|
|
#!/usr/bin/env bash
|
|
|
# The root of the build/dist directory
|
|
|
IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
|
|
|
[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
|
|
|
|
|
|
# API Server API Address:Port
|
|
|
INSECURE_OPENIMAPI=${IAM_APISERVER_HOST}:${API_OPENIM_PORT}
|
|
|
INSECURE_OPENIMAUTO=${OPENIM_RPC_AUTH_HOST}:${OPENIM_AUTH_PORT}
|
|
|
|
|
|
Header="-HContent-Type: application/json"
|
|
|
CCURL="curl -f -s -XPOST" # Create
|
|
|
UCURL="curl -f -s -XPUT" # Update
|
|
|
RCURL="curl -f -s -XGET" # Retrieve
|
|
|
DCURL="curl -f -s -XDELETE" # Delete
|
|
|
|
|
|
openim::test::user()
|
|
|
{
|
|
|
token="-HAuthorization: Bearer $(openim::test::login)"
|
|
|
|
|
|
# 1. If colin, mark, john users exist, clear them first
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/mark; echo
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/john; echo
|
|
|
|
|
|
# 2. Create colin, mark, john users
|
|
|
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/users \
|
|
|
-d'{"password":"User@2021","metadata":{"name":"colin"},"nickname":"colin","email":"colin@foxmail.com","phone":"1812884xxxx"}'; echo
|
|
|
|
|
|
# 3. List all users
|
|
|
${RCURL} "${token}" "http://${INSECURE_OPENIMAPI}/v1/users?offset=0&limit=10"; echo
|
|
|
|
|
|
# 4. Get detailed information of colin user
|
|
|
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo
|
|
|
|
|
|
# 5. Modify colin user
|
|
|
${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin \
|
|
|
-d'{"nickname":"colin","email":"colin_modified@foxmail.com","phone":"1812884xxxx"}'; echo
|
|
|
|
|
|
# 6. Delete colin user
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo
|
|
|
|
|
|
# 7. Batch delete users
|
|
|
${DCURL} "${token}" "http://${INSECURE_OPENIMAPI}/v1/users?name=mark&name=john"; echo
|
|
|
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/user test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
# userRouterGroup := r.Group("/user")
|
|
|
# {
|
|
|
# userRouterGroup.POST("/user_register", u.UserRegister)
|
|
|
# userRouterGroup.POST("/update_user_info", ParseToken, u.UpdateUserInfo)
|
|
|
# userRouterGroup.POST("/set_global_msg_recv_opt", ParseToken, u.SetGlobalRecvMessageOpt)
|
|
|
# userRouterGroup.POST("/get_users_info", ParseToken, u.GetUsersPublicInfo)
|
|
|
# userRouterGroup.POST("/get_all_users_uid", ParseToken, u.GetAllUsersID)
|
|
|
# userRouterGroup.POST("/account_check", ParseToken, u.AccountCheck)
|
|
|
# userRouterGroup.POST("/get_users", ParseToken, u.GetUsers)
|
|
|
# userRouterGroup.POST("/get_users_online_status", ParseToken, u.GetUsersOnlineStatus)
|
|
|
# userRouterGroup.POST("/get_users_online_token_detail", ParseToken, u.GetUsersOnlineTokenDetail)
|
|
|
# userRouterGroup.POST("/subscribe_users_status", ParseToken, u.SubscriberStatus)
|
|
|
# userRouterGroup.POST("/get_users_status", ParseToken, u.GetUserStatus)
|
|
|
# userRouterGroup.POST("/get_subscribe_users_status", ParseToken, u.GetSubscribeUsersStatus)
|
|
|
# }
|
|
|
openim::test::group()
|
|
|
{
|
|
|
token="-HAuthorization: Bearer $(openim::test::login)"
|
|
|
}
|
|
|
|
|
|
# Define a function to register a user
|
|
|
openim::register_user()
|
|
|
{
|
|
|
user_register_response=$(${CCURL} "${Header}" http://localhost:10002/user/user_register \
|
|
|
-d'{
|
|
|
"secret": "openIM123",
|
|
|
"users": [{"userID": "11111112","nickname": "yourNickname","faceURL": "yourFaceURL"}]
|
|
|
}')
|
|
|
|
|
|
echo "$user_register_response"
|
|
|
}
|
|
|
|
|
|
# Define a function to get a token
|
|
|
openim::get_token()
|
|
|
{
|
|
|
token_response=$(${CCURL} "${Header}" http://localhost:10002/auth/user_token \
|
|
|
-d'{
|
|
|
"secret": "openIM123",
|
|
|
"platformID": 1,
|
|
|
"userID": "11111112"
|
|
|
}')
|
|
|
|
|
|
token=$(echo $token_response | grep -Po 'token[" :]+\K[^"]+')
|
|
|
echo "$token"
|
|
|
}
|
|
|
|
|
|
# Define a function to check the account
|
|
|
openim::check_account()
|
|
|
{
|
|
|
local token=$1
|
|
|
account_check_response=$(${CCURL} "${Header}" -H"operationID: 1646445464564" -H"token: ${token}" http://localhost:10002/user/account_check \
|
|
|
-d'{
|
|
|
"checkUserIDs": ["11111111","11111112"]
|
|
|
}')
|
|
|
|
|
|
echo "$account_check_response"
|
|
|
}
|
|
|
|
|
|
# Define a function to register, get a token and check the account
|
|
|
openim::register_and_check()
|
|
|
{
|
|
|
# Register a user
|
|
|
user_register_response=$(openim::register_user)
|
|
|
|
|
|
if [[ $user_register_response == *"errCode": 0* ]]; then
|
|
|
echo "User registration successful."
|
|
|
|
|
|
# Get token
|
|
|
token=$(openim::get_token)
|
|
|
|
|
|
if [[ -n $token ]]; then
|
|
|
echo "Token acquired: $token"
|
|
|
|
|
|
# Check account
|
|
|
account_check_response=$(openim::check_account $token)
|
|
|
|
|
|
if [[ $account_check_response == *"errCode": 0* ]]; then
|
|
|
echo "Account check successful."
|
|
|
else
|
|
|
echo "Account check failed."
|
|
|
fi
|
|
|
else
|
|
|
echo "Failed to acquire token."
|
|
|
fi
|
|
|
else
|
|
|
echo "User registration failed."
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
|
|
|
openim::test::secret()
|
|
|
{
|
|
|
token="-HAuthorization: Bearer $(openim::test::login)"
|
|
|
|
|
|
# 1. 如果有 secret0 密钥先清空
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo
|
|
|
|
|
|
# 2. 创建 secret0 密钥
|
|
|
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets \
|
|
|
-d'{"metadata":{"name":"secret0"},"expires":0,"description":"admin secret"}'; echo
|
|
|
|
|
|
# 3. 列出所有密钥
|
|
|
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets; echo
|
|
|
|
|
|
# 4. 获取 secret0 密钥的详细信息
|
|
|
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo
|
|
|
|
|
|
# 5. 修改 secret0 密钥
|
|
|
${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0 \
|
|
|
-d'{"expires":0,"description":"admin secret(modified)"}'; echo
|
|
|
|
|
|
# 6. 删除 secret0 密钥
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/secret test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::policy()
|
|
|
{
|
|
|
token="-HAuthorization: Bearer $(openim::test::login)"
|
|
|
|
|
|
# 1. 如果有 policy0 策略先清空
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo
|
|
|
|
|
|
# 2. 创建 policy0 策略
|
|
|
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies \
|
|
|
-d'{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
|
|
|
|
|
|
# 3. 列出所有策略
|
|
|
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies; echo
|
|
|
|
|
|
# 4. 获取 policy0 策略的详细信息
|
|
|
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo
|
|
|
|
|
|
# 5. 修改 policy0 策略
|
|
|
${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0 \
|
|
|
-d'{"policy":{"description":"One policy to rule them all(modified).","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
|
|
|
|
|
|
# 6. 删除 policy0 策略
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/policy test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::apiserver()
|
|
|
{
|
|
|
openim::test::user
|
|
|
openim::test::secret
|
|
|
openim::test::policy
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, openim-apiserver test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::authz()
|
|
|
{
|
|
|
token="-HAuthorization: Bearer $(openim::test::login)"
|
|
|
|
|
|
# 1. 如果有 authzpolicy 策略先清空
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/authzpolicy; echo
|
|
|
|
|
|
# 2. 创建 authzpolicy 策略
|
|
|
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies \
|
|
|
-d'{"metadata":{"name":"authzpolicy"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
|
|
|
|
|
|
# 3. 如果有 authzsecret 密钥先清空
|
|
|
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/authzsecret; echo
|
|
|
|
|
|
# 4. 创建 authzsecret 密钥
|
|
|
secret=$(${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets -d'{"metadata":{"name":"authzsecret"},"expires":0,"description":"admin secret"}')
|
|
|
secretID=$(echo ${secret} | grep -Po 'secretID[" :]+\K[^"]+')
|
|
|
secretKey=$(echo ${secret} | grep -Po 'secretKey[" :]+\K[^"]+')
|
|
|
|
|
|
# 5. 生成 token
|
|
|
token=$(iamctl jwt sign ${secretID} ${secretKey})
|
|
|
|
|
|
# 6. 调用 /v1/authz 完成资源授权。
|
|
|
# 注意这里要 sleep 3s 等待 openim-authz-server 将新建的密钥同步到其内存中
|
|
|
echo "wait 3s to allow openim-authz-server to sync information into its memory ..."
|
|
|
sleep 3
|
|
|
ret=`$CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_OPENIMAUTO}/v1/authz \
|
|
|
-d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' | grep -Po 'allowed[" :]+\K\w+'`
|
|
|
|
|
|
if [ "$ret" != "true" ];then
|
|
|
return 1
|
|
|
fi
|
|
|
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/authz test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::authzserver()
|
|
|
{
|
|
|
openim::test::authz
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, openim-authz-server test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::pump()
|
|
|
{
|
|
|
${RCURL} http://${IAM_PUMP_HOST}:7070/healthz | egrep -q 'status.*ok' || {
|
|
|
openim::log::error "cannot access openim-pump healthz api, openim-pump maybe down"
|
|
|
return 1
|
|
|
}
|
|
|
|
|
|
openim::test::real_pump_test
|
|
|
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, openim-pump test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
# 使用真实的数据测试 openim-pump 是否正常工作
|
|
|
openim::test::real_pump_test()
|
|
|
{
|
|
|
# 1. 创建访问 openim-authz-server 需要用到的密钥对
|
|
|
iamctl secret create pumptest &>/dev/null
|
|
|
|
|
|
# 2. 使用步骤 1 创建的密钥对生成 JWT Token
|
|
|
authzAccessToken=`iamctl jwt sign njcho8gJQArsq7zr5v1YpG5NcvL0aeuZ38Ti if70HgRgp021iq5ex2l7pfy5XvgtZM3q` # iamctl jwt sign $secretID $secretKey
|
|
|
|
|
|
# 3. 创建授权策略
|
|
|
iamctl policy create pumptest '{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}' &>/dev/null
|
|
|
|
|
|
# 注意这里要 sleep 3s 等待 openim-authz-server 将新建的密钥和授权策略同步到其内存中
|
|
|
echo "wait 3s to allow openim-authz-server to sync information into its memory ..."
|
|
|
sleep 3
|
|
|
|
|
|
# 4. 访问 /v1/authz 接口进行资源授权
|
|
|
$CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_OPENIMAUTO}/v1/authz \
|
|
|
-d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' &>/dev/null
|
|
|
|
|
|
# 这里要 sleep 5s,等待 openim-pump 将 Redis 中的日志,分析并转存到 MongoDB 中
|
|
|
echo "wait 10s to allow openim-pump analyze and dump authorization log into MongoDB ..."
|
|
|
sleep 10
|
|
|
|
|
|
# 5. 查看 MongoDB 中是否有经过解析后的授权日志。
|
|
|
echo "db.iam_analytics.find()" | mongosh --quiet "${IAM_PUMP_MONGO_URL}" | grep -q "allow access" || {
|
|
|
openim::log::error "cannot find analyzed authorization log in MongoDB"
|
|
|
return 1
|
|
|
}
|
|
|
}
|
|
|
|
|
|
openim::test::watcher()
|
|
|
{
|
|
|
${RCURL} http://${IAM_WATCHER_HOST}:5050/healthz | egrep -q 'status.*ok' || {
|
|
|
openim::log::error "cannot access openim-watcher healthz api, openim-watcher maybe down"
|
|
|
return 1
|
|
|
}
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, openim-watcher test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::iamctl()
|
|
|
{
|
|
|
iamctl user list | egrep -q admin || {
|
|
|
openim::log::error "iamctl cannot list users from openim-apiserver"
|
|
|
return 1
|
|
|
}
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, iamctl test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
openim::test::man()
|
|
|
{
|
|
|
man openim-apiserver | grep -q 'OPENIM API Server' || {
|
|
|
openim::log::error "openim man page not installed or may not installed properly"
|
|
|
return 1
|
|
|
}
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, man test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
# OpenIM Smoke Test
|
|
|
openim::test::smoke()
|
|
|
{
|
|
|
openim::test::apiserver
|
|
|
openim::test::authzserver
|
|
|
openim::test::pump
|
|
|
openim::test::watcher
|
|
|
openim::test::iamctl
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, smoke test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
# OpenIM Test
|
|
|
openim::test::test()
|
|
|
{
|
|
|
openim::test::smoke
|
|
|
openim::test::man
|
|
|
|
|
|
openim::log::info "$(echo -e '\033[32mcongratulations, all test passed!\033[0m')"
|
|
|
}
|
|
|
|
|
|
if [[ "$*" =~ openim::test:: ]];then
|
|
|
eval $*
|
|
|
fi
|