def test_reselect_system_type_while_add_sys(core_admin_ui):
"""
TC:C2163 Reselect system type while add system.
:param core_admin_ui: Return a browser session.
"""
# Launch UI.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.launch_modal('Add System')
system_name = f'test_system{guid()}'
ui.input('Name', system_name)
ui.select_option('SystemProfileId', 'Check Point Gaia')
fqdn = f'fqdn{guid()}'
ui.input('FQDN', fqdn)
ui.step('Next >')
ui.step('Next >')
# Validating the UI.
ui.expect(Modal('Add System'),
f'Expect to find modal title"Add System" but could not')
logger.info(f'Successfully find modal title"Add System" on UI.')
ui.expect(
FieldLabel('Add expert mode account for this system'),
f'Expect to find "Use a proxy account to manage this system." but could not'
)
logger.info(
f'Successfully find find "Use a proxy account to manage this system." on UI.'
)
assert ui.button_exists("Next >"), "Next button is not Enabled"
logger.info('Successfully find "Next button" is enabled and visible')
assert ui.button_exists("< Back"), "Back button is not Enabled"
logger.info('Successfully find "Back button" is enabled and visible')
ui.step('< Back')
ui.step('< Back')
# Changing the Computer Class to Unix.
ui.select_option('SystemProfileId', 'Unix')
ui.step('Next >')
ui.step('Next >')
# Validating the UI.
assert ui.button_exists("Finish"), "finish button is not Enabled"
logger.info('Successfully find "finish button" is enabled and visible')
assert ui.button_exists("< Back"), "Back button is not Enabled"
logger.info('Successfully find "back button" is enabled and visible')
ui.expect(Modal('Add System'),
f'Expect to find modal title"Add System" but could not')
logger.info(f'Successfully find modal title"Add System" on UI.')
ui.expect(FieldLabel('Verify System Settings'),
f'Expect to find "Verify System Settings." but could not')
logger.info(f'Successfully find "Verify System Settings". on UI.')
def test_only_support_select_statement_when_create_report_using_sql_script(
core_session, create_report, core_admin_ui):
"""
TCID: C6368 Cannot create report using other sql statement (delete/update/create...) except "select"
:param core_session: Centrify Session
:param create_report: To Create the report
:param core_admin_ui: To open the browser
"""
my_report = create_report(core_session, "Select * From Role")
core_admin_ui.navigate("Reports")
core_admin_ui.check_row(my_report['Name'])
core_admin_ui.action("Modify")
core_admin_ui.clear_codemirror()
core_admin_ui.write_to_codemirror("Delete role")
core_admin_ui.expect(Anchor(button_text="Save"),
f'Failed to get the save button').try_click()
core_admin_ui._waitUntilSettled()
core_admin_ui.expect(ErrorModal(), f'Failed to get the error modal')
core_admin_ui.switch_context(Modal())
core_admin_ui.expect(
Div("Query has failed:"),
f'Failed to get expected error "Query has failed:xxx"')
logger.info(
f'It supports ONLY the "SELECT" SQL statement, and complies to the syntax that SQLite supports.'
f' Please refer to http://www.sqlite.org/lang_select.html for the details.'
)
def test_cancel_update_password(core_session, pas_windows_setup,
core_admin_ui):
"""
TC:C2203 Cancel to update password
:param core_admin_ui: Return a browser session.
:param core_session: Return API session.
:param:pas_windows_setup: Returning a fixture.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# UI Launch.
ui = core_admin_ui
ui.navigate('Resources', 'Accounts')
ui.search(sys_info[0])
ui.right_click_action(GridRow(sys_info[0]), "Update Password")
ui.switch_context(Modal())
update_password = f'{"test1@"}{guid()}'
ui.input("Password", update_password)
ui.button('Cancel')
result = ui.check_exists(Div('An unknown error occurred'))
assert result is False, f'Error message popups appears.'
logger.info("Successfully cancel without pop error message")
def test_cannot_edit_reports_permissions_under_my_reports(core_session, create_report,
core_admin_ui, cleanup_reports):
"""
TCID: C6337 Cannot edit report's permissions under My reports
:param core_session: Centrify Authentication session
:param create_report: To create a report
:param core_admin_ui: To open the browser
:param cleanup_reports: To clean the shared report
"""
my_report = create_report(core_session, "Select Name From Server")
report_name = my_report['Name']
logger.info(f'Successfully created reports:{my_report}')
ui = core_admin_ui
ui.navigate("Reports")
ui.check_actions(["Copy", "Move", "Delete",
"Modify", "Export Report", "Email Report"], report_name)
ui.navigate("Reports")
ui.action("Modify", report_name)
ui.tab("Permissions")
expected_msg = "The current report must be moved out of the home " \
"directory before permissions can be set for other users and roles."
ui.expect(Div(expected_msg), f'Failed to get the expected message:{expected_msg}')
logger.info(f'Expectation message is:{expected_msg}')
ui.expect(DisabledButton("Add"), f'Add button is enable and can edit the permission')
ui.navigate("Reports")
ui.action("Copy", report_name)
copy_modal = f'Copy : Copy {report_name}'
ui.switch_context(Modal(copy_modal))
ui.expect(Button("Save File"), f"Expected to see a Save File button but could not")
# Down method is used select the Shared Reports folder
ui.down()
ui.close_modal("Save File")
ui.navigate("Reports")
ui.expect_disappear(LoadingMask(), f'Report page did not load properly')
ui.expect(TreeFolder("Shared Reports"), f'Expected to see the Shared Reports but could not')
shared_reports_button = ui._searchAndExpect(TreeFolder("Shared Reports"),
f'Expected find shared Folder but could not')
shared_reports_button.try_click()
logger.info(f'Successfully copy report to shared reports folder "Copy {report_name}"')
ui.action("Modify", "Copy " + report_name)
ui.tab("Permissions")
ui.expect(Button("Add"), f'Add button is disable, Report permissions can not be edited under "Shared Reports" folder')
reports = Reports(core_session, f"Copy {report_name}.report")
found_report = reports.get_report_by_name(core_session, f"Copy {report_name}.report", dir="/Reports/")
cleanup_reports.append(found_report['Path'])
def test_check_ui_system_login_dialog(core_session, core_admin_ui, pas_setup):
"""
TC : C2072 Check UI on system login dialog
param:core_admin_ui: Returns browser Session
param: core_session: Returns Api session.
param: pas_setup: Return fixture
"""
# Launch UI.
ui = core_admin_ui
created_system_id, created_account_id, system_details = pas_setup
system_name = system_details[0]
ui.navigate('Resources', 'Systems')
ui.search(system_name)
ui.right_click_action(GridCell(system_name), 'Select/Request Account')
ui.expect_disappear(LoadingMask(),
'Expected to find account but it did not', 30)
ui.switch_context(Modal(system_name + ' Login'))
logger.info("Successfully show loading before all account display")
def test_cannot_copy_report_to_invalid_report_name(core_session, create_report,
core_admin_ui,
cleanup_reports):
"""
TCID C6365: Cannot copy report to a invalid report name
:param core_session: Centrify Authentication Session
:param create_report: Fixture to create the report
:param core_admin_ui: To Open the browser
:param cleanup_reports: Fixture to clean the reports
"""
# As per the test case: Need 2 reports
my_report = []
for i in range(2):
my_report.append(create_report(core_session,
"Select Name From Server"))
report_1 = my_report[0]['Name']
report_2 = my_report[1]['Name']
logger.info(f'Successfully created reports are:{my_report}')
ui = core_admin_ui
ui.navigate("Reports")
ui.check_row(report_1)
ui.check_row(report_2)
ui.check_actions(['Delete'])
logger.info("No copy action in list (cannot copy two reports one time)")
ui.navigate("Reports")
ui.check_row(report_1)
ui.action("Copy")
modal = "Copy : Copy" + ' ' + report_1
move_modal = Modal(modal)
ui.switch_context(move_modal)
ui.input("file-name", "<>")
ui.expect(Anchor(button_text="Save File"),
"Failed to find the Save File button").try_click()
alert_text = "The report name can " \
"include alpha numeric and special characters "
ui.expect(InvalidInputAlert(alert_text),
"Did not display warning icon").mouse_hover()
ui.expect(WarningModal(), f'Did not populate the warning modal')
logger.info("Display warning icon")
for i in range(len(my_report)):
cleanup_reports.append(my_report[i]['Path'])
def _request_pe_permission(ui, request_settings, server_id):
reason = f'I need to run commands on system {server_id}'
ui.switch_context(ActiveMainContentArea())
request_modal = Modal('Request Privilege Elevation Permission')
ui.action('Request Privilege Elevation', expected_selector=request_modal)
ui.switch_context(request_modal)
ui.input('Reason', reason)
ui.select_option('AssignmentType', request_settings['assignment_type'])
ui.input('StartGrantValue', request_settings['start_grant_value'])
ui.input('EndGrantValue', request_settings['end_grant_value'])
ui.select_option('StartTimeInterval',
request_settings['start_time_interval'])
ui.select_option('EndTimeInterval', request_settings['end_time_interval'])
ui.input('Ticket', request_settings['ticket'])
ui.button(
'Submit',
expectations={
'click_element_should_dissapear': True,
'seconds_to_wait': 60 #because Azure
})
def test_cannot_export_report_with_invalid_name(core_session, create_report,
core_admin_ui):
"""
TCID: C6366 Cannot export report with invalid file name
:param core_session: Centrify Session
:param create_report: To create the report
:param core_admin_ui: To Open the browser
"""
my_report = create_report(core_session, "Select Name From Server")
report_name = my_report['Name']
ui = core_admin_ui
ui.navigate("Reports")
ui.check_row(report_name)
ui.action("Export Report")
modal = "Export Report"
ui.switch_context(Modal(modal))
ui.input("fileName", "<123#")
ui.expect(Anchor(button_text="OK"), "Button is not present").try_click()
ui.expect(WarningModal(), "No warning message for incorrect file name")
logger.info(f'Invalid file name')
def test_cannot_export_report_with_invalid_name(core_session, create_report, core_admin_ui):
"""
TCID: C6367 Cannot email report to a invalid email address
:param core_session: Centrify Session
:param create_report: To create the report
:param core_admin_ui: To open the browser
"""
my_report = create_report(core_session, "Select Name From Server")
report_name = my_report['Name']
ui = core_admin_ui
ui.navigate("Reports")
ui.check_row(report_name)
ui.action("Email Report")
modal = "Email Report"
ui.switch_context(Modal(modal))
ui.input("emailTo", "<123#")
ui.expect(Anchor(button_text="OK"), "Button is not present").try_click()
ui.expect(WarningModal(), "Failed to get any warning message (Modal)")
logger.info(f'Email is Invalid')
def test_enable_workflow_without_approve(core_session, pas_windows_setup,
core_admin_ui):
"""
TC:C2192 Enable workflow without approver.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param core_admin_ui: Return a browser session.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Launch UI.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.click_row(GridRowByGuid(account_id))
ui.tab('Workflow')
ui.select_option('WorkflowEnabled', 'Yes')
ui.switch_context(ActiveMainContentArea())
ui.expect(TreeFolder('Permissions'),
'Expect to permission tab but failed to find it.').try_click(
Modal())
ui.switch_context(WarningModal())
warning_message = "Please correct the errors before leaving the page."
ui.check_exists(Div(warning_message))
logger.info(
'Successfully found warning modal when try to navigate to another page.'
)
ui.close_modal('Close')
ui.switch_context(RenderedTab('Workflow'))
ui.button('Save')
ui.switch_context(WarningModal())
save_warning_message = "Please correct the errors in your form before submitting."
ui.check_exists(Div(save_warning_message))
logger.info(
'Successfully found warning modal containing "Please correct the errors in your form before '
'submitting".')
def test_add_unmanaged_account_using_proxy_account(core_session, cleanup_accounts, setup_pas_system_for_unix,
core_admin_ui):
"""
TC- C2500: Add unmanaged account using proxy account
:param core_session: Authenticated Centrify session.
:param setup_pas_system_for_unix: Adds and yields GUID for a unix system and account associated with it.
:param core_admin_ui: Authenticated Centrify browser session.
"""
added_system_id, account_id, sys_info = setup_pas_system_for_unix
test_data = Configs.get_environment_node('resources_data', 'automation_main')
unix_data = test_data['Unix_infrastructure_data']
user_name = f"{unix_data['account_name']}{guid()}"
ui = core_admin_ui
accounts_list = cleanup_accounts[0]
result, success = ResourceManager.update_system(core_session, added_system_id, sys_info[0], sys_info[1],
sys_info[2], proxyuser=unix_data['proxy_user'],
proxyuserpassword=unix_data['proxy_password'],
proxyuserismanaged=False)
assert success, f"Unable to add a managed proxy user for {sys_info[0]}. API response result: {result}"
logger.info(f"Proxy account {unix_data['proxy_user']} added to Unix system: {sys_info[0]}")
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(sys_info[0])
ui.launch_modal("Add", "Add Account")
ui.switch_context(Modal())
ui.input('User', user_name)
ui.input('Password', unix_data['password'])
ui.check('UseWheel')
ui.button('Add')
ui._waitUntilSettled()
ui.remove_context()
assert ui.check_exists(('XPATH', f'//div[text()="{user_name}"]')), \
f"Account {user_name} couldn't be added to system: {sys_info[0]} using proxy account: {unix_data['proxy_user']}"
logger.info(f"Account {user_name} added to system: {sys_info[0]} using proxy account: {unix_data['proxy_user']}.")
# Teardown for the added account
added_account_id = RedrockController.get_account_id_by_username(core_session, user_name)
accounts_list.append(added_account_id)
def test_cannot_create_folder_with_invalid_name(core_admin_ui):
"""
TCID: #C6364 Cannot create folder with invalid folder name
:param core_admin_ui: To open the browser
"""
ui = core_admin_ui
ui.navigate("Reports")
ui.expect_disappear(LoadingMask(), 'Reports page did not load properly')
ui.expect(TreeFolder("My Reports"), "Unable to find My Reports Tab under Reports")
ui.right_click_action(TreeFolder("My Reports"), "New folder")
# 1st Case
folder_name = "<new_folder>"
ui.switch_context(Modal("Create new folder"))
ui.input('file-name', folder_name)
ui.expect(Anchor(button_text="Save"), "Folder Name is created").try_click()
alert_text = "The report name can include alpha numeric and special characters "
ui.expect(InvalidInputAlert(alert_text), "Invalid Input alert tooltip appears")
logger.info(f'Invalid file name')
# 2nd Case
folder_name = ' '
ui.input('file-name', folder_name)
ui.expect(Anchor(button_text="Save"), "Failed to find the save button").try_click()
ui.expect(WarningModal(), "Folder is created with space")
logger.info(f'Invalid file name')
ui.switch_context(WarningModal())
ui.button("Close")
ui.remove_context()
# 3rd Case
folder_name = " name"
ui.input('file-name', folder_name)
ui.expect(Anchor(button_text="Save"), "Failed to find the save button").try_click()
ui.expect(WarningModal(), "Folder is created space with name")
logger.info(f'Invalid file name')
ui.switch_context(WarningModal())
ui.button("Close")
ui.remove_context()
ui.close_modal("Cancel")
def test_clear_password_complexity_profile_description(
core_session, core_admin_ui, create_basic_pass_profile):
""" Test case C1661
:param core_session: Centrify session
:param core_admin_ui: Creates random user and login in browser.
:param create_basic_pass_profile: Created a basic password complexity profile.
"""
# Creating a basic password profile
profile = create_basic_pass_profile(core_session, 1)[0]
cps_prof_id = profile[0]['_RowKey']
profile_name_cps = profile[0]['Name']
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Password Profiles")
ui.search(profile_name_cps)
# Modify the password profile of description
ui.right_click_action(GridCell(profile_name_cps, data_content=True),
'Modify Profile')
ui.switch_context(Modal("Password Complexity Profile"))
ui.input("Description", " ")
ui.close_modal("Save")
# Getting all the profiles and checking for the updated profile
all_profiles, success = ResourceManager.get_profiles(core_session,
type="All",
rr_format=True)
complex_password_profile = []
for row in all_profiles['Results']:
if row['Row']['Name'] == profile_name_cps:
complex_password_profile.append(row['Row']['Description'])
# checking the description of the profile saved successfully after clearing the description field.
assert complex_password_profile[0] == '', \
f"Profile with id {cps_prof_id} not saved successfully with description{success}"
logger.info(
f"Updated description of profile {profile_name_cps} successfully with {complex_password_profile[0]}"
)
def test_check_system_icon(setup_pas_system_for_unix, core_admin_ui):
"""
Test Case ID: C2091
Test Case Description: Check system icon on system Settings page
:param setup_pas_system_for_unix: Creates Unix System and Account
:param core_admin_ui: Authenticates Centrify UI session
"""
system_id, account_id, sys_info = setup_pas_system_for_unix
system_name = sys_info[0]
account_name = sys_info[4]
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(system_name)
ui.switch_context(ActiveMainContentArea())
ui.click_row(GridRowByGuid(system_id))
ui.right_click_action(GridRowByGuid(account_id), 'Checkout')
ui.switch_context(Modal(text=account_name))
ui.button('Show Password')
assert ui.check_exists(UnixIconAlert()) is False, 'Alert Icon ! is present'
logger.info("System icon shows correctly without alert icon i.e. '!'.")
ui.close_modal('Close')
assert ui.check_exists(UnixIconAlert()) is False, 'Alert Icon ! is present'
logger.info("System icon shows correctly without alert icon i.e. '!' after closing the modal.")
def test_login_stored_account(core_session, setup_pas_system_for_unix,
set_cleaner, core_admin_ui):
"""
Test Case ID: C2087
Test Case Description: Login as stored account after proxy account enabled
:param core_session: Returns API session
:param setup_pas_system_for_unix: Creates Unix System and Account
:param set_cleaner: Delete Set
:param core_admin_ui: Authenticates Centrify UI session
"""
system_id, account_id, sys_info = setup_pas_system_for_unix
system_name = sys_info[0]
FQDN = sys_info[1]
computer_class = sys_info[2]
account_name = sys_info[4]
systems_data = Configs.get_environment_node('resources_data',
'automation_main')
expected_system_class = systems_data['Unix_infrastructure_data']
result, success = ResourceManager.update_system(
core_session,
system_id,
system_name,
FQDN,
computer_class,
proxyuser=expected_system_class['proxy_user'],
proxyuserpassword=expected_system_class['proxy_password'],
proxyuserismanaged=False,
allowremote=True)
assert success, 'Failed to update system'
logger.info(f'System successfully updated with result: {result}')
ui = core_admin_ui
name_of_set = f'Set{guid()}'
ui.navigate('Resources', 'Systems')
ui.launch_add('Add', 'Create Set')
ui.input('Name', name_of_set)
ui.tab('Members')
ui.launch_modal('Add', 'Add System')
ui.search(system_name)
ui.check_row(system_name)
ui.close_modal('Add')
ui.save()
id_of_set = SetsManager.get_collection_id(core_session, name_of_set,
'Server')
assert id_of_set, 'Set creation Failed'
logger.info(f"Set: '{name_of_set}' created successfully")
set_cleaner.append(id_of_set)
# Login into Stored Account
ui._waitUntilSettled()
ui.switch_context(ActiveMainContentArea())
ui.right_click_action(Div(system_name), 'Select/Request Account')
ui.switch_context(Modal(system_name + ' Login'))
ui.expect_disappear(LoadingMask(),
'Expected to find account but it did not', 30)
ui.search(account_name)
ui.expect(GridCell(account_name),
'Expected to find account name but it did not.').try_click()
ui.close_modal('Select')
ui.switch_to_pop_up_window()
ui.expect_disappear(LoadingMask(),
'Expected to login in account but it did not', 30)
logger.info(f'Successfully logged in Account:{account_name}.')
ui.switch_to_main_window()
def test_retrieve_mfa_policy_on_parent_folder_verify_challenged(
core_session, core_admin_ui, pas_general_secrets,
create_secret_inside_folder, clean_up_policy):
"""
C2985: MFA policy on Parent folder, verify challenged
1) Set MFA on MFAonParent
2) Right click "MFAonSecret" then Retrieve.
3) Verify challenged with MFA popups,
4) Enter password & verify you can retrieve secret
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch ui session for cloud admin
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
verify_text = secrets_params['secret_text']
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
folder_name,
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
ui = core_admin_ui
password = ui.get_user().get_password()
login = Login(ui)
ui.navigate('Resources', 'Secrets')
ui.search(folder_name)
ui.click_row(GridRowByGuid(folder_list[0]))
ui.click_row(GridRowByGuid(secret_list[0]))
ui.action('Retrieve')
ui.switch_context(Modal(text=secret_name))
ui.button('Show Text')
ui.switch_context(NoTitleModal())
login.click_next_on_auth()
login.enter_login_password(password)
login.click_next_on_auth()
ui.switch_context(ActiveMainContentArea())
ui.expect(InputBoxValue(verify_text),
f'Expect to find {verify_text} in Retrieve but could not.')
logger.info(
f'Text Retrieved with MFA challenge(password only)i.e. MFAonParent successfully: {verify_text}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def step_5(self, uncheck_copy=False, root_account_login_default_profile=False, password_checkout_default_profile=False,
root_account_login_conditional_profile=False, password_checkout_conditional_profile=False):
"""
Cloud And Root User Policy
"""
assert self.policies is not None or\
[root_account_login_default_profile, password_checkout_default_profile,
root_account_login_conditional_profile, password_checkout_conditional_profile] == \
[False] * 4, "Policies must be initialized if any options are set to True"
assert uncheck_copy or not password_checkout_default_profile, "password_checkout_default_profile must be False if uncheck_copy is False"
assert uncheck_copy or not password_checkout_conditional_profile, "password_checkout_conditional_profile must be False if uncheck_copy is False"
if root_account_login_default_profile:
self.login_default_rules = self.policies[0]
if root_account_login_conditional_profile:
self.login_conditional_rules = self.policies[1]
if password_checkout_default_profile:
self.checkout_default_rules = self.policies[2]
if password_checkout_conditional_profile:
self.checkout_conditional_rules = self.policies[3]
if uncheck_copy is False:
self.checkout_default_rules = self.login_default_rules
self.checkout_conditional_rules = self.login_conditional_rules
self.ui.step("Next") # go to step 5
if uncheck_copy:
self.ui.uncheck("SameAsLoginRules")
if root_account_login_default_profile:
self.ui.select_option("LoginDefaultProfile", self.login_default_rules)
if password_checkout_default_profile:
self.ui.select_option("RootAccountLoginDefaultProfile", self.checkout_default_rules)
if root_account_login_conditional_profile:
self.ui.remove_context()
self.ui.switch_context(GridField("LoginRules"))
self.ui.button("Add Rule")
self.ui.switch_context(Modal("Root Account Login Challenge Rules"))
self.ui.select_option("ProfileId", self.login_conditional_rules)
self.ui.button("Add Filter")
self.ui.select_option("Prop", "IP Address")
self.ui.select_option("Op", "inside corporate IP range")
self.ui.button("Add")
self.ui.button("OK")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
if password_checkout_conditional_profile:
self.ui.remove_context()
self.ui.switch_context(GridField("RootAccountLoginRules"))
self.ui.button("Add Rule")
self.ui.remove_context()
self.ui.switch_context(Modal("Password Checkout Challenge Rules"))
self.ui.select_option("ProfileId", self.checkout_conditional_rules)
self.ui.button("Add Filter")
self.ui.select_option("Prop", "IP Address")
self.ui.select_option("Op", "inside corporate IP range")
self.ui.button("Add")
self.ui.button("OK")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
def step_3(self, populate_user=False, rotation=None, prompt=None, reminder=None, min_days=None, mfa_code=None):
"""
Root Account and MFA
"""
self.ui.step("Next") # go to step 3
assert prompt is None or rotation, "Cannot set prompt if rotation is not set"
assert reminder is None or rotation, "Cannot set reminder if rotation is not set"
assert min_days is None or reminder, "Cannot set min days if reminder is not set"
assert mfa_code != '', "Use None for no MFA code or _click_mfa_button to click and abort setting MFA"
assert mfa_code is None or populate_user, "Cannot click MFA without a user"
assert min_days is None or int(min_days) > 0, "invalid value for min_days"
if populate_user:
self.root_email = f'fake_email{guid()}@fun.net'
self.root_password = f'fake.Pass{guid()}word!'
self.ui.input('User', self.root_email)
self.ui.input('Password', self.root_password)
values = {True: "Yes", False: "No"}
self.enable_rotation = rotation
self.prompt_to_change = prompt
self.enable_reminder = reminder
self.minimum_days = min_days
if self.enable_rotation is not None:
self.ui.select_option('EnableUnmanagedPasswordRotation', values[self.enable_rotation])
else:
self.ui.expect(DisabledCombobox('EnableUnmanagedPasswordRotationPrompt'), "Disabled EnableUnmanagedPasswordRotationPrompt not found")
self.ui.expect(DisabledCombobox('EnableUnmanagedPasswordRotationReminder'), "Disabled EnableUnmanagedPasswordRotationReminder not found")
if self.prompt_to_change is not None:
self.ui.select_option('EnableUnmanagedPasswordRotationPrompt', values[self.prompt_to_change])
if self.enable_reminder is not None:
self.ui.select_option('EnableUnmanagedPasswordRotationReminder', values[self.enable_reminder])
else:
self.ui._waitUntilSettled()
# check failing but the control isn't visible
#self.ui.expect(DisabledTextBox('UnmanagedPasswordRotationReminderDuration'), f'UnmanagedPasswordRotationReminderDuration is not disabled.')
if self.minimum_days is not None:
self.ui.input('UnmanagedPasswordRotationReminderDuration', self.minimum_days)
if mfa_code is not None:
self.ui.card("Root Account Virtual MFA Device", "Add Provider")
self.ui.switch_context(Modal("Add Provider"))
if not mfa_code:
self.mfa_code = False
self.ui.button("Cancel")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
else:
self.mfa_code = f"OTEQ25NK6S{''.join([random.choice(string.ascii_uppercase) for _ in range(20)])}XLFSQQXQZSBGBNJXITMIXPATP5NKFTC33I"
self.ui.input('SharedSecret', self.mfa_code)
self.ui.button("Next")
self.ui.button("Confirm")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
def test_check_total_session(core_session, pas_setup, get_admin_user_function,
users_and_roles):
"""
Test case: C2117
:param core_session: Authenticated Centrify session manager
:param pas_setup: fixture to create system with accounts
:param users_and_roles: fixture to create user with roles
"""
system_id, account_id, sys_info = pas_setup
cloud_user_session, user = get_admin_user_function
cloud_user, user_id, user_password = user.get_login_name(), user.get_id(
), user.get_password()
user = {"Username": cloud_user, "Password": user_password}
result, status = ResourceManager.assign_system_permissions(
core_session,
"View",
principal=cloud_user,
principalid=user_id,
pvid=system_id)
assert status, f'failed to assign view permission to user {cloud_user} for system {sys_info[0]}'
logger.info(
f'View permission assigned to user {cloud_user} for system {sys_info[0]}'
)
result, status = ResourceManager.assign_account_permissions(
core_session,
"View,Login",
principal=cloud_user,
principalid=user_id,
pvid=account_id)
assert status, f'failed to assign view permission to user {cloud_user} for account {sys_info[4]}'
logger.info(
f'View permission assigned to user {cloud_user} for account {sys_info[4]}'
)
# update system to allow system for RDP connections
result, success = ResourceManager.update_system(core_session,
system_id,
sys_info[0],
sys_info[1],
sys_info[2],
allowremote=True)
assert success, f"failed to update system {sys_info[0]}, result is {result}"
logger.info('system updated for remote connection')
ui = users_and_roles.get_ui_as_user(user_properties=user,
user_already_exists=True)
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.right_click_action(GridRowByGuid(system_id), 'Select/Request Account')
ui.switch_context(Modal(text=f'{sys_info[0]} Login'))
account_row = ui.expect(
GridCell(sys_info[4]),
f'Expected to find account row {sys_info[4]} but did not.')
account_row.try_click()
ui.close_modal('Select')
ui.switch_to_pop_up_window()
ui.expect_disappear(LoadingMask(),
f'RDP session never exited loading state',
time_to_wait=60)
ui.switch_to_main_window()
ui.user_menu('Reload Rights')
# Api call to get details of account active session
result, success = ResourceManager.get_active_sessions(core_session)
active_session_list = []
for i in range(len(result)):
if result[i]["HostName"] == sys_info[0]:
active_session_list.append(result[i]["SessionID"])
assert active_session_list, f'Failed to find the login record with "System Name: {active_session_list}"'
logger.info(f'Active session details:{active_session_list}')