#!/usr/bin/env bash # The root of the build/dist directory IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../.. [[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh # API Server API Address:Port INSECURE_OPENIMAPI=${IAM_APISERVER_HOST}:${API_OPENIM_PORT} INSECURE_OPENIMAUTO=${OPENIM_RPC_AUTH_HOST}:${OPENIM_AUTH_PORT} Header="-HContent-Type: application/json" CCURL="curl -f -s -XPOST" # Create UCURL="curl -f -s -XPUT" # Update RCURL="curl -f -s -XGET" # Retrieve DCURL="curl -f -s -XDELETE" # Delete openim::test::user() { token="-HAuthorization: Bearer $(openim::test::login)" # 1. If colin, mark, john users exist, clear them first ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/mark; echo ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/john; echo # 2. Create colin, mark, john users ${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/users \ -d'{"password":"User@2021","metadata":{"name":"colin"},"nickname":"colin","email":"colin@foxmail.com","phone":"1812884xxxx"}'; echo # 3. List all users ${RCURL} "${token}" "http://${INSECURE_OPENIMAPI}/v1/users?offset=0&limit=10"; echo # 4. Get detailed information of colin user ${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo # 5. Modify colin user ${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin \ -d'{"nickname":"colin","email":"colin_modified@foxmail.com","phone":"1812884xxxx"}'; echo # 6. Delete colin user ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo # 7. Batch delete users ${DCURL} "${token}" "http://${INSECURE_OPENIMAPI}/v1/users?name=mark&name=john"; echo openim::log::info "$(echo -e '\033[32mcongratulations, /v1/user test passed!\033[0m')" } # userRouterGroup := r.Group("/user") # { # userRouterGroup.POST("/user_register", u.UserRegister) # userRouterGroup.POST("/update_user_info", ParseToken, u.UpdateUserInfo) # userRouterGroup.POST("/set_global_msg_recv_opt", ParseToken, u.SetGlobalRecvMessageOpt) # userRouterGroup.POST("/get_users_info", ParseToken, u.GetUsersPublicInfo) # userRouterGroup.POST("/get_all_users_uid", ParseToken, u.GetAllUsersID) # userRouterGroup.POST("/account_check", ParseToken, u.AccountCheck) # userRouterGroup.POST("/get_users", ParseToken, u.GetUsers) # userRouterGroup.POST("/get_users_online_status", ParseToken, u.GetUsersOnlineStatus) # userRouterGroup.POST("/get_users_online_token_detail", ParseToken, u.GetUsersOnlineTokenDetail) # userRouterGroup.POST("/subscribe_users_status", ParseToken, u.SubscriberStatus) # userRouterGroup.POST("/get_users_status", ParseToken, u.GetUserStatus) # userRouterGroup.POST("/get_subscribe_users_status", ParseToken, u.GetSubscribeUsersStatus) # } openim::test::group() { token="-HAuthorization: Bearer $(openim::test::login)" } # Define a function to register a user openim::register_user() { user_register_response=$(${CCURL} "${Header}" http://localhost:10002/user/user_register \ -d'{ "secret": "openIM123", "users": [{"userID": "11111112","nickname": "yourNickname","faceURL": "yourFaceURL"}] }') echo "$user_register_response" } # Define a function to get a token openim::get_token() { token_response=$(${CCURL} "${Header}" http://localhost:10002/auth/user_token \ -d'{ "secret": "openIM123", "platformID": 1, "userID": "11111112" }') token=$(echo $token_response | grep -Po 'token[" :]+\K[^"]+') echo "$token" } # Define a function to check the account openim::check_account() { local token=$1 account_check_response=$(${CCURL} "${Header}" -H"operationID: 1646445464564" -H"token: ${token}" http://localhost:10002/user/account_check \ -d'{ "checkUserIDs": ["11111111","11111112"] }') echo "$account_check_response" } # Define a function to register, get a token and check the account openim::register_and_check() { # Register a user user_register_response=$(openim::register_user) if [[ $user_register_response == *"errCode": 0* ]]; then echo "User registration successful." # Get token token=$(openim::get_token) if [[ -n $token ]]; then echo "Token acquired: $token" # Check account account_check_response=$(openim::check_account $token) if [[ $account_check_response == *"errCode": 0* ]]; then echo "Account check successful." else echo "Account check failed." fi else echo "Failed to acquire token." fi else echo "User registration failed." fi } openim::test::secret() { token="-HAuthorization: Bearer $(openim::test::login)" # 1. 如果有 secret0 密钥先清空 ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo # 2. 创建 secret0 密钥 ${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets \ -d'{"metadata":{"name":"secret0"},"expires":0,"description":"admin secret"}'; echo # 3. 列出所有密钥 ${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets; echo # 4. 获取 secret0 密钥的详细信息 ${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo # 5. 修改 secret0 密钥 ${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0 \ -d'{"expires":0,"description":"admin secret(modified)"}'; echo # 6. 删除 secret0 密钥 ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo openim::log::info "$(echo -e '\033[32mcongratulations, /v1/secret test passed!\033[0m')" } openim::test::policy() { token="-HAuthorization: Bearer $(openim::test::login)" # 1. 如果有 policy0 策略先清空 ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo # 2. 创建 policy0 策略 ${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies \ -d'{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:","users:maria","groups:admins"],"actions":["delete",""],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo # 3. 列出所有策略 ${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies; echo # 4. 获取 policy0 策略的详细信息 ${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo # 5. 修改 policy0 策略 ${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0 \ -d'{"policy":{"description":"One policy to rule them all(modified).","subjects":["users:","users:maria","groups:admins"],"actions":["delete",""],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo # 6. 删除 policy0 策略 ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo openim::log::info "$(echo -e '\033[32mcongratulations, /v1/policy test passed!\033[0m')" } openim::test::apiserver() { openim::test::user openim::test::secret openim::test::policy openim::log::info "$(echo -e '\033[32mcongratulations, openim-apiserver test passed!\033[0m')" } openim::test::authz() { token="-HAuthorization: Bearer $(openim::test::login)" # 1. 如果有 authzpolicy 策略先清空 ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/authzpolicy; echo # 2. 创建 authzpolicy 策略 ${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies \ -d'{"metadata":{"name":"authzpolicy"},"policy":{"description":"One policy to rule them all.","subjects":["users:","users:maria","groups:admins"],"actions":["delete",""],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo # 3. 如果有 authzsecret 密钥先清空 ${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/authzsecret; echo # 4. 创建 authzsecret 密钥 secret=$(${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets -d'{"metadata":{"name":"authzsecret"},"expires":0,"description":"admin secret"}') secretID=$(echo ${secret} | grep -Po 'secretID[" :]+\K[^"]+') secretKey=$(echo ${secret} | grep -Po 'secretKey[" :]+\K[^"]+') # 5. 生成 token token=$(iamctl jwt sign ${secretID} ${secretKey}) # 6. 调用 /v1/authz 完成资源授权。 # 注意这里要 sleep 3s 等待 openim-authz-server 将新建的密钥同步到其内存中 echo "wait 3s to allow openim-authz-server to sync information into its memory ..." sleep 3 ret=`$CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_OPENIMAUTO}/v1/authz \ -d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' | grep -Po 'allowed[" :]+\K\w+'` if [ "$ret" != "true" ];then return 1 fi openim::log::info "$(echo -e '\033[32mcongratulations, /v1/authz test passed!\033[0m')" } openim::test::authzserver() { openim::test::authz openim::log::info "$(echo -e '\033[32mcongratulations, openim-authz-server test passed!\033[0m')" } openim::test::pump() { ${RCURL} http://${IAM_PUMP_HOST}:7070/healthz | egrep -q 'status.*ok' || { openim::log::error "cannot access openim-pump healthz api, openim-pump maybe down" return 1 } openim::test::real_pump_test openim::log::info "$(echo -e '\033[32mcongratulations, openim-pump test passed!\033[0m')" } # 使用真实的数据测试 openim-pump 是否正常工作 openim::test::real_pump_test() { # 1. 创建访问 openim-authz-server 需要用到的密钥对 iamctl secret create pumptest &>/dev/null # 2. 使用步骤 1 创建的密钥对生成 JWT Token authzAccessToken=`iamctl jwt sign njcho8gJQArsq7zr5v1YpG5NcvL0aeuZ38Ti if70HgRgp021iq5ex2l7pfy5XvgtZM3q` # iamctl jwt sign $secretID $secretKey # 3. 创建授权策略 iamctl policy create pumptest '{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:","users:maria","groups:admins"],"actions":["delete",""],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}' &>/dev/null # 注意这里要 sleep 3s 等待 openim-authz-server 将新建的密钥和授权策略同步到其内存中 echo "wait 3s to allow openim-authz-server to sync information into its memory ..." sleep 3 # 4. 访问 /v1/authz 接口进行资源授权 $CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_OPENIMAUTO}/v1/authz \ -d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' &>/dev/null # 这里要 sleep 5s,等待 openim-pump 将 Redis 中的日志,分析并转存到 MongoDB 中 echo "wait 10s to allow openim-pump analyze and dump authorization log into MongoDB ..." sleep 10 # 5. 查看 MongoDB 中是否有经过解析后的授权日志。 echo "db.iam_analytics.find()" | mongosh --quiet "${IAM_PUMP_MONGO_URL}" | grep -q "allow access" || { openim::log::error "cannot find analyzed authorization log in MongoDB" return 1 } } openim::test::watcher() { ${RCURL} http://${IAM_WATCHER_HOST}:5050/healthz | egrep -q 'status.*ok' || { openim::log::error "cannot access openim-watcher healthz api, openim-watcher maybe down" return 1 } openim::log::info "$(echo -e '\033[32mcongratulations, openim-watcher test passed!\033[0m')" } openim::test::iamctl() { iamctl user list | egrep -q admin || { openim::log::error "iamctl cannot list users from openim-apiserver" return 1 } openim::log::info "$(echo -e '\033[32mcongratulations, iamctl test passed!\033[0m')" } openim::test::man() { man openim-apiserver | grep -q 'OPENIM API Server' || { openim::log::error "openim man page not installed or may not installed properly" return 1 } openim::log::info "$(echo -e '\033[32mcongratulations, man test passed!\033[0m')" } # OpenIM Smoke Test openim::test::smoke() { openim::test::apiserver openim::test::authzserver openim::test::pump openim::test::watcher openim::test::iamctl openim::log::info "$(echo -e '\033[32mcongratulations, smoke test passed!\033[0m')" } # OpenIM Test openim::test::test() { openim::test::smoke openim::test::man openim::log::info "$(echo -e '\033[32mcongratulations, all test passed!\033[0m')" } if [[ "$*" =~ openim::test:: ]];then eval $* fi