def test_assign_view_permission_to_shared_report(core_session, create_report,
users_and_roles):
"""
TCID: C6351 Assign 'View' permission to shared report
:param core_session: Centrify Authentication session
:param create_report: To create the report
:param users_and_roles: To open an UI and assign specific right to user
"""
my_report = create_report(core_session,
"Select Name From Server",
dir="/Reports")
report_name = my_report['Name']
grant_str = "0000000000000000000000000000000000000000000000000000000010000100"
ui = users_and_roles.get_ui_as_user("Application Management")
user_details = ui.get_user()
user_name = user_details.get_login_name()
user_id = user_details.get_id()
role = UserManager.get_user_role_rights(core_session, user_id)
assign_result = ReportsManager.assign_directory_rights_to_role(
core_session, "/Reports",
[{
"Role": role['Result']['Results'][0]['Entities'][0]['Key'],
"Rights": ["Read"]
}, {
"Role": "Everybody",
"Rights": ["Read"]
}])
assert assign_result, f'Failed to give the read the permission to Shared Folder'
result, success, message = ReportsManager.update_report_permission(
core_session, user_name, user_id, grant_str, report_name, ['Read'])
assert success, f'Failed to assign View permission to Application Management user:{message}'
logger.info(
f'Successfully assign the View permission to Application Management user:{result}'
)
ui.navigate("Reports", check_rendered_tab=False)
ui.expect_disappear(LoadingMask(), "Reports page did not loaded properly")
ui.expect(RestCallComplete(), "Expected rest call to complete.")
ui.expect(TreeFolder("Shared Reports"),
"Failed to find shared Reports Tab under Reports",
time_to_wait=60)
shared_reports_button = ui._searchAndExpect(
TreeFolder("Shared Reports"),
f'Expected find Shared Reports Folder in Tree',
time_to_wait=60)
shared_reports_button.try_click()
ui.expect(
GridCell(report_name),
f'Can not see the shared report which assigned View permission to federation user'
)
ui.check_actions(["Copy", "Details", "Export Report", "Email Report"],
report_name)
ui.action("Details", report_name)
session = users_and_roles.get_session_for_user('Application Management')
query = "Select * from role"
result, success, message = ReportsManager.modify_report(
session, "/Reports", report_name, query)
assert success is False, f'Report modified:{result}'
logger.info(f'Report can not modified, API response: {message}')
def test_assign_edit_permission_to_shared_report(core_session, create_report, users_and_roles):
"""
TCID: C6352 Assign 'Edit' permission to shared report
:param core_session: Centrify Authentication session
:param create_report: To create the report
:param users_and_roles: To open an UI and assign specific right to user
"""
my_report = create_report(core_session, "Select Name From Server", dir="/Reports")
report_name = my_report['Name']
grant_str = "0000000000000000000000000000000000000000000000000000000011101100"
ui = users_and_roles.get_ui_as_user("MFA Unlock")
user = ui.get_user()
user_name = user.get_login_name()
user_id = user.get_id()
role = UserManager.get_user_role_rights(core_session, user_id)
assign_result = ReportsManager.assign_directory_rights_to_role(core_session, "/Reports",
[{"Role":
role['Result']['Results'][0]['Entities'][0][
'Key'],
"Rights": ["Read"]},
{"Role": "Everybody",
"Rights": ["Read"]
}])
assert assign_result, f'Failed to give the read the permission to Shared Folder'
result, success, message = ReportsManager.update_report_permission(core_session, user_name,
user_id, grant_str, report_name, ['ReadWrite'])
assert success, f'Failed to assign Edit permission to MFA user:{message}'
logger.info(f'Successfully assign the Edit permission to MFA user:{result}')
ui.navigate("Reports", check_rendered_tab=False)
ui.expect_disappear(LoadingMask(), "Report page did not load properly", 60)
ui.expect(RestCallComplete(), "Expected rest call to complete.")
ui.expect(TreeFolder("Shared Reports"), "Failed to find shared Reports Tab under Reports", time_to_wait=60)
shared_reports_button = ui._searchAndExpect(TreeFolder("Shared Reports"),
f'Expected find Shared Reports Folder in Tree', time_to_wait=60)
shared_reports_button.try_click()
ui.expect(GridCell(report_name),
f'Can not see the shared report which assigned Edit permission to MFA user')
ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name)
ui.action("Modify", report_name)
session = users_and_roles.get_session_for_user('MFA Unlock')
query = "Select * From role"
result, success, message = ReportsManager.modify_report(session, "/Reports", report_name, query)
assert success, f'Script editor could not modified successfully:{message}'
logger.info(f'Script editor could not modified successfully:{result}')
ui.tab("Permissions")
ui.expect(DisabledButton("Add"), "Add is not grey can edit the permission")
logger.info(f"'Add' button is grey, and cannot modify the existing permission")
def test_cannot_edit_reports_permissions_under_my_reports(core_session, create_report,
core_admin_ui, cleanup_reports):
"""
TCID: C6337 Cannot edit report's permissions under My reports
:param core_session: Centrify Authentication session
:param create_report: To create a report
:param core_admin_ui: To open the browser
:param cleanup_reports: To clean the shared report
"""
my_report = create_report(core_session, "Select Name From Server")
report_name = my_report['Name']
logger.info(f'Successfully created reports:{my_report}')
ui = core_admin_ui
ui.navigate("Reports")
ui.check_actions(["Copy", "Move", "Delete",
"Modify", "Export Report", "Email Report"], report_name)
ui.navigate("Reports")
ui.action("Modify", report_name)
ui.tab("Permissions")
expected_msg = "The current report must be moved out of the home " \
"directory before permissions can be set for other users and roles."
ui.expect(Div(expected_msg), f'Failed to get the expected message:{expected_msg}')
logger.info(f'Expectation message is:{expected_msg}')
ui.expect(DisabledButton("Add"), f'Add button is enable and can edit the permission')
ui.navigate("Reports")
ui.action("Copy", report_name)
copy_modal = f'Copy : Copy {report_name}'
ui.switch_context(Modal(copy_modal))
ui.expect(Button("Save File"), f"Expected to see a Save File button but could not")
# Down method is used select the Shared Reports folder
ui.down()
ui.close_modal("Save File")
ui.navigate("Reports")
ui.expect_disappear(LoadingMask(), f'Report page did not load properly')
ui.expect(TreeFolder("Shared Reports"), f'Expected to see the Shared Reports but could not')
shared_reports_button = ui._searchAndExpect(TreeFolder("Shared Reports"),
f'Expected find shared Folder but could not')
shared_reports_button.try_click()
logger.info(f'Successfully copy report to shared reports folder "Copy {report_name}"')
ui.action("Modify", "Copy " + report_name)
ui.tab("Permissions")
ui.expect(Button("Add"), f'Add button is disable, Report permissions can not be edited under "Shared Reports" folder')
reports = Reports(core_session, f"Copy {report_name}.report")
found_report = reports.get_report_by_name(core_session, f"Copy {report_name}.report", dir="/Reports/")
cleanup_reports.append(found_report['Path'])
def test_check_ui_system_login_dialog(core_session, core_admin_ui, pas_setup):
"""
TC : C2072 Check UI on system login dialog
param:core_admin_ui: Returns browser Session
param: core_session: Returns Api session.
param: pas_setup: Return fixture
"""
# Launch UI.
ui = core_admin_ui
created_system_id, created_account_id, system_details = pas_setup
system_name = system_details[0]
ui.navigate('Resources', 'Systems')
ui.search(system_name)
ui.right_click_action(GridCell(system_name), 'Select/Request Account')
ui.expect_disappear(LoadingMask(),
'Expected to find account but it did not', 30)
ui.switch_context(Modal(system_name + ' Login'))
logger.info("Successfully show loading before all account display")
def test_assign_grant_permission_to_shared_reports(core_session, create_report, users_and_roles):
"""
TCID: C6353 Assign 'Grant' permission to shared report
:param core_session: Centrify Authentication Session
"""
my_report = create_report(core_session, "Select Name From Server", dir="/Reports")
report_name = my_report['Name']
session_user = core_session.get_user()
session_user_name = session_user.get_login_name()
session_user_id = session_user.get_id()
grant_str = "0000000000000000000000000000000000000000000000000000000011101101"
ui = users_and_roles.get_ui_as_user("Federation Management")
user_details = ui.get_user()
user_name = user_details.get_login_name()
user_id = user_details.get_id()
role = UserManager.get_user_role_rights(core_session, user_id)
assign_result = ReportsManager.assign_directory_rights_to_role(core_session, "/Reports",
[{"Role": role['Result']['Results'][0]['Entities'][0][
'Key'],
"Rights": ["Read"]},
{"Role": "Everybody",
"Rights": ["Read"]
}])
assert assign_result, f'Failed to give the read the permission to Shared Folder'
result, success, message = ReportsManager.update_report_permission(core_session, user_name, user_id, grant_str,
report_name, ['Owner'])
assert success, f'Failed to assign grant permission to Federation user:{message}'
logger.info(f'Successfully assign the grant permission to federation user:{result}')
ui.navigate("Reports", check_rendered_tab=False)
ui.expect_disappear(LoadingMask(), 'Report page did not load properly')
ui.expect(TreeFolder("My Reports"), "Failed to find Shared Reports Tab under Reports", time_to_wait=30)
ui.expect(TreeFolder("Shared Reports"), f'Expected find Shared Reports Folder in Tree', time_to_wait=30).try_click()
ui.expect(GridCell(report_name),
f'Can not see the shared report which assigned grant permission to federation user')
ui.check_actions(["Copy", "Move", "Delete", "Modify", "Export Report", "Email Report"], report_name)
ui.action("Modify", report_name)
ui.expect(Div("Report Builder"), f'Failed to enter report detail page')
session = users_and_roles.get_session_for_user('Federation Management')
result, success, message = ReportsManager.update_report_permission(session,
session_user_name, session_user_id,
grant_str, report_name, ['Owner'])
assert success, f'Failed to save permission, API response: {message}'
logger.info(f'Permission saved successfully:{result}')
def test_cannot_create_folder_with_invalid_name(core_admin_ui):
"""
TCID: #C6364 Cannot create folder with invalid folder name
:param core_admin_ui: To open the browser
"""
ui = core_admin_ui
ui.navigate("Reports")
ui.expect_disappear(LoadingMask(), 'Reports page did not load properly')
ui.expect(TreeFolder("My Reports"), "Unable to find My Reports Tab under Reports")
ui.right_click_action(TreeFolder("My Reports"), "New folder")
# 1st Case
folder_name = "<new_folder>"
ui.switch_context(Modal("Create new folder"))
ui.input('file-name', folder_name)
ui.expect(Anchor(button_text="Save"), "Folder Name is created").try_click()
alert_text = "The report name can include alpha numeric and special characters "
ui.expect(InvalidInputAlert(alert_text), "Invalid Input alert tooltip appears")
logger.info(f'Invalid file name')
# 2nd Case
folder_name = ' '
ui.input('file-name', folder_name)
ui.expect(Anchor(button_text="Save"), "Failed to find the save button").try_click()
ui.expect(WarningModal(), "Folder is created with space")
logger.info(f'Invalid file name')
ui.switch_context(WarningModal())
ui.button("Close")
ui.remove_context()
# 3rd Case
folder_name = " name"
ui.input('file-name', folder_name)
ui.expect(Anchor(button_text="Save"), "Failed to find the save button").try_click()
ui.expect(WarningModal(), "Folder is created space with name")
logger.info(f'Invalid file name')
ui.switch_context(WarningModal())
ui.button("Close")
ui.remove_context()
ui.close_modal("Cancel")
def test_grant_view_portal_login_permission_to_privileged_access_service_user(core_session, system_with_ssh_account,
core_admin_ui):
"""
TC: C2069
:param core_session: Authenticated Centrify session.
:param system_with_ssh_account: Valid unix system with ssh account
:param core_admin_ui: Authenticated browser session.
"""
system_id, account_id, ssh_id, system_list, account_list, ssh_list = system_with_ssh_account
ui = core_admin_ui
user_id = UserManager.get_user_id(core_session, ui.user.centrify_user['Username'])
result, status = ResourceManager.assign_account_permissions(core_session, rights="View,Login,UserPortalLogin",
principal=ui.user.centrify_user['Username'],
principalid=user_id, pvid=account_id)
assert status, f'failed to assign UserPortalLogin permission of account to user {ui.user.centrify_user["Username"]}'
logger.info(f'UserPortalLogin permission of account assigned successfully to user '
f'{ui.user.centrify_user["Username"]}')
ui = core_admin_ui
# "SSH Key" on column "Credential Type"
result, status = ResourceManager.get_workspace_my_system_account(core_session)
for account in result:
if account['Host'] == system_id:
assert account['CredentialType'] == 'SshKey', f'SSH Key not displayed in CredentialType column in ' \
f'My System Account'
logger.info('SSH key displayed in Credential type column.')
# Login to the ssh account
ui.navigate(('Workspace', 'My System Accounts'))
ui.right_click_action(GridRowByGuid(account_id), 'Login')
ui.switch_to_pop_up_window()
ui.expect_disappear(LoadingMask(), 'RDP session never exited loading state for system', time_to_wait=60)
ui.switch_to_main_window()
status, result = ResourceManager.get_my_active_sessions(core_session, account_id)
assert status, f'failed to retrieve details for active account session data, return result is {result}'
logger.info(f'details for active account found in My Active sessions, returned row is {result}.')
def test_login_stored_account(core_session, setup_pas_system_for_unix,
set_cleaner, core_admin_ui):
"""
Test Case ID: C2087
Test Case Description: Login as stored account after proxy account enabled
:param core_session: Returns API session
:param setup_pas_system_for_unix: Creates Unix System and Account
:param set_cleaner: Delete Set
:param core_admin_ui: Authenticates Centrify UI session
"""
system_id, account_id, sys_info = setup_pas_system_for_unix
system_name = sys_info[0]
FQDN = sys_info[1]
computer_class = sys_info[2]
account_name = sys_info[4]
systems_data = Configs.get_environment_node('resources_data',
'automation_main')
expected_system_class = systems_data['Unix_infrastructure_data']
result, success = ResourceManager.update_system(
core_session,
system_id,
system_name,
FQDN,
computer_class,
proxyuser=expected_system_class['proxy_user'],
proxyuserpassword=expected_system_class['proxy_password'],
proxyuserismanaged=False,
allowremote=True)
assert success, 'Failed to update system'
logger.info(f'System successfully updated with result: {result}')
ui = core_admin_ui
name_of_set = f'Set{guid()}'
ui.navigate('Resources', 'Systems')
ui.launch_add('Add', 'Create Set')
ui.input('Name', name_of_set)
ui.tab('Members')
ui.launch_modal('Add', 'Add System')
ui.search(system_name)
ui.check_row(system_name)
ui.close_modal('Add')
ui.save()
id_of_set = SetsManager.get_collection_id(core_session, name_of_set,
'Server')
assert id_of_set, 'Set creation Failed'
logger.info(f"Set: '{name_of_set}' created successfully")
set_cleaner.append(id_of_set)
# Login into Stored Account
ui._waitUntilSettled()
ui.switch_context(ActiveMainContentArea())
ui.right_click_action(Div(system_name), 'Select/Request Account')
ui.switch_context(Modal(system_name + ' Login'))
ui.expect_disappear(LoadingMask(),
'Expected to find account but it did not', 30)
ui.search(account_name)
ui.expect(GridCell(account_name),
'Expected to find account name but it did not.').try_click()
ui.close_modal('Select')
ui.switch_to_pop_up_window()
ui.expect_disappear(LoadingMask(),
'Expected to login in account but it did not', 30)
logger.info(f'Successfully logged in Account:{account_name}.')
ui.switch_to_main_window()
def test_cloud_admin_login_from_my_system_account(core_session, pas_config,
core_admin_ui,
cleanup_accounts,
cleanup_resources,
remote_users_qty1):
"""
Test case: C14831
:param core_session: centrify session
:param core_admin_ui: Centrify UI session
"""
maximum_event_wait_time = 120
account_list = cleanup_accounts[0]
system_list = cleanup_resources[0]
systems = ServerManager.get_all_resources(core_session)
accounts = ServerManager.get_all_accounts(core_session)
for system in systems:
system_list.append(system['ID'])
for account in accounts:
account_list.append(account['ID'])
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
ui = core_admin_ui
admin_user_uuid = UserManager.get_user_id(
core_session, ui.user.centrify_user["Username"])
# assigning cloud admin workspace login permission
rights = "View,Login,UserPortalLogin"
result, status = ResourceManager.assign_account_permissions(
core_session,
rights,
ui.user.centrify_user["Username"],
admin_user_uuid,
pvid=acc_result)
assert status, f'failed to assign {rights} permission to cloud admin {ui.user.centrify_user["Username"]}.' \
f'returned result is: {result}'
# Updating allow remote to enable RDP session for targeted system
result, success = ResourceManager.update_system(core_session,
add_sys_result,
sys_name,
fdqn,
"Windows",
allowremote=True)
assert success, f'failed to assign rdp policy to account {add_user_in_target_system[0]} of system {sys_name}'
ui.navigate(('Workspace', 'My System Accounts'))
ui.expect(
GridRow(sys_name),
f'Expected to find system {sys_name} in My System Account but did not')
ui.right_click_action(GridRow(sys_name), 'Login')
ui.switch_to_pop_up_window()
ui.expect_disappear(
LoadingMask(),
'Error occurred while launching workspace login session',
time_to_wait=250)
ui.switch_to_main_window()
# wait for manged password change event
filter = [['AccountName', add_user_in_target_system[0]]]
RedrockController.wait_for_event_by_type_filter(
core_session,
"Cloud.Server.LocalAccount.RDPSession.Start",
filter=filter,
maximum_wait_second=maximum_event_wait_time) # wait for 20 seonds
# Api call to get details of account active session
status, result = ResourceManager.get_my_active_sessions(
core_session, acc_result)
assert status, f'failed to retrieve details for active account session data, return result is {result}'
logger.info(
f'details for active account {add_user_in_target_system[0]} are {result}'
)
ui.navigate('Resources', 'Systems')
ui.search(sys_name)
ui.expect(GridRowByGuid(add_sys_result),
expectation_message=
f'failed to search for the system by id {add_sys_result}')
ui.click_row(GridRowByGuid(add_sys_result))
# fetching Active session value from system view page
ui.inner_text_of_element(ActiveSessionTextCount(),
expectation_message='1',
warning_message="RDP Not taken from user")
logger.info(f'Active session value incremented to 1: Active Sessions:1')
def test_settings_Policy_page(core_session, pas_config, remote_users_qty1,
cleanup_resources, cleanup_accounts,
core_admin_ui):
"""C2541 Settings on Policy page
trying to get rdp through system account with in 15 minute
Steps:
Pre: Create system with 1 account hand
1. Try to take rdp for system
-Assert Failure
2. Try to checkout password for account
-Assert Failure
"""
core_ui = core_admin_ui
user_name = core_ui.get_user().get_login_name()
system_list = cleanup_resources[0]
accounts_list = cleanup_accounts[0]
# Getting system details.
sys_name = f'{"Win-2012"}{guid()}'
user_password = '******'
sys_details = pas_config
add_user_in_target_system = remote_users_qty1
fdqn = sys_details['Windows_infrastructure_data']['FQDN']
# Adding system.
add_sys_result, add_sys_success = ResourceManager.add_system(
core_session, sys_name, fdqn, 'Windows', "Rdp")
assert add_sys_success, f"failed to add system:API response result:{add_sys_result}"
logger.info(f"Successfully added system:{add_sys_result}")
system_list.append(add_sys_result)
success, response = ResourceManager.update_system(core_session,
add_sys_result,
sys_name,
fdqn,
'Windows',
allowremote=True,
defaultcheckouttime=15)
assert success, f"failed to change the management mode:API response result:{response}"
logger.info(f"Successfully updated the system:{add_sys_result}")
# Adding account in portal.
acc_result, acc_success = ResourceManager.add_account(
core_session,
add_user_in_target_system[0],
password=user_password,
host=add_sys_result,
ismanaged=True)
assert acc_success, f"Failed to add account in the portal: {acc_result}"
logger.info(
f"Successfully added account {add_user_in_target_system[0]} in the portal"
)
accounts_list.append(acc_result)
core_ui.navigate('Resources', 'Accounts')
core_ui.search(add_user_in_target_system[0])
core_ui.right_click_action(GridRowByGuid(acc_result), 'Login')
core_ui.switch_to_pop_up_window()
core_ui.expect_disappear(
LoadingMask(),
f'RDP session never exited loading state for system {sys_name}',
time_to_wait=50)
core_ui.switch_to_main_window()
row = ResourceManager.get_system_activity(core_session, add_sys_result)
assert f'{user_name} logged into system "{sys_name}"({fdqn}) from "web" using local account ' \
f'"{add_user_in_target_system[0]}"' in row[0]['Detail'], "user not able to take rdp"
password_checkout_result, password_checkout_success = \
ResourceManager.check_out_password(core_session, 1, accountid=acc_result)
new_cid = password_checkout_result['COID']
assert password_checkout_result['Password'] is not user_password, \
f"expected password equal to actual password: {password_checkout_result}"
logger.info(f"password successfully checkout Account password: {new_cid}")
def test_check_total_session(core_session, pas_setup, get_admin_user_function,
users_and_roles):
"""
Test case: C2117
:param core_session: Authenticated Centrify session manager
:param pas_setup: fixture to create system with accounts
:param users_and_roles: fixture to create user with roles
"""
system_id, account_id, sys_info = pas_setup
cloud_user_session, user = get_admin_user_function
cloud_user, user_id, user_password = user.get_login_name(), user.get_id(
), user.get_password()
user = {"Username": cloud_user, "Password": user_password}
result, status = ResourceManager.assign_system_permissions(
core_session,
"View",
principal=cloud_user,
principalid=user_id,
pvid=system_id)
assert status, f'failed to assign view permission to user {cloud_user} for system {sys_info[0]}'
logger.info(
f'View permission assigned to user {cloud_user} for system {sys_info[0]}'
)
result, status = ResourceManager.assign_account_permissions(
core_session,
"View,Login",
principal=cloud_user,
principalid=user_id,
pvid=account_id)
assert status, f'failed to assign view permission to user {cloud_user} for account {sys_info[4]}'
logger.info(
f'View permission assigned to user {cloud_user} for account {sys_info[4]}'
)
# update system to allow system for RDP connections
result, success = ResourceManager.update_system(core_session,
system_id,
sys_info[0],
sys_info[1],
sys_info[2],
allowremote=True)
assert success, f"failed to update system {sys_info[0]}, result is {result}"
logger.info('system updated for remote connection')
ui = users_and_roles.get_ui_as_user(user_properties=user,
user_already_exists=True)
ui.navigate('Resources', 'Systems')
ui.search(sys_info[0])
ui.right_click_action(GridRowByGuid(system_id), 'Select/Request Account')
ui.switch_context(Modal(text=f'{sys_info[0]} Login'))
account_row = ui.expect(
GridCell(sys_info[4]),
f'Expected to find account row {sys_info[4]} but did not.')
account_row.try_click()
ui.close_modal('Select')
ui.switch_to_pop_up_window()
ui.expect_disappear(LoadingMask(),
f'RDP session never exited loading state',
time_to_wait=60)
ui.switch_to_main_window()
ui.user_menu('Reload Rights')
# Api call to get details of account active session
result, success = ResourceManager.get_active_sessions(core_session)
active_session_list = []
for i in range(len(result)):
if result[i]["HostName"] == sys_info[0]:
active_session_list.append(result[i]["SessionID"])
assert active_session_list, f'Failed to find the login record with "System Name: {active_session_list}"'
logger.info(f'Active session details:{active_session_list}')