refactor: fixes and improves maintenance

When we register a domain, we need to specify the org_id for the generated
identity; the org_id we use here must match the org_id used when generating the
token or the operation will fail with sign mismatching; now a ORG_ID environment
variable is used, that by default will be 12345 for better experience, but its
value can be override from the CLI.

This change additionally remove duplicated code and keep the scripts cleaner.
Bear in mind that 'curl.sh' wrapper prepare the request depending on the
environment variables if moving additional variables to the common scripts.

- Allows to customize ORG_ID variable; it could be helpful when checking data
  isolation.
- Allows to customize X_RH_IDENTITY and X_RH_FAKE_IDENTITY; it could be helpful
  when checking identity enforcement.

Signed-off-by: Alejandro Visiedo <[email protected]>

test/scripts/common.inc

@@ -0,0 +1,34 @@
+#
+# Include file with common parts shared for local and ephemeral
+#
+
+function error {
+    local err=$?
+    printf "ERROR: %s\n" "$*" >&2
+    exit $err
+}
+
+ORG_ID="${ORG_ID:-12345}"
+
+export IDENTITY_USER=""   # Use $(identity_user)
+export IDENTITY_SYSTEM="" # Use $(identity_system)
+
+function identity_user() {
+    if [ "${IDENTITY_USER}" != "" ]; then
+        printf "%s" "${IDENTITY_USER}"
+    fi
+    IDENTITY_USER="$( ./tools/bin/xrhidgen -org-id "${ORG_ID}" user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+    [ "${IDENTITY_USER}" != "" ] || error "IDENTITY_USER got empty: check that you executed 'make install-tools'"
+    printf "%s" "${IDENTITY_USER}"
+}
+export identity_user     # Needed for making it available in sub-shells
+
+function identity_system() {
+    if [ "${IDENTITY_SYSTEM}" != "" ]; then
+        printf "%s" "${IDENTITY_SYSTEM}"
+    fi
+    IDENTITY_SYSTEM="$( ./tools/bin/xrhidgen -org-id "${ORG_ID}" system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+    [ "${IDENTITY_SYSTEM}" != "" ] || error "IDENTITY_SYSTEM got empty: check that you executed 'make install-tools'"
+    printf "%s" "${IDENTITY_SYSTEM}"
+}
+export identity_system   # Needed for making it available in sub-shells

test/scripts/ephe-domains-delete.sh

@@ -1,24 +1,12 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 export X_RH_IDM_REGISTRATION_TOKEN="${TOKEN}"
 export X_RH_IDM_VERSION="$( base64 -w0 <<< '{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}' )"
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X DELETE "${BASE_URL}/domains/${UUID}"

test/scripts/ephe-domains-list.sh

@@ -1,12 +1,8 @@
 #!/bin/bash
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 unset X_RH_IDENTITY
-unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 ./scripts/curl.sh -i "${BASE_URL}/domains"
-

test/scripts/ephe-domains-patch.sh

@@ -1,24 +1,13 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 unset X_RH_IDM_REGISTRATION_TOKEN
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PATCH -d @<( cat test/data/http/patch-rhel-idm-domain.json | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"

test/scripts/ephe-domains-read.sh

@@ -1,21 +1,11 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 ./scripts/curl.sh -i "${BASE_URL}/domains/${UUID}"

test/scripts/ephe-domains-register.sh

@@ -1,24 +1,13 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# ephe-domains-token.sh
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 TOKEN="$1"
 [ "${TOKEN}" != "" ] || error "TOKEN is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_system)}"
 export X_RH_IDM_REGISTRATION_TOKEN="${TOKEN}"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d @<( cat "test/data/http/register-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains"

test/scripts/ephe-domains-token.sh

@@ -1,11 +1,8 @@
 #!/bin/bash
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 ./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"

test/scripts/ephe-domains-update.sh

@@ -1,24 +1,13 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_system)}"
 unset X_RH_IDM_REGISTRATION_TOKEN
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PUT -d @<( cat test/data/http/update-rhel-idm-domain.json | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"

test/scripts/ephe-hostconf.sh

@@ -1,23 +1,14 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 INVENTORY_ID=$"$1"
-FQDN="$2"
 [ "${INVENTORY_ID}" != "" ] || error "INVENTORY_ID is empty"
+FQDN="$2"
 [ "${FQDN}" != "" ] || error "FQDN is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "3f35fc7f-079c-4940-92ed-9fdc8694a0f3" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_system)}"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"

test/scripts/ephe-openapi.sh

@@ -1,11 +1,8 @@
 #!/bin/bash
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+# shellcheck disable=SC1091
+source "./test/scripts/ephe.inc"
 
 unset X_RH_IDENTITY
 unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/openapi.json"

test/scripts/ephe.inc

@@ -0,0 +1,17 @@
+#
+# Include for common parts for ephemeral environment shared between all the scripts
+#
+# NOTE: Be aware that curl.sh wrapper set options based in the environment
+#       variables that has value when it is invoked, and set an environment
+#       variable could change the behave on how the request is formed.
+#
+# See: ./scripts/curl.sh
+#
+source "./test/scripts/common.inc"
+
+export NAMESPACE="$(oc project -q)"
+CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
+CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
+export CREDS
+
+BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"

test/scripts/local-domains-delete.sh

@@ -1,19 +1,12 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "./test/scripts/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset CREDS
 export X_RH_IDM_REGISTRATION_TOKEN="$TOKEN"
 export X_RH_IDM_VERSION="$( base64 -w0 <<< '{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}' )"
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X DELETE "${BASE_URL}/domains/${UUID}"

test/scripts/local-domains-list.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
+# shellcheck disable=SC1091
+source "./test/scripts/local.inc"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
 unset X_RH_IDM_VERSION
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/domains"
-

test/scripts/local-domains-patch.sh

@@ -1,19 +1,11 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
-# make db-cli <<< "select token from ipas order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "./test/scripts/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset CREDS
 unset X_RH_IDM_REGISTRATION_TOKEN
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PATCH -d @<( cat "test/data/http/patch-rhel-idm-domain.json" | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" ) "${BASE_URL}/domains/${UUID}"

test/scripts/local-domains-populate.py

@@ -8,6 +8,7 @@
 import uuid
 import requests
 import json
+import os
 
 
 CONTENT_TYPE = "application/json"
@@ -18,7 +19,7 @@
 HEADER_X_RH_IDM_VERSION = "X-Rh-Idm-Version"
 HEADER_X_RH_IDM_REGISTRATION_TOKEN = "X-Rh-Idm-Registration-Token"
 
-DEFAULT_ORG_ID = "12345"
+DEFAULT_ORG_ID = os.environ.get("ORG_ID", "12345")
 
 class xrhidgen:
     """Wrapper to call ./tools/bin/xrhidgen binary and get a x-rh-identity header"""
@@ -51,7 +52,6 @@ def __call__(self, *args):
         if self.xrhidgen_type is None or self.xrhidgen_type == '':
             sys.exit("'xrhidgen_type' is None")
         options.append(self.xrhidgen_type)
-        # ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system
         options.extend(self.extra_args)
         options.extend(args)
         output = subprocess.check_output(options)

test/scripts/local-domains-read.sh

@@ -1,16 +1,11 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "./test/scripts/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/domains/${UUID}"

test/scripts/local-domains-register.sh

@@ -1,19 +1,12 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# local-domains-token.sh
+# shellcheck disable=SC1091
+source "./test/scripts/local.inc"
 
 TOKEN="$1"
 [ "${TOKEN}" != "" ] || error "TOKEN is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_system)}"
 unset CREDS
 export X_RH_IDM_REGISTRATION_TOKEN="$TOKEN"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d @<( cat "test/data/http/register-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains"