scim wargame script

gistfile1.txt

#!/usr/bin/env bash

export HOST=
export TOKEN=

# Add user Robin
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"robin","Name":{"givenName":"Robin","familyName":"Rivas","formatted":"Robin Rivas"},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users/234948b5-f9be-4ffb-b95c-d75f69711c4c -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users \
 -H 'Authorization: Bearer ${TOKEN}'

# Add user Sammy
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"sammy","Name":{"givenName":"Sammy","familyName":"Smith","formatted":"Sammy Smith"},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users/821f665a-9660-469f-b169-ca14d034349 -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}'

# Add user Taylor
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"taylor","Name":{"givenName":"Taylor","familyName":"Thompson","formatted":"Taylor Thompson"},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users/a679c219-c3b6-4f29-abda-f8438833ade0 -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}'

# Add user Ursula
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"ursula","Name":{"givenName":"Ursula","familyName":"Underwood","formatted":"Ursula Underwood"},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users/e5449bce-6a61-41c1-b057-f058ee78569e -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}'

# Add user Valencia
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"valencia","Name":{"givenName":"Valencia","familyName":"Vu","formatted":"Valencia Vu"},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users/0d9e5244-2671-4be2-af49-d83417cceac6 -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}'

# Add groups
		finance:     {sam, robin},
		engineering: {taylor, robin},
		sales:       {ursula, valencia},
		hr:          {},

# Add group finance
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Groups -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName":"Finance","members":[{"value":"821f665a-9660-469f-b169-ca14d034349","display":""},{"value":"234948b5-f9be-4ffb-b95c-d75f69711c4c","display":""}]}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups/77c643fe-e227-4939-966b-c292ac180aae -H 'Authorization: Bearer ${TOKEN}'

# Add group engineering
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Groups -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName":"Engineering","members":[{"value":"a679c219-c3b6-4f29-abda-f8438833ade0","display":""},{"value":"234948b5-f9be-4ffb-b95c-d75f69711c4c","display":""}]}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups/129356a7-4b5f-4af4-b892-01ca7588c8ae -H 'Authorization: Bearer ${TOKEN}'

# Add group sales
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Groups -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName":"Sales","members":[{"value":"e5449bce-6a61-41c1-b057-f058ee78569e","display":""},{"value":"0d9e5244-2671-4be2-af49-d83417cceac6","display":""}]}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups/965ee9a4-f0c3-4b1c-96ba-cec08019ce76 -H 'Authorization: Bearer ${TOKEN}'

# Add group HR
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Groups -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName":"H.R.","members":[]}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups/55e46755-5b0a-4243-9b1a-b06b6c31514e -H 'Authorization: Bearer ${TOKEN}'

curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups -H 'Authorization: Bearer ${TOKEN}'

# Get users with filters
curl -k -X GET 'https://${HOST}/enzi/v0/scim/v2/Users?startIndex=3&count=2' -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET 'https://${HOST}/enzi/v0/scim/v2/Users?startIndex=3&count=0' -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET 'https://${HOST}/enzi/v0/scim/v2/Users?count=0' -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET 'https://${HOST}/enzi/v0/scim/v2/Users?filter=username+eq+%22taylor%22' -H 'Authorization: Bearer ${TOKEN}'

# Get groups with filters
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups?startIndex=1&count=2 -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups?startIndex=3&count=0 -H 'Authorization: Bearer ${TOKEN}'
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups?count=0 -H 'Authorization: Bearer ${TOKEN}'

# Update user Ursula's last name from Underwood to Upton
curl -k -X PUT 'https://${HOST}/enzi/v0/scim/v2/Users/e5449bce-6a61-41c1-b057-f058ee78569e' -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"ursula","Name":{"givenName":"Ursula","familyName":"Upton","formatted":"Ursula Upton"},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'

# Update group HR's team member to include taylor and valencia
curl -k -X PUT https://${HOST}/enzi/v0/scim/v2/Groups/55e46755-5b0a-4243-9b1a-b06b6c31514e -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName":"Human Resource","members":[{"value":"a679c219-c3b6-4f29-abda-f8438833ade0","display":""},{"value":"0d9e5244-2671-4be2-af49-d83417cceac6","display":""}]}'


# Patch user Ursula to inactive
curl -k -X PATCH https://${HOST}/enzi/v0/scim/v2/Users/e5449bce-6a61-41c1-b057-f058ee78569e -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"replace","path":"","value":{"active":false}}]}'

# Patch HR group
# the HR group starts with {taylor, valencia}, replaced with {valencia, sam}, added {robin, ursula}, removed {valencia},
#now HR group consists of {sam, robin, ursula}
curl -k -X PATCH https://${HOST}/enzi/v0/scim/v2/Groups/55e46755-5b0a-4243-9b1a-b06b6c31514e -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"replace","path":"members","value":[{"value":"0d9e5244-2671-4be2-af49-d83417cceac6"},{"value":"821f665a-9660-469f-b169-ca14d034349"}]},{"op":"add","path":"members","value":[{"value":"234948b5-f9be-4ffb-b95c-d75f69711c4c"},{"value":"e5449bce-6a61-41c1-b057-f058ee78569e"}]},{"op":"remove","path":"members","value":[{"value":"0d9e5244-2671-4be2-af49-d83417cceac6"}]}]}'



### Negative tests

# 	// Invalid PATCH /Users payload for Ursula
curl -k -X PATCH https://${HOST}/enzi/v0/scim/v2/Users/e5449bce-6a61-41c1-b057-f058ee78569e -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"replace","path":"","value":{"active":"false"}}]}'

# 	// Missing schema field for PATCH /Users
curl -k -X PATCH https://${HOST}/enzi/v0/scim/v2/Users/e5449bce-6a61-41c1-b057-f058ee78569e -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"schemas":[],"Operations":[{"op":"replace","path":"","value":{"active":false}}]}'

# 	// Non-exist user ID.
curl -k -X PATCH https://${HOST}/enzi/v0/scim/v2/Users/non-exist-id -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d ''

#	// Duplicate POST /Users
curl -k -X POST https://${HOST}/enzi/v0/scim/v2/Users -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"taylor","Name":{"givenName":"","familyName":"","formatted":""},"Emails":[{"value":"[email protected]","type":"","primary":false}],"active":true}'


#	// GET /Groups/{ID} with non-exist ID
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups/non-exist-id -H 'Authorization: Bearer ${TOKEN}'

#	// Invalid GET /Users filter
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users?filter=username=taylor -H 'Authorization: Bearer ${TOKEN}'

#	// Invalid GET /Users startIndex or count
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users?count=o -H 'Authorization: Bearer ${TOKEN}'

curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Users?startIndex=o -H 'Authorization: Bearer ${TOKEN}'

#	// Invalid GET /Groups startIndex or count
curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups?count=o -H 'Authorization: Bearer ${TOKEN}'

curl -k -X GET https://${HOST}/enzi/v0/scim/v2/Groups?startIndex=o -H 'Authorization: Bearer ${TOKEN}'

# attempt to update username
curl -k -X PUT https://${HOST}/enzi/v0/scim/v2/Users/e5449bce-6a61-41c1-b057-f058ee78569e -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' -d '{"userName":"ursula_new","Name":{"givenName":"","familyName":"","formatted":""},"Emails":null,"active":false}'