def test_0_ping(self):
"""Test if OpenAM is responding on isAlive endpoint"""
logger.test_step('Ping OpenAM isAlive.jsp')
response = get(verify=self.amcfg.ssl_verify,
url=self.amcfg.am_url + '/isAlive.jsp')
rest.check_http_status(http_result=response, expected_status=200)
def delete_user(self, username):
headers = {
'X-OpenAM-Username': '******',
'X-OpenAM-Password': self.amadmin_pwd,
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=2.0, protocol=1.0'
}
logger.test_step('Admin login')
response = post(verify=self.ssl_verify,
url=self.rest_authn_admin_url,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
admin_token = response.json()["tokenId"]
headers = {
'iPlanetDirectoryPro': admin_token,
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=3.0, protocol=2.1'
}
logger.test_step('Expecting test user to be deleted - HTTP-200')
response = delete(verify=self.ssl_verify,
url=self.am_url +
f'/json/realms/root/users/{username}',
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
def version(self):
"""
Return the product version information.
:return: Dictionary
"""
logger.test_step(
'Report Amster version for pod {name}'.format(name=self.name))
stdout, _ignored = kubectl.exec(Pod.NAMESPACE, [
self.name, '--', './amster', '-c', self.product_type, '--version'
])
version_text = stdout[0].strip()
version_key = 'Amster OpenAM Shell v'
build_key = ' build '
revision_length = 10
build_position = version_text.find(build_key)
version = version_text[len(version_key):build_position]
start = build_position + len(build_key)
revision = version_text[start:start + revision_length]
amster_metadata = {
'TITLE': self.product_type,
'DESCRIPTION': self.name,
'VERSION_TEXT': version_text,
'VERSION': version,
'REVISION': revision
}
return amster_metadata
def teardown_class(cls):
""""""
headers1 = cls.idmcfg.get_admin_headers(
{'Content-Type': 'application/json'})
logger.test_step('Get user id')
response = get(verify=cls.idmcfg.ssl_verify,
url=cls.idmcfg.rest_managed_user_url +
'?_queryFilter=true',
headers=headers1).json()
# rest.check_http_status(http_result=response, expected_status=200)
if response['resultCount'] == 0:
return
_id = response["result"][0]["_id"]
headers2 = cls.idmcfg.get_admin_headers({
'Content-Type': 'application/json',
'if-match': '*',
})
logger.test_step('Delete user')
response = delete(verify=cls.idmcfg.ssl_verify,
url=cls.idmcfg.rest_managed_user_url + '/' + _id,
headers=headers2)
rest.check_http_status(http_result=response, expected_status=200)
def create_user(self, username, password='******'):
headers = {
'X-OpenAM-Username': '******',
'X-OpenAM-Password': self.amadmin_pwd,
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=2.0, protocol=1.0'
}
logger.test_step('Admin login')
response = post(verify=self.ssl_verify,
url=self.rest_authn_admin_url,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
admin_token = response.json()["tokenId"]
headers = {
'iPlanetDirectoryPro': admin_token,
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=3.0, protocol=2.1'
}
user_data = {
'username': username,
'userpassword': password,
'mail': f'{username}@forgerock.com'
}
logger.test_step('Expecting test user to be created - HTTP-201')
response = post(verify=self.ssl_verify,
url=self.am_url +
'/json/realms/root/users/?_action=create',
headers=headers,
json=user_data)
rest.check_http_status(http_result=response, expected_status=201)
def test_0_ping(self):
"""Simple ping test to IDM"""
logger.test_step('Ping OpenIDM')
response = get(verify=self.idmcfg.ssl_verify,
url=self.idmcfg.rest_ping_url,
headers=self.idmcfg.get_admin_headers(None))
rest.check_http_status(http_result=response, expected_status=200)
def create_user(self, payload):
headers = self.get_admin_headers({
'Content-Type': 'application/json',
})
logger.test_step('Create test user')
response = post(verify=self.ssl_verify,
url=f'{self.rest_managed_user_url}?_action=create',
headers=headers,
data=payload)
rest.check_http_status(http_result=response, expected_status=201)
def delete_user(self, user_id):
headers = self.get_admin_headers({
'Content-Type': 'application/json',
'if-match': '*',
})
logger.test_step('Delete test user')
response = delete(verify=self.ssl_verify,
url=f'{self.rest_managed_user_url}/{user_id}',
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
def login_user(self, username, password):
headers = {
'X-OpenAM-Username': username,
'X-OpenAM-Password': password,
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=2.0, protocol=1.0'
}
logger.test_step(f'User {username} authn REST - AM')
response = post(verify=self.ssl_verify,
url=self.rest_authn_url,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
def test_1_create_managed_user(self):
"""Test to create managed user as admin"""
payload = """{"userName": "******",
"telephoneNumber": "6669876987",
"givenName": "devopsguy",
"description": "Just another user",
"sn": "sutter",
"mail": "*****@*****.**",
"password": "******",
"accountStatus": "active" } """
logger.test_step('Create test user')
self.idmcfg.create_user(payload)
def test_2_user_login(self):
"""Test AuthN as user"""
headers = {
'X-OpenAM-Username': '******',
'X-OpenAM-Password': '******',
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=2.0, protocol=1.0'
}
logger.test_step('User authn REST')
response = post(verify=self.amcfg.ssl_verify,
url=self.amcfg.rest_authn_url,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
def test_1_admin_login(self):
"""Test AuthN as amadmin"""
headers = {
'X-OpenAM-Username': '******',
'X-OpenAM-Password': os.environ['AM_ADMIN_PWD'],
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=2.0, protocol=1.0'
}
logger.test_step('Admin authn REST')
response = post(verify=self.amcfg.ssl_verify,
url=self.amcfg.rest_authn_admin_url,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
def test_2_update_managed_user(self):
"""Test to update managed user as admin"""
headers = self.idmcfg.get_admin_headers({
'Content-Type': 'application/json',
'If-Match': '*'
})
user_id = self.idmcfg.get_userid_by_name(self.testuser)
payload = """[{"operation":"replace", "field":"/telephoneNumber", "value":"15031234567"}]"""
logger.test_step('Update test user')
response = patch(verify=self.idmcfg.ssl_verify,
url=f'{self.idmcfg.rest_managed_user_url}/{user_id}',
headers=headers,
data=payload)
rest.check_http_status(response, expected_status=200)
def version(self):
"""
Return the product version information.
:return: Dictionary
"""
logger.test_step(
'Report IG version for pod {name}'.format(name=self.name))
test_jar_properties_path = os.path.join(IGPod.ROOT, 'webapps', 'ROOT',
'META-INF', 'maven',
'org.forgerock.openig',
'openig-war', 'pom.properties')
attributes_of_interest = {'version', 'groupId', 'artifactId'}
metadata, _ignored = kubectl.exec(Pod.NAMESPACE, [
self.name, '-c', self.product_type, '--', 'cat',
test_jar_properties_path
])
version_metadata = Pod.get_metadata_of_interest(
self.product_type, self.name, metadata, attributes_of_interest)
return version_metadata
def test_3_oauth2_access_token(self):
"""Test Oauth2 access token"""
headers = {
'X-OpenAM-Username': '******',
'X-OpenAM-Password': '******',
'Content-Type': 'application/json',
'Accept-API-Version': 'resource=2.0, protocol=1.0'
}
logger.test_step('User authn REST')
response = post(verify=self.amcfg.ssl_verify,
url=self.amcfg.rest_authn_url,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
tokenid = response.json()['tokenId']
cookies = response.cookies
params = (('client_id', 'smokeclient'), ('scope', 'cn'),
('state', '1234'), ('redirect_uri', 'https://fake.com'),
('response_type', 'code'), ('realm', self.amcfg.am_realm))
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
data = {"decision": "Allow", "csrf": tokenid}
logger.test_step('Oauth2 authz REST')
response = post(verify=self.amcfg.ssl_verify,
url=self.amcfg.rest_oauth2_authz_url,
data=data,
headers=headers,
cookies=cookies,
params=params,
allow_redirects=False)
rest.check_http_status(http_result=response, expected_status=302)
location = response.headers['Location']
print(location)
auth_code = re.findall('(?<=code=)(.+?)(?=&)', location)
data = {
'grant_type': 'authorization_code',
'code': auth_code[0],
'redirect_uri': 'https://fake.com',
'client_id': 'smokeclient'
}
logger.test_step('Oauth2 get access-token REST')
response = post(verify=self.amcfg.ssl_verify,
url=self.amcfg.rest_oauth2_access_token_url,
data=data,
headers=headers)
rest.check_http_status(http_result=response, expected_status=200)
def test_1_idm_create_user_am_login_user(self):
"""
Creates a user in IDM and tries to login with user with AM
"""
username = '******'
password = '******'
user_payload = json.dumps({
'userName': username,
'telephoneNumber': '6669876987',
'givenName': 'CreatedInIdm',
'description': 'Just another user',
'sn': 'idmcreateduser',
'mail': '*****@*****.**',
'password': password,
'accountStatus': 'active'
})
logger.test_step('Creating user in IDM')
self.idmcfg.create_user(user_payload)
logger.test_step('Trying to login created user to AM')
self.amcfg.login_user(username, password)
logger.test_step('Deleting user with AM')
self.amcfg.delete_user(username)
def get_bearer_token(self):
"""
When IDM is integrated with AM, we need bearer token for being able to do admin stuff.
This do following:
- login into AM as amadmin
- do OAuth2 flow with idmAdminClient oauth2 client
- return bearer token
:return: Admin bearer token
"""
if self.bearer_token is not None:
return self.bearer_token
amcfg = AMConfig()
# GetAMAdminLogin
s = requests.session()
headers = {
'X-OpenAM-Username': '******',
'X-OpenAM-Password': amcfg.amadmin_pwd,
'Accept-API-Version': 'resource=2.0, protocol=1.0',
'Content-Type': 'application/json'
}
params = {
'redirect_uri': self.admin_oauth_redirect_url,
'client_id': self.admin_oauth_client,
'response_type': 'code',
'scope': self.admin_oauth_scopes,
}
token = s.post(amcfg.rest_authn_admin_url,
headers=headers,
verify=self.ssl_verify).json()['tokenId']
data = {"decision": "Allow", 'csrf': token}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'accept-api-version': 'resource=2.1'
}
r_loc = s.post(amcfg.rest_oauth2_authz_url,
data=data,
verify=self.ssl_verify,
headers=headers,
params=params,
allow_redirects=False).headers['Location']
auth_code = re.findall('(?<=code=)(.+?)(?=&)', r_loc)
print(f'Got oauth2 code: {auth_code}')
headers = {
'Accept-API-Version': 'resource=2.0, protocol=1.0',
'Content-Type': 'application/x-www-form-urlencoded'
}
data = {
'grant_type': 'authorization_code',
'code': auth_code[0],
'redirect_uri': self.admin_oauth_redirect_url,
'client_id': self.admin_oauth_client
}
logger.test_step('Oauth2 get access-token REST')
response = s.post(verify=amcfg.ssl_verify,
url=amcfg.rest_oauth2_access_token_url,
data=data,
headers=headers)
self.bearer_token = response.json()['access_token']
return self.bearer_token
