def test_bulk_system_unenroll_job_fails_due_to_invalid_request_missing_all_fields(core_session, simulate_failure): if simulate_failure: request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict({})) else: request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'SetQuery': "@@Favorites", 'SkipIfAgentReconciliationEnabled': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_missing_all_fields(clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems) if simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({})) else: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict( {'SetQuery': "@@Favorites", 'SaveToSecrets': False, 'SecretName': ""})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_and_id_list(core_session, simulate_failure, test_four_virtual_aapm_agents): agents, _ = test_four_virtual_aapm_agents _, server_ids = _setup_agents(core_session, agents) if simulate_failure: request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'SetQuery': "@@Favorites", 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True})) else: request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_system_delete_job_fails_due_to_invalid_request_missing_tag(clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems) if not simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict( {'SetQuery': "@@Favorites", 'SaveToSecrets': True, 'SecretName': "MySecretName"})) else: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({'SetQuery': "@@Favorites", 'SaveToSecrets': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert (not simulate_failure) == success, f"API success response not expected value, returned result {result}"
def test_bulk_account_delete_job_fails_with_request_query_returning_zero_rows_fast_track( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) _, delete_account_ids = DataManipulation.aggregate_lists_in_dict_values( [batch]) # Invalid query for the failure case. if simulate_failure: sql_query = f"select * from VaultAccount where ID = '{guid()}'" else: sql_query = RedrockController.get_query_for_ids( 'VaultAccount', delete_account_ids) params = Util.scrub_dict({ 'Ids': [], 'SaveToSecrets': False, 'SecretName': "", 'SetQuery': sql_query, 'RunSync': True }) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, \ f'Invalid query bulk account delete request succeeded even though it should fail {result}'
def test_bulk_system_delete_job_fails_due_to_invalid_request_no_query_or_ids_fast_track( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts(core_session, 1, 1, list_of_created_systems) delete_system_ids, unused_account_ids = DataManipulation.aggregate_lists_in_dict_values([batch]) if simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict({'SaveToSecrets': False, 'SecretName': "", 'RunSync': True})) else: sql_query = RedrockController.get_query_for_ids('Server', delete_system_ids) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_SYS_DELETE, Util.scrub_dict( {'SetQuery': sql_query, 'SaveToSecrets': False, 'SecretName': "", 'RunSync': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_pe_can_execute_priv_command_user_not_exist(core_session, cleanup_servers): session = core_session sys_name = "test_pe_can_execute_priv_command" + guid() sys_fqdn = "fqdn" + guid() added_system_id, system_success_status = ResourceManager.add_system( core_session, name=sys_name, fqdn=sys_fqdn, computerclass="Windows", sessiontype="Rdp") assert system_success_status, f'Adding system failed returned status {system_success_status}' logger.debug(f"Successfully added a System: {added_system_id}") cleanup_servers.append(added_system_id) args = Util.scrub_dict({ 'User': "******", 'System': added_system_id, 'Command': "sc stop cagent" }) response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE, args) response_json = response.json() logger.info( f"Response from PE canExecutePrivilegeCommand: {response_json}") assert not response_json[ 'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}" assert response_json[ 'Message'] == "User userNotExist not found; they may have been deleted or the directory may be unavailable.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_system_unenroll_job_fails_due_to_invalid_request_query_string_fast_track(core_session, simulate_failure, test_four_virtual_aapm_agents): agents, _ = test_four_virtual_aapm_agents _, server_ids = _setup_agents(core_session, agents) if simulate_failure: invalid_query = f"invalid query string" # invalid sql query... should fail request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'SetQuery': invalid_query, 'Ids': server_ids, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True})) else: valid_query = RedrockController.get_query_for_ids('Server', server_ids) request = core_session.apirequest(EndPoints.BULK_UNENROLL, Util.scrub_dict( {'SetQuery': valid_query, 'SkipIfAgentReconciliationEnabled': True, 'RunSync': True})) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_bulk_account_delete_job_fails_with_empty_request(core_session): params = Util.scrub_dict({ 'Ids': [], 'SaveToSecrets': False, 'SecretName': "", 'SetQuery': "" }) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert success is False, f'Empty bulk account delete request succeeded even though it should fail {result}'
def test_pe_can_execute_priv_command_cmd_not_passed(core_session, cleanup_servers): session = core_session args = Util.scrub_dict({'User': "******", 'System': "hobbiton"}) response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE, args) response_json = response.json() logger.info( f"Response from PE canExecutePrivilegeCommand: {response_json}") assert not response_json[ 'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}" assert response_json[ 'Message'] == "Parameter 'Command' must be specified.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_secret( clean_bulk_delete_systems_and_accounts, core_session, simulate_failure, list_of_created_systems): batch = ResourceManager.add_multiple_systems_with_accounts( core_session, 1, 1, list_of_created_systems) all_systems, all_accounts = DataManipulation.aggregate_lists_in_dict_values( [batch]) some_set_name = "ApiSet" + guid() success, set_id = SetsManager.create_manual_collection( core_session, some_set_name, "VaultAccount", None) assert success, "Did not create collection" SetsManager.update_members_collection(core_session, 'add', list(all_accounts), 'VaultAccount', set_id) params = Util.scrub_dict({ 'Ids': list(all_accounts), 'SaveToSecrets': simulate_failure, 'SecretName': "Bulk Account Delete", 'SetQuery': "", 'SkipIfHasAppsOrServices': simulate_failure }) if simulate_failure: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] ResourceManager.wait_for_job_state_succeeded(core_session, result) assert simulate_failure == success, f"Query success was unexpected value, with message {result}" else: request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] ResourceManager.wait_for_job_state_succeeded(core_session, result) assert not simulate_failure == success, f"Query success was unexpected value, with message {result}" total_account = RedrockController.get_accounts(core_session) SetsManager.delete_collection(core_session, set_id) list_account = [] for get_account in total_account: if get_account['ID'] == all_accounts: list_account.append(get_account['ID']) assert 0 == len( list_account ), "Number of remaining added accounts was unexpected number"
def test_privilege_elevation_add_command_no_name(core_session): """ Test case: Test for all required params except no name """ session = core_session args = Util.scrub_dict({'CommandPattern': "test", 'ApplyTo': "Linux"}) result = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_ADD_COMMAND, args) result_json = result.json() assert result_json[ 'success'] is False, f'PrivilegeElevation add command has failed {result_json}' assert "Missing required parameter: Name" in result_json[ 'Exception'], f'PrivilegeElevation add command should fail with error Missing required parameter: Name {result_json}'
def test_privilege_elevation_add_command_no_applyTo(core_session): """ Test case: Test for all required params except no ApplyTo """ session = core_session args = Util.scrub_dict({'Name': "LOTR", 'CommandPattern': "EyeOfSauron"}) result = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_ADD_COMMAND, args) result_json = result.json() assert result_json[ 'success'] is False, f'PrivilegeElevation add command has failed {result_json}' assert "Parameter 'ApplyTo' must be specified." == result_json[ 'Message'], f'PrivilegeElevation add command should fail with error Missing required parameter: ApplyTo {result_json}'
def test_bulk_account_delete_job_fails_due_to_invalid_request_missing_query( core_session, simulate_failure): if simulate_failure: set_query = "" else: set_query = "@@Favorites" params = Util.scrub_dict({ 'Ids': list(), 'SaveToSecrets': False, 'SecretName': "", 'SetQuery': set_query }) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_DELETE, params) request_json = request.json() result, success = request_json['Result'], request_json['success'] assert not simulate_failure == success, f"Query success was unexpected value, with message {result}"
def test_pe_can_execute_priv_command_system_not_exist(core_session, cleanup_servers): session = core_session admin_user = core_session.get_user() admin_user_name = admin_user.get_login_name() args = Util.scrub_dict({ 'User': admin_user_name, 'System': "SysNotExist", 'Command': "sc stop cagent" }) response = session.apirequest(EndPoints.PRIVILEGE_ELEVATION_CAN_EXECUTE_PE, args) response_json = response.json() logger.info( f"Response from PE canExecutePrivilegeCommand: {response_json}") assert not response_json[ 'success'], f"CanExecutePrivilegeCommand failed, reason: {response_json}" assert response_json[ 'Message'] == "Computer SysNotExist does not exist.", f"CanExecutePrivilegeCommand failed, reason: {response_json}"
def test_bulk_rotate_fails_with_invalid_query2(core_session): my_data = Util.scrub_dict({}) request = core_session.apirequest(EndPoints.PW_MULTI_ROTATE, my_data) request_json = request.json() assert not request_json['success'], "Call succeeded and should have failed"
def test_bulk_manage_fails_with_invalid_query2(core_session): my_data = Util.scrub_dict({}) request = core_session.apirequest(EndPoints.ACCOUNT_MULTI_MANAGE, my_data) request_json = request.json() logger.info("Multiple manage accounts returned " + request.text) assert not request_json['success'], "Call succeeded and should have failed"