def test_0_ping(self): """Test if OpenAM is responding on isAlive endpoint""" logger.test_step('Ping OpenAM isAlive.jsp') response = get(verify=self.amcfg.ssl_verify, url=self.amcfg.am_url + '/isAlive.jsp') rest.check_http_status(http_result=response, expected_status=200)
def delete_user(self, username): headers = { 'X-OpenAM-Username': '******', 'X-OpenAM-Password': self.amadmin_pwd, 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=2.0, protocol=1.0' } logger.test_step('Admin login') response = post(verify=self.ssl_verify, url=self.rest_authn_admin_url, headers=headers) rest.check_http_status(http_result=response, expected_status=200) admin_token = response.json()["tokenId"] headers = { 'iPlanetDirectoryPro': admin_token, 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=3.0, protocol=2.1' } logger.test_step('Expecting test user to be deleted - HTTP-200') response = delete(verify=self.ssl_verify, url=self.am_url + f'/json/realms/root/users/{username}', headers=headers) rest.check_http_status(http_result=response, expected_status=200)
def version(self): """ Return the product version information. :return: Dictionary """ logger.test_step( 'Report Amster version for pod {name}'.format(name=self.name)) stdout, _ignored = kubectl.exec(Pod.NAMESPACE, [ self.name, '--', './amster', '-c', self.product_type, '--version' ]) version_text = stdout[0].strip() version_key = 'Amster OpenAM Shell v' build_key = ' build ' revision_length = 10 build_position = version_text.find(build_key) version = version_text[len(version_key):build_position] start = build_position + len(build_key) revision = version_text[start:start + revision_length] amster_metadata = { 'TITLE': self.product_type, 'DESCRIPTION': self.name, 'VERSION_TEXT': version_text, 'VERSION': version, 'REVISION': revision } return amster_metadata
def teardown_class(cls): """""" headers1 = cls.idmcfg.get_admin_headers( {'Content-Type': 'application/json'}) logger.test_step('Get user id') response = get(verify=cls.idmcfg.ssl_verify, url=cls.idmcfg.rest_managed_user_url + '?_queryFilter=true', headers=headers1).json() # rest.check_http_status(http_result=response, expected_status=200) if response['resultCount'] == 0: return _id = response["result"][0]["_id"] headers2 = cls.idmcfg.get_admin_headers({ 'Content-Type': 'application/json', 'if-match': '*', }) logger.test_step('Delete user') response = delete(verify=cls.idmcfg.ssl_verify, url=cls.idmcfg.rest_managed_user_url + '/' + _id, headers=headers2) rest.check_http_status(http_result=response, expected_status=200)
def create_user(self, username, password='******'): headers = { 'X-OpenAM-Username': '******', 'X-OpenAM-Password': self.amadmin_pwd, 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=2.0, protocol=1.0' } logger.test_step('Admin login') response = post(verify=self.ssl_verify, url=self.rest_authn_admin_url, headers=headers) rest.check_http_status(http_result=response, expected_status=200) admin_token = response.json()["tokenId"] headers = { 'iPlanetDirectoryPro': admin_token, 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=3.0, protocol=2.1' } user_data = { 'username': username, 'userpassword': password, 'mail': f'{username}@forgerock.com' } logger.test_step('Expecting test user to be created - HTTP-201') response = post(verify=self.ssl_verify, url=self.am_url + '/json/realms/root/users/?_action=create', headers=headers, json=user_data) rest.check_http_status(http_result=response, expected_status=201)
def test_0_ping(self): """Simple ping test to IDM""" logger.test_step('Ping OpenIDM') response = get(verify=self.idmcfg.ssl_verify, url=self.idmcfg.rest_ping_url, headers=self.idmcfg.get_admin_headers(None)) rest.check_http_status(http_result=response, expected_status=200)
def create_user(self, payload): headers = self.get_admin_headers({ 'Content-Type': 'application/json', }) logger.test_step('Create test user') response = post(verify=self.ssl_verify, url=f'{self.rest_managed_user_url}?_action=create', headers=headers, data=payload) rest.check_http_status(http_result=response, expected_status=201)
def delete_user(self, user_id): headers = self.get_admin_headers({ 'Content-Type': 'application/json', 'if-match': '*', }) logger.test_step('Delete test user') response = delete(verify=self.ssl_verify, url=f'{self.rest_managed_user_url}/{user_id}', headers=headers) rest.check_http_status(http_result=response, expected_status=200)
def login_user(self, username, password): headers = { 'X-OpenAM-Username': username, 'X-OpenAM-Password': password, 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=2.0, protocol=1.0' } logger.test_step(f'User {username} authn REST - AM') response = post(verify=self.ssl_verify, url=self.rest_authn_url, headers=headers) rest.check_http_status(http_result=response, expected_status=200)
def test_1_create_managed_user(self): """Test to create managed user as admin""" payload = """{"userName": "******", "telephoneNumber": "6669876987", "givenName": "devopsguy", "description": "Just another user", "sn": "sutter", "mail": "*****@*****.**", "password": "******", "accountStatus": "active" } """ logger.test_step('Create test user') self.idmcfg.create_user(payload)
def test_2_user_login(self): """Test AuthN as user""" headers = { 'X-OpenAM-Username': '******', 'X-OpenAM-Password': '******', 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=2.0, protocol=1.0' } logger.test_step('User authn REST') response = post(verify=self.amcfg.ssl_verify, url=self.amcfg.rest_authn_url, headers=headers) rest.check_http_status(http_result=response, expected_status=200)
def test_1_admin_login(self): """Test AuthN as amadmin""" headers = { 'X-OpenAM-Username': '******', 'X-OpenAM-Password': os.environ['AM_ADMIN_PWD'], 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=2.0, protocol=1.0' } logger.test_step('Admin authn REST') response = post(verify=self.amcfg.ssl_verify, url=self.amcfg.rest_authn_admin_url, headers=headers) rest.check_http_status(http_result=response, expected_status=200)
def test_2_update_managed_user(self): """Test to update managed user as admin""" headers = self.idmcfg.get_admin_headers({ 'Content-Type': 'application/json', 'If-Match': '*' }) user_id = self.idmcfg.get_userid_by_name(self.testuser) payload = """[{"operation":"replace", "field":"/telephoneNumber", "value":"15031234567"}]""" logger.test_step('Update test user') response = patch(verify=self.idmcfg.ssl_verify, url=f'{self.idmcfg.rest_managed_user_url}/{user_id}', headers=headers, data=payload) rest.check_http_status(response, expected_status=200)
def version(self): """ Return the product version information. :return: Dictionary """ logger.test_step( 'Report IG version for pod {name}'.format(name=self.name)) test_jar_properties_path = os.path.join(IGPod.ROOT, 'webapps', 'ROOT', 'META-INF', 'maven', 'org.forgerock.openig', 'openig-war', 'pom.properties') attributes_of_interest = {'version', 'groupId', 'artifactId'} metadata, _ignored = kubectl.exec(Pod.NAMESPACE, [ self.name, '-c', self.product_type, '--', 'cat', test_jar_properties_path ]) version_metadata = Pod.get_metadata_of_interest( self.product_type, self.name, metadata, attributes_of_interest) return version_metadata
def test_3_oauth2_access_token(self): """Test Oauth2 access token""" headers = { 'X-OpenAM-Username': '******', 'X-OpenAM-Password': '******', 'Content-Type': 'application/json', 'Accept-API-Version': 'resource=2.0, protocol=1.0' } logger.test_step('User authn REST') response = post(verify=self.amcfg.ssl_verify, url=self.amcfg.rest_authn_url, headers=headers) rest.check_http_status(http_result=response, expected_status=200) tokenid = response.json()['tokenId'] cookies = response.cookies params = (('client_id', 'smokeclient'), ('scope', 'cn'), ('state', '1234'), ('redirect_uri', 'https://fake.com'), ('response_type', 'code'), ('realm', self.amcfg.am_realm)) headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = {"decision": "Allow", "csrf": tokenid} logger.test_step('Oauth2 authz REST') response = post(verify=self.amcfg.ssl_verify, url=self.amcfg.rest_oauth2_authz_url, data=data, headers=headers, cookies=cookies, params=params, allow_redirects=False) rest.check_http_status(http_result=response, expected_status=302) location = response.headers['Location'] print(location) auth_code = re.findall('(?<=code=)(.+?)(?=&)', location) data = { 'grant_type': 'authorization_code', 'code': auth_code[0], 'redirect_uri': 'https://fake.com', 'client_id': 'smokeclient' } logger.test_step('Oauth2 get access-token REST') response = post(verify=self.amcfg.ssl_verify, url=self.amcfg.rest_oauth2_access_token_url, data=data, headers=headers) rest.check_http_status(http_result=response, expected_status=200)
def test_1_idm_create_user_am_login_user(self): """ Creates a user in IDM and tries to login with user with AM """ username = '******' password = '******' user_payload = json.dumps({ 'userName': username, 'telephoneNumber': '6669876987', 'givenName': 'CreatedInIdm', 'description': 'Just another user', 'sn': 'idmcreateduser', 'mail': '*****@*****.**', 'password': password, 'accountStatus': 'active' }) logger.test_step('Creating user in IDM') self.idmcfg.create_user(user_payload) logger.test_step('Trying to login created user to AM') self.amcfg.login_user(username, password) logger.test_step('Deleting user with AM') self.amcfg.delete_user(username)
def get_bearer_token(self): """ When IDM is integrated with AM, we need bearer token for being able to do admin stuff. This do following: - login into AM as amadmin - do OAuth2 flow with idmAdminClient oauth2 client - return bearer token :return: Admin bearer token """ if self.bearer_token is not None: return self.bearer_token amcfg = AMConfig() # GetAMAdminLogin s = requests.session() headers = { 'X-OpenAM-Username': '******', 'X-OpenAM-Password': amcfg.amadmin_pwd, 'Accept-API-Version': 'resource=2.0, protocol=1.0', 'Content-Type': 'application/json' } params = { 'redirect_uri': self.admin_oauth_redirect_url, 'client_id': self.admin_oauth_client, 'response_type': 'code', 'scope': self.admin_oauth_scopes, } token = s.post(amcfg.rest_authn_admin_url, headers=headers, verify=self.ssl_verify).json()['tokenId'] data = {"decision": "Allow", 'csrf': token} headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'accept-api-version': 'resource=2.1' } r_loc = s.post(amcfg.rest_oauth2_authz_url, data=data, verify=self.ssl_verify, headers=headers, params=params, allow_redirects=False).headers['Location'] auth_code = re.findall('(?<=code=)(.+?)(?=&)', r_loc) print(f'Got oauth2 code: {auth_code}') headers = { 'Accept-API-Version': 'resource=2.0, protocol=1.0', 'Content-Type': 'application/x-www-form-urlencoded' } data = { 'grant_type': 'authorization_code', 'code': auth_code[0], 'redirect_uri': self.admin_oauth_redirect_url, 'client_id': self.admin_oauth_client } logger.test_step('Oauth2 get access-token REST') response = s.post(verify=amcfg.ssl_verify, url=amcfg.rest_oauth2_access_token_url, data=data, headers=headers) self.bearer_token = response.json()['access_token'] return self.bearer_token