def test_set_visibility_of_non_admin_set_from_ui(cds_session, set_cleaner,
core_ui):
non_admin_session, api_user = cds_session
ui = core_ui
set_name = f"test_visibility_{guid()}"
success, set_id = SetsManager.create_manual_collection(non_admin_session,
set_name,
'Server',
object_ids=None)
assert success is True, f'Failed to create manual set {set_id}'
set_cleaner.append(set_id)
ui.navigate('Resources', 'Systems')
# this will ensure that the set container is visible and updated
ui.expect(SetRow("All Systems"), "All systems set should be visible")
ui.missing(SetRow(set_name), f"{set_name} should not be visible")
assert ui.check_exists(
Button("Show All Sets")), "Show All Sets link should be visible"
assert not ui.check_exists(
Button("Show My Sets"),
time_to_wait=0), "Show My Sets button should be hidden"
ui.button("Show All Sets")
ui.expect_disappear(SetRow(set_name),
f'{set_name} did not disappear when it should have')
assert ui.check_exists(Button("Show My Sets"),
10), "Show My Sets button should be visible"
ui.button("Show My Sets")
assert ui.check_exists(Button("Show All Sets"),
10), "Show All Sets button should be visible"
ui.missing(SetRow(set_name), f"{set_name} should not be visible")
# ensure button does not erroneously appear
ui.navigate('Access', 'Users')
show_all_button = Button("Show All Sets").inside(ActiveMainContentArea())
show_my_button = Button("Show My Sets").inside(ActiveMainContentArea())
ui.missing(show_all_button,
f'Show All Sets Button should not be present on users tab')
ui.missing(show_my_button,
f'Show My Sets Button should not be present on users tab')
def test_unsaved_global_profile_mapping(core_session, core_admin_ui,
create_basic_pass_profile):
""" Test case: C1660
:param core_session: Creates core session
:param core_admin_ui: Creates random user and login in browser.
:param create_basic_pass_profile: Created a basic password complexity profile.
"""
profile = create_basic_pass_profile(core_session, 1)[0]
cps_prof_id = profile[0]['_RowKey']
profile_name_cps = profile[0]['Name']
# Getting the global password profile mapping profiles
result, success = ResourceManager.get_global_pass_profile_mapping(
core_session)
profile_name = []
for row in result:
if row['TargetTypeDisplayName'] == "Unix System":
profile_name.append(row['Name'])
# UI navigating to Security Settings and updating the 'Unix' Type global password profile.
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Security", "Security Settings")
ui.expect(GridCell(profile_name[0]),
"Unix type password profile not editable.").try_click(
Div("Security Settings"))
ui.switch_context(ActiveMainContentArea())
ui.select_option('Name', profile_name_cps)
ui.switch_context(ConfirmModal())
ui.button('Continue')
ui.expect(Span("Password Profiles"),
"Clicking Password Profiles").try_click(Div("Security Settings"))
assert ui.check_exists(Div('Unsaved Changes')), "Fail, as 'Confirmation Modal' i.e. 'Unsaved Changes dialog' " \
"didn't pop up even after clicking another tab."
logger.info(
"'Unsaved Changes dialog' popped up after clicking another tab without saving the new profile"
)
# Clicking 'Yes' button on 'Unsaved Changes' dialog box and expecting new profile to be saved.
ui.switch_context(ConfirmModal())
ui.close_modal("Yes")
# Getting all the global password profile mappings.
result, success = ResourceManager.get_global_pass_profile_mapping(
core_session)
for res in result:
if res['Name'] == profile_name_cps:
assert res[
'TargetType'] == 'Unix', f"Failed to update profile with id {cps_prof_id} Unix Type {result}"
logger.info("Updated the new profile to the 'Unix' Type")
def test_view_report_with_parameters_system_type(core_admin_ui, core_session,
create_report,
create_resources):
systems = create_resources(core_session, 2, 'Unix')
my_report = create_report(
core_session,
f"Select Name From Server Where Server.ComputerClass = @CompParam")
core_admin_ui.navigate('Reports')
core_admin_ui.action('Modify', my_report['Name'])
core_admin_ui.tab("Parameters")
core_admin_ui.launch_modal('Add', "Report Parameter")
core_admin_ui.input("Name", "CompParam")
core_admin_ui.input("Label", "Pick a computer pls")
core_admin_ui.select_option('Type', "System")
core_admin_ui.select_option('ObjectProperty', "ComputerClass")
core_admin_ui.close_modal("OK")
core_admin_ui.switch_context(ActiveMainContentArea())
core_admin_ui.launch_modal('Preview', "Pick a computer pls")
core_admin_ui.check_row(systems[0]['Name'])
core_admin_ui.close_modal("Select")
# We are changing UI to APi, Because there is number of records existed on
# tiles ui step did n't find the path in dom
query = "Select Name From Server Where Server.ComputerClass = @CompParam"
parameter = [{
"Name": "CompParam",
"Value": "Unix",
"Label": "Pick a computer pls",
"Type": "Server",
"ColumnType": 12
}]
server_results = RedrockController.redrock_query(core_session,
query,
parameters=parameter)
computer_names = []
for i in server_results:
computer_names.append(i['Row']['Name'])
assert systems[1]['Name'] in computer_names, \
f"Computer is not found in above list: {computer_names}, Expected: {systems[1]['Name']}"
logger.info(
f"Computer is found in above list: {computer_names}, Expected: {systems[1]['Name']}"
)
core_admin_ui.close_modal('Close')
# re-establish context
core_admin_ui.tab('Parameters')
core_admin_ui.right_click_action(
Selector(By.CSS_SELECTOR, f"tr[test-text='CompParam']"), "Delete")
def test_check_systems_page(core_admin_ui):
"""
Test Case ID: C2092
Check systems page
Test Case is to check systems page should not load after re-visiting.
:param core_admin_ui: Authenticates Centrify UI session.
"""
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.navigate('Resources', 'Domains')
ui.navigate('Resources', 'Systems', check_rendered_tab=False)
ui.switch_context(ActiveMainContentArea())
systems = ui._searchAndExpectMany(Getallsystem(),
"systems are not found")
no_of_systems = [value.text for value in systems]
assert len(no_of_systems) > 0, 'system page is not loading properly'
logger.info("system page is loading and user able see all system without loading.")
def test_migrate_password_with_invalid_email(core_admin_ui):
"""
Test Case ID: C2196
Test Case Description: Migrate Password with invalid email address
:param core_admin_ui: Authenticates Centrify UI session
"""
ui = core_admin_ui
ui.navigate('Settings', 'Resources', 'General', 'Password Storage', check_rendered_tab=False)
ui.switch_context(ActiveMainContentArea())
ui.launch_modal('Migrate Passwords')
invalid_text = 'aa'
ui.input('emailAddresses', invalid_text)
tooltip = ui.check_tooltip_error('This field should be an e-mail address in the format '
'"*****@*****.**"')
assert tooltip, 'Failed to find the tool tip error message'
logger.info('Tooltip present after entering invalid input in migrated password.')
assert ui.button_exists('Yes', disable=True), "'Yes' button is enabled even after entering invalid email address"
logger.info("'Yes' button is disabled after entering invalid email address")
def _request_pe_permission(ui, request_settings, server_id):
reason = f'I need to run commands on system {server_id}'
ui.switch_context(ActiveMainContentArea())
request_modal = Modal('Request Privilege Elevation Permission')
ui.action('Request Privilege Elevation', expected_selector=request_modal)
ui.switch_context(request_modal)
ui.input('Reason', reason)
ui.select_option('AssignmentType', request_settings['assignment_type'])
ui.input('StartGrantValue', request_settings['start_grant_value'])
ui.input('EndGrantValue', request_settings['end_grant_value'])
ui.select_option('StartTimeInterval',
request_settings['start_time_interval'])
ui.select_option('EndTimeInterval', request_settings['end_time_interval'])
ui.input('Ticket', request_settings['ticket'])
ui.button(
'Submit',
expectations={
'click_element_should_dissapear': True,
'seconds_to_wait': 60 #because Azure
})
def test_enable_workflow_without_approve(core_session, pas_windows_setup,
core_admin_ui):
"""
TC:C2192 Enable workflow without approver.
:param core_session: Returns a API session.
:param pas_windows_setup: Returns a fixture.
:param core_admin_ui: Return a browser session.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Launch UI.
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.click_row(GridRowByGuid(account_id))
ui.tab('Workflow')
ui.select_option('WorkflowEnabled', 'Yes')
ui.switch_context(ActiveMainContentArea())
ui.expect(TreeFolder('Permissions'),
'Expect to permission tab but failed to find it.').try_click(
Modal())
ui.switch_context(WarningModal())
warning_message = "Please correct the errors before leaving the page."
ui.check_exists(Div(warning_message))
logger.info(
'Successfully found warning modal when try to navigate to another page.'
)
ui.close_modal('Close')
ui.switch_context(RenderedTab('Workflow'))
ui.button('Save')
ui.switch_context(WarningModal())
save_warning_message = "Please correct the errors in your form before submitting."
ui.check_exists(Div(save_warning_message))
logger.info(
'Successfully found warning modal containing "Please correct the errors in your form before '
'submitting".')
def test_check_safenet(core_admin_ui):
"""
Test Case ID: C1729
:param core_admin_ui: Authenticates Centrify UI session
"""
# Navigating to the Password Storage page and checking the tooptip and help pages.
ui = core_admin_ui
ui.navigate("Settings", "Resources", "Password Storage", check_rendered_tab=False)
# Clicking the help tooltip at the begin of the page.
ui.expect(Span(text="?"),
'tooltip ? to be enabled').try_click(Span(text="Migrate Passwords"))
ui.switch_to_newest_tab()
ui.expect(PageWithTitle("Configuring password storage"),
"Expecting a new page with title 'Configuring password storage'")
logger.info("Title with the page 'Configuring password storage' loaded successfully'")
ui.switch_to_main_window()
ui.switch_context(ActiveMainContentArea())
# Clicking the Learn more link in the password storage page.
ui.expect(Anchor(button_text="Learn more"), "expecting a link named 'Learn more'").try_click(
Span(text="Migrate Passwords"))
ui.switch_to_newest_tab()
ui.expect(PageWithTitle("Configuring password storage"),
"Expecting a new page with title 'Configuring password storage'")
logger.info("Title with the page 'Configuring password storage' loaded successfully'")
ui.switch_to_main_window()
ui.navigate("Settings", "Resources", ("SafeNet KeySecure Configuration", "SafeNet KeySecure Configuration"))
# Clicking the Learn more link in the SafeNet KeySecure Configuration page.
ui.expect(Anchor(button_text="Learn more"), "expecting a link named 'Learn more'").try_click(
Div(text="SafeNet KeySecure Configuration"))
ui.switch_to_newest_tab()
ui.expect(PageWithTitle("Configuring communication with SafeNet KeySecure"),
"Expecting a new page with title 'Configuring communication with SafeNet KeySecure'")
logger.info("Title with the page 'Configuring communication with SafeNet KeySecure' loaded successfully'")
def test_check_system_icon(setup_pas_system_for_unix, core_admin_ui):
"""
Test Case ID: C2091
Test Case Description: Check system icon on system Settings page
:param setup_pas_system_for_unix: Creates Unix System and Account
:param core_admin_ui: Authenticates Centrify UI session
"""
system_id, account_id, sys_info = setup_pas_system_for_unix
system_name = sys_info[0]
account_name = sys_info[4]
ui = core_admin_ui
ui.navigate('Resources', 'Systems')
ui.search(system_name)
ui.switch_context(ActiveMainContentArea())
ui.click_row(GridRowByGuid(system_id))
ui.right_click_action(GridRowByGuid(account_id), 'Checkout')
ui.switch_context(Modal(text=account_name))
ui.button('Show Password')
assert ui.check_exists(UnixIconAlert()) is False, 'Alert Icon ! is present'
logger.info("System icon shows correctly without alert icon i.e. '!'.")
ui.close_modal('Close')
assert ui.check_exists(UnixIconAlert()) is False, 'Alert Icon ! is present'
logger.info("System icon shows correctly without alert icon i.e. '!' after closing the modal.")
def test_help_page_and_tip_message_check(core_admin_ui, add_single_system):
"""
C1546 : Help page and tip message check
:param core_admin_ui: Authenticated Centrify Browser Session
:param add_single_system: Add system and return system details.
"""
ui = core_admin_ui
added_system_id, sys_info = add_single_system
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(added_system_id))
# Navigate Policy page
ui.tab('Policy')
ui.switch_context(ActiveMainContentArea())
ui.button('Learn more')
ui.wait_for_tab_with_name("Setting system‑specific policies",
max_seconds_to_wait=10)
assert ui.check_exists(PageWithTitle("Setting system‑specific policies")), "Setting system‑specific policies, " \
"page not found. "
logger.info(
"Clicking on 'Learn More' button launched 'Setting system‑specific policies' tab successfully"
)
ui.switch_first_tab()
ui.mouse_hover_element(HoverToolTip("Allow access from a public"))
assert ui.check_exists(Div("Specifies whether remote connections")), "Could not able to find the tool tip value " \
"for Allow access from a public network "
logger.info(
"'Specifies whether remote connections' tool tip message found")
ui.mouse_hover_element(HoverToolTip("Checkout lifetime"))
assert ui.check_exists(Div("Specifies the number of minutes")), "Could not able to find the tool tip value for " \
"Checkout lifetime "
logger.info("'Specifies the number of minutes' tool tip message found")
# Navigate Advanced page
ui.tab('Advanced')
ui.switch_context(ActiveMainContentArea())
ui.button('Learn more')
ui.wait_for_tab_with_name("Setting system‑specific advanced options",
max_seconds_to_wait=10)
assert ui.check_exists(PageWithTitle("Setting system‑specific advanced options")), "Setting system‑specific " \
"advanced options, " \
"page not found "
logger.info(
"Clicking on 'Learn More' button launched 'Setting system‑specific advanced options' tab successfully"
)
ui.switch_first_tab()
ui.mouse_hover_element(HoverToolTip("Allow multiple password"))
assert ui.check_exists(Div("Specifies whether multiple users")), "Could not able to find the tool tip value for " \
"Multiple password checkouts"
logger.info("'Specifies whether multiple users' tool tip message found")
ui.mouse_hover_element(HoverToolTip("password history cleanup"))
assert ui.check_exists(Div("Specifies whether retired passwords"), 30), "Could not able to find the tool tip " \
"value for Password History Cleanup"
logger.info("'Specifies whether retired passwords' tool tip message found")
ui.mouse_hover_element(HoverToolTip("Enable password rotation"))
assert ui.check_exists(Div("Specifies whether managed password")), "Could not able to find the tool tip value " \
"for Password rotation after checkin "
logger.info("'Specifies whether managed password' tool tip message found")
ui.mouse_hover_element(HoverToolTip("Enable periodic password"))
assert ui.check_exists(Div("Specifies whether managed password")), "Could not able to find the tool tip value " \
"for Periodic password rotation "
logger.info("'Specifies whether managed password' tool tip message found")
ui.mouse_hover_element(HoverToolTip("Minimum Password Age"))
assert ui.check_exists(Div("Minimum amount of days old")), "Could not able to find the tool tip value for " \
"Minimum Password Age "
logger.info("'Minimum amount of days old' tool tip message found")
ui.navigate('Settings', 'Resources', 'Security', 'Security Settings',
False)
ui.switch_context(ActiveMainContentArea())
ui.button('Learn more')
ui.wait_for_tab_with_name("Setting global security options", 20)
assert ui.check_exists(PageWithTitle("Setting global security options"), 20), "Setting global security options, " \
"page not found. "
logger.info(
"Clicking on 'Learn More' button launched 'Setting global security options' tab successfully"
)
ui.switch_first_tab()
ui.mouse_hover_element(
HoverCkeckboxToolTip("Enable periodic password history cleanup"))
assert ui.check_exists(Div("Specifies whether retired passwords"), 20), "Could not able to find the tool tip " \
"value for Password history cleanup "
logger.info("'Specifies whether retired passwords' tool tip message found")
ui.mouse_hover_element(
HoverCkeckboxToolTip("password rotation after checkin"))
assert ui.check_exists(Div("password should be rotated after it's checked"), 20), "Could not able to find the " \
"tool tip value for Password " \
"rotation after checkin "
logger.info(
"'Password should be rotated after it's checked' tool tip message found"
)
ui.mouse_hover_element(
HoverCkeckboxToolTip("password rotation at specified interval"))
assert ui.check_exists(Div("password should be rotated periodically"), 20), "Could not able to find the tool " \
"tip value for Password rotation at " \
"specified interval "
logger.info(
"'Password should be rotated periodically' tool tip message found")
ui.mouse_hover_element(HoverToolTip("password checkout lifetime"))
assert ui.check_exists(Div("Specifies the number of minutes"), 20), "Could not able to find the tool tip value " \
"for Default account password checkout " \
"lifetime "
logger.info("'Specifies the number of minutes' tool tip message found")
ui.mouse_hover_element(HoverToolTip("Minimum Password Age"))
assert ui.check_exists(Div("Minimum amount of days old"), 20), "Could not able to find the tool tip value for " \
"Minimum Password Age "
logger.info("'Minimum amount of days old' tool tip message found")
ui.mouse_hover_element(HoverToolTip("SSH Gateway"))
assert ui.check_exists(Div("message to users at SSH session login"), 20), "Could not able to find the tool tip " \
"value for SSH Gateway Banner "
logger.info(
"'Message to users at SSH session login' tool tip message found")
ui.mouse_hover_element(
HoverCkeckboxToolTip("requests for password checkouts"))
assert ui.check_exists(Div("allows users to request permanent access"), 20), "Could not able to find the tool " \
"tip value for Requests for " \
"password checkouts "
logger.info(
"'When enabled, allows users to request permanent access passwords' tool tip message found"
)
ui.mouse_hover_element(HoverCkeckboxToolTip("requests for login"))
assert ui.check_exists(Div("allows users to request permanent login access"), 20), "Could not able to find the " \
"tool tip value for Requests " \
"for login "
logger.info(
"'allows users to request permanent login access' tool tip message found"
)
ui.mouse_hover_element(
HoverCkeckboxToolTip("Allow multiple password checkouts"))
assert ui.check_exists(Div("Specifies whether multiple users can"), 20), "Could not able to find the tool tip " \
"value for Allow multiple password " \
"checkouts "
logger.info(
"'Specifies whether multiple users can' tool tip message found")
ui.mouse_hover_element(HoverCkeckboxToolTip("Allow access from"))
assert ui.check_exists(Div("Specifies whether remote connections"), 20), "Could not able to find the tool tip " \
"value for Allow access from a public" \
" network "
logger.info(
"'Specifies whether remote connections' tool tip message found")
def test_retrieve_mfa_policy_on_parent_folder_verify_challenged(
core_session, core_admin_ui, pas_general_secrets,
create_secret_inside_folder, clean_up_policy):
"""
C2985: MFA policy on Parent folder, verify challenged
1) Set MFA on MFAonParent
2) Right click "MFAonSecret" then Retrieve.
3) Verify challenged with MFA popups,
4) Enter password & verify you can retrieve secret
:param core_session: Authenticated Centrify Session
:param core_admin_ui: Fixture to launch ui session for cloud admin
:param pas_general_secrets: Fixture to read secret data from yaml file
:param create_secret_inside_folder: Fixture to create secret "MFAOnSecret" inside folder "MFAOnParentFolder"
:param clean_up_policy: Fixture to clean up the policy created
"""
secrets_params = pas_general_secrets
suffix = guid()
folder_list, folder_name, secret_list = create_secret_inside_folder
verify_text = secrets_params['secret_text']
# Getting details of the secret replaced
found_secret = get_secret(core_session, secret_list[0])
assert found_secret['success'], \
f'Failed to get the details of the secret updated, API response result:{found_secret["Message"]}'
logger.info(f'Getting details of the secret: {found_secret}')
secret_name = found_secret['Result']['SecretName']
challenges = ["UP", ""]
# Creating new policy
policy_result = PolicyManager.create_new_auth_profile(
core_session, secrets_params['policy_name'] + suffix, challenges, 0, 0)
assert policy_result, f'Failed to create policy, API response result:{policy_result}'
logger.info(f' Creating new policy:{policy_result}')
clean_up_policy.append(policy_result)
# Applying MFA on Folder
result = update_folder(core_session,
folder_list[0],
folder_name,
folder_name,
policy_id=policy_result)
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
ui = core_admin_ui
password = ui.get_user().get_password()
login = Login(ui)
ui.navigate('Resources', 'Secrets')
ui.search(folder_name)
ui.click_row(GridRowByGuid(folder_list[0]))
ui.click_row(GridRowByGuid(secret_list[0]))
ui.action('Retrieve')
ui.switch_context(Modal(text=secret_name))
ui.button('Show Text')
ui.switch_context(NoTitleModal())
login.click_next_on_auth()
login.enter_login_password(password)
login.click_next_on_auth()
ui.switch_context(ActiveMainContentArea())
ui.expect(InputBoxValue(verify_text),
f'Expect to find {verify_text} in Retrieve but could not.')
logger.info(
f'Text Retrieved with MFA challenge(password only)i.e. MFAonParent successfully: {verify_text}'
)
# Removing MFA on Folder
result = update_folder(
core_session,
folder_list[0],
folder_name,
secrets_params['mfa_folder_name_update'] + suffix,
description=secrets_params['mfa_folder_description'])
assert result[
'success'], f'Not Able to apply MFA, API response result: {result["Message"]} '
logger.info(f'Applying MFA for folder: {result}')
def test_check_connector_page_for_system(core_session, pas_windows_setup,
users_and_roles):
"""
TC:C2171 Check UI on Connectors page for a system.
:param:core_session: Returns Authenticated Centrify session.
:param:users_and_roles:Fixture to manage roles and user.
:param pas_windows_setup: Return a fixture.
"""
# Creating a system and account.
system_id, account_id, sys_info, connector_id, user_password = pas_windows_setup(
)
# Cloud user session with "Privileged Access Service Administrator".
cloud_user_session = users_and_roles.get_session_for_user(
'Privileged Access Service Administrator')
user_name = cloud_user_session.auth_details['User']
user_id = cloud_user_session.auth_details['UserId']
# UI session with "Privileged Access Service Administrator" rights.
ui = users_and_roles.get_ui_as_user(
'Privileged Access Service Administrator')
# Assigning system "View,Delete" permission
assign_system_result, assign_system_success = ResourceManager.assign_system_permissions(
core_session, "View,Delete", user_name, user_id, 'User', system_id)
assert assign_system_success, f"Failed to assign system permissions: API response result: {assign_system_result}"
logger.info(
f'Successfully assigned "View" permission to user:{assign_system_result}.'
)
# Getting the connectors Details.
connector_details = Configs.get_environment_node('connector_data',
'automation_main')
list_connectors_id = []
connectors_details = RedrockController.get_all_proxy(core_session)
for connector_detail in connectors_details:
if connector_detail['Name'] == connector_details['connector']:
list_connectors_id.append(connector_detail['ID'])
# Choosing the connector for the system.
result, success = ResourceManager.update_system(
core_session,
system_id=system_id,
name=sys_info[0],
fqdn=sys_info[1],
computerclass=sys_info[2],
proxycollectionlist=connector_id,
chooseConnector="on",
filterConnectorCombo="all")
assert success, f'Failed to save the connector for the system: API response result: {result}.'
logger.info(
f'Successfully save the connector for the system: API response result: {result}.'
)
# UI Launch
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(system_id))
ui.tab('Connectors', check_rendered_tab=False)
ui.switch_context(ActiveMainContentArea())
ui.expect(
ReadOnlyTextField('filterConnectorCombo'),
'Expected the username field to be readonly for this filterConnectorCombo strategy but it is not.'
)
logger.info(
'Successfully found connector settings grayed and no error icon')
def test_check_help_page(add_database_with_account, core_admin_ui):
"""
Test case: C1162
:param core_session: Centrify authenticated session
:param add_database_with_account: fixture to create database with account as optional
:param core_admin_ui: Centrify admin ui session
"""
db_name, db_id, db_account_id, db_data, database_cleaner_list, account_cleaner_list = \
add_database_with_account(db_class='oracle', add_account=False)
ui = core_admin_ui
ui.navigate('Resources', 'Databases')
ui.search(db_name)
ui.click_row(GridRowByGuid(db_id))
ui.tab('Settings')
ui.switch_context(ActiveMainContentArea())
ui.expect(Anchor(button_text='Learn more'),
expectation_message="Learn more Link to click").try_click()
logger.info('Located "Learn More" span and clicked on it.')
ui.wait_for_tab_with_name('Changing database settings')
ui.switch_context(ActiveMainContentArea())
ui.expect(
Header('Changing database settings'),
'Expected to find the header with title '
'"Changing database settings"')
logger.info('Changing database settings help page pop up')
ui.switch_first_tab()
ui.tab('Accounts')
ui.switch_context(ActiveMainContentArea())
ui.expect(Anchor(button_text='Learn more'),
expectation_message="Learn more Link to click").try_click()
logger.info('Located "Learn More" span and clicked on it.')
ui.wait_for_tab_with_name('Adding database accounts')
ui.switch_context(ActiveMainContentArea())
ui.expect(
Header('Adding database accounts'),
'Expected to find the header with title '
'"Adding database accounts"')
logger.info('Adding database accounts help page pop up')
ui.switch_first_tab()
ui.tab('Activity')
ui.switch_context(ActiveMainContentArea())
ui.expect(Anchor(button_text='Learn more'),
expectation_message="Learn more Link to click").try_click()
logger.info('Located "Learn More" span and clicked on it.')
ui.wait_for_tab_with_name('Viewing activity for a database')
ui.switch_context(ActiveMainContentArea())
ui.expect(
Header('Viewing activity for a database'),
'Expected to find the header with title '
'"Viewing activity for a database"')
logger.info('Viewing activity for a database help page pop up')
ui.switch_first_tab()
ui.tab('Permissions')
ui.switch_context(ActiveMainContentArea())
ui.expect(Anchor(button_text='Learn more'),
expectation_message="Learn more Link to click").try_click()
logger.info('Located "Learn More" span and clicked on it.')
ui.wait_for_tab_with_name('Setting database-specific permissions')
ui.switch_context(ActiveMainContentArea())
ui.expect(
Header('Setting database-specific permissions'),
'Expected to find the header with title '
'"Setting database-specific permissions"')
logger.info('Setting database-specific permissions help page pop up')
def test_login_stored_account(core_session, setup_pas_system_for_unix,
set_cleaner, core_admin_ui):
"""
Test Case ID: C2087
Test Case Description: Login as stored account after proxy account enabled
:param core_session: Returns API session
:param setup_pas_system_for_unix: Creates Unix System and Account
:param set_cleaner: Delete Set
:param core_admin_ui: Authenticates Centrify UI session
"""
system_id, account_id, sys_info = setup_pas_system_for_unix
system_name = sys_info[0]
FQDN = sys_info[1]
computer_class = sys_info[2]
account_name = sys_info[4]
systems_data = Configs.get_environment_node('resources_data',
'automation_main')
expected_system_class = systems_data['Unix_infrastructure_data']
result, success = ResourceManager.update_system(
core_session,
system_id,
system_name,
FQDN,
computer_class,
proxyuser=expected_system_class['proxy_user'],
proxyuserpassword=expected_system_class['proxy_password'],
proxyuserismanaged=False,
allowremote=True)
assert success, 'Failed to update system'
logger.info(f'System successfully updated with result: {result}')
ui = core_admin_ui
name_of_set = f'Set{guid()}'
ui.navigate('Resources', 'Systems')
ui.launch_add('Add', 'Create Set')
ui.input('Name', name_of_set)
ui.tab('Members')
ui.launch_modal('Add', 'Add System')
ui.search(system_name)
ui.check_row(system_name)
ui.close_modal('Add')
ui.save()
id_of_set = SetsManager.get_collection_id(core_session, name_of_set,
'Server')
assert id_of_set, 'Set creation Failed'
logger.info(f"Set: '{name_of_set}' created successfully")
set_cleaner.append(id_of_set)
# Login into Stored Account
ui._waitUntilSettled()
ui.switch_context(ActiveMainContentArea())
ui.right_click_action(Div(system_name), 'Select/Request Account')
ui.switch_context(Modal(system_name + ' Login'))
ui.expect_disappear(LoadingMask(),
'Expected to find account but it did not', 30)
ui.search(account_name)
ui.expect(GridCell(account_name),
'Expected to find account name but it did not.').try_click()
ui.close_modal('Select')
ui.switch_to_pop_up_window()
ui.expect_disappear(LoadingMask(),
'Expected to login in account but it did not', 30)
logger.info(f'Successfully logged in Account:{account_name}.')
ui.switch_to_main_window()
def test_check_ui_for_privilege_service_power_user_right(
add_single_system, users_and_roles):
"""
C1545 : UI Check for Privilege Service Power User right
:param users_and_roles: Gets user and role on demand.
:param add_single_system: Add system and return system details.
"""
ui = users_and_roles.get_ui_as_user("Privileged Access Service Power User")
added_system_id, sys_info = add_single_system
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(GridRowByGuid(added_system_id))
# Navigate Policy page
ui.tab('Policy')
assert ui.expect(
DisabledTextBox("DefaultCheckoutTime"),
'Drop down Element "DefaultCheckoutTime" is not disabled')
logger.info("'DefaultCheckoutTime' Element in Policy page are gray out")
assert ui.expect(DisabledTextBox("AllowRemote"),
'Drop down Element "AllowRemote" is not disabled')
logger.info("'AllowRemote' Element in Policy page are gray out")
# Navigate Global Settings page
ui.navigate('Settings', 'Resources', 'Security', 'Security Settings',
False)
ui.switch_context(ActiveMainContentArea())
assert ui.expect(DisabledCheckbox("AllowRemote"),
'Check box Element "AllowRemote" is not disabled')
logger.info(
"Allow Remote check box is grey out in Global Security Setting Page")
assert ui.expect(
DisabledCheckbox("AllowMultipleCheckouts"),
'Check box Element "AllowMultipleCheckouts" '
'is not disabled')
logger.info(
"Allow Multiple Checkouts check box is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledCheckbox("AllowPermanentCheckoutWorkflow"),
'Check box Element '
'"AllowPermanentCheckoutWorkflow" '
'is not disabled')
logger.info(
"Allow Permanent Checkout Workflow check box is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledCheckbox("AllowPermanentLoginWorkflow"),
'Check box Element "AllowPermanentLoginWorkflow"'
' is not disabled')
logger.info(
"Allow Permanent Login Workflow check box is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledCheckbox("AllowPasswordHistoryCleanUp"),
'Check box Element "AllowPasswordHistoryCleanUp"'
' is not disabled')
logger.info(
"Allow Password History CleanUp check box is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledCheckbox("AllowPasswordRotation"),
'Check box Element "AllowPasswordRotation"'
' is not disabled')
logger.info(
"Allow Password Rotation check box is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledCheckbox("AllowPasswordRotationAfterCheckin"),
'Check box Element '
'"AllowPasswordRotationAfterCheckin" '
'is not disabled')
logger.info(
"Allow Password Rotation After Checkin check box is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledCheckbox("SSHGatewayCustomBannerEnabled"), 'Check box Element '
'"SSHGatewayCustomBannerEnabled" '
'is not disabled')
logger.info(
"SSH Gateway Custom Banner Enabled check box is grey out in Global Security Setting Page"
)
assert ui.expect(DisabledTextBox("DefaultCheckoutTime"),
'Text box Element "DefaultCheckoutTime" is not disabled')
logger.info(
"Default Checkout Time text box is grey out in Global Security Setting Page"
)
assert ui.expect(
ReadOnlyTextField("PasswordHistoryCleanUpDuration"),
'Text Field Element '
'"PasswordHistoryCleanUpDuration" '
'is not disabled')
logger.info(
"Password History CleanUp Duration Text Field is grey out in Global Security Setting Page"
)
assert ui.expect(
DisabledTextBox("PasswordRotateDuration"),
'Text box Element "PasswordRotateDuration" '
'is not disabled')
logger.info(
"Password Rotate Duration text box is grey out in Global Security Setting Page"
)
assert ui.expect(
ReadOnlyTextField("MinimumPasswordAge"),
'Text field Element "MinimumPasswordAge" is '
'not disabled')
logger.info(
"Minimum Password Age text field is grey out in Global Security Setting Page"
)
def test_account_settings_Policy_page(core_session, pas_setup, core_admin_ui,
update_tenant_remote):
"""C2543 Update Account Settings page
Steps:
Pre: Create system with 1 account hand
1. Try to update description for account
-Assert Failure
"""
ui = core_admin_ui
# Disable 'Allow access from a public network' policy on Global Security Setting page
result, success = update_tenant_remote(core_session, False)
assert success, f"Not able to disable 'Allow access from a public network' policy on Global Security Setting " \
f"page. API response result: {result}. "
logger.info(
f"'Allow access from a public network' policy disabled on Global Security Setting page"
)
system_id, account_id, sys_info = pas_setup
description = f'{sys_info[0]}{guid()}'
logger.info(
f"System: {sys_info[0]} successfully added with UUID: {system_id} and account: {sys_info[4]} "
f"with UUID: {account_id} associated with it.")
ui.navigate('Resources', 'Accounts')
ui.search(sys_info[0])
ui.click_row(sys_info[0])
ui.tab('Settings')
# Step1: Update the description and compare the description.
ui.input('Description', description)
ui.save()
ui.expect(TextArea('Description', description),
description,
time_to_wait=15)
logger.info(f"Update description for this account : {sys_info[4]}")
# Step2: Update the description and check weather Unsaved Changes pop is occurred without save.
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Update Password')
ui.switch_context(ConfirmModal())
ui.button('No')
ui.switch_context(Modal('Update Unmanaged Password'))
ui.button('Cancel')
# Step3: Update the description and check weather Unsaved Changes pop is occurred without save.
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Update Password')
ui.switch_context(ConfirmModal())
ui.button('Cancel')
# Step3: Update the description and check weather Unsaved Changes pop is occurred without save and \
# update unmanaged password pop will occurred.
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Update Password')
ui.switch_context(ConfirmModal())
ui.button('Yes')
ui.switch_context(Modal('Update Unmanaged Password'))
ui.button('Cancel')
# Step3: Update the description and check weather take rdp tab giving error.
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Login')
ui.wait_for_tab_with_name(f"Login session {sys_info[0]}")
expected_alert_message = "Remote access not allowed. Please enable the 'Allow access from a public network' " \
"policy if web login from a public network is required."
ui.switch_to_pop_up_window()
ui.switch_context(WarningModal())
assert ui.check_exists((Div(expected_alert_message))), \
f"pop up warning message for Remote access is not same as : {expected_alert_message}"
logger.info(f"Correct pop up warning message displayed for Remote access.")
def test_system_settings_Policy_page(add_single_system, core_admin_ui):
"""C2540 Settings on Policy page
trying to get rdp through system account with in 15 minute
Steps:
Pre: Create system
1. Try to update description for system
-Assert Failure
"""
ui = core_admin_ui
added_system_id, sys_info = add_single_system
logger.info(
f"System {sys_info[0]}, with fqdn {sys_info[1]} created successfully with Uuid {added_system_id}"
)
description = f'{sys_info[0]}{guid()}'
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.click_row(sys_info[0])
ui.tab('Settings')
# Step1: Update the description and compare the description
ui.input('Description', description)
ui.save()
ui.expect(TextArea('Description', description),
description,
time_to_wait=15)
logger.info(f"Update description for this System : {sys_info[0]}")
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Select/Request Account')
ui.switch_context(Modal(f'{sys_info[0]} Login'))
ui.close_modal('Cancel')
# Step2: Update the description and check weather Unsaved Changes pop is occurred without save
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Add To Set')
ui.switch_context(ConfirmModal())
ui.button("No")
ui.switch_context(Modal('Add To Set'))
ui.button('Cancel')
# Step3: Update the description and check weather Unsaved Changes pop is occurred without save and \
# Add to set pop will occurred
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Add To Set')
ui.switch_context(ConfirmModal())
ui.button('Yes')
# Step4: Add to set name in windows system set
ui.switch_context(Modal('Add To Set'))
member_set_name = f'test_set_{guid()}'
ui.tag_input('tagComboInput', member_set_name)
ui.remove_context()
ui.close_modal('Save')
# Step3: Update the description and check weather Unsaved Changes pop is occurred without save and \
# Add to set pop will occurred and then cancel
ui.switch_context(ActiveMainContentArea())
ui.input('Description', guid())
ui.action('Add To Set')
ui.switch_context(ConfirmModal())
ui.button('Cancel')
def step_3(self, populate_user=False, rotation=None, prompt=None, reminder=None, min_days=None, mfa_code=None):
"""
Root Account and MFA
"""
self.ui.step("Next") # go to step 3
assert prompt is None or rotation, "Cannot set prompt if rotation is not set"
assert reminder is None or rotation, "Cannot set reminder if rotation is not set"
assert min_days is None or reminder, "Cannot set min days if reminder is not set"
assert mfa_code != '', "Use None for no MFA code or _click_mfa_button to click and abort setting MFA"
assert mfa_code is None or populate_user, "Cannot click MFA without a user"
assert min_days is None or int(min_days) > 0, "invalid value for min_days"
if populate_user:
self.root_email = f'fake_email{guid()}@fun.net'
self.root_password = f'fake.Pass{guid()}word!'
self.ui.input('User', self.root_email)
self.ui.input('Password', self.root_password)
values = {True: "Yes", False: "No"}
self.enable_rotation = rotation
self.prompt_to_change = prompt
self.enable_reminder = reminder
self.minimum_days = min_days
if self.enable_rotation is not None:
self.ui.select_option('EnableUnmanagedPasswordRotation', values[self.enable_rotation])
else:
self.ui.expect(DisabledCombobox('EnableUnmanagedPasswordRotationPrompt'), "Disabled EnableUnmanagedPasswordRotationPrompt not found")
self.ui.expect(DisabledCombobox('EnableUnmanagedPasswordRotationReminder'), "Disabled EnableUnmanagedPasswordRotationReminder not found")
if self.prompt_to_change is not None:
self.ui.select_option('EnableUnmanagedPasswordRotationPrompt', values[self.prompt_to_change])
if self.enable_reminder is not None:
self.ui.select_option('EnableUnmanagedPasswordRotationReminder', values[self.enable_reminder])
else:
self.ui._waitUntilSettled()
# check failing but the control isn't visible
#self.ui.expect(DisabledTextBox('UnmanagedPasswordRotationReminderDuration'), f'UnmanagedPasswordRotationReminderDuration is not disabled.')
if self.minimum_days is not None:
self.ui.input('UnmanagedPasswordRotationReminderDuration', self.minimum_days)
if mfa_code is not None:
self.ui.card("Root Account Virtual MFA Device", "Add Provider")
self.ui.switch_context(Modal("Add Provider"))
if not mfa_code:
self.mfa_code = False
self.ui.button("Cancel")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
else:
self.mfa_code = f"OTEQ25NK6S{''.join([random.choice(string.ascii_uppercase) for _ in range(20)])}XLFSQQXQZSBGBNJXITMIXPATP5NKFTC33I"
self.ui.input('SharedSecret', self.mfa_code)
self.ui.button("Next")
self.ui.button("Confirm")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
def step_5(self, uncheck_copy=False, root_account_login_default_profile=False, password_checkout_default_profile=False,
root_account_login_conditional_profile=False, password_checkout_conditional_profile=False):
"""
Cloud And Root User Policy
"""
assert self.policies is not None or\
[root_account_login_default_profile, password_checkout_default_profile,
root_account_login_conditional_profile, password_checkout_conditional_profile] == \
[False] * 4, "Policies must be initialized if any options are set to True"
assert uncheck_copy or not password_checkout_default_profile, "password_checkout_default_profile must be False if uncheck_copy is False"
assert uncheck_copy or not password_checkout_conditional_profile, "password_checkout_conditional_profile must be False if uncheck_copy is False"
if root_account_login_default_profile:
self.login_default_rules = self.policies[0]
if root_account_login_conditional_profile:
self.login_conditional_rules = self.policies[1]
if password_checkout_default_profile:
self.checkout_default_rules = self.policies[2]
if password_checkout_conditional_profile:
self.checkout_conditional_rules = self.policies[3]
if uncheck_copy is False:
self.checkout_default_rules = self.login_default_rules
self.checkout_conditional_rules = self.login_conditional_rules
self.ui.step("Next") # go to step 5
if uncheck_copy:
self.ui.uncheck("SameAsLoginRules")
if root_account_login_default_profile:
self.ui.select_option("LoginDefaultProfile", self.login_default_rules)
if password_checkout_default_profile:
self.ui.select_option("RootAccountLoginDefaultProfile", self.checkout_default_rules)
if root_account_login_conditional_profile:
self.ui.remove_context()
self.ui.switch_context(GridField("LoginRules"))
self.ui.button("Add Rule")
self.ui.switch_context(Modal("Root Account Login Challenge Rules"))
self.ui.select_option("ProfileId", self.login_conditional_rules)
self.ui.button("Add Filter")
self.ui.select_option("Prop", "IP Address")
self.ui.select_option("Op", "inside corporate IP range")
self.ui.button("Add")
self.ui.button("OK")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
if password_checkout_conditional_profile:
self.ui.remove_context()
self.ui.switch_context(GridField("RootAccountLoginRules"))
self.ui.button("Add Rule")
self.ui.remove_context()
self.ui.switch_context(Modal("Password Checkout Challenge Rules"))
self.ui.select_option("ProfileId", self.checkout_conditional_rules)
self.ui.button("Add Filter")
self.ui.select_option("Prop", "IP Address")
self.ui.select_option("Op", "inside corporate IP range")
self.ui.button("Add")
self.ui.button("OK")
self.ui.remove_context()
self.ui.switch_context(ActiveMainContentArea())
def done(self):
self.ui.step("Done")
self.ui.switch_context(ActiveMainContentArea())
self.ui.expect(GridRow(self.name), f'Could not find grid row for cloud provider {self.name} after wizard completed')
# Make sure we always keep track of the cloud provider id we created for later cleanup
self._cloud_provider_db_row()