Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use GraphAPI for creating/deleting users and groups in acceptance test #3167

Closed
rhafer opened this issue Feb 14, 2022 · 48 comments
Closed

Use GraphAPI for creating/deleting users and groups in acceptance test #3167

rhafer opened this issue Feb 14, 2022 · 48 comments
Assignees

Comments

@rhafer
Copy link
Contributor

rhafer commented Feb 14, 2022

Summary

With the GraphAPI allowing to manage user and groups now we should adapt our test-suite to use these endpoints for creating user and groups when running the acceptance test. That means basically adapting https://github.com/owncloud/core/blob/master/tests/acceptance/features/bootstrap/Provisioning.php to allow User Management via GraphAPI as another option.

Reasoning

  • The GraphAPI is supposed to be the main endpoint for user managment in oCIS
  • the user provisioning pieces of the ocs API don't support LDAP based users and the accounts-service based user-management is supposed to go away in the near future.

Howto setup a test env

#3149 gives an overview about how to use the GraphAPI for users and groups

As libregraph/idm is not yet integrated into the single binary ocis build there is a couple of manual step still required to get a test system up for development:

Get and build libregraph/idm
git clone https://github.com/libregraph/idm.git
cd idm/
make
Initialize database an start the libregraph/idm service

Create a file base.ldif with this contents:

dn: dc=owncloud,dc=com
dc: owncloud
o: owncloud
objectClass: organization
objectClass: dcObject

dn: ou=users,dc=owncloud,dc=com
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=owncloud,dc=com
objectClass: organizationalUnit
ou: groups

dn: uid=admin,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: ownCloud
uid: admin
givenName: Admin
sn: Admin
cn: admin
displayName: Admin
description: An admin for this oCIS instance.
mail: [email protected]
ownCloudUUID: ddc2004c-0977-11eb-9d3f-a793888cd0f8
userPassword: admin

Initialize the database:

bin/idmd boltdb --boltdb-file ocis.db load --ldap-base-dn dc=owncloud,dc=com --input-file base.ldif

Generate a self-signed cert (for testing only)

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -subj '/CN=localhost' -nodes

Start the service:

bin/idmd serve --ldap-handler boltdb --boltdb-file ocis.db --ldap-admin-dn uid=admin,ou=users,dc=owncloud,dc=com --ldap-base-dn dc=owncloud,dc=com --ldap-listen 127.0.0.1:389 --ldaps-listen 127.0.0.1:636 --tls-cert-file cert.pem --tls-key-file key.pem
Start oCIS

The list for required settings it going to get smaller once we intefgrated all the pieces, but for now you'd need to start ocis with the following it environement variables set:

export GRAPH_IDENTITY_BACKEND=ldap
export GRAPH_LDAP_URI=ldap://localhost
export GRAPH_LDAP_BIND_DN="uid=admin,ou=users,dc=owncloud,dc=com"
export GRAPH_LDAP_BIND_PASSWORD=admin
export GRAPH_LDAP_USER_EMAIL_ATTRIBUTE=mail
export GRAPH_LDAP_USER_NAME_ATTRIBUTE=uid
export GRAPH_LDAP_USER_BASE_DN="ou=users,dc=owncloud,dc=com"
export GRAPH_LDAP_GROUP_BASE_DN="ou=groups,dc=owncloud,dc=com"
export GRAPH_LDAP_SERVER_WRITE_ENABLED="true"
export IDP_LDAP_FILTER="(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
export IDP_LDAP_URI=ldap://localhost
export IDP_LDAP_BIND_DN="uid=admin,ou=users,dc=owncloud,dc=com"
export IDP_LDAP_BIND_PASSWORD="admin"
export IDP_LDAP_BASE_DN="dc=owncloud,dc=com"
export IDP_LDAP_LOGIN_ATTRIBUTE=uid
export IDP_LDAP_UUID_ATTRIBUTE="ownclouduuid"
export IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary
export PROXY_ACCOUNT_BACKEND_TYPE=cs3
export OCS_ACCOUNT_BACKEND_TYPE=cs3
export STORAGE_LDAP_HOSTNAME=localhost
export STORAGE_LDAP_PORT=636
export STORAGE_LDAP_INSECURE="true"
export STORAGE_LDAP_BASE_DN="dc=owncloud,dc=com"
export STORAGE_LDAP_BIND_DN="uid=admin,ou=users,dc=owncloud,dc=com"
export STORAGE_LDAP_BIND_PASSWORD=admin
export STORAGE_LDAP_LOGINFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))'
export STORAGE_LDAP_USERFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))'
export STORAGE_LDAP_USERATTRIBUTEFILTER='(&(objectclass=owncloud)({{attr}}={{value}}))'
export STORAGE_LDAP_FINDFILTER='(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
export STORAGE_LDAP_GROUPFILTER='(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
export OCIS_INSECURE=true
export OCIS_RUN_EXTENSIONS=settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,idp,nats
ocis server
@rhafer
Copy link
Contributor Author

rhafer commented Feb 14, 2022

@ScharfViktor @phil-davis I am not entirely sure about who wants to work on this. But the above issue should give enough information on how to get started with it. (For curl based examples on how to use the endpoints see: #3149

If you have any questions or need help otherwise, just ping me!

@phil-davis
Copy link
Contributor

Notes:
I amongst the core API tests, we currently run the apiProvisioning-v1 and apiProvisioning-v2 test suites.

For example:
https://drone.owncloud.com/owncloud/ocis/9382/23/6

Running apiProvisioning-v1 tests

https://drone.owncloud.com/owncloud/ocis/9382/24/6

Running apiProvisioning-v2 tests
Running apiProvisioningGroups-v1 tests 
Running apiProvisioningGroups-v2

Those test suites explicitly test the provisioning API. So we probably want to leave those running their When steps as they do now. And some time in the future, which of those test scenarios are run can be adjusted if the availability of the Provisionn API changes.

But we can adjust Given steps that create users and groups in scenario setup, and delete users and groups in scenario tear-down so that they optionally use the Graph API endpoints to do it. That can be controlled by some environment variable that we set before running the test-runner - to be successful it of course needs to be running against a system-under-test that has these endpoints available (oCIS). That will give the Graph API endpoints a reasonable workout.

We can add some "local" API tests here in the oCIS repo to explicitly test the Graph API user/group endpoints for scenarios that would not be in "regular scenario setup". For example, change user attributes after user creation, adding/removing group membership after initial creation of users/groups, trying to do "naughty" things (invalid user/group names, trying to do actions without proper authentication credentials...)

@phil-davis
Copy link
Contributor

@rhafer are these endpoints available in cs3org/reva? Or this this only an oCIS feature?

@phil-davis
Copy link
Contributor

I added this issue to the QA test automation backlog project. Unless there is urgency, we can put it in the next QA test automation sprint starting next Monday. That will be to do the core API test changes.

@ScharfViktor I suggest that we create a separate issue for making local API tests that will exercise the whole graph API provisioning endpoints. Then that can be done as an independent task by someone.

@rhafer
Copy link
Contributor Author

rhafer commented Feb 15, 2022

@rhafer are these endpoints available in cs3org/reva? Or this this only an oCIS feature?

As all the /graph/ related bits, this is an oCIS feature. For the reva-only test we need to continue using LDAP directly.

@phil-davis
Copy link
Contributor

Looking at the outstanding work, the part of this for core might need to wait another 2 weeks. Let's see what the current QA sprint looks like that is in planning today.

@micbar micbar added QA:p2 and removed QA:p3 labels Feb 28, 2022
@micbar
Copy link
Contributor

micbar commented Feb 28, 2022

@phil-davis I raised this to P2. Is that doable for your team?

@ScharfViktor
Copy link
Contributor

Request https://localhost:9200/remote.php/dav/files/admin/ in web is slow

@phil-davis
Copy link
Contributor

@phil-davis I raised this to P2. Is that doable for your team?

yes, no problem. I will talk with the guys in our local standup tomorrow morning and see if anyone can start on it.

@phil-davis
Copy link
Contributor

@Talank @saw-jan if someone is available for this task in the next few days, let me know and we can discuss a plan for the different tasks that can be given to people.

@rhafer
Copy link
Contributor Author

rhafer commented Mar 1, 2022

Request https://localhost:9200/remote.php/dav/files/admin/ in web is slow

@ScharfViktor I've seen this on your machine, but I am not able to reproduce it. If this is still happening of you, could you please open a new issue, with details how you run ocis and a full debug log? (It might be unrelated to idm)

@ScharfViktor
Copy link
Contributor

ScharfViktor commented Mar 1, 2022

I created a new issue in which I describe what I found #3247

@ScharfViktor
Copy link
Contributor

ScharfViktor commented Mar 1, 2022

Request https://localhost:9200/remote.php/dav/files/admin/ in web is slow

That problem went away when I added nats to OCIS_RUN_EXTENSIONS

@rhafer
Copy link
Contributor Author

rhafer commented Mar 8, 2022

@phil-davis Do you know if anybody already started to work on this?

@phil-davis phil-davis self-assigned this Mar 9, 2022
@phil-davis
Copy link
Contributor

@phil-davis Do you know if anybody already started to work on this?

I am looking at it. I had a talk with Artur just now. I will make some architecture investigations to see how we can set it up a bit "nicely", and make a proof-of-concept...

@kiranparajuli589
Copy link
Contributor

kiranparajuli589 commented Mar 23, 2022

I've made a test setup following the instructions from the issue description.

One thing I bumped into:

  • while starting the database service, I to use sudo for bind permissions

Setup

  • database service initialized using idmd and base.ldif
  • ocis started with the environment mentioned in the setup description + PROXY_ENABLE_BASIC_AUTH for basic auth support while using curl requests

Findings

Users

  • curl -k -uadmin:admin 'https://localhost:9200/graph/v1.0/me' working as expected
  • curl -k -uadmin:admin 'https://localhost:9200/graph/v1.0/users' | jq working as expected
  • Post user
    curl -k -XPOST -uadmin:admin -H "Content-Type: application/json"  -d '{"displayName": "Example User","mail": "[email protected]","onPremisesSamAccountName": "example","passwordProfile": {"password": "ThePassword"}}' https://localhost:9200/graph/v1.0/users -v | jq
    
    *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    * Server auth using Basic with user 'admin'
    } [5 bytes data]
    > POST /graph/v1.0/users HTTP/1.1
    > Host: localhost:9200
    > Authorization: Basic YWRtaW46YWRtaW4=
    > User-Agent: curl/7.68.0
    > Accept: */*
    > Content-Type: application/json
    > Content-Length: 146
    > 
    } [146 bytes data]
    * upload completely sent off: 146 out of 146 bytes
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [130 bytes data]
    * Mark bundle as not supporting multiuse
    < HTTP/1.1 500 Internal Server Error
    < Content-Length: 357
    < Content-Type: application/json; charset=utf-8
    < Date: Wed, 23 Mar 2022 07:38:01 GMT
    < X-Graph-Version: 3f3956737
    < 
    { [357 bytes data]
    100   503  100   357  100   146   1043    426 --:--:-- --:--:-- --:--:--  1470
    * Connection #0 to host localhost left intact
    {
      "error": {
        "code": "generalException",
        "innererror": {
          "date": "2022-03-23T07:38:01Z",
          "request-id": "kiran-OptiPlex-3050/QEfBXIaw2E-000200"
        },
        "message": "could not assign role to account {\"id\":\"go.micro.server\",\"code\":500,\"detail\":\"panic recovered: runtime error: invalid memory address or nil pointer dereference\",\"status\":\"Internal Server Error\"}"
      }
    }
  • But still, the new user is found in the list.
    curl -k -uadmin:admin 'https://localhost:9200/graph/v1.0/users' | jq
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   283  100   283    0     0   1861      0 --:--:-- --:--:-- --:--:--  1861
    {
      "value": [
        {
          "displayName": "Admin",
          "id": "ddc2004c-0977-11eb-9d3f-a793888cd0f8",
          "mail": "[email protected]",
          "onPremisesSamAccountName": "admin"
        },
        {
          "displayName": "Example User",
          "id": "07de1e71-930e-4a4f-abc9-398a721fb457",
          "mail": "[email protected]",
          "onPremisesSamAccountName": "example"
        }
      ]
    }
  • Now if I try to login using the user example, it is not possible.
    Peek 2022-03-23 13-33
  • Patch: when I now try to update the display name, it is not happy with the email.:
    curl -k -uadmin:admin 'https://localhost:9200/graph/v1.0/users' | jq
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   283  100   283    0     0   6581      0 --:--:-- --:--:-- --:--:--  6581
    {
      "value": [
        {
          "displayName": "Admin",
          "id": "ddc2004c-0977-11eb-9d3f-a793888cd0f8",
          "mail": "[email protected]",
          "onPremisesSamAccountName": "admin"
        },
        {
          "displayName": "Example User",
          "id": "07de1e71-930e-4a4f-abc9-398a721fb457",
          "mail": "[email protected]",
          "onPremisesSamAccountName": "example"
        }
      ]
    }curl -k -XPATCH -uadmin:admin -H "Content-Type: application/json"  -d '{"displayName": "Test User"}' https://localhost:9200/graph/v1.0/users/07de1e71-930e-4a4f-abc9-398a721fb457 | jq
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   206  100   178  100    28   4139    651 --:--:-- --:--:-- --:--:--  4790
    {
      "error": {
        "code": "invalidRequest",
        "innererror": {
          "date": "2022-03-23T07:57:13Z",
          "request-id": "kiran-OptiPlex-3050/QEfBXIaw2E-001714"
        },
        "message": "'' is not a valid email address"
      }
    }
    But if I send an email too in the payload, update succeeds:
    curl -k -XPATCH -uadmin:admin -H "Content-Type: application/json"  -d '{"displayName": "Test User", "mail": "[email protected]"}' https://localhost:9200/graph/v1.0/users/07de1e71-930e-4a4f-abc9-398a721fb457 | jq
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   189  100   134  100    55   2680   1100 --:--:-- --:--:-- --:--:--  3780
    {
      "displayName": "Test User",
      "id": "07de1e71-930e-4a4f-abc9-398a721fb457",
      "mail": "[email protected]",
      "onPremisesSamAccountName": "example"
    }
  • curl -k -uadmin:admin 'https://localhost:9200/graph/v1.0/users/07de1e71-930e-4a4f-abc9-398a721fb457' works as expected
  • When I delete the user example request succeeds with 204 no content
  • retrieving deleted user also works as expected.

Groups

  • every API works as expected for me.

@kiranparajuli589
Copy link
Contributor

cc @individual-it @rhafer

@rhafer
Copy link
Contributor Author

rhafer commented Mar 23, 2022

I've made a test setup following the instructions from the issue description.

Ok. Cool. Meanwhile the code as evolved a bit and it should be somewhat simpler to start oCIS with a libregraph/idm (e.g. you don't need to manually build libregraph/idm anymore). I just opened #3372 to have a central place of instruction for the current state of affairs. It should end up on https://owncloud.dev/extensions/idm/ after merging and I'll try to keep it updated as the code evolves.

Findings

Users
[..]
* Post user
curl -k -XPOST -uadmin:admin -H "Content-Type: application/json" -d '{"displayName": "Example User","mail": "[email protected]","onPremisesSamAccountName": "example","passwordProfile": {"password": "ThePassword"}}' https://localhost:9200/graph/v1.0/users -v | jq [..] "message": "could not assign role to account {\"id\":\"go.micro.server\",\"code\":500,\"detail\":\"panic recovered: runtime error: invalid memory address or nil pointer dereference\",\"status\":\"Internal Server Error\"}" } }

This is caused by #3343 and should be fixed with: #3371

* Now if I try to login using the user `example`, it is not possible.

That should also caused be fixed by the above PR I think.

* Patch: when I now try to update the display name, it is not happy with the email.:
  ```

[..]
❯ curl -k -XPATCH -uadmin:admin -H "Content-Type: application/json" -d '{"displayName": "Test User"}' https://localhost:9200/graph/v1.0/users/07de1e71-930e-4a4f-abc9-398a721fb457 | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 206 100 178 100 28 4139 651 --:--:-- --:--:-- --:--:-- 4790
{
"error": {
"code": "invalidRequest",
"innererror": {
"date": "2022-03-23T07:57:13Z",
"request-id": "kiran-OptiPlex-3050/QEfBXIaw2E-001714"
},
"message": "'' is not a valid email address"
}
}
```

Hm, I guess that is something I introduced recently. Will provide a fix asap.

* When I delete the user `example` request succeeds with 204 no content

Yeah that's the expected behaviour.

Groups

* every API works as expected for me.

@ScharfViktor
Copy link
Contributor

some points to mention:

  • admin user cannot create project space. He get 401 with response: {"error":{"code":"generalException","innererror":{"date":"2022-03-29T13:36:41Z","request-id":"Viktors-Air/odUWtUiDh1-007817"},"message":"insufficient permissions to create a space."}}

@rhafer
Copy link
Contributor Author

rhafer commented Mar 29, 2022

after clean ocis setup, it's working for me too.

some points to mention:

* when trying to create an already existing user, the response body looks good but requests end with 500. (only for users created using the graph API)

Hm, I'll take a look at that.

* users can be created without providing a password profile:

I think that is the desired behaviour. At least unless the user is able to login.

@kiranparajuli589
Copy link
Contributor

kiranparajuli589 commented Mar 30, 2022

  • users can be created without providing a password profile:

I think that is the desired behavior. At least unless the user is able to login.

Without a profile password, login should be impossible ;)
Or should we try with random passwords? :)

@kiranparajuli589
Copy link
Contributor

kiranparajuli589 commented Apr 5, 2022

Bug or feature?

  1. User can be fetched with the onPremisesSamAccountName value (also case insensitive)
  2. User can be deleted with the onPremisesSamAccountName value (also case insensitive)
  3. Groups can be fetched with the displayName value (also case insensitive)
    curl -k -uadmin:admin https://localhost:9200/graph/v1.0/groups/Football%20lovers | jq
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100    78  100    78    0     0    404      0 --:--:-- --:--:-- --:--:--   402
    {
      "displayName": "football lovers",
      "id": "accfd45b-077c-4b69-8f13-f6dd38967436"
    }
  4. Groups cannot be deleted with the displayName value
  5. Only the admin can update users. the user itself cannot update itself.

@kiranparajuli589
Copy link
Contributor

OCS provisioning API has an endpoint to list all groups assigned to a user.

GET /ocs/v2.php/cloud/users/Alice/groups HTTP/1.1

for the Graph API we have an endpoint to list members of a group, but not one to list groups a member is assigned to.
will this be available in the near future or this is not for implementation 🤔?

@rhafer
Copy link
Contributor Author

rhafer commented Apr 6, 2022

@kiranparajuli589

Bug or feature?

1. User can be fetched with the `onPremisesSamAccountName` value (also case insensitive)
2. User can be deleted with the `onPremisesSamAccountName` value (also case insensitive)

See above.

3. Groups can be fetched with the `displayName` value (also case insensitive)
   ```
   ❯ curl -k -uadmin:admin https://localhost:9200/graph/v1.0/groups/Football%20lovers | jq
     % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                    Dload  Upload   Total   Spent    Left  Speed
   100    78  100    78    0     0    404      0 --:--:-- --:--:-- --:--:--   402
   {
     "displayName": "football lovers",
     "id": "accfd45b-077c-4b69-8f13-f6dd38967436"
   }
   ```

Hm, ok that's wrong. As least if looking at the MS docs. Groups should only be accessible by ID. Which admittely is somewhat inconsistent to Users.

4. Groups cannot be deleted with the `displayName` value
5. Only the admin can update users. the user itself cannot update itself.

Yes. That is a current limitation. We might address this in the future

@rhafer
Copy link
Contributor Author

rhafer commented Apr 6, 2022

OCS provisioning API has an endpoint to list all groups assigned to a user.

GET /ocs/v2.php/cloud/users/Alice/groups HTTP/1.1

for the Graph API we have an endpoint to list members of a group, but not one to list groups a member is assigned to. will this be available in the near future or this is not for implementation thinking?

This is going to be address as part of: #3363

@kiranparajuli589
Copy link
Contributor

kiranparajuli589 commented Apr 6, 2022

1. User can be fetched with the `onPremisesSamAccountName` value (also case insensitive)

IMO, this feature is nice and also matches with OCS API
One thing, if the user can be deleted/retrieved with a username, then for groups too, it should be the same
cc @phil-davis @individual-it

@kiranparajuli589
Copy link
Contributor

For user-created using the GraphAPI, if we try to edit it using the OCS API,

curl -kv -XPUT -uadmin:admin https://localhost:9200/ocs/v1.php/cloud/users/brand-new-user
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Empty reply from server
* Connection #0 to host localhost left intact

and the server crashes with

{"level":"fatal","service":"ocs","time":"2022-04-06T16:41:19+05:45","message":"cs3 backend doesn't support editing users"}

@rhafer
Copy link
Contributor Author

rhafer commented Apr 6, 2022

@kiranparajuli589 Please create a separate issue for this. (Note: editiing users via OCS should return an error, but obviously not crash the service)

For user-created using the GraphAPI, if we try to edit it using the OCS API,

curl -kv -XPUT -uadmin:admin https://localhost:9200/ocs/v1.php/cloud/users/brand-new-user
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Empty reply from server
* Connection #0 to host localhost left intact

and the server crashes with

{"level":"fatal","service":"ocs","time":"2022-04-06T16:41:19+05:45","message":"cs3 backend doesn't support editing users"}

@kiranparajuli589
Copy link
Contributor

@kiranparajuli589 Please create a separate issue for this. (Note: editiing users via OCS should return an error, but obviously not crash the service)

reported at #3483

@phil-davis
Copy link
Contributor

IMO, this feature is nice and also matches with OCS API
One thing, if the user can be deleted/retrieved with a username, then for groups too, it should be the same
cc @phil-davis @individual-it

The implementation could do more/better than just the MS Graph API defined endpoints/behavior. That will be a design decision for "somebody", and will need to be in documentation "somewhere". Whatever is implemented needs to also be documented, and we need to test the behavior so that those "extra" things don't get forgotten in future and accidentally regress.

@kiranparajuli589
Copy link
Contributor

kiranparajuli589 commented Apr 8, 2022

Update about tests:
So far I've refactored core Provisioning.php to use graph API for Given and Then steps when an env TEST_WITH_GRAPH_API is set as true while running tests.

for acceptance tests, GraphHelper and GraphContext live in the ocis repo, so that, it will be easier to add acceptance tests for the Graph API itself in the near future.

Now, I'm trying to run core API acceptance tests using Graph API with those refactored Given and Then steps in #3404 with owncloud/core#39927.

@micbar
Copy link
Contributor

micbar commented Apr 11, 2022

#3507 was merged

@kiranparajuli589
Copy link
Contributor

kiranparajuli589 commented Apr 12, 2022

#3507 was merged

the ci is still failing with 401 unauthorized while creating users with admin user.
https://drone.owncloud.com/owncloud/ocis/10597/3/4
https://drone.owncloud.com/owncloud/ocis/10597/3/7

@rhafer
Copy link
Contributor Author

rhafer commented Apr 12, 2022

After the merge of of #3476 the we need to adapt the .drone.start in #3404 once more. I am working on that.

@kiranparajuli589
Copy link
Contributor

with #3404, now we run acceptance tests using the GraphAPI for user/group provisioning.

kiranparajuli589 added a commit that referenced this issue Jul 27, 2022
phil-davis added a commit that referenced this issue Jul 27, 2022
…expected-failures-list

[tests-only] remove closed issue #3167 from the list of expected failures
ownclouders pushed a commit that referenced this issue Jul 27, 2022
Merge: c2cb052 b4d6f2a
Author: Phil Davis <[email protected]>
Date:   Wed Jul 27 17:18:14 2022 +0545

    Merge pull request #4292 from owncloud/remove-closed-issue-3167-from-expected-failures-list

    [tests-only] remove closed issue #3167 from the list of expected failures
ownclouders pushed a commit that referenced this issue Jul 28, 2022
Merge: c2cb052 b4d6f2a
Author: Phil Davis <[email protected]>
Date:   Wed Jul 27 17:18:14 2022 +0545

    Merge pull request #4292 from owncloud/remove-closed-issue-3167-from-expected-failures-list

    [tests-only] remove closed issue #3167 from the list of expected failures
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants