kanidm/pykanidm/radius_test_env.sh

#!/bin/bash

set -e

# This sets up a Kanidm environment for doing RADIUS testing.

read -r  -n 1 -p "This script rather destructively resets the idm_admin and admin passwords and YOLO's its way through setting up a RADIUS user (test) and service account (radius_server) make sure you're not running this on an environment you care deeply about!"

PWD="$(pwd)"

cd ../server/daemon || exit 1


KEEP_GOING=1
while [ $KEEP_GOING -eq 1 ]; do
    curl -f -s -q -k https://localhost:8443/status > /dev/null && KEEP_GOING=0
    echo -n "Start the server in another terminal"
    sleep 1
done
echo ""

echo "Resetting IDM_ADMIN"
# set up idm admin account
IDM_ADMIN=$(./run_insecure_dev_server.sh recover-account idm_admin -o json 2>&1 | grep '\"password' | jq -r .password)
if [ -z "${IDM_ADMIN}" ]; then
    echo "Failed to reset idm_admin password"
    exit 1
fi

echo "IDM_ADMIN_PASSWORD: ${IDM_ADMIN}"

read -r  -n 1 -p "Copy the idm_admin password somewhere and hit enter to continue"

# set up idm admin account
ADMIN=$(./run_insecure_dev_server.sh recover-account admin -o json 2>&1 | grep '\"password' | jq -r .password )

if [ -z "${ADMIN}" ]; then
    echo "Failed to reset admin password"
    exit 1
fi

echo "ADMIN_PASSWORD: ${ADMIN}"
read -r  -n 1 -p "Copy the admin password somewhere and hit enter to continue"

export KANIDM_URL="https://localhost:8443"
export KANIDM_CA_PATH="/tmp/kanidm/ca.pem"

cd ../../ || exit 1

echo "Logging in as admin"
cargo run --bin kanidm -- login --name admin --password "${ADMIN}"

echo "Logging in as idm_admin"
cargo run --bin kanidm -- login --name idm_admin --password "${IDM_ADMIN}"

echo "Creating person 'test'"
cargo run --bin kanidm -- person create test test --name idm_admin

echo "Creating group 'radius_access_allowed'"
cargo run --bin kanidm -- group create radius_access_allowed --name idm_admin
echo "Adding 'test' to group 'radius_access_allowed'"
cargo run --bin kanidm -- group add-members radius_access_allowed test --name idm_admin

echo "Creating radius secret for 'test'"
cargo run --bin kanidm -- person radius generate-secret test --name idm_admin
echo "Showing radius secret for 'test'"
cargo run --bin kanidm -- person radius show-secret test --name idm_admin


read -r  -n 1 -p "Copy the RADIUS secret above then press enter to continue"


echo "Creating SA 'radius_server'"
cargo run --bin kanidm -- service-account create radius_server radius_server --name idm_admin

echo "Setting radius_server to be allowed to be a RADIUS server"
cargo run --bin kanidm group add-members --name admin idm_radius_servers radius_server

echo "Creating API Token for 'radius_server' account"
cargo run --bin kanidm -- service-account  api-token generate radius_server radius --name admin

echo "Copy the API Token above to the config file as auth_token"
Python updoots (#1081) 2022-09-29 02:08:15 +02:00			`#!/bin/bash`

PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`set -e`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`# This sets up a Kanidm environment for doing RADIUS testing.`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`read -r -n 1 -p "This script rather destructively resets the idm_admin and admin passwords and YOLO's its way through setting up a RADIUS user (test) and service account (radius_server) make sure you're not running this on an environment you care deeply about!"`

			`PWD="$(pwd)"`

PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cd ../server/daemon \|\| exit 1`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00

PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00

			`KEEP_GOING=1`
			`while [ $KEEP_GOING -eq 1 ]; do`
			`curl -f -s -q -k https://localhost:8443/status > /dev/null && KEEP_GOING=0`
			`echo -n "Start the server in another terminal"`
			`sleep 1`
			`done`
			`echo ""`

			`echo "Resetting IDM_ADMIN"`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00			`# set up idm admin account`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`IDM_ADMIN=$(./run_insecure_dev_server.sh recover-account idm_admin -o json 2>&1 \| grep '\"password' \| jq -r .password)`
			`if [ -z "${IDM_ADMIN}" ]; then`
			`echo "Failed to reset idm_admin password"`
			`exit 1`
			`fi`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`echo "IDM_ADMIN_PASSWORD: ${IDM_ADMIN}"`

			`read -r -n 1 -p "Copy the idm_admin password somewhere and hit enter to continue"`

			`# set up idm admin account`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`ADMIN=$(./run_insecure_dev_server.sh recover-account admin -o json 2>&1 \| grep '\"password' \| jq -r .password )`

			`if [ -z "${ADMIN}" ]; then`
			`echo "Failed to reset admin password"`
			`exit 1`
			`fi`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`echo "ADMIN_PASSWORD: ${ADMIN}"`
			`read -r -n 1 -p "Copy the admin password somewhere and hit enter to continue"`

PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`export KANIDM_URL="https://localhost:8443"`
			`export KANIDM_CA_PATH="/tmp/kanidm/ca.pem"`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`cd ../../ \|\| exit 1`

			`echo "Logging in as admin"`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cargo run --bin kanidm -- login --name admin --password "${ADMIN}"`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`echo "Logging in as idm_admin"`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cargo run --bin kanidm -- login --name idm_admin --password "${IDM_ADMIN}"`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`echo "Creating person 'test'"`
			`cargo run --bin kanidm -- person create test test --name idm_admin`

			`echo "Creating group 'radius_access_allowed'"`
			`cargo run --bin kanidm -- group create radius_access_allowed --name idm_admin`
			`echo "Adding 'test' to group 'radius_access_allowed'"`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cargo run --bin kanidm -- group add-members radius_access_allowed test --name idm_admin`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`echo "Creating radius secret for 'test'"`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cargo run --bin kanidm -- person radius generate-secret test --name idm_admin`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00			`echo "Showing radius secret for 'test'"`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cargo run --bin kanidm -- person radius show-secret test --name idm_admin`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00

			`read -r -n 1 -p "Copy the RADIUS secret above then press enter to continue"`


			`echo "Creating SA 'radius_server'"`
			`cargo run --bin kanidm -- service-account create radius_server radius_server --name idm_admin`

			`echo "Setting radius_server to be allowed to be a RADIUS server"`
PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`cargo run --bin kanidm group add-members --name admin idm_radius_servers radius_server`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00
			`echo "Creating API Token for 'radius_server' account"`
			`cargo run --bin kanidm -- service-account api-token generate radius_server radius --name admin`

PyKanidm updates and testing (#2301) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com> 2024-01-31 04:27:43 +01:00			`echo "Copy the API Token above to the config file as auth_token"`
Python updoots (#1081) 2022-09-29 02:08:15 +02:00