Example #1
0
 def __do_verify(self, errors):
     self.__output('Verifying OAuth Client ' + self.__name)
     try:
         auth = 'Bearer ' + self.__get_bootstrap_token()
         response = self.__request_utils.do_get_request(
             self.__idcs_url + OAuthClient._CLIENT_EP + self.__name + '%22',
             Utils.scim_headers(self.__host, auth), self.__timeout_ms)
         self.__check_not_none(response, 'client metadata')
         response_code = response.get_status_code()
         content = response.get_content()
         if response_code >= codes.multiple_choices:
             OAuthClient.__idcs_errors(
                 response, 'Getting client ' + self.__name)
         grants = Utils.get_field(content, 'allowedGrants')
         if grants is None:
             # No results in response
             raise IllegalStateException(
                 'OAuth Client ' + self.__name + ' doesn\'t exist, or the ' +
                 'token file is invalid, user who downloads the token ' +
                 'must have Identity Domain Administrator role')
         # Verify if client has required grants
         self.__verify_grants(grants, errors)
         # Verify if client has PSM and ANDC FQS
         self.__verify_scopes(
             Utils.get_field(content, 'allowedScopes', 'fqs'), errors)
         # Verify if client has ANDC role
         self.__verify_role(
             Utils.get_field(content, 'grantedAppRoles', 'display'), errors)
         if len(errors) > 0:
             return
         self.__output('Verification succeed')
     except Exception as e:
         self.__output('Verification failed of OAuth client ' + self.__name)
         raise e
Example #2
0
 def __add_app(self, auth, payload):
     # Add the custom OAuth client
     response = self.__request_utils.do_post_request(
         self.__idcs_url + Utils.APP_ENDPOINT,
         Utils.scim_headers(self.__host, auth), payload, self.__timeout_ms)
     self.__check_not_none(response, 'response of adding OAuth client')
     response_code = response.get_status_code()
     content = response.get_content()
     if response_code == codes.conflict:
         raise IllegalStateException(
             'OAuth Client ' + self.__name + ' already exists. To ' +
             'recreate, run with ' + OAuthClient._DELETE_FLAG + '. To ' +
             'verify if existing client is configured correctly, run with ' +
             OAuthClient._VERIFY_FLAG)
     elif response_code >= codes.multiple_choices:
         OAuthClient.__idcs_errors(response, 'Adding custom client')
     app_id = 'id'
     oauth_id = 'name'
     secret = 'clientSecret'
     app_id_value = Utils.get_field(content, app_id)
     oauth_id_value = Utils.get_field(content, oauth_id)
     secret_value = Utils.get_field(content, secret)
     if (app_id_value is None or oauth_id_value is None or
             secret_value is None):
         raise IllegalStateException(
             str.format('Unable to find {0} or {1} or {2} in ,' + content,
                        app_id, oauth_id, secret))
     return OAuthClient.Client(app_id_value, oauth_id_value, secret_value)
Example #3
0
 def __get_id(self, auth, url, resource):
     response = self.__request_utils.do_get_request(
         url, Utils.scim_headers(self.__host, auth), self.__timeout_ms)
     self.__check_not_none(response, 'getting ' + resource + ' id')
     if response.get_status_code() >= codes.multiple_choices:
         OAuthClient.__idcs_errors(response, 'Getting id of ' + resource)
     return str(Utils.get_field(
         response.get_content(), 'id', allow_none=False))
Example #4
0
 def __get_psm_audience(self, auth):
     response = self.__request_utils.do_get_request(
         self.__idcs_url + OAuthClient._PSM_APP_EP,
         Utils.scim_headers(self.__host, auth), self.__timeout_ms)
     self.__check_not_none(response, 'getting account metadata')
     if response.get_status_code() >= codes.multiple_choices:
         OAuthClient.__idcs_errors(response, 'Getting account metadata')
     return str(Utils.get_field(
         response.get_content(), 'audience', allow_none=False))
Example #5
0
 def __remove_client(self, auth, app_id):
     response = self.__request_utils.do_delete_request(
         self.__idcs_url + Utils.APP_ENDPOINT + sep + app_id,
         Utils.scim_headers(self.__host, auth), self.__timeout_ms)
     self.__check_not_none(response, 'response of deleting OAuth client')
     if codes.ok <= response.get_status_code() < codes.multiple_choices:
         return
     OAuthClient.__idcs_errors(
         response, 'removing OAuth client ' + self.__name)
Example #6
0
 def __get_andc_info(self, auth):
     # Get App ANDC metadata from IDCS
     response = self.__request_utils.do_get_request(
         self.__idcs_url + OAuthClient._ANDC_APP_EP,
         Utils.scim_headers(self.__host, auth), self.__timeout_ms)
     self.__check_not_none(response, 'getting service metadata')
     content = response.get_content()
     if response.get_status_code() >= codes.multiple_choices:
         OAuthClient.__idcs_errors(response, 'Getting service metadata')
     audience = 'audience'
     app_id = 'id'
     audience_value = Utils.get_field(content, audience)
     app_id_value = Utils.get_field(content, app_id)
     if audience_value is None or app_id_value is None:
         raise IllegalStateException(
             str.format('Unable to find {0} or {1} in ,' + content,
                        audience, app_id))
     return OAuthClient.ANDC(app_id_value, audience_value)
Example #7
0
 def _grant_role(self, auth, payload):
     # Grant ANDC_FullAccessRole to OAuth client
     response = self._request_utils.do_post_request(
         self._idcs_url + Utils.GRANT_ENDPOINT,
         Utils.scim_headers(self._host, auth), payload, self._timeout_ms)
     self._check_not_none(response, ' response of granting role')
     if codes.ok <= response.get_status_code() < codes.multiple_choices:
         return
     OAuthClient._idcs_errors(response, 'Granting required role to client')
Example #8
0
 def _deactivate_app(self, auth, app_id):
     # Deactivate OAuth client
     response = self._request_utils.do_put_request(
         self._idcs_url + Utils.STATUS_ENDPOINT + sep + app_id,
         Utils.scim_headers(self._host, auth), OAuthClient._DEACTIVATE,
         self._timeout_ms)
     self._check_not_none(response, 'response of deactivating OAuth client')
     if codes.ok <= response.get_status_code() < codes.multiple_choices:
         return
     OAuthClient._idcs_errors(response,
                              'deactivating OAuth client ' + self._name)
Example #9
0
 def __idcs_errors(response, action):
     Utils.handle_idcs_errors(
         response, action, ' Access token in the token file expired,' +
         ' or the token file is generated with incorrect scopes,' +
         ' requires Identity Domain Administrator')