def test_bulk_account_delete_by_sql_query_only_deletes_correct_accounts_fast_track( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 2, 12, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists( all_accounts) sql_query = 'SELECT * FROM VaultAccount WHERE ' + ' OR '.join( ('VaultAccount.ID = "' + str(n) + '"' for n in list(delete_ids))) result, success = ResourceManager.del_multiple_accounts_by_query( core_session, sql_query, run_sync=True) assert success, "del_multiple_accounts_by_query failed " + result assert set(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) == set(all_systems), \ "Wrong set of added systems found" assert set(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == set(keep_ids), \ "Wrong set of added accounts found" user_info = core_session.get_current_session_user_info().json()['Result'] username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.StartQuery.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Success.Multi' start_message = f'{username} initiated delete of multiple accounts' end_message = f'{username} successfully deleted {len(delete_ids)} accounts' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def _make_four_accounts_get_names(session, mutable_list, ssh=False): server_prefix = "bsd_tst_sys" + "-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() account_prefix = "ta_" if ssh: batch = ResourceManager.add_multiple_systems_with_accounts( session, 1, 3, mutable_list, system_prefix=f'{server_prefix}_password', user_prefix=f'{account_prefix}_password') batch2 = ResourceManager.add_multiple_ssh_systems_with_accounts( session, 1, 1, mutable_list, system_prefix=f'{server_prefix}_ssh', user_prefix=f'{account_prefix}_ssh') all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch, batch2]) else: batch = ResourceManager.add_multiple_systems_with_accounts( session, 1, 4, mutable_list, system_prefix=server_prefix, user_prefix=account_prefix) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) all_account_names = ResourceManager.get_multi_added_account_names( session, all_systems) return server_prefix, account_prefix, all_systems, all_accounts, all_account_names
def test_bulk_system_by_api_set_correct_systems_and_accounts_fast_track(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems, sys_type="Unix") batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems, sys_type="Unix") delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2]) keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3]) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) some_set_name = "ApiSet" + guid() SetsManager.create_manual_collection(core_session, some_set_name, "Server", None) set_id = SetsManager.get_collection_id(core_session, some_set_name, "Server") SetsManager.update_members_collection(core_session, 'add', list(delete_system_ids), 'Server', set_id) collection_and_filters = SetsManager.get_object_collection_and_filter_by_name(core_session, some_set_name, "Server") filters = collection_and_filters['Filters'] logger.info(f'Manual set {collection_and_filters} - members - {delete_system_ids}') result, success = ResourceManager.del_multiple_systems_by_query(core_session, filters, savepasswords=False, secretname="", run_sync=True) assert success is True, f'Delete systems job failed when expected success' SetsManager.delete_collection(core_session, set_id) assert set(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search" assert set(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search"
def test_bulk_system_delete_by_ids_only_deletes_correct_systems_and_accounts_fast_track( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): user_info = core_session.get_current_session_user_info().json()['Result'] batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems) batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 6, list_of_created_systems) batch4 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 8, list_of_created_systems) batch5 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2, batch3, batch4, batch5]) delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2, batch4]) keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3, batch5]) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2, batch3, batch4, batch5]) ResourceManager.del_multiple_systems(core_session, delete_system_ids, savepasswords=True, wait_time=0, skip_if_has_apps_or_services=True, run_sync=True) assert set(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search" assert set(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search" username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Start.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Success.Multi' start_message = f'{username} initiated delete of {len(delete_system_ids)} systems' end_message = f'{username} successfully deleted {len(delete_system_ids)} systems' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def _make_two_servers_get_names(session, mutable_list, ssh=False): server_prefix = "bsd_tst_sys" + "-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() if ssh: batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts(session, 1, 1, mutable_list, system_prefix=f'{server_prefix}-ssh') batch2 = ResourceManager.add_multiple_systems_with_accounts(session, 1, 1, mutable_list, system_prefix=f'{server_prefix}-password') all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) else: batch1 = ResourceManager.add_multiple_systems_with_accounts(session, 2, 2, mutable_list, system_prefix=server_prefix) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1]) names_of_servers = list(ResourceManager.get_multi_added_system_ids(session, all_systems).keys()) return server_prefix, names_of_servers, batch1.keys()
def test_bulk_account_delete_performs_quickly( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): # test constants large_number_for_stress_testing = 50 # tested once with higher numbers but reduced for quick execution reasonable_amount_of_time_to_execute = 90 batch1 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, large_number_for_stress_testing // 2, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, large_number_for_stress_testing // 2, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2]) start_time = time.time() result, success = ResourceManager.del_multiple_accounts( core_session, all_accounts) assert success, "Api did not complete successfully for bulk account delete " + result end_time = time.time() elapsed_time = end_time - start_time assert elapsed_time <= reasonable_amount_of_time_to_execute, \ "Did not complete operation in a reasonable amount of time" assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "Expected 0 added accounts found" assert len( ResourceManager.get_multi_added_system_ids( core_session, all_systems)) == 2, "Expected 2 added systems found"
def test_bulk_account_delete_job_fails_with_request_query_returning_zero_rows_fast_track( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) _, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values( [batch]) # Invalid query for the failure case. if simulate_failure: sql_query = f"select * from VaultAccount where ID = '{guid()}'" else: sql_query = RedrockController.get_query_for_ids( 'VaultAccount', delete_account_ids) params = Util.scrub_dict({ 'Ids': [], 'SaveToSecrets': False, 'SecretName': "", 'SetQuery': sql_query, 'RunSync': True }) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, \ f'Invalid query bulk account delete request succeeded even though it should fail {result}'
def test_bulk_account_delete_does_not_generate_secret_when_told_not_to( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts( core_session, 2, 3, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2]) secret_name = "TestSecret-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = 'SELECT * FROM VaultAccount WHERE ' + ' OR '.join( ('VaultAccount.ID = "' + str(n) + '"' for n in list(all_accounts))) ResourceManager.del_multiple_accounts_by_query(core_session, sql_query, False, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name, intervals_to_wait=60) # set low intervals to wait, since secret should not be generated secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is None, "Secret not found!" assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 0, \ "Expected zero remaining added accounts remain"
def test_bulk_account_delete_generates_secret( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner): batch1 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts( core_session, 2, 3, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2]) secret_name = "TestSecret-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = 'SELECT * FROM VaultAccount WHERE ' + ' OR '.join( ('VaultAccount.ID = "' + str(n) + '"' for n in list(all_accounts))) ResourceManager.del_multiple_accounts_by_query(core_session, sql_query, True, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "Secret not found" secret_cleaner.append(secret_id) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "Expected zero added accounts remain"
def test_app_management_user_can_create_job_but_not_delete_servers(clean_bulk_delete_systems_and_accounts, core_session, core_tenant, clean_users, users_and_roles, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 2, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch]) requestor_session = users_and_roles.get_session_for_user('Application Management') user_info = requestor_session.get_current_session_user_info().json()['Result'] all_systems = batch.keys() job_id, result = ResourceManager.del_multiple_systems(requestor_session, all_systems) result = ResourceManager.get_job_state(core_session, job_id) assert result == "Succeeded", "Job did not execute" assert len( ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 3, "Wrong number of remaining systems" assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 6, "Wrong number of remaining accounts" username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Start.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Failure.Multi' start_message = f'{username} initiated delete of {len(all_systems)} systems' end_message = f'{username} failed to delete {len(all_systems)} of {len(all_systems)} systems' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_account_delete_by_ids_only_deletes_correct_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts( core_session, 3, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 2, list_of_created_systems) batch3 = ResourceManager.add_multiple_systems_with_accounts( core_session, 4, 6, list_of_created_systems) batch4 = ResourceManager.add_multiple_systems_with_accounts( core_session, 2, 8, list_of_created_systems) batch5 = ResourceManager.add_multiple_systems_with_accounts( core_session, 5, 2, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2, batch3, batch4, batch5]) delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists( all_accounts) result, success = ResourceManager.del_multiple_accounts( core_session, delete_ids) assert success, "Api did not complete successfully for bulk account delete MSG: " + result assert set( ResourceManager.get_multi_added_system_ids( core_session, all_systems).values()) == set( all_systems), "Wrong set of added systems found" assert set( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == set(keep_ids), "Wrong set of added accounts found" user_info = core_session.get_current_session_user_info().json()['Result'] username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Start.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Success.Multi' start_message = f'{username} initiated delete of {len(delete_ids)} accounts' end_message = f'{username} successfully deleted {len(delete_ids)} accounts' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_account_delete_accounts_activity_fast_track( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) delete_ids, _ = DataManipulation.shuffle_and_split_into_two_lists( all_accounts) ResourceManager.del_multiple_accounts(core_session, delete_ids) row = ResourceManager.get_system_activity(core_session, all_systems.pop()) activity_details = [] for system_activity in row: if system_activity['EventType'] == "Cloud.Server.ServerAdd": activity_details.append(system_activity["Detail"]) assert len(activity_details ) == 1, "Wrong dumber of delete activities for the account"
def test_bulk_account_delete_generates_secret_with_ssh_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_ssh_systems_with_accounts( core_session, 2, 2, list_of_created_systems, system_prefix=f'test_ssh', user_prefix=f'test_usr_ssh') all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1]) secret_name = "TestSecret-" + str( ResourceManager.time_mark_in_hours()) + "-" + guid() result, success = ResourceManager.del_multiple_accounts( core_session, all_accounts, save_passwords=True, secret_name=secret_name) assert success, "Api did not complete successfully for bulk account delete MSG: " + result ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "Secret not found" secret_cleaner.append(secret_id) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 0, "Expected zero added accounts remain" user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.count("\n") == 1 + len( all_accounts ), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("AutomationTestKey") == len( all_accounts ), f"Secret file contained the wrong number of keys {secret_file_contents}" for server_id in all_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_missing_permissions_on_bulk_account_delete( clean_bulk_delete_systems_and_accounts, core_session, core_tenant, clean_users, users_and_roles, list_of_created_systems): right_data = [ "Privileged Access Service Power User", "role_Privileged Access Service Power User" ] batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 3, 3, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) has_permission_ids, missing_permission_ids = DataManipulation.shuffle_and_split_into_two_lists( all_accounts) requester_session = users_and_roles.get_session_for_user(right_data[0]) results_role = users_and_roles.get_role(right_data[0]) permissions_dict = dict.fromkeys( has_permission_ids, 'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin' ) permissions_dict.update( dict.fromkeys( missing_permission_ids, 'Owner,View,Manage,Login,Naked,UpdatePassword,FileTransfer,' 'UserPortalLogin')) for account_id, permission_string in permissions_dict.items(): result, success = ResourceManager.assign_account_permissions( core_session, permission_string, results_role['Name'], results_role['ID'], "Role", account_id) assert success, "Did not set account permissions " + str(result) api_results, success = ResourceManager.del_multiple_accounts( requester_session, all_accounts, run_sync=True) assert not success, f"Expected fail result from missing permissions during test_missing_permissions_on_bulk_account_delete {api_results}" assert set( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == set(missing_permission_ids)
def test_bulk_system_delete_by_sql_query_only_deletes_correct_systems_and_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): user_info = core_session.get_current_session_user_info().json()['Result'] assert len(ResourceManager.get_multi_added_system_ids(core_session, [ "x"])) == 0 # Use fake GUID string to ensure that filter is working properly, since empty list means no filter assert len(ResourceManager.get_multi_added_account_ids(core_session, ["x"])) == 0 batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 2, list_of_created_systems) batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 6, list_of_created_systems) batch4 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 8, list_of_created_systems) batch5 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2, batch3, batch4, batch5]) assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 15, "Found wrong number of added systems" assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 59, "Found wrong number of add accounts" delete_system_ids, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch2, batch4]) keep_system_ids, keep_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch1, batch3, batch5]) sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, False, "") assert set(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) == keep_system_ids, "Set of expected remaining systems did not match search" assert set(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == keep_account_ids, "Set of expected remaining accounts did not match search" username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.StartQuery.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkSystemDelete.Success.Multi' start_message = f'{username} initiated delete of multiple systems' end_message = f'{username} successfully deleted {len(delete_system_ids)} systems' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_system_delete_generates_secret(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, secret_cleaner, core_tenant): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 3, list_of_created_systems) batch3 = ResourceManager.add_multiple_ssh_systems_with_accounts(core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) all_non_ssh_systems, all_non_shh_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) secret_name = "TestSecret-" + str(ResourceManager.time_mark_in_hours()) + "-" + guid() sql_query = RedrockController.get_query_for_ids('Server', all_systems) ResourceManager.del_multiple_systems_by_query(core_session, sql_query, True, secret_name) ResourceManager.wait_for_secret_to_exist_or_timeout(core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, "No secret was created" secret_cleaner.append(secret_id) user_name = core_tenant['admin_user'] user_id = UserManager.get_user_id(core_session, user_name) result, success = set_users_effective_permissions(core_session, user_name, "View,Edit,Retrieve", user_id, secret_id) assert success, f"Did not set secret permission successfully with message {result}" secret_file_contents = get_file_secret_contents(core_session, secret_id) assert secret_file_contents.strip().count("\n") == len( all_accounts), f"Secret file contained the wrong number of lines {secret_file_contents}" assert secret_file_contents.count("thisIsaPAsSwO0rd") == len( all_non_shh_accounts), f"Secret file contained the wrong number of passwords {secret_file_contents}" # Commenting following assert as AutomationTestKey is not available in secret_file_contents, Tested on both AWS, # Azure devdog tenants # assert 'AutomationTestKey' in secret_file_contents, f"Name of SSH key did not appear in secret file {secret_file_contents}" for server_id in all_non_ssh_systems: assert server_id in secret_file_contents, f"Server ID absent from secret file {secret_file_contents}" for account_id in all_non_shh_accounts: assert account_id in secret_file_contents, f"Account ID absent from secret file {secret_file_contents}"
def test_other_user_cant_see_secret_created_by_first_user(core_session, users_and_roles, created_system_id_list, swap_roles): roles = ["Privileged Access Service Administrator", "Privileged Access Service Power User"] if swap_roles: roles_new = [roles[1], roles[0]] roles = roles_new batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, created_system_id_list) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch]) deleter_user_0_session = users_and_roles.get_session_for_user(roles[0]) deleter_user_0_role = users_and_roles.get_role(roles[0]) deleter_user_0_role_name = deleter_user_0_role['Name'] deleter_user_0_role_id = deleter_user_0_role['ID'] other_user_1_session = users_and_roles.get_session_for_user(roles[1]) for account_id in all_accounts: permission_string = 'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin' result, success = ResourceManager.assign_account_permissions(core_session, permission_string, deleter_user_0_role_name, deleter_user_0_role_id, "Role", account_id) assert success, "Did not set account permissions " + str(result) for system_id in all_systems: permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,UnlockAccount' result, success = ResourceManager.assign_system_permissions(core_session, permission_string, deleter_user_0_role_name, deleter_user_0_role_id, "Role", system_id) assert success, "Did not set system permissions " + result secret_name = f"secret{guid()}" job_id, result = ResourceManager.del_multiple_systems(deleter_user_0_session, batch.keys(), secretname=secret_name) result = ResourceManager.get_job_state(core_session, job_id) assert result == "Succeeded", "Job did not execute" remaining_accounts = set(ResourceManager.get_multi_added_account_ids(core_session, created_system_id_list)) remaining_systems = set(ResourceManager.get_multi_added_system_ids(core_session, created_system_id_list).values()) assert remaining_accounts == set(), "Remaining accounts did not match expectation" assert remaining_systems == set(), "Remaining systems did not match expectation" secret_id = RedrockController.get_secret_id_by_name(deleter_user_0_session, secret_name) assert secret_id is not None, f"Secret was not visible to creator '{roles[0]}' user, either because it wasn't created or because of a permissions issue" secret_id = RedrockController.get_secret_id_by_name(other_user_1_session, secret_name) assert secret_id is None, f"Secret should not be '{roles[1]}' user when created by '{roles[0]}' user" secret_id = RedrockController.get_secret_id_by_name(core_session, secret_name) assert secret_id is not None, f"Sys admin should be able to see secret created by {roles[0]}"
def test_overlapping_redundant_requests_succeed( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 16, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 15, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch1, batch2]) all_accounts_list = list(all_accounts) random.shuffle(all_accounts_list) delete_ids1, keep_ids1 = DataManipulation.shuffle_and_split_into_two_lists( all_accounts_list[1::] ) # by excluding the first, we ensure one account is guaranteed to remain delete_ids2, _ = DataManipulation.shuffle_and_split_into_two_lists( all_accounts_list[1::]) delete_ids3, _ = DataManipulation.shuffle_and_split_into_two_lists( all_accounts_list[1::]) ResourceManager.del_multiple_accounts(core_session, delete_ids1, wait_time=-60) ResourceManager.del_multiple_accounts(core_session, delete_ids2, wait_time=-60) ResourceManager.del_multiple_accounts(core_session, delete_ids3) # wait on final call all_delete = set(delete_ids1).union(delete_ids2).union(delete_ids3) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == len(all_accounts) - len( all_delete), "Wrong number of remaining added accounts found" assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 2, \ "Wrong number of remaining added systems found"
def test_bulk_account_by_api_set_correct_accounts( clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems, core_admin_ui): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 2, 2, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) delete_ids, keep_ids = DataManipulation.shuffle_and_split_into_two_lists( all_accounts) some_set_name = "ApiSet" + guid() success, set_id = SetsManager.create_manual_collection( core_session, some_set_name, "VaultAccount", None) assert success, "Did not create collection" SetsManager.update_members_collection(core_session, 'add', list(delete_ids), 'VaultAccount', set_id) filters = SetsManager.get_object_collection_and_filter_by_name( core_session, some_set_name, "VaultAccount")['Filters'] result, success = ResourceManager.del_multiple_accounts_by_query( core_session, filters) assert success, "del_multiple_accounts_by_query failed " + result SetsManager.delete_collection(core_session, set_id) assert set( ResourceManager.get_multi_added_system_ids( core_session, all_systems).values()) == set( all_systems), "Wrong set of added systems found" assert set( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == set(keep_ids), "Wrong set of added accounts found"
def test_redundant_requests_succeed(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 2, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) ResourceManager.del_multiple_systems(core_session, batch1.keys()) ResourceManager.del_multiple_systems(core_session, batch2.keys()) ResourceManager.del_multiple_systems(core_session, batch1.keys()) ResourceManager.del_multiple_systems(core_session, batch2.keys()) assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 0, "Expected no remaining added accounts" assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 0, "Expected no remaining added systems"
def test_bulk_system_delete_works_with_built_in_set(clean_bulk_delete_systems_and_accounts, core_session, core_tenant, clean_users, users_and_roles, list_of_created_systems, get_environment): Engines = get_environment if Engines == "AWS - PLV8": batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 3, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch]) right_data = ("Privileged Access Service Power User", "role_Privileged Access Service Power User") requester_session = users_and_roles.get_session_for_user(right_data[0]) role_info = users_and_roles.get_role(right_data[0]) account_ids = ResourceManager.get_multi_added_account_ids(core_session, all_systems) for account_id in account_ids: permission_string = 'Owner,View,Manage,Delete,Login,Naked,UpdatePassword,FileTransfer,UserPortalLogin' result, success = ResourceManager.assign_account_permissions( core_session, permission_string, role_info['Name'], role_info['ID'], "Role", account_id) assert success, "Did not set account permissions " + str(result) system_ids = list(ResourceManager.get_multi_added_system_ids(core_session, all_systems).values()) for system_id in system_ids: permission_string = 'Grant,View,Edit,Delete,ManageSession,AgentAuth,RequestZoneRole,AddAccount,' \ 'UnlockAccount ' result, success = ResourceManager.assign_system_permissions(core_session, permission_string, role_info['Name'], role_info['ID'], "Role", system_id) assert success, "Did not set system permissions " + result job_id, result = ResourceManager.del_multiple_systems_by_query(requester_session, '@@Windows Servers') report = JobManager.get_job_report(core_session, job_id) # not asserting success or failure, the admin may have access to windows systems created by other tests which # would not succeed such as windows systems with uncertain accounts assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 0, f"Expected no remaining added accounts {report}" assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 0, f"Expected no remaining added systems {report}" else: skip('todo: Fix this test to work on azure')
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_secret( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) some_set_name = "ApiSet" + guid() success, set_id = SetsManager.create_manual_collection( core_session, some_set_name, "VaultAccount", None) assert success, "Did not create collection" SetsManager.update_members_collection(core_session, 'add', list(all_accounts), 'VaultAccount', set_id) params = Util.scrub_dict({ 'Ids': list(all_accounts), 'SaveToSecrets': simulate_failure, 'SecretName': "Bulk Account Delete", 'SetQuery': "", 'SkipIfHasAppsOrServices': simulate_failure }) if simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] ResourceManager.wait_for_job_state_succeeded(core_session, result) assert simulate_failure == success, f"Query success was unexpected value, with message {result}" else: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] ResourceManager.wait_for_job_state_succeeded(core_session, result) assert not simulate_failure == success, f"Query success was unexpected value, with message {result}" total_account = RedrockController.get_accounts(core_session) SetsManager.delete_collection(core_session, set_id) list_account = [] for get_account in total_account: if get_account['ID'] == all_accounts: list_account.append(get_account['ID']) assert 0 == len( list_account ), "Number of remaining added accounts was unexpected number"
def test_bulk_system_delete_job_fails_due_to_invalid_request_no_query_or_ids_fast_track( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems) delete_system_ids, unused_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch]) if simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({'SaveToSecrets': False, 'SecretName': "", 'RunSync': True})) else: sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict( {'SetQuery': sql_query, 'SaveToSecrets': False, 'SecretName': "", 'RunSync': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_does_not_generate_secret_when_told_not_to(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 7, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 5, 3, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2]) job_id, success = ResourceManager.del_multiple_systems(core_session, all_systems, False, "") assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 0, "Remaining added systems should be zero" report_contents = JobManager.get_job_report(core_session, job_id) assert report_contents['report'].find( 'No password secret created') > -1, f'A secret was created even though it should not have been.'
def test_overlapping_requests_succeed(clean_bulk_delete_systems_and_accounts, core_session, list_of_created_systems): batch1 = ResourceManager.add_multiple_systems_with_accounts(core_session, 3, 4, list_of_created_systems) batch2 = ResourceManager.add_multiple_systems_with_accounts(core_session, 4, 2, list_of_created_systems) batch3 = ResourceManager.add_multiple_systems_with_accounts(core_session, 2, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values([batch1, batch2, batch3]) ResourceManager.del_multiple_systems(core_session, batch1.keys(), wait_time=-1) ResourceManager.del_multiple_systems(core_session, batch1.keys(), wait_time=-1) # redundancy deliberate ResourceManager.del_multiple_systems(core_session, batch2.keys(), wait_time=-1) ResourceManager.del_multiple_systems(core_session, batch3.keys()) # wait on final call assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 0, "Expected no remaining added accounts" assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 0, "Expected no remaining added systems"
def test_ui_check_bulk_delete_account_scheduled(core_session, core_admin_ui, list_of_created_systems): """ Test case: C3088 :param core_session: Returns API session :param core_admin_ui: Centrify admin Ui session :param list_of_created_systems: creating a empty list of created systems. """ account_name_prefix = f'account_test{guid()}' # adding multiple systems with accounts result = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 2, list_of_created_systems, user_prefix=account_name_prefix) # arranging the results in the lists all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [result]) ui = core_admin_ui ui.navigate('Resources', 'Accounts') account_names = [] for account in all_accounts: # getting the account information query_result, query_success = ResourceManager.get_account_information( core_session, account) account_names.append(query_result['VaultAccount']['Row']['User']) ui.search(account_name_prefix) ui.action('Delete accounts', account_names) ui.switch_context(Modal('Bulk Account Delete')) ui.uncheck("SaveSecret") ui.button('Delete') ui.switch_context(ConfirmModal()) ui.button('Yes') ui.switch_context(InfoModal()) ui.expect( Div("A delete operation has been scheduled. You will receive an e-mail when the operation has been completed." ), "Expecting a info popup for delete schedule") logger.info("Popup with delete operation has been scheduled appeared") ui.button('Close') result, success = ResourceManager.del_multiple_systems( core_session, all_systems) assert success is True, 'Delete systems job failed when expected success' logger.info(f"Delete systems job executed successfully {result}")
def test_app_management_user_can_create_job_but_not_delete_accounts( clean_bulk_delete_systems_and_accounts, core_session, core_tenant, clean_users, users_and_roles, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 2, 2, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) assert len( ResourceManager.get_multi_added_system_ids( core_session, all_systems)) == 2, "Added systems not reflected in search" assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == 4, "Added accounts not reflected in search" requestor_session = users_and_roles.get_session_for_user( 'Application Management') job_id, result = ResourceManager.del_multiple_accounts( requestor_session, all_accounts) result = ResourceManager.get_job_state(core_session, job_id) assert result == "Succeeded", "Job did not execute" assert len(ResourceManager.get_multi_added_system_ids(core_session, all_systems)) == 2, \ "Expected 2 added systems to be found, but received different number" assert len(ResourceManager.get_multi_added_account_ids(core_session, all_systems)) == 4, \ "Expected 4 added accounts to be found, but received different number" user_info = requestor_session.get_current_session_user_info().json( )['Result'] username = user_info['Name'] start_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Start.Multi' end_type = 'Cloud.Core.AsyncOperation.BulkAccountDelete.Failure.Multi' start_message = f'{username} initiated delete of {len(all_accounts)} accounts' end_message = f'{username} failed to delete {len(all_accounts)} of {len(all_accounts)} accounts' RedrockController.expect_event_message_by_type(core_session, start_type, start_message) RedrockController.expect_event_message_by_type(core_session, end_type, end_message)
def test_bulk_account_stores_secret_when_deleting_using_ui( clean_bulk_delete_systems_and_accounts, core_session, core_admin_ui, list_of_created_systems, secret_cleaner): server_prefix, account_prefix, all_systems, all_accounts, all_account_names = _make_four_accounts_get_names( core_session, list_of_created_systems, ssh=True) ui = core_admin_ui ui.navigate('Resources', 'Accounts') ui.search(server_prefix) for name in all_account_names: assert ui.check_exists( GridCell(name)), f"Account not found in grid with name {name}" delete_names, keep_names = DataManipulation.shuffle_and_split_into_two_lists( all_account_names) action_name = 'Delete accounts' modal_name = 'Bulk Account Delete' if len(delete_names) == 1: action_name = 'Delete' modal_name = 'Delete' ui.action(action_name, delete_names) ui.switch_context(Modal(modal_name)) secret_name = "secret_e2e_name_" + guid() + "_" + guid() ui.input("SecretName", secret_name) ui.button('Delete') ui.switch_context(NoTitleModal()) ui.button('Close') ResourceManager.wait_for_secret_to_exist_or_timeout( core_session, secret_name) secret_id = RedrockController.get_secret_id_by_name( core_session, secret_name) assert secret_id is not None, "Failed to create secret!" secret_cleaner.append(secret_id) assert len( ResourceManager.get_multi_added_account_ids( core_session, all_systems)) == len( keep_names), "Wrong number of remaining systems found"
def test_ui_check_bulk_delete_account_confirm(core_session, core_admin_ui, list_of_created_systems): """ Test case: C3087 :param core_session: Returns API session :param core_admin_ui: Centrify admin Ui session :param list_of_created_systems: creating a empty list of created systems. """ account_name_prefix = f'account_test{guid()}' # adding multiple systems with accounts result = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 2, list_of_created_systems, user_prefix=account_name_prefix) # arranging the results in the lists all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [result]) ui = core_admin_ui ui.navigate('Resources', 'Accounts') account_names = [] for account in all_accounts: # getting the account information query_result, query_success = ResourceManager.get_account_information( core_session, account) account_names.append(query_result['VaultAccount']['Row']['User']) ui.search(account_name_prefix) ui.action('Delete accounts', account_names) ui.switch_context(Modal('Bulk Account Delete')) ui.uncheck("SaveSecret") ui.button('Delete') ui.switch_context(ConfirmModal()) ui.expect( Div("You are about to delete accounts which contain passwords or SSH Keys. This cannot be undone. Are " "you sure you want to continue?"), "Expecting a confirm delete account popup") logger.info("Confirm delete accounts popup appeared.") ui.button('Yes') result, success = ResourceManager.del_multiple_systems( core_session, all_systems) assert success is True, 'Delete systems job failed when expected success' logger.info(f"Delete systems job executed successfully {result}")
def test_ui_check_bulk_delete_account_caution(core_session, core_admin_ui, list_of_created_systems): """ Test case: C3086 :param core_session: Returns API session :param core_admin_ui: Centrify admin Ui session :param list_of_created_systems: creating a empty list of created systems. """ account_name_prefix = f'account_test{guid()}' # adding multiple systems with accounts result = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 2, list_of_created_systems, user_prefix=account_name_prefix) # arranging the results in the lists all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [result]) ui = core_admin_ui ui.navigate('Resources', 'Accounts') account_names = [] for account in all_accounts: # getting the account information query_result, query_success = ResourceManager.get_account_information( core_session, account) account_names.append(query_result['VaultAccount']['Row']['User']) ui.search(account_name_prefix) ui.action('Delete accounts', account_names) ui.switch_context(Modal('Bulk Account Delete')) ui.expect(Label("Save password to secret"), "Expected to see the label of save the password") ui.expect( Div("Deleting an account means we will no longer know the password." " Saving deleted account passwords to a secret is recommended until you are sure they are " "no longer needed."), "Expected to see the Caution message.") result, success = ResourceManager.del_multiple_systems( core_session, all_systems) assert success is True, f'Delete systems job failed when expected success' logger.info(f"Delete systems job executed successfully {result}") result_acc, success_acc = ResourceManager.del_multiple_accounts( core_session, all_accounts) assert success_acc, f"Api did not complete successfully for bulk account delete MSG:{result_acc}"