def __do_verify(self, errors): self.__output('Verifying OAuth Client ' + self.__name) try: auth = 'Bearer ' + self.__get_bootstrap_token() response = self.__request_utils.do_get_request( self.__idcs_url + OAuthClient._CLIENT_EP + self.__name + '%22', Utils.scim_headers(self.__host, auth), self.__timeout_ms) self.__check_not_none(response, 'client metadata') response_code = response.get_status_code() content = response.get_content() if response_code >= codes.multiple_choices: OAuthClient.__idcs_errors( response, 'Getting client ' + self.__name) grants = Utils.get_field(content, 'allowedGrants') if grants is None: # No results in response raise IllegalStateException( 'OAuth Client ' + self.__name + ' doesn\'t exist, or the ' + 'token file is invalid, user who downloads the token ' + 'must have Identity Domain Administrator role') # Verify if client has required grants self.__verify_grants(grants, errors) # Verify if client has PSM and ANDC FQS self.__verify_scopes( Utils.get_field(content, 'allowedScopes', 'fqs'), errors) # Verify if client has ANDC role self.__verify_role( Utils.get_field(content, 'grantedAppRoles', 'display'), errors) if len(errors) > 0: return self.__output('Verification succeed') except Exception as e: self.__output('Verification failed of OAuth client ' + self.__name) raise e
def __add_app(self, auth, payload): # Add the custom OAuth client response = self.__request_utils.do_post_request( self.__idcs_url + Utils.APP_ENDPOINT, Utils.scim_headers(self.__host, auth), payload, self.__timeout_ms) self.__check_not_none(response, 'response of adding OAuth client') response_code = response.get_status_code() content = response.get_content() if response_code == codes.conflict: raise IllegalStateException( 'OAuth Client ' + self.__name + ' already exists. To ' + 'recreate, run with ' + OAuthClient._DELETE_FLAG + '. To ' + 'verify if existing client is configured correctly, run with ' + OAuthClient._VERIFY_FLAG) elif response_code >= codes.multiple_choices: OAuthClient.__idcs_errors(response, 'Adding custom client') app_id = 'id' oauth_id = 'name' secret = 'clientSecret' app_id_value = Utils.get_field(content, app_id) oauth_id_value = Utils.get_field(content, oauth_id) secret_value = Utils.get_field(content, secret) if (app_id_value is None or oauth_id_value is None or secret_value is None): raise IllegalStateException( str.format('Unable to find {0} or {1} or {2} in ,' + content, app_id, oauth_id, secret)) return OAuthClient.Client(app_id_value, oauth_id_value, secret_value)
def __get_id(self, auth, url, resource): response = self.__request_utils.do_get_request( url, Utils.scim_headers(self.__host, auth), self.__timeout_ms) self.__check_not_none(response, 'getting ' + resource + ' id') if response.get_status_code() >= codes.multiple_choices: OAuthClient.__idcs_errors(response, 'Getting id of ' + resource) return str(Utils.get_field( response.get_content(), 'id', allow_none=False))
def __get_psm_audience(self, auth): response = self.__request_utils.do_get_request( self.__idcs_url + OAuthClient._PSM_APP_EP, Utils.scim_headers(self.__host, auth), self.__timeout_ms) self.__check_not_none(response, 'getting account metadata') if response.get_status_code() >= codes.multiple_choices: OAuthClient.__idcs_errors(response, 'Getting account metadata') return str(Utils.get_field( response.get_content(), 'audience', allow_none=False))
def __get_andc_info(self, auth): # Get App ANDC metadata from IDCS response = self.__request_utils.do_get_request( self.__idcs_url + OAuthClient._ANDC_APP_EP, Utils.scim_headers(self.__host, auth), self.__timeout_ms) self.__check_not_none(response, 'getting service metadata') content = response.get_content() if response.get_status_code() >= codes.multiple_choices: OAuthClient.__idcs_errors(response, 'Getting service metadata') audience = 'audience' app_id = 'id' audience_value = Utils.get_field(content, audience) app_id_value = Utils.get_field(content, app_id) if audience_value is None or app_id_value is None: raise IllegalStateException( str.format('Unable to find {0} or {1} in ,' + content, audience, app_id)) return OAuthClient.ANDC(app_id_value, audience_value)