Skip to content
Permalink
Newer
Older
100644 327 lines (280 sloc) 12.1 KB
1
#!/bin/bash
2
Sep 28, 2018
3
#
4
# Contains common functions usable for midPoint system tests
5
#
6
7
# do not use from outside (ugly signature)
8
function generic_wait_for_log () {
Sep 28, 2018
9
CONTAINER_NAME=$1
10
MESSAGE="$2"
11
WAITING_FOR="$3"
12
FAILURE="$4"
13
ADDITIONAL_CONTAINER_NAME=$5
14
ATTEMPT=0
15
MAX_ATTEMPTS=20
16
DELAY=10
17
18
until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
19
ATTEMPT=$((ATTEMPT+1))
20
echo "Waiting $DELAY seconds for $WAITING_FOR (attempt $ATTEMPT) ..."
21
sleep $DELAY
22
docker ps
23
( docker logs $CONTAINER_NAME 2>&1 | grep "$MESSAGE" ) && return 0
24
done
25
26
echo "$FAILURE" in $(( $MAX_ATTEMPTS * $DELAY )) seconds in $CONTAINER_NAME
27
echo "========== Container log =========="
28
docker logs $CONTAINER_NAME 2>&1
29
echo "========== End of the container log =========="
30
if [ -n "ADDITIONAL_CONTAINER_NAME" ]; then
31
echo "========== Container log ($ADDITIONAL_CONTAINER_NAME) =========="
32
docker logs $ADDITIONAL_CONTAINER_NAME 2>&1
33
echo "========== End of the container log ($DATABASE_CONTAINER_NAME) =========="
34
fi
35
return 1
36
}
Sep 28, 2018
37
39
function wait_for_log_message () {
40
generic_wait_for_log $1 "$2" "log message" "log message has not appeared"
41
}
42
43
# Waits until midPoint starts
44
function wait_for_midpoint_start () {
45
generic_wait_for_log $1 "INFO (com.evolveum.midpoint.web.boot.MidPointSpringApplication): Started MidPointSpringApplication in" "midPoint to start" "midPoint did not start" $2
46
}
47
48
# Waits until Shibboleth IDP starts ... TODO refactor using generic waiting function
49
function wait_for_shibboleth_idp_start () {
50
CONTAINER_NAME=$1
51
ATTEMPT=0
52
MAX_ATTEMPTS=20
53
DELAY=10
54
55
until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
56
ATTEMPT=$((ATTEMPT+1))
57
echo "Waiting $DELAY seconds for Shibboleth IDP to start (attempt $ATTEMPT) ..."
58
sleep $DELAY
59
docker ps
60
( docker logs $CONTAINER_NAME 2>&1 | grep "INFO:oejs.Server:main: Started" ) && return 0
61
done
62
63
echo Shibboleth IDP did not start in $(( $MAX_ATTEMPTS * $DELAY )) seconds in $CONTAINER_NAME
64
echo "========== Container log =========="
65
docker logs $CONTAINER_NAME 2>&1
66
echo "========== End of the container log =========="
67
return 1
68
}
69
Sep 28, 2018
70
# Checks the health of midPoint server
71
function check_health () {
72
echo Checking health...
73
(set -o pipefail ; curl -k -f https://localhost:8443/midpoint/actuator/health | tr -d '[:space:]' | grep -q "\"status\":\"UP\"")
74
status=$?
75
if [ $status -ne 0 ]; then
76
echo Error: $status
77
docker ps
78
return 1
79
else
80
echo OK
81
return 0
82
fi
83
}
84
85
# Checks the health of Shibboleth IDP server
86
function check_health_shibboleth_idp () {
87
echo Checking health of shibboleth idp...
88
status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost:4443/idp/)"
89
if [ $status -ne 200 ]; then
90
echo Error: Http code of response is $status
91
docker ps
92
return 1
93
else
94
echo OK
95
return 0
96
fi
97
}
98
99
100
function get_object () {
101
local TYPE=$1
102
local OID=$2
103
TMPFILE=$(mktemp /tmp/get.XXXXXX)
104
echo tmp file is $TMPFILE
105
curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
106
return 0
107
}
108
Sep 28, 2018
109
# Retrieves XML object and checks if the name matches
110
function get_and_check_object () {
111
TYPE=$1
112
OID=$2
113
NAME=$3
114
TMPFILE=$(mktemp /tmp/get.XXXXXX)
115
echo tmp file is $TMPFILE
116
curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
117
if (grep -q "<name>$NAME</name>" <$TMPFILE); then
118
echo "Object $TYPE/$OID '$NAME' is OK"
119
rm $TMPFILE
120
return 0
121
else
122
echo "Object $TYPE/$OID '$NAME' was not found or not retrieved correctly:"
123
cat $TMPFILE
124
rm $TMPFILE
125
return 1
126
fi
127
}
128
129
# Adds object from a given file
130
# TODO Returns the OID in OID variable
131
# it can be found in the following HTTP reader returned: Location: "https://localhost:8443/midpoint/ws/rest/users/85e62669-d36b-41ce-b4f1-1ffdd9f66262"
132
function add_object () {
133
local TYPE=$1
134
local FILE=$2
Sep 28, 2018
135
echo "Adding to $TYPE from $FILE..."
137
local response=$(curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE)
138
local http_code=$(sed '$!d' <<<"$response")
140
if [ "$http_code" -eq 201 ] || [ "$http_code" -eq 202 ]; then
Oct 1, 2018
141
142
# get the real Location
143
local location=$(grep -oP "Location: \K.*" <<<"$response")
144
OID=$(sed 's/.*\///' <<<"$location")
146
echo "Oid created object: $OID"
147
return 0
148
else
149
echo "Error code: $http_code"
150
if [ "$http_code" -eq 500 ]; then
151
echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
152
else
153
local error_message=$(grep 'message' <<<"$response" | head -1 | awk -F">" '{print $2}' | awk -F"<" '{print $1}')
154
echo "Error message: $error_message"
155
fi
156
return 1
157
fi
158
#curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE || return 1
Sep 28, 2018
159
#TODO check the returned XML
160
}
161
162
# Tries to find an object with a given name
163
# Results of the search are in the $SEARCH_RESULT_FILE
164
# TODO check if the result is valid (i.e. not an error) - return 1 if invalid, otherwise return 0 ("no objects" is considered OK here)
165
function search_objects_by_name () {
166
TYPE=$1
167
NAME="$2"
Sep 28, 2018
168
TMPFILE=$(mktemp /tmp/search.XXXXXX)
169
170
curl -k --write-out %{http_code} --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/search" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
Sep 28, 2018
171
<q:query xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
172
<q:filter>
173
<q:equal>
174
<q:path>name</q:path>
175
<q:value>$NAME</q:value>
176
</q:equal>
177
</q:filter>
178
</q:query>
179
EOF
180
SEARCH_RESULT_FILE=$TMPFILE
181
182
http_code=$(sed '$!d' <<<"$(cat $SEARCH_RESULT_FILE)")
183
184
sed -i '$ d' $SEARCH_RESULT_FILE
185
cat $SEARCH_RESULT_FILE
186
if [ "$http_code" -eq 200 ]; then
187
return 0
188
else
189
rm $SEARCH_RESULT_FILE
190
return 1
191
fi
Sep 28, 2018
192
}
193
194
# Searches for object with a given name and verifies it was found
195
function search_and_check_object () {
196
local TYPE=$1
197
local NAME="$2"
198
search_objects_by_name $TYPE "$NAME" || return 1
Sep 28, 2018
199
if (grep -q "<name>$NAME</name>" <$SEARCH_RESULT_FILE); then
200
echo "Object $TYPE/'$NAME' is OK"
201
rm $SEARCH_RESULT_FILE
202
return 0
203
else
204
echo "Object $TYPE/'$NAME' was not found or not retrieved correctly:"
205
cat $SEARCH_RESULT_FILE
206
rm $SEARCH_RESULT_FILE
207
return 1
208
fi
209
}
210
211
# Tests a resource
212
function test_resource () {
213
local OID=$1
214
local TMPFILE=$(mktemp /tmp/test.resource.XXXXXX)
215
216
curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/resources/$OID/test" >$TMPFILE || (rm $TMPFILE ; return 1)
217
if [[ $(xmllint --xpath "/*/*[local-name()='status']/text()" $TMPFILE) == "success" ]]; then
218
echo "Resource $OID test succeeded"
219
rm $TMPFILE
220
return 0
221
else
222
echo "Resource $OID test failed"
223
cat $TMPFILE
224
rm $TMPFILE
225
return 1
226
fi
227
}
229
function assert_task_success () {
230
local OID=$1
231
get_object tasks $OID
232
TASK_STATUS=$(xmllint --xpath "/*/*[local-name()='resultStatus']/text()" $TMPFILE) || (echo "Couldn't extract task status from task $OID" ; cat $TMPFILE ; rm $TMPFILE ; return 1)
233
if [[ $TASK_STATUS = "success" ]]; then
234
echo "Task $OID status is OK"
235
rm $TMPFILE
236
return 0
237
else
238
echo "Task $OID status is not OK: $TASK_STATUS"
239
cat $TMPFILE
240
rm $TMPFILE
241
return 1
242
fi
243
}
244
245
function wait_for_task_completion () {
246
local OID=$1
247
local ATTEMPT=0
248
local MAX_ATTEMPTS=$2
249
local DELAY=$3
250
251
until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
252
ATTEMPT=$((ATTEMPT+1))
253
echo "Waiting $DELAY seconds for task with oid $OID to finish (attempt $ATTEMPT) ..."
254
sleep $DELAY
255
get_object tasks $OID
256
TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionStatus']/text()" $TMPFILE) || (echo "Couldn't extract task status from task $OID" ; cat $TMPFILE ; rm $TMPFILE ; return 1)
257
if [[ $TASK_EXECUTION_STATUS = "suspended" ]] || [[ $TASK_EXECUTION_STATUS = "closed" ]]; then
258
echo "Task $OID is finished"
259
rm $TMPFILE
260
return 0
261
fi
262
done
263
rm $TMPFILE
264
echo Task with $OID did not finish in $(( $MAX_ATTEMPTS * $DELAY )) seconds
265
return 1
266
}
267
268
269
#search LDAP accout by uid
270
function search_ldap_object_by_filter () {
271
local BASE_CONTEXT_FOR_SEARCH=$1
272
local FILTER="$2"
273
local LDAP_CONTAINER=$3
274
TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)
275
276
docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
277
LDAPSEARCH_RESULT_FILE=$TMPFILE
278
return 0
280
281
function check_ldap_account_by_user_name () {
282
local NAME=$1
283
local LDAP_CONTAINER=$2
284
search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME" $LDAP_CONTAINER
285
search_objects_by_name users $NAME
286
287
local MP_FULL_NAME=$(xmllint --xpath "/*/*/*[local-name()='fullName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user fullName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
288
local MP_GIVEN_NAME=$(xmllint --xpath "/*/*/*[local-name()='givenName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
289
local MP_FAMILY_NAME=$(xmllint --xpath "/*/*/*[local-name()='familyName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user familyName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
290
291
local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
292
local LDAP_GIVEN_NAME=$(grep -oP "givenName: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
293
local LDAP_SN=$(grep -oP "sn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user sn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
294
295
rm $SEARCH_RESULT_FILE
296
rm $LDAPSEARCH_RESULT_FILE
297
298
if [[ $MP_FULL_NAME = $LDAP_CN ]] && [[ $MP_GIVEN_NAME = $LDAP_GIVEN_NAME ]] && [[ $MP_FAMILY_NAME = $LDAP_SN ]]; then
299
return 0
300
fi
301
302
echo "User in Midpoint and LDAP Account with uid $NAME are not same"
303
return 1
304
}
305
306
function check_of_ldap_membership () {
307
local NAME_OF_USER=$1
308
local NAME_OF_GROUP=$2
309
local LDAP_CONTAINER=$3
310
search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER" $LDAP_CONTAINER
311
312
local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
313
314
search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
315
316
local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
317
318
rm $LDAPSEARCH_RESULT_FILE
319
320
if [[ $LDAP_MEMBERS_DNS =~ $LDAP_ACCOUNT_DN ]]; then
321
return 0
322
fi
323
324
echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP"
325
return 1
326
}
327
You can’t perform that action at this time.