public void TestPamGroupAccessExtensionNotAllowed(string jitGroupName, string userName)
{
IGroup jitGroup = directory.GetGroup(jitGroupName);
jitGroup.RemoveMembers();
IUser user = directory.GetUser(userName);
this.provider = new JitAccessProvider(directory, logger, this.GetOptions());
TimeSpan allowedAccess = provider.GrantJitAccessPam(jitGroup, user, false, TimeSpan.FromMinutes(1), out _);
TimeSpan?actualTtl = jitGroup.GetMemberTtl(user);
Assert.AreEqual(1, allowedAccess.TotalMinutes);
Assert.IsNotNull(actualTtl);
Assert.LessOrEqual(actualTtl.Value.TotalSeconds, 60);
Thread.Sleep(TimeSpan.FromSeconds(10));
TimeSpan allowedAccess2 = provider.GrantJitAccessPam(jitGroup, user, false, TimeSpan.FromMinutes(2), out _);
actualTtl = jitGroup.GetMemberTtl(user);
Assert.IsNotNull(actualTtl);
Assert.LessOrEqual(actualTtl.Value.TotalSeconds, 60);
Assert.LessOrEqual(allowedAccess2.TotalSeconds, 60);
}
public void AddUserToGroupPam(string jitGroupName, string userName)
{
IGroup jitGroup = directory.GetGroup(jitGroupName);
jitGroup.RemoveMembers();
IUser user = directory.GetUser(userName);
this.provider = new JitAccessProvider(directory, logger, this.GetOptions());
provider.GrantJitAccessPam(jitGroup, user, false, TimeSpan.FromMinutes(1), out _);
directory.IsSidInPrincipalToken(user.Sid, jitGroup.Sid);
}
public void TestPamGroupAccessUndo(string jitGroupName, string computerName, string userName)
{
IGroup jitGroup = directory.GetGroup(jitGroupName);
jitGroup.RemoveMembers();
IUser user = directory.GetUser(userName);
IComputer computer = directory.GetComputer(computerName);
this.provider = new JitAccessProvider(directory, logger, this.GetOptions(), discoveryServices);
TimeSpan allowedAccess = provider.GrantJitAccessPam(jitGroup, user, null, false, TimeSpan.FromMinutes(1), out Action undo);
TimeSpan?actualTtl = jitGroup.GetMemberTtl(user);
Assert.AreEqual(1, allowedAccess.TotalMinutes);
Assert.IsNotNull(actualTtl);
Assert.LessOrEqual(actualTtl.Value.TotalSeconds, 60);
undo();
Assert.IsNull(jitGroup.GetMemberTtl(user));
}