async def test_create_auth_server(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_aaPeZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Clean up
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_delete_oauth2_scope(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDfZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Create Oauth Scope
SCOPE_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}:abDGz"
scope_obj = models.OAuth2Scope({"name": SCOPE_NAME})
oauth_scope, _, err = await client.create_o_auth_2_scope(
created_auth_server.id, scope_obj)
assert err is None
assert isinstance(oauth_scope, models.OAuth2Scope)
assert oauth_scope.name == scope_obj.name
# Get Oauth Scope
found_oauth_scope, _, err = await client.get_o_auth_2_scope(
created_auth_server.id, oauth_scope.id)
assert err is None
assert found_oauth_scope.name == oauth_scope.name
# Delete Oauth Scope
_, err = await client.delete_o_auth_2_scope(created_auth_server.id,
oauth_scope.id)
assert err is None
# Get Oauth Scope
found_oauth_scope, resp, err = await client.get_o_auth_2_scope(
created_auth_server.id, oauth_scope.id)
assert err is not None
assert isinstance(err, OktaAPIError)
assert resp.get_status() == HTTPStatus.NOT_FOUND
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_list_oauth2_scopes(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDgZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Create Oauth Scope
SCOPE_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}:abDGz"
scope_obj = models.OAuth2Scope({"name": SCOPE_NAME})
oauth_scope, _, err = await client.create_o_auth_2_scope(
created_auth_server.id, scope_obj)
assert err is None
assert isinstance(oauth_scope, models.OAuth2Scope)
assert oauth_scope.name == scope_obj.name
# List Oauth Scopes
scopes, _, err = await client.list_o_auth_2_scopes(
created_auth_server.id)
assert err is None
assert len(scopes) > 0
assert next((scope for scope in scopes if scope.id == oauth_scope.id))
# Delete Oauth Scope
_, err = await client.delete_o_auth_2_scope(created_auth_server.id,
oauth_scope.id)
assert err is None
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_update_deactivate_delete_server(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abCeZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Get Auth Server
retrieved_auth_server, _, err = await\
client.get_authorization_server(created_auth_server.id)
assert err is None
assert retrieved_auth_server.id == created_auth_server.id
assert retrieved_auth_server.status == "ACTIVE"
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Get Auth Server
retrieved_auth_server, _, err = await\
client.get_authorization_server(created_auth_server.id)
assert err is None
assert retrieved_auth_server.id == created_auth_server.id
assert retrieved_auth_server.status == "INACTIVE"
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
# Get Auth Server
retrieved_auth_server, resp, err = await\
client.get_authorization_server(created_auth_server.id)
assert err is not None
assert isinstance(err, OktaAPIError)
assert resp.get_status() == HTTPStatus.NOT_FOUND
async def test_rotate_auth_server_keys(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDfZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Make key to rotate
rotate_key = models.JwkUse({"use": "sig"})
# Rotate key
keys, _, err = await client.rotate_authorization_server_keys(
created_auth_server.id, rotate_key)
assert err is None
assert len(keys) > 0
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_update_oauth2_claim(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDfZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Create Oauth Claim
CLAIM_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_abeIz"
CLAIM_STATUS = "INACTIVE"
CLAIM_TYPE = "RESOURCE"
CLAIM_VALUE_TYPE = "EXPRESSION"
CLAIM_VALUE = "\"driving!\""
claim_obj = models.OAuth2Claim({
"name": CLAIM_NAME,
"status": CLAIM_STATUS,
"claimType": CLAIM_TYPE,
"valueType": CLAIM_VALUE_TYPE,
"value": CLAIM_VALUE
})
UPDATED_CLAIM_NAME = f"{CLAIM_NAME}_updated"
updated_obj = models.OAuth2Claim({
"name": UPDATED_CLAIM_NAME,
"status": CLAIM_STATUS,
"claimType": CLAIM_TYPE,
"valueType": CLAIM_VALUE_TYPE,
"value": CLAIM_VALUE
})
oauth_claim, _, err = await client.create_o_auth_2_claim(
created_auth_server.id, claim_obj)
assert err is None
assert isinstance(oauth_claim, models.OAuth2Claim)
assert oauth_claim.name == CLAIM_NAME
# Update claim
updated_claim, _, err = await client.update_o_auth_2_claim(
created_auth_server.id, oauth_claim.id, updated_obj)
assert err is None
assert isinstance(oauth_claim, models.OAuth2Claim)
assert updated_claim.name == UPDATED_CLAIM_NAME
# Get Oauth claim
found_oauth_claim, _, err = await client.get_o_auth_2_claim(
created_auth_server.id, oauth_claim.id)
assert err is None
assert found_oauth_claim.name == UPDATED_CLAIM_NAME
# Delete Oauth claim
_, err = await client.delete_o_auth_2_claim(created_auth_server.id,
oauth_claim.id)
assert err is None
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_update_oauth2_scope(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDfZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Create Oauth Scope
SCOPE_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}:abDHz"
scope_obj = models.OAuth2Scope({
"name": SCOPE_NAME,
"consent": "REQUIRED",
"metadataPublish": "ALL_CLIENTS"
})
UPDATED_SCOPE_NAME = f"{SCOPE_NAME}updated"
updated_obj = models.OAuth2Scope({
"name": UPDATED_SCOPE_NAME,
"consent": "REQUIRED",
"metadataPublish": "ALL_CLIENTS"
})
oauth_scope, _, err = await client.create_o_auth_2_scope(
created_auth_server.id, scope_obj)
assert err is None
assert isinstance(oauth_scope, models.OAuth2Scope)
assert oauth_scope.name == scope_obj.name
# Update scope
updated_scope, _, err = await client.update_o_auth_2_scope(
created_auth_server.id, oauth_scope.id, updated_obj)
assert err is None
assert updated_scope.name == UPDATED_SCOPE_NAME
# Delete Oauth Scope
_, err = await client.delete_o_auth_2_scope(created_auth_server.id,
oauth_scope.id)
assert err is None
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_delete_auth_server_policy(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDfZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Create Policy
POLICY_TYPE = models.PolicyType.OAUTH_AUTHORIZATION_POLICY
POLICY_STATUS = "ACTIVE"
POLICY_NAME = "Test Policy"
POLICY_DESC = "Test Policy"
POLICY_PRIORITY = 1
POLICY_CONDITIONS = models.PolicyRuleConditions({
"clients":
models.ClientPolicyCondition({"include": ["ALL_CLIENTS"]})
})
policy_model = models.Policy({
"type": POLICY_TYPE,
"status": POLICY_STATUS,
"name": POLICY_NAME,
"description": POLICY_DESC,
"priority": POLICY_PRIORITY,
"conditions": POLICY_CONDITIONS
})
created_policy, _, err = await\
client.create_authorization_server_policy(
created_auth_server.id, policy_model
)
assert err is None
# Get Policy
found_policy, _, err = await\
client.get_authorization_server_policy(
created_auth_server.id, created_policy.id
)
assert err is None
assert found_policy is not None
assert found_policy.id == created_policy.id
assert found_policy.name == created_policy.name
assert found_policy.description == created_policy.description
# Delete Policy
_, err = await client.delete_authorization_server_policy(
created_auth_server.id, created_policy.id)
assert err is None
# Get Policy
found_policy, resp, err = await\
client.get_authorization_server_policy(
created_auth_server.id, created_policy.id
)
assert err is not None
assert isinstance(err, OktaAPIError)
assert resp.get_status() == HTTPStatus.NOT_FOUND
assert found_policy is None
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
assert err is None
async def test_update_auth_server_policy(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDfZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name": TEST_NAME,
"description": TEST_DESC,
"audiences": TEST_AUDS
})
auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(auth_server, models.AuthorizationServer)
assert auth_server.name == TEST_NAME
assert auth_server.description == TEST_DESC
assert auth_server.audiences == TEST_AUDS
assert auth_server.audiences[0] == TEST_AUDS[0]
# Create Policy
POLICY_TYPE = models.PolicyType.OAUTH_AUTHORIZATION_POLICY
POLICY_STATUS = "ACTIVE"
POLICY_NAME = "Test Policy"
POLICY_DESC = "Test Policy"
POLICY_PRIORITY = 1
POLICY_CONDITIONS = models.PolicyRuleConditions({
"clients":
models.ClientPolicyCondition({"include": ["ALL_CLIENTS"]})
})
policy_model = models.Policy({
"type": POLICY_TYPE,
"status": POLICY_STATUS,
"name": POLICY_NAME,
"description": POLICY_DESC,
"priority": POLICY_PRIORITY,
"conditions": POLICY_CONDITIONS
})
created_policy, _, err = await\
client.create_authorization_server_policy(
auth_server.id, policy_model
)
assert err is None
# Update policy
UPDATED_NAME = f"{POLICY_NAME}_updated"
UPDATED_DESC = f"{POLICY_DESC}_updated"
created_policy.name = UPDATED_NAME
created_policy.description = UPDATED_DESC
updated_auth_server_policy, _, err = await\
client.update_authorization_server_policy(
auth_server.id, created_policy.id, created_policy
)
assert err is None
assert updated_auth_server_policy.name == UPDATED_NAME
assert updated_auth_server_policy.description == UPDATED_DESC
# Delete Policy
_, err = await client.delete_authorization_server_policy(
auth_server.id, created_policy.id)
assert err is None
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(auth_server.id)
assert err is None
# Delete Auth server
_, err = await client.delete_authorization_server(auth_server.id)
assert err is None
async def test_list_authorization_server_policy_rules(self, fs):
try:
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Auth Server
TEST_NAME = f"{TestAuthorizationServerResource.SDK_PREFIX}_test_abDeZ"
TEST_DESC = "Test Auth Server"
TEST_AUDS = ["api://default"]
auth_server_model = models.AuthorizationServer({
"name":
TEST_NAME,
"description":
TEST_DESC,
"audiences":
TEST_AUDS
})
created_auth_server, _, err = await \
client.create_authorization_server(auth_server_model)
assert err is None
assert isinstance(created_auth_server, models.AuthorizationServer)
assert created_auth_server.name == TEST_NAME
assert created_auth_server.description == TEST_DESC
assert created_auth_server.audiences == TEST_AUDS
assert created_auth_server.audiences[0] == TEST_AUDS[0]
# Create Policy
POLICY_TYPE = models.PolicyType.OAUTH_AUTHORIZATION_POLICY
POLICY_STATUS = "ACTIVE"
POLICY_NAME = "Test Policy"
POLICY_DESC = "Test Policy"
POLICY_PRIORITY = 1
POLICY_CONDITIONS = models.PolicyRuleConditions({
"clients":
models.ClientPolicyCondition({"include": ["ALL_CLIENTS"]})
})
policy_model = models.Policy({
"type": POLICY_TYPE,
"status": POLICY_STATUS,
"name": POLICY_NAME,
"description": POLICY_DESC,
"priority": POLICY_PRIORITY,
"conditions": POLICY_CONDITIONS
})
created_policy, _, err = await\
client.create_authorization_server_policy(
created_auth_server.id, policy_model
)
assert err is None
POLICY_RULE_ACTIONS = models.AuthorizationServerPolicyRuleActions({
"token": {
"accessTokenLifetimeMinutes": 60,
"refreshTokenLifetimeMinutes": 0,
"refreshTokenWindowMinutes": 10080
}
})
POLICY_RULE_CONDITIONS = models.AuthorizationServerPolicyRuleConditions(
{
"people":
models.PolicyPeopleCondition({"include": ["EVERYONE"]}),
"grantTypes":
models.GrantTypePolicyRuleCondition(
{"include": [
"client_credentials",
]}),
"scopes": {
"include": ["*"]
}
})
policy_rule_model = models.AuthorizationServerPolicyRule({
"type":
"RESOURCE_ACCESS",
"name":
"Test Policy Rule",
"priority":
1,
"actions":
POLICY_RULE_ACTIONS,
"conditions":
POLICY_RULE_CONDITIONS,
})
created_policy_rule, _, err = await \
client.create_authorization_server_policy_rule(
created_policy.id, created_auth_server.id, policy_rule_model
)
assert err is None
# Get Policy Rules
policy_rules, _, err = await client.list_authorization_server_policy_rules(
created_policy.id, created_auth_server.id)
assert err is None
assert len(policy_rules) > 0
assert next((plcy_rule for plcy_rule in policy_rules
if plcy_rule.id == created_policy_rule.id))
finally:
# Clear everything despite of any error
errors = []
try:
# Delete Policy Rule
_, err = await client.delete_authorization_server_policy_rule(
created_policy.id, created_auth_server.id,
created_policy_rule.id)
if err:
errors.append(err)
except Exception as exc:
errors.append(exc)
try:
# Delete Policy
_, err = await client.delete_authorization_server_policy(
created_auth_server.id, created_policy.id)
if err:
errors.append(err)
except Exception as exc:
errors.append(exc)
try:
# DeActivate Auth server
_, err = await client.deactivate_authorization_server(
created_auth_server.id)
if err:
errors.append(err)
except Exception as exc:
errors.append(exc)
try:
# Delete Auth server
_, err = await client.delete_authorization_server(
created_auth_server.id)
if err:
errors.append(err)
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
