Changes related to Cached credentials functionality (demisto#23379)

* Changes related to Cached credentials functionality (demisto#23166)

* Changes related to Cached credentials functionality

* Updated docker version

* resolved validations errors

* Resolve validation error

* Fixed linter errors

* Resolved linter errors

* Resolved Linter error

* updated files to resolve linter errors

* updated version

* Added Release notes

* Updated Release notes

* Resolved comments

* Resolved validation errors

* Resolved linter errors

* Resolved comments on PR

* Updated code.

* Added Linter changes

* Updated code

* Updated validation changes

* Updated docker image tag

* Deleted 'Example-delinea-fetch-credentials.yml' playbook

* Added test cases

* Fixed RN and lint

* Resolved linter error

* Removed linter errors

* Update DelineaSS.yml

* Remove log

* fixing RN

* revert change

* Update pack_metadata.json

* Update DelineaSS.yml

* Update 2_0_0.md

Co-authored-by: vidhi dhand <[email protected]>
Co-authored-by: Jas Beilin <[email protected]>
Co-authored-by: Jasmine Beilin <[email protected]>

* Update 2_0_0.md

Co-authored-by: roshani-delinea-github <[email protected]>
Co-authored-by: vidhi dhand <[email protected]>
Co-authored-by: Jas Beilin <[email protected]>
Co-authored-by: Jasmine Beilin <[email protected]>

Author: 4 people

Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.py

@@ -1,10 +1,11 @@
+import urllib3
 import demistomock as demisto
 from CommonServerPython import *
 from CommonServerUserPython import *
 from typing import Dict
 
 # Disable insecure warnings
-requests.packages.urllib3.disable_warnings()
+urllib3.disable_warnings()
 
 ''' CONSTANTS '''
 DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
@@ -99,49 +100,50 @@ def secretChangePassword(self, secret_id: str, newPassword: str) -> str:
             "newPassword": newPassword
         }
 
-        return self._http_request("POST", url_suffix="/api/v1/secrets/" + str(secret_id) + "/change-password", json_data=body)
+        return self._http_request("POST", url_suffix="/api/v1/secrets/" + str(secret_id) + "/change-password",
+                                  json_data=body)
 
     def secretCreate(self, name: str, secret_template_id: str, **kwargs) -> str:
-        secretJSON = {'name': name, 'secretTemplateId': secret_template_id, 'items': []}  # type: Dict[str, Any]
+        secretjson = {'name': name, 'secretTemplateId': secret_template_id, 'items': []}  # type: Dict[str, Any]
 
         for key, value in kwargs.items():
             JSON = {}
             if key == 'domain_item':
                 JSON['fieldName'] = 'Domain'
                 JSON['itemValue'] = value
                 JSON['slug'] = 'domain'
-                secretJSON['items'].append(JSON)
+                secretjson['items'].append(JSON)
 
             elif key == 'machine_item':
                 JSON['fieldName'] = 'Machine'
                 JSON['itemValue'] = value
                 JSON['slug'] = 'machine'
-                secretJSON['items'].append(JSON)
+                secretjson['items'].append(JSON)
 
             elif key == 'username_item':
                 JSON['fieldName'] = 'Username'
                 JSON['itemValue'] = value
                 JSON['slug'] = 'username'
-                secretJSON['items'].append(JSON)
+                secretjson['items'].append(JSON)
 
             elif key == 'password_item':
                 JSON['fieldName'] = 'Password'
                 JSON['itemValue'] = value
                 JSON['slug'] = 'password'
                 JSON['isPassword'] = "true"
-                secretJSON['items'].append(JSON)
+                secretjson['items'].append(JSON)
 
             elif key == 'notes_item':
                 JSON['fieldName'] = 'Notes'
                 JSON['itemValue'] = value
                 JSON['slug'] = 'notes'
                 JSON['isNotes'] = "true"
-                secretJSON['items'].append(JSON)
+                secretjson['items'].append(JSON)
 
             else:
-                secretJSON[key] = value
+                secretjson[key] = value
 
-        return self._http_request("POST", url_suffix="/api/v1/secrets", json_data=secretJSON)
+        return self._http_request("POST", url_suffix="/api/v1/secrets", json_data=secretjson)
 
     def secretDelete(self, id: int) -> str:
         return self._http_request("DELETE", url_suffix="/api/v1/secrets/" + str(id))
@@ -163,8 +165,8 @@ def searchFolder(self, search_folder: str) -> list:
         url_suffix = "/api/v1/folders/lookup?filter.searchText=" + search_folder
 
         response_records = self._http_request("GET", url_suffix).get('records')
-        idFolder = list(map(lambda x: x.get('id'), response_records))
-        return idFolder
+        idfolder = list(map(lambda x: x.get('id'), response_records))
+        return idfolder
 
     def folderDelete(self, folder_id: str) -> str:
         url_suffix = "/api/v1/folders/" + folder_id
@@ -476,7 +478,52 @@ def secret_rpc_changepassword_command(client, secret_id: str = '', newpassword:
     )
 
 
-def main():  # pragma: no cover
+def fetch_credentials_command(client, secretids):
+    credentials: List[Any] = []
+    try:
+        secretsid = argToList(secretids)
+    except Exception as e:
+        demisto.debug(f"Could not fetch credentials: Provide valid secret id.{e}")
+        credentials = []
+
+    for id in secretsid:
+        if id not in secretsid:
+            secretsid.append(id)
+
+    if len(secretsid) == 0:
+        demisto.credentials(credentials)
+        demisto.debug("Could not fetch credentials:\
+        Enter valid secret ID to fetch credentials.\n For multiple ID use ,(e.g. 1,2)")
+        credentials = []
+    else:
+        for secret_id in secretsid:
+            secret = client.getSecret(secret_id)
+            items = secret.get('items')
+            for item in items:
+                if item.get('fieldName') == 'Username':
+                    username = item.get('itemValue')
+                if item.get('fieldName') == 'Password':
+                    password = item.get('itemValue')
+                    obj = {
+                        "user": username,
+                        "password": password,
+                        "name": str(secret.get('id'))
+                    }
+                    credentials.append(obj)
+
+    demisto.credentials(credentials)
+    markdown = tableToMarkdown('Fetched Credentials', credentials)
+
+    return CommandResults(
+        readable_output=markdown,
+        outputs_prefix="Delinea.Secret.Fetch.Credentials",
+        outputs_key_field="credentials",
+        raw_response=credentials,
+        outputs=credentials
+    )
+
+
+def main():
     params = demisto.params()
     username = params.get('credentials').get('identifier')
     password = params.get('credentials').get('password')
@@ -485,8 +532,9 @@ def main():  # pragma: no cover
     url = params.get('url')
     proxy = params.get('proxy', False)
     verify = not params.get('insecure', False)
+    secretids = params.get('secrets')
 
-    LOG(f'Command being called is {demisto.command()}')
+    demisto.info(f'Command being called is {demisto.command()}')
 
     delinea_commands = {
         'delinea-secret-password-get': secret_password_get_command,
@@ -509,18 +557,21 @@ def main():  # pragma: no cover
         'delinea-user-update': user_update_command,
         'delinea-user-delete': user_delete_command
     }
+    command = demisto.command()
     try:
         client = Client(server_url=url,
                         username=username,
                         password=password,
                         proxy=proxy,
                         verify=verify)
-
-        command = demisto.command()
         if command in delinea_commands:
             return_results(
                 delinea_commands[command](client, **demisto.args())  # type: ignore[operator]
             )
+        if command == 'fetch-credentials':
+            return_results(
+                fetch_credentials_command(client, secretids)
+            )
         elif command == 'test-module':
             result = test_module(client)
             demisto.results(result)

Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml

@@ -20,6 +20,14 @@ configuration:
   name: proxy
   required: false
   type: 8
+- display: Fetches Credentials
+  name: isFetchCredentials
+  required: false
+  type: 8
+- display: Secret IDs (Provide multiple Id's by using ',' example- 1,2,3)
+  name: secrets
+  required: false
+  type: 12
 description: Secret Server is the only fully featured Privileged Account Management (PAM) solution available both on premise and in the cloud. It empowers security and IT ops teams to secure and manage all types of privileged accounts and offers the fastest time to value of any PAM solution.
 display: DelineaSS
 name: DelineaSS
@@ -1086,7 +1094,7 @@ script:
     - contextPath: Delinea.Secret.ChangePassword
       description: Secret summary
       type: String
-  dockerimage: demisto/python3:3.10.7.35188
+  dockerimage: demisto/python3:3.10.9.42008
   feed: false
   isfetch: false
   longRunning: false

Packs/DelineaSS/Integrations/DelineaSS/DelineaSS_description.md

@@ -18,6 +18,11 @@ Use check box **Trust any certificate (not secure)** for insecure connections.
 
 Use check box **Use system proxy settings** for proxy.
 
+If you want to use the function of synchronizing secrets stored in Delinea server, check the box **Fetches Credentials** and fill in the field with a list of the secret id(s) of the secrets separated by commas.
+
+You can find the more deatil about Fetches Credentials and sync credentials from below link:
+https://docs.delinea.com/online-help/products/integrations/current/pan/xsoar-secret-server
+
 Use the **TEST** button to check if the parameters for integration are correct. In case of successful authentication on the Delinea server and correct filling of all other parameters, you will receive a response **Success**.
 
 This integration performs some REST API transfers to the Delinea server, the full description of which is given in the server documentation.
@@ -60,4 +65,4 @@ The following commands are implemented:
 
 - delinea-user-search Search, filter, sort, and page users
 
-- delinea-user-update Update a single user by ID
+- delinea-user-update Update a single user by ID

Packs/DelineaSS/Integrations/DelineaSS/DelineaSS_test.py

@@ -7,22 +7,25 @@
     secret_delete_command, folder_create_command, \
     folder_delete_command, folder_update_command, \
     user_delete_command, secret_create_command, user_create_command, \
-    user_update_command, secret_rpc_changepassword_command
+    user_update_command, secret_rpc_changepassword_command, \
+    fetch_credentials_command, secret_search_name_command
 from test_data.context import GET_PASSWORD_BY_ID_CONTEXT, \
     GET_USERNAME_BY_ID_CONTENT, SECRET_GET_CONTENT, \
     SECRET_PASSWORD_UPDATE_CONTEXT, SECRET_CHECKOUT_CONTEXT, \
     SECRET_CHECKIN_CONTEXT, SECRET_DELETE_CONTEXT, \
     FOLDER_CREATE_CONTEXT, FOLDER_DELETE_CONTEXT, FOLDER_UPDATE_CONTEXT, \
     USER_DELETE_CONTEXT, SECRET_CREATE_CONTEXT, USER_CREATE_CONTEXT, \
-    USER_UPDATE_CONTEXT, SECRET_RPC_CHANGE_PASSWORD_CONTEXT
+    USER_UPDATE_CONTEXT, SECRET_RPC_CHANGE_PASSWORD_CONTEXT, \
+    SECRET_GET_CREDENTIALS_CONTEXT, SECRET_SEARCH_NAME_CONTEXT
 from test_data.http_responses import GET_PASSWORD_BY_ID_RAW_RESPONSE, \
-    GET_USERNAME_BY_ID_RAW_RESPONSE, SECRET_CHECKOUT_RAW_RESPONSE,\
+    GET_USERNAME_BY_ID_RAW_RESPONSE, SECRET_CHECKOUT_RAW_RESPONSE, \
     SECRET_GET_RAW_RESPONSE, SECRET_PASSWORD_UPDATE_RAW_RESPONSE, \
     SECRET_CHECKIN_RAW_RESPONSE, SECRET_DELETE_RAW_RESPONSE, \
     FOLDER_CREATE_RAW_RESPONSE, FOLDER_DELETE_RAW_RESPONSE, \
     FOLDER_UPDATE_RAW_RESPONSE, USER_DELETE_RAW_RESPONSE, \
     SECRET_CREATE_RAW_RESPONSE, SECRET_RPC_CHANGE_PASSWORD_RAW_RESPONSE, \
-    USER_CREATE_RAW_RESPONSE, USER_UPDATE_RAW_RESPONSE
+    USER_CREATE_RAW_RESPONSE, USER_UPDATE_RAW_RESPONSE, SECRET_GET_CREDENTIALS_RAW_RESPONSE, \
+    SECRET_SEARCH_NAME_RAW_RESPONSE
 
 GET_PASSWORD_BY_ID_ARGS = {"secret_id": "4"}
 GET_USERNAME_BY_ID_ARGS = {"secret_id": "4"}
@@ -35,16 +38,18 @@
                       "parentFolderId": "3"}
 FOLDER_DELETE_ARGS = {"folder_id": "9"}
 FOLDER_UPDATE_ARGS = {"id": "12", "folderName": "xsoarTF3New"}
-USER_CREATE_ARGS = {"displayName": "xsoarUserTest1", "password": "1234567890",
+USER_CREATE_ARGS = {"displayName": "dispalyName", "password": "password",
                     "userName": "XSOAR", "emailAddress": "[email protected]"}
 USER_DELETE_ARGS = {"id": "10"}
 SECRET_CREATE_ARGS = {"name": "xsoarSecret", "secrettemplateid": "6003",
                       "siteid": "1", "checkoutenabled": "true",
                       "folderid": "3", "machine_item": "my-machine",
                       "username_item": "my-username",
-                      "password_item": "test123"}
+                      "password_item": "password_item"}
 USER_UPDATE_ARGS = {"id": "28", "userName": "UserOne"}
-SECRET_RPC_CHANGE_PASSWORD_ARGS = {"secret_id": "4", "newpassword": "Test000"}
+SECRET_RPC_CHANGE_PASSWORD_ARGS = {"secret_id": "4", "newpassword": "newPassword"}
+SECRET_GET_CREDENTIALS_ARGS = {"secretids": "4"}
+SECRET_SEARCH_NAME_ARGS = {"search_name": "Sayali"}
 
 
 @pytest.mark.parametrize('command, args, http_response, context', [
@@ -64,12 +69,15 @@
     (user_create_command, USER_CREATE_ARGS, USER_CREATE_RAW_RESPONSE, USER_CREATE_CONTEXT),
     (user_update_command, USER_UPDATE_ARGS, USER_UPDATE_RAW_RESPONSE, USER_UPDATE_CONTEXT),
     (secret_rpc_changepassword_command, SECRET_RPC_CHANGE_PASSWORD_ARGS,
-     SECRET_RPC_CHANGE_PASSWORD_RAW_RESPONSE, SECRET_RPC_CHANGE_PASSWORD_CONTEXT)
+     SECRET_RPC_CHANGE_PASSWORD_RAW_RESPONSE, SECRET_RPC_CHANGE_PASSWORD_CONTEXT),
+    (fetch_credentials_command, SECRET_GET_CREDENTIALS_ARGS, SECRET_GET_CREDENTIALS_RAW_RESPONSE,
+     SECRET_GET_CREDENTIALS_CONTEXT),
+    (secret_search_name_command, SECRET_SEARCH_NAME_ARGS, SECRET_SEARCH_NAME_RAW_RESPONSE, SECRET_SEARCH_NAME_CONTEXT)
+
 ])
 def test_delinea_commands(command, args, http_response, context, mocker):
-
     mocker.patch.object(Client, '_generate_token')
-    client = Client(server_url="https://test.example.com", username="test", password="test123",
+    client = Client(server_url="https://test.example.com", username="username", password="password",
                     proxy=False, verify=False)
 
     mocker.patch.object(Client, '_http_request', return_value=http_response)

Packs/DelineaSS/Integrations/DelineaSS/README.md

@@ -1154,3 +1154,40 @@ Change a secret's password
 }
 ```
 
+### delinea-fetch-users
+***
+Fetch credentials from secret
+
+
+#### Base Command
+
+`delinea-fetch-users`
+#### Input
+NO input argumets
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Delinea.User.Credentials | String | Secret credential objects | 
+
+
+#### Command Example
+```!delinea-fetch-users```
+
+#### Context Example
+```json
+[
+    {
+        "name": "4219",
+        "password": "test3",
+        "user": "test3"
+    },
+    {
+        "name": "4217",
+        "password": "dhPQhf1d@!E",
+        "user": "secret2"
+    }
+]
+```

Packs/DelineaSS/Integrations/DelineaSS/test_data/context.py

@@ -1,3 +1,6 @@
+import collections
+
+Credentials = collections.namedtuple('Credentials', ['name', 'user', 'password'])
 GET_PASSWORD_BY_ID_CONTEXT = {
     'Delinea.Secret.Password(val.secret_password && val.secret_password == obj.secret_password)': {
         "Delinea": {
@@ -411,4 +414,23 @@
         "daysUntilExpiration": "null",
         "hasLauncher": "false"
     }
-}
+}
+
+SECRET_GET_CREDENTIALS_CONTEXT = {
+    'Delinea.Secret.Fetch.Credentials(val.credentials && val.credentials == obj.credentials)': [
+        {
+            'name': '4',
+            'password': 'test00111',
+            'user': 'andy'
+        }
+    ]
+
+}
+
+SECRET_SEARCH_NAME_CONTEXT = {
+    'Delinea.Secret.Id(val.search_id && val.search_id == obj.search_id)': [
+        3564,
+        3566,
+        4241
+    ]
+}