def test_bulk_system_unenroll_by_api_set_correct_systems_fast_track(core_session, test_four_virtual_aapm_agents):
agents, _ = test_four_virtual_aapm_agents
all_agent_ids, all_server_ids = _setup_agents(core_session, agents)
unenroll_agent_ids = all_agent_ids[:2]
unenroll_server_ids = all_server_ids[:2]
keep_agent_ids = all_agent_ids[2:]
_validate_aapm_agent_details(core_session, all_agent_ids, True)
some_set_name = "ApiSet" + guid()
SetsManager.create_manual_collection(core_session, some_set_name, "Server", None)
set_id = SetsManager.get_collection_id(core_session, some_set_name, "Server")
SetsManager.update_members_collection(core_session, 'add', list(unenroll_server_ids), 'Server', set_id)
collection_and_filters = SetsManager.get_object_collection_and_filter_by_name(core_session, some_set_name, "Server")
filters = collection_and_filters['Filters']
logger.info(f'Manual set {collection_and_filters} - members - {unenroll_server_ids}')
_, success = ResourceManager.unenroll_multiple_systems_by_query(core_session, filters, wait_time=0,
SkipIfAgentReconciliationEnabled=True,
run_sync=True)
assert success, f'Unenroll systems job failed when expected success: {unenroll_server_ids}'
SetsManager.delete_collection(core_session, set_id)
_validate_aapm_agent_details(core_session, unenroll_agent_ids, False)
_validate_aapm_agent_details(core_session, keep_agent_ids, True)
def test_bulk_system_by_api_set_correct_systems_and_accounts_fast_track(clean_bulk_delete_systems_and_accounts,
core_session, list_of_created_systems):
batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems)
batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems,
sys_type="Unix")
batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems,
sys_type="Unix")
delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2])
keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3])
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3])
some_set_name = "ApiSet" + guid()
SetsManager.create_manual_collection(core_session, some_set_name, "Server", None)
set_id = SetsManager.get_collection_id(core_session, some_set_name, "Server")
SetsManager.update_members_collection(core_session, 'add', list(delete_system_ids), 'Server', set_id)
collection_and_filters = SetsManager.get_object_collection_and_filter_by_name(core_session, some_set_name, "Server")
filters = collection_and_filters['Filters']
logger.info(f'Manual set {collection_and_filters} - members - {delete_system_ids}')
result, success = ResourceManager.del_multiple_systems_by_query(core_session, filters, savepasswords=False,
secretname="", run_sync=True)
assert success is True, f'Delete systems job failed when expected success'
SetsManager.delete_collection(core_session, set_id)
assert set(ResourceManager.get_multi_added_system_ids(core_session,
all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search"
assert set(ResourceManager.get_multi_added_account_ids(core_session,
all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search"
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_secret(
clean_bulk_delete_systems_and_accounts, core_session, simulate_failure,
list_of_created_systems):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 1, 1, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
some_set_name = "ApiSet" + guid()
success, set_id = SetsManager.create_manual_collection(
core_session, some_set_name, "VaultAccount", None)
assert success, "Did not create collection"
SetsManager.update_members_collection(core_session, 'add',
list(all_accounts), 'VaultAccount',
set_id)
params = Util.scrub_dict({
'Ids': list(all_accounts),
'SaveToSecrets': simulate_failure,
'SecretName': "Bulk Account Delete",
'SetQuery': "",
'SkipIfHasAppsOrServices': simulate_failure
})
if simulate_failure:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE,
params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
ResourceManager.wait_for_job_state_succeeded(core_session, result)
assert simulate_failure == success, f"Query success was unexpected value, with message {result}"
else:
request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE,
params)
request_json = request.json()
result, success = request_json['Result'], request_json['success']
ResourceManager.wait_for_job_state_succeeded(core_session, result)
assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
total_account = RedrockController.get_accounts(core_session)
SetsManager.delete_collection(core_session, set_id)
list_account = []
for get_account in total_account:
if get_account['ID'] == all_accounts:
list_account.append(get_account['ID'])
assert 0 == len(
list_account
), "Number of remaining added accounts was unexpected number"
def test_pe_del_assignment_on_set_delete(core_session, setup_generic_pe_command_with_no_rules, create_resources):
commandName, commandID = setup_generic_pe_command_with_no_rules
admin_user = core_session.get_user()
admin_user_name = admin_user.get_login_name()
admin_user_id = admin_user.get_id()
# Add System
added_system_id = create_resources(core_session, 1, "Unix")[0]['ID']
logger.debug(f"Successfully added a System: {added_system_id}")
# Create Set and the system to this set
set_name = "set_" + Util.random_string()
is_create, set_id = SetsManager.create_manual_collection(
core_session, set_name, "Server", object_ids=[added_system_id])
assert is_create, f"Successfully created a set and added system to that set: {set_id}"
# Give all permissions to admin user on this set
permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount,' \
'ManagePrivilegeElevationAssignment'
result = SetsManager.set_collection_resource_permissions(core_session, permission_string,
admin_user_name, admin_user_id, set_id,
"User")
logger.info(result)
assert result['success'], "setting collection permissions failed: " + result
# Add assignment
principalType = "User"
principal = admin_user_name
scopeType = "Collection"
scope = set_id
ruleID, isSuccess = PrivilegeElevation.add_pe_rule_assignment(core_session, commandID=commandID,
scopeType=scopeType, scope=scope,
principalType=principalType, principal=principal)
assert isSuccess, f" Adding rule assignment failed"
# Make sure rule assignment is available
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess and len(results['Result']) == 1, f"List assignments API call failed: {results}"
logger.info(results)
# Delete Set
isSuccess, results = SetsManager.delete_collection(core_session, set_id)
assert isSuccess, f"Deleting set failed: {results}"
# Make sure rule assignment is not available
results, isSuccess = PrivilegeElevation.list_pe_assignments(core_session, command=commandName)
assert isSuccess and len(results['Result']) == 0, f"List assignments API call failed: {results}"
logger.info(results)
def test_bulk_account_by_api_set_correct_accounts(
clean_bulk_delete_systems_and_accounts, core_session,
list_of_created_systems, core_admin_ui):
batch = ResourceManager.add_multiple_systems_with_accounts(
core_session, 2, 2, list_of_created_systems)
all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values(
[batch])
delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists(
all_accounts)
some_set_name = "ApiSet" + guid()
success, set_id = SetsManager.create_manual_collection(
core_session, some_set_name, "VaultAccount", None)
assert success, "Did not create collection"
SetsManager.update_members_collection(core_session, 'add',
list(delete_ids), 'VaultAccount',
set_id)
filters = SetsManager.get_object_collection_and_filter_by_name(
core_session, some_set_name, "VaultAccount")['Filters']
result, success = ResourceManager.del_multiple_accounts_by_query(
core_session, filters)
assert success, "del_multiple_accounts_by_query failed " + result
SetsManager.delete_collection(core_session, set_id)
assert set(
ResourceManager.get_multi_added_system_ids(
core_session, all_systems).values()) == set(
all_systems), "Wrong set of added systems found"
assert set(
ResourceManager.get_multi_added_account_ids(
core_session,
all_systems)) == set(keep_ids), "Wrong set of added accounts found"
def agent_get_set(core_session_global):
"""Creates a resource set to be used for agent enrollment
:return: set name
"""
session = core_session_global
set_name = "set_" + Util.random_string()
is_create, set_id = SetsManager.create_manual_collection(
session, set_name, "Server", None)
if is_create:
logger.debug("Resource set created: " + set_name)
yield set_name
else:
logger.error("Error in creating resource set: " + set_name)
is_create, response = SetsManager.delete_collection(session, set_id)
if is_create:
logger.debug("Resource set deleted: " + set_name)
def set_cleaner(core_session):
set_ids = []
yield set_ids
for set_id in set_ids:
success, result = SetsManager.delete_collection(core_session, set_id)
assert success is True, f'Failed to cleanup manual set. Not the end of the world but sub-optimal. {json.dumps(result)}'