You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Open-IM-Server/scripts/install/test.sh

333 lines
13 KiB

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
# The root of the build/dist directory
IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
# API Server API Address:Port
INSECURE_OPENIMAPI=${IAM_APISERVER_HOST}:${API_OPENIM_PORT}
INSECURE_OPENIMAUTO=${OPENIM_RPC_AUTH_HOST}:${OPENIM_AUTH_PORT}
Header="-HContent-Type: application/json"
CCURL="curl -f -s -XPOST" # Create
UCURL="curl -f -s -XPUT" # Update
RCURL="curl -f -s -XGET" # Retrieve
DCURL="curl -f -s -XDELETE" # Delete
openim::test::user()
{
token="-HAuthorization: Bearer $(openim::test::login)"
# 1. If colin, mark, john users exist, clear them first
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/mark; echo
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/john; echo
# 2. Create colin, mark, john users
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/users \
-d'{"password":"User@2021","metadata":{"name":"colin"},"nickname":"colin","email":"colin@foxmail.com","phone":"1812884xxxx"}'; echo
# 3. List all users
${RCURL} "${token}" "http://${INSECURE_OPENIMAPI}/v1/users?offset=0&limit=10"; echo
# 4. Get detailed information of colin user
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo
# 5. Modify colin user
${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin \
-d'{"nickname":"colin","email":"colin_modified@foxmail.com","phone":"1812884xxxx"}'; echo
# 6. Delete colin user
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/users/colin; echo
# 7. Batch delete users
${DCURL} "${token}" "http://${INSECURE_OPENIMAPI}/v1/users?name=mark&name=john"; echo
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/user test passed!\033[0m')"
}
# userRouterGroup := r.Group("/user")
# {
# userRouterGroup.POST("/user_register", u.UserRegister)
# userRouterGroup.POST("/update_user_info", ParseToken, u.UpdateUserInfo)
# userRouterGroup.POST("/set_global_msg_recv_opt", ParseToken, u.SetGlobalRecvMessageOpt)
# userRouterGroup.POST("/get_users_info", ParseToken, u.GetUsersPublicInfo)
# userRouterGroup.POST("/get_all_users_uid", ParseToken, u.GetAllUsersID)
# userRouterGroup.POST("/account_check", ParseToken, u.AccountCheck)
# userRouterGroup.POST("/get_users", ParseToken, u.GetUsers)
# userRouterGroup.POST("/get_users_online_status", ParseToken, u.GetUsersOnlineStatus)
# userRouterGroup.POST("/get_users_online_token_detail", ParseToken, u.GetUsersOnlineTokenDetail)
# userRouterGroup.POST("/subscribe_users_status", ParseToken, u.SubscriberStatus)
# userRouterGroup.POST("/get_users_status", ParseToken, u.GetUserStatus)
# userRouterGroup.POST("/get_subscribe_users_status", ParseToken, u.GetSubscribeUsersStatus)
# }
openim::test::group()
{
token="-HAuthorization: Bearer $(openim::test::login)"
}
# Define a function to register a user
openim::register_user()
{
user_register_response=$(${CCURL} "${Header}" http://localhost:10002/user/user_register \
-d'{
"secret": "openIM123",
"users": [{"userID": "11111112","nickname": "yourNickname","faceURL": "yourFaceURL"}]
}')
echo "$user_register_response"
}
# Define a function to get a token
openim::get_token()
{
token_response=$(${CCURL} "${Header}" http://localhost:10002/auth/user_token \
-d'{
"secret": "openIM123",
"platformID": 1,
"userID": "11111112"
}')
token=$(echo $token_response | grep -Po 'token[" :]+\K[^"]+')
echo "$token"
}
# Define a function to check the account
openim::check_account()
{
local token=$1
account_check_response=$(${CCURL} "${Header}" -H"operationID: 1646445464564" -H"token: ${token}" http://localhost:10002/user/account_check \
-d'{
"checkUserIDs": ["11111111","11111112"]
}')
echo "$account_check_response"
}
# Define a function to register, get a token and check the account
openim::register_and_check()
{
# Register a user
user_register_response=$(openim::register_user)
if [[ $user_register_response == *"errCode": 0* ]]; then
echo "User registration successful."
# Get token
token=$(openim::get_token)
if [[ -n $token ]]; then
echo "Token acquired: $token"
# Check account
account_check_response=$(openim::check_account $token)
if [[ $account_check_response == *"errCode": 0* ]]; then
echo "Account check successful."
else
echo "Account check failed."
fi
else
echo "Failed to acquire token."
fi
else
echo "User registration failed."
fi
}
openim::test::secret()
{
token="-HAuthorization: Bearer $(openim::test::login)"
# 1. 如果有 secret0 密钥先清空
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo
# 2. 创建 secret0 密钥
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets \
-d'{"metadata":{"name":"secret0"},"expires":0,"description":"admin secret"}'; echo
# 3. 列出所有密钥
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets; echo
# 4. 获取 secret0 密钥的详细信息
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo
# 5. 修改 secret0 密钥
${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0 \
-d'{"expires":0,"description":"admin secret(modified)"}'; echo
# 6. 删除 secret0 密钥
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/secret0; echo
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/secret test passed!\033[0m')"
}
openim::test::policy()
{
token="-HAuthorization: Bearer $(openim::test::login)"
# 1. 如果有 policy0 策略先清空
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo
# 2. 创建 policy0 策略
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies \
-d'{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
# 3. 列出所有策略
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies; echo
# 4. 获取 policy0 策略的详细信息
${RCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo
# 5. 修改 policy0 策略
${UCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0 \
-d'{"policy":{"description":"One policy to rule them all(modified).","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
# 6. 删除 policy0 策略
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/policy0; echo
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/policy test passed!\033[0m')"
}
openim::test::apiserver()
{
openim::test::user
openim::test::secret
openim::test::policy
openim::log::info "$(echo -e '\033[32mcongratulations, openim-apiserver test passed!\033[0m')"
}
openim::test::authz()
{
token="-HAuthorization: Bearer $(openim::test::login)"
# 1. 如果有 authzpolicy 策略先清空
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/policies/authzpolicy; echo
# 2. 创建 authzpolicy 策略
${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/policies \
-d'{"metadata":{"name":"authzpolicy"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
# 3. 如果有 authzsecret 密钥先清空
${DCURL} "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets/authzsecret; echo
# 4. 创建 authzsecret 密钥
secret=$(${CCURL} "${Header}" "${token}" http://${INSECURE_OPENIMAPI}/v1/secrets -d'{"metadata":{"name":"authzsecret"},"expires":0,"description":"admin secret"}')
secretID=$(echo ${secret} | grep -Po 'secretID[" :]+\K[^"]+')
secretKey=$(echo ${secret} | grep -Po 'secretKey[" :]+\K[^"]+')
# 5. 生成 token
token=$(iamctl jwt sign ${secretID} ${secretKey})
# 6. 调用 /v1/authz 完成资源授权。
# 注意这里要 sleep 3s 等待 openim-authz-server 将新建的密钥同步到其内存中
echo "wait 3s to allow openim-authz-server to sync information into its memory ..."
sleep 3
ret=`$CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_OPENIMAUTO}/v1/authz \
-d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' | grep -Po 'allowed[" :]+\K\w+'`
if [ "$ret" != "true" ];then
return 1
fi
openim::log::info "$(echo -e '\033[32mcongratulations, /v1/authz test passed!\033[0m')"
}
openim::test::authzserver()
{
openim::test::authz
openim::log::info "$(echo -e '\033[32mcongratulations, openim-authz-server test passed!\033[0m')"
}
openim::test::pump()
{
${RCURL} http://${IAM_PUMP_HOST}:7070/healthz | egrep -q 'status.*ok' || {
openim::log::error "cannot access openim-pump healthz api, openim-pump maybe down"
return 1
}
openim::test::real_pump_test
openim::log::info "$(echo -e '\033[32mcongratulations, openim-pump test passed!\033[0m')"
}
# 使用真实的数据测试 openim-pump 是否正常工作
openim::test::real_pump_test()
{
# 1. 创建访问 openim-authz-server 需要用到的密钥对
iamctl secret create pumptest &>/dev/null
# 2. 使用步骤 1 创建的密钥对生成 JWT Token
authzAccessToken=`iamctl jwt sign njcho8gJQArsq7zr5v1YpG5NcvL0aeuZ38Ti if70HgRgp021iq5ex2l7pfy5XvgtZM3q` # iamctl jwt sign $secretID $secretKey
# 3. 创建授权策略
iamctl policy create pumptest '{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}' &>/dev/null
# 注意这里要 sleep 3s 等待 openim-authz-server 将新建的密钥和授权策略同步到其内存中
echo "wait 3s to allow openim-authz-server to sync information into its memory ..."
sleep 3
# 4. 访问 /v1/authz 接口进行资源授权
$CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_OPENIMAUTO}/v1/authz \
-d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' &>/dev/null
# 这里要 sleep 5s等待 openim-pump 将 Redis 中的日志,分析并转存到 MongoDB 中
echo "wait 10s to allow openim-pump analyze and dump authorization log into MongoDB ..."
sleep 10
# 5. 查看 MongoDB 中是否有经过解析后的授权日志。
echo "db.iam_analytics.find()" | mongosh --quiet "${IAM_PUMP_MONGO_URL}" | grep -q "allow access" || {
openim::log::error "cannot find analyzed authorization log in MongoDB"
return 1
}
}
openim::test::watcher()
{
${RCURL} http://${IAM_WATCHER_HOST}:5050/healthz | egrep -q 'status.*ok' || {
openim::log::error "cannot access openim-watcher healthz api, openim-watcher maybe down"
return 1
}
openim::log::info "$(echo -e '\033[32mcongratulations, openim-watcher test passed!\033[0m')"
}
openim::test::iamctl()
{
iamctl user list | egrep -q admin || {
openim::log::error "iamctl cannot list users from openim-apiserver"
return 1
}
openim::log::info "$(echo -e '\033[32mcongratulations, iamctl test passed!\033[0m')"
}
openim::test::man()
{
man openim-apiserver | grep -q 'OPENIM API Server' || {
openim::log::error "openim man page not installed or may not installed properly"
return 1
}
openim::log::info "$(echo -e '\033[32mcongratulations, man test passed!\033[0m')"
}
# OpenIM Smoke Test
openim::test::smoke()
{
openim::test::apiserver
openim::test::authzserver
openim::test::pump
openim::test::watcher
openim::test::iamctl
openim::log::info "$(echo -e '\033[32mcongratulations, smoke test passed!\033[0m')"
}
# OpenIM Test
openim::test::test()
{
openim::test::smoke
openim::test::man
openim::log::info "$(echo -e '\033[32mcongratulations, all test passed!\033[0m')"
}
if [[ "$*" =~ openim::test:: ]];then
eval $*
fi