def test_add_nested_secret(core_session, pas_general_secrets,
cleanup_secrets_and_folders):
"""
C283806: Can add nested secret
:param core_session: Authenticated Centrify session
:param pas_general_secrets: Fixture to read secrets data from yaml file
:param cleanup_secrets_and_folders: Fixture to cleanup the secrets & folders created
"""
params = pas_general_secrets
folder_list = cleanup_secrets_and_folders[1]
secrets_list = cleanup_secrets_and_folders[0]
suffix = guid()
# Creating nested secrets
added_secret_success, details, added_secret_id = create_text_secret(
core_session, params['nested_secret_name_new'] + suffix,
params['secret_text'])
assert added_secret_success, f"Added Secret Failed, API response result: {added_secret_id}"
logger.info(f'Added secrets info: {details, added_secret_id}')
folders_and_secret_name = details['SecretName']
# Getting details of nested secrets
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_secret_id)
logger.info(f'Secret created details: {get_secret_details}')
secret_name = get_secret_details['SecretName']
child_folder_id = get_secret_details['FolderId']
parent_path = get_secret_details['ParentPath']
parent_folder_and_child_folder = parent_path.split('\\')
parent_name = parent_folder_and_child_folder[0]
child_folder_name = parent_folder_and_child_folder[1]
# Getting added secret status
secret_activity = UserManager.get_secret_activity(core_session,
added_secret_id)
logger.info(f'Secret Created activity:{secret_activity} ')
added_secret_status = False
for rows in secret_activity:
if 'added a secret' in rows['Detail']:
added_secret_status = True
assert added_secret_status, f'Failed to add secret: {added_secret_status}'
assert parent_name in folders_and_secret_name, f'Failed to verify parent folder name: {parent_name}'
assert child_folder_name in folders_and_secret_name, f'Failed to verify child folder name: {child_folder_name}'
assert secret_name in folders_and_secret_name, f'Failed to verify secret name: {secret_name}'
# Getting details of the parent folder & child folder
parent_id = get_folder(core_session, parent_name)
logger.info(
f'parent folder id::{parent_id["Result"]["Results"][0]["Row"]["ID"]}')
secrets_list.append(added_secret_id)
folder_list.append(child_folder_id)
folder_list.append(parent_id['Result']['Results'][0]['Row']['ID'])
logger.info(f'Added folder deleted successfully : {folder_list}')
logger.info(f'Added Secret deleted successfully : {secrets_list}')
def test_nested_secret_with_backslashes(core_session, pas_general_secrets,
cleanup_secrets_and_folders):
"""test method to add nested secret with '\\' """
secrets_list = cleanup_secrets_and_folders[0]
folder_list = cleanup_secrets_and_folders[1]
secrets_params = pas_general_secrets
secret_prefix = guid()
secret_parameters = {
'SecretName':
secret_prefix + secrets_params['nested_secret_backslashes'],
'SecretText': secrets_params['secret_text'],
'Type': 'Text',
'Description': secrets_params['secret_description'],
'FolderId': ''
}
logger.info(
f'Creating nested secrets : { secrets_params["nested_secret_backslashes"]}'
)
"""Api to create nested secret with backslashes"""
secret_result = core_session.post(EndPoints.SECRET_ADD,
secret_parameters).json()
logger.info(
f'Secret Created successfully:{secret_result}{secret_result["success"]}'
)
assert secret_result[
'success'], f'Not able to create secret with {secret_result}'
secret_id = secret_result["Result"]
"""Api to get secret activity"""
secret_activity = UserManager.get_secret_activity(core_session, secret_id)
logger.info(f'Secret Created activity:{secret_activity} ')
str1 = 'added a secret "Topsecret" of type "Text"'
assert str1 in secret_activity[0]['Detail'], "Failed to assert"
"""Api to get text type secret details"""
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, secret_id)
logger.info(f'Secret created details: {get_secret_details}')
child_folder = get_secret_details['FolderId']
parent_path = get_secret_details['ParentPath']
parent_folder_name = parent_path.split('\\')
parent_folder_sliced = parent_folder_name[0]
parent_id = get_folder(core_session, parent_folder_sliced)
logger.info(
f'parent folder id::{parent_id["Result"]["Results"][0]["Row"]["ID"]}')
secrets_list.append(secret_id)
folder_list.append(child_folder)
folder_list.append(parent_id['Result']['Results'][0]['Row']['ID'])
logger.info(f'Added folder deleted successfully : {folder_list}')
logger.info(f'Added Secret deleted successfully : {secrets_list}')
def test_multiple_updates_in_permissions_policy_name_verify_all_2(
core_session, added_secrets, pas_general_secrets, users_and_roles,
clean_up_policy):
"""
test method to verify multiple updates like (permissions, policy, name ..) for a secret
:param core_session: Authenticated Centrify Session
:param added_secrets: Fixture to create text type secret & yield secret id, secret_name
:param pas_general_secrets: Fixture to read secret data from yaml file
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param clean_up_policy: Fixture to clean up the policy created
"""
secret_prefix = guid()
added_text_secret_id, added_text_secret_name = added_secrets
secrets_params = pas_general_secrets
application_management_user = users_and_roles.get_user(
'Privileged Access Service Power User')
user_name = application_management_user.get_login_name()
user_id = application_management_user.get_id()
# API to set user permissions for text_type_secret
set_permissions_result, set_permissions_success = set_users_effective_permissions(
core_session, user_name, 'View,Grant,Edit', user_id,
added_text_secret_id[0])
assert set_permissions_success, f'setting permissions for file type secret failed: {set_permissions_result}'
logger.info(
f'setting permissions for text type secret: {set_permissions_success} {set_permissions_result}'
)
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secret_prefix + secrets_params['policy_name'],
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to assign policy to the secret
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
added_text_secret_name,
policy_id=policy_result)
assert policy_assigned[
'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Api to update settings(secret_name) of the secret
result = update_secret(
core_session, added_text_secret_id[0],
secret_prefix + secrets_params['updated_secret_name'])
assert result[
'success'], f'Not Able to update the settings {result["Result"]} '
logger.info(
f'Updating the settings for secret: {result["success"]} & {result["Exception"]}'
)
# Api to retrieve the activity of the secret
rows_result = UserManager.get_secret_activity(core_session,
added_text_secret_id[0])
assert rows_result is not None, f'Unable to fetch Secret updated details & activity fetched:{rows_result}'
logger.info(f'activity list:{rows_result}')
verify_name = 'update_secret1'
verify_permissions = 'View , Grant , Edit'
permissions_updated = False
assert verify_name in rows_result[0][
"Detail"], f'Unable to update the name:{rows_result[0]["Detail"]}'
logger.info(f'Secret Updated details: {rows_result[0]["Detail"]}')
for x in rows_result:
if verify_permissions in x['Detail']:
permissions_updated = True
assert permissions_updated, f'Unable to update the permissions: {permissions_updated}'
def test_update_retrieve_replace_activity_logged(core_session, added_secrets,
pas_general_secrets,
users_and_roles,
clean_up_policy):
"""
C3071: Update, retrieve, replace activity logged
:param core_session: Authenticated Centrify Session
:param added_secrets: Fixture to create text type secret & yield secret id, secret_name
:param pas_general_secrets: Fixture to read secret data from yaml file
:param users_and_roles: Fixture to create New user with PAS Power Rights
:param clean_up_policy: Fixture to clean up the policy created
"""
secret_suffix = guid()
added_text_secret_id, added_text_secret_name = added_secrets
secrets_params = pas_general_secrets
# API to get new session for User A
pas_power_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service User')
assert pas_power_user_session.auth_details, 'Failed to Login with PAS User'
user_name = pas_power_user_session.auth_details['User']
user_id = pas_power_user_session.auth_details['UserId']
logger.info(
f'User with PAS User Rights login successfully: user_Name:{user_name}')
# Api to give user permissions to secrets
set_permission_result, set_permission_success = set_users_effective_permissions(
core_session, user_name, 'View,Grant', user_id,
added_text_secret_id[0])
assert set_permission_success, f'Failed to set permission: {set_permission_result}'
logger.info(
f'Setting permission:{set_permission_result}{set_permission_success}')
# Retrieving details(text) of the secret
get_secret_details, get_secret_success, get_secret_created_date, get_secret_text = get_secret_contents(
core_session, added_text_secret_id[0])
assert get_secret_success, f'Failed to retrieve the secret:{get_secret_text}'
logger.info(f' Retrieved secret details: {get_secret_details} ')
# Api to create new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + secret_suffix,
["UP", None], None, "30")
assert policy_result is not None, f'Failed to create policy:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Api to update secret(assign policy & update name)
policy_assigned = update_secret(core_session,
added_text_secret_id[0],
secrets_params['updated_secret_name'] +
secret_suffix,
policy_id=policy_result)
assert policy_assigned[
'success'], f'Failed to assign policy to secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy assigned to text type secret: {policy_assigned}')
# Api to retrieve the activity of the secret
rows_result = UserManager.get_secret_activity(core_session,
added_text_secret_id[0])
assert rows_result, f'Failed to fetch Secret updated details & activity fetched:{rows_result}'
logger.info(f'Activity list:{rows_result}')
assert 'updated the secret' in rows_result[0][
"Detail"], f'Failed to update the secret:{rows_result[0]["Detail"]}'
assert 'viewed the secret' in rows_result[1][
"Detail"], f'Failed to retrieve the secret :{rows_result[1]["Detail"]}'
added_secret_status = False
added_permissions_status = False
for rows in rows_result:
if 'added a secret' in rows['Detail']:
added_secret_status = True
assert added_secret_status, f'Failed to add secret: {added_secret_status}'
for rows in rows_result:
if 'granted User' in rows['Detail']:
added_permissions_status = True
assert added_permissions_status, f'Failed to add permissions: {added_permissions_status}'
# Api to remove policy from the secret
policy_assigned = update_secret(core_session, added_text_secret_id[0],
added_text_secret_name)
assert policy_assigned[
'success'], f'Failed to remove policy from secret: {policy_assigned["Result"]["ID"]}'
logger.info(f' Policy removed from secret: {policy_assigned}')