1' in name_updated, \
f'Failed to update the name, API response result:{result_folder["Result"]["Results"][0]["Row"]["Name"]}'
assert 'mfa_description' in description_updated, \
f'Failed to update the description, ' \
f'API response result:{result_folder["Result"]["Results"][0]["Row"]["Description"]}'
# Adding new folder inside delta
new_folder_success, new_folder_parameters, new_folder_id = create_folder(
pas_power_user_session,
folder_prefix + params['name'],
params['description'],
parent=child_folder_id)
assert new_folder_success, f'Failed to create multilevel folder, API response result: {new_folder_id}'
logger.info(
f'Multilevel Folder created successfully: {new_folder_success} & details are {new_folder_id}'
)
# Delete newly created folder
del_result = del_folder(pas_power_user_session, new_folder_id)
assert del_result[
"success"], f'Failed to delete the folder(DELETE), API response result: {del_result["Result"]}'
logger.info(f'Deleting the folder successfully (DELETE):{del_result}')
folders_list.append(child_folder_id)
folders_list.append(charlie_id)
folders_list.append(folder_beta_id)
folders_list.append(alpha_folder_id)
folders_list.append(parent_folder_id)
logger.info(f'Added Folders are deleted successfully: {folders_list}')
