I have Karate Tests for the APIs which are on Amazon API Gateway. As such, in my Karate Tests I have to provide client_id and client_secret for authentication. I was wondering if there is a way I could store the credentials outside my github repository and use it at run time. Is it possible to do that in Karate ?
Here is how my tests look like:
Feature: API Test all endpoints using Karate
Background:
* configure ssl = true
* url baseUrl
* def res = (env == 'qa'? 'classpath:endpoints/user-login.feature' : 'classpath:endpoints/user-login-dev.feature')
* def token = call read(res)
* def headerData = {Authorization: #(token.nextGen),Accept: 'application/json;v=1'}
* headers headerData
Here is the user-login.feature file
Feature: API Test using Karate
Background:
* configure ssl = true
Scenario: Get authorization header
Given url 'https://api.cloud.xyz.com/oauth2/token?client_id=****&client_secret=****&grant_type=client_credentials'
When method get
Then status 200
And def tokenType = response.token_type
And def accessToken = response.access_token
* def nextGen = tokenType + ' '+ accessToken
* def headerData = {Authorization: nextGen,Accept: 'application/json;v=1'}
Any pointers on how I can have the client_id and client_secret passed to the tests at run time and not stored in github.
Thanks in advance!
The easiest way would be to pass them as Java system properties via the command-line, which you can very easily do from a test or from a CI triggered run.
Refer to the documentation here: https://github.com/intuit/karate#dynamic-port-numbers
An example of how it could look like in your case:
Given url 'https://api.cloud.xyz.com/oauth2/token'
And param client_id = karate.properties['client.id']
And param client_secret = karate.properties['client.secret']
And param grant_type = 'client_credentials'
And on the command-line:
mvn test -DargLine="-Dclient.id=**** -Dclient.secret=**** -Dkarate.env=qa"
Related
First of all, thanks for build karate it's a very useful for test API's and UI's. We are using it to test a lot of our endpoints but we would like to know if there is a way or which is the best approach to handle requests with signature as part of the request in the header.
In our case we have two headers:
ApiKey: this value is always the same
Signature: this value depends on the request body content
Is there any way to inject the signature value just before the request is executed based on the request body content?
Here you can see two samples of the requests
Sample 1:
* url 'https://dev.sample.com'
* path '/api/user/getAll'
* header Content-Type = 'application/json'
* header ApiKey = 'XXX'
* header Signature = 'YYY'
And request { }
When method POST
Then status 200
Sample 2:
* url 'https://dev.sample.com'
* path '/api/user/getAll'
* header Content-Type = 'application/json'
* header ApiKey = 'XXX'
* header Signature = 'ZZZ'
And request { name: 'John' }
When method POST
Then status 200
Thanks
Karate has a "hook" for generating headers, but as of now it is not "aware" of the currently built request body + headers: https://github.com/intuit/karate#configure-headers
We got a similar request here, and are thinking of adding this capability: How to retrieve raw request contents before making a REST call in Karate DSL?
Maybe the OAuth examples will give you the way forward for your case for now: https://stackoverflow.com/a/55055111/143475
Feel free to raise an enhancement request, and we can get this in to the next version (with your help to test it). I'm thinking - what if you are able to call karate.get('request') from within the header JS function.
But for now all you need to do is do something like this:
* def body = { some: 'json' }
* karate.set('requestBody', body)
* url someUrl
* request body
* method post
And in the header.js function
function fn() {
var body = karate.get('requestBody');
var sign = Utils.sign(body);
return { Signature: sign };
}
EDIT: this will be implemented in Karate 1.0 onwards: https://github.com/intuit/karate/issues/1385
First of all, thanks for build karate it's a very useful for test API's and UI's. We are using it to test a lot of our endpoints but we would like to know if there is a way or which is the best approach to handle requests with signature as part of the request in the header.
In our case we have two headers:
ApiKey: this value is always the same
Signature: this value depends on the request body content
Is there any way to inject the signature value just before the request is executed based on the request body content?
Here you can see two samples of the requests
Sample 1:
* url 'https://dev.sample.com'
* path '/api/user/getAll'
* header Content-Type = 'application/json'
* header ApiKey = 'XXX'
* header Signature = 'YYY'
And request { }
When method POST
Then status 200
Sample 2:
* url 'https://dev.sample.com'
* path '/api/user/getAll'
* header Content-Type = 'application/json'
* header ApiKey = 'XXX'
* header Signature = 'ZZZ'
And request { name: 'John' }
When method POST
Then status 200
Thanks
Karate has a "hook" for generating headers, but as of now it is not "aware" of the currently built request body + headers: https://github.com/intuit/karate#configure-headers
We got a similar request here, and are thinking of adding this capability: How to retrieve raw request contents before making a REST call in Karate DSL?
Maybe the OAuth examples will give you the way forward for your case for now: https://stackoverflow.com/a/55055111/143475
Feel free to raise an enhancement request, and we can get this in to the next version (with your help to test it). I'm thinking - what if you are able to call karate.get('request') from within the header JS function.
But for now all you need to do is do something like this:
* def body = { some: 'json' }
* karate.set('requestBody', body)
* url someUrl
* request body
* method post
And in the header.js function
function fn() {
var body = karate.get('requestBody');
var sign = Utils.sign(body);
return { Signature: sign };
}
EDIT: this will be implemented in Karate 1.0 onwards: https://github.com/intuit/karate/issues/1385
I have just started implementing karate UI (v0.9.5). Have already implemented api testing using karate and it works perfectly.
Following the HTTP basic auth strategy on this page - https://github.com/intuit/karate#http-basic-authentication-example the basic auth handling works for api tests. I set the HTTP headers once and run all api tests.
Now for the UI testing, the URL that I open brings up the basic auth pop-up as shown below:
So I thought that I could use the same strategy that I used for api tests to handle this. In the background section of my feature file, i call the feature file that does the authentication and sets headers as below:
The called feature file to set headers (admin-headers.feature). This feature file gets the token after admin user login is performed via karate-config.js. Then assigns the token along with the Base64 encoded basic auth to the headers calling headers.js. The Base64 user and password are being input as maven arguments and read via karate-config variables.
(/admin-headers.feature)
Feature: karate-config.js will perform one time login for admin and
set the session token for all subsequent requests
Background:
* def session = adminAuthInfo.authSession
* def basic_auth = call read('classpath:basic-auth.js') { username: '#(basicAuthUser)', password: '#(basicAuthPassword)' }
* configure headers = read('classpath:headers.js')
Scenario: One-time login for user and set the
session token in request header
The js code for returning Auth and Cookie to above feature file (/headers.js).
function() {
var session = karate.get('session');
var basic_auth = karate.get('basic_auth');
if(session){
return {
Authorization: basic_auth,
Cookie: "SESSION=" + session
};
} else {
return {};
}
}
My UI test feature file (/ui-test.feature):
Feature: Login test
Background:
# Authorise via api
* callonce read('classpath:common/headers/admin-headers.feature')
* configure driver = { type: 'chrome' }
Scenario: Test login
Given driver 'https://test.internal.mysite.com/names'
Running the above feature file still shows the auth pop-up.
I then tried to set the cookies while I am initialising the driver (which I think is probably not the right way?) as below:
Feature: Login test
Background:
# Authorise via api
* def login = callonce read('classpath:common/headers/admin-headers.feature')
* def uiCookie = { name: 'SESSION', value: '#(login.userAuthInfo.authSession)', domain: 'test.internal.mysite.com' }
* configure driver = { type: 'chrome', cookie: '#(uiCookie)' }
Scenario: Test login
Given driver 'https://test.internal.mysite.com/names'
The above also does not work. What is it that I am doing wrong here? the pop-up keeps coming up because the cookie is not set when the driver is initialised and then opens the specified url?
Help is much appreciated.
I think you raised a very good feature request, that configure driver should take cookies also, so that you can navigate to the page and set cookies in one-shot, and I opened a feature request: https://github.com/intuit/karate/issues/1053
So try this sequence, refer docs for cookie(): https://github.com/intuit/karate/tree/master/karate-core#cookieset
* driver 'about:blank'
* cookie(uiCookie)
* driver 'https://test.internal.mysite.com/names'
And now it should work !
Feature: Windows Authentication feature
Background:
* configure driver = { type: 'chrome' }
Scenario: Windows Authentication Valid Login test case
Given driver 'http://the-internet.herokuapp.com/basic_auth'
And delay(3000)
And screenshot()
* robot {}
* robot.input('admin' + Key.TAB)
* robot.input('admin')
* robot.click('Sign in')
And delay(3000)
And screenshot()
works fine with chrome, edge
As suggested in here Migration form karate 0.9.2 to 0.9.3 Issue - javascript evaluation failed i have update karate verions to 0.9.5.RC4.
JavaScript fun is like
function fn(config) {
var OAuth2 = {};
var userAccessToken = Java.type("com.OAuth2Token");
OAuth2.adminUser = function () {
return userAccessToken.getAuthorizationHeader(name, url, users, "ADMIN");
};
config.OAuth2 = karate.toMap(OAuth2);
return config;
}
Feature file with Scenario **worked*
Scenario: <scenarioName>
Given path 'url'
And header Authorization = OAuth2.adminUser()
And def Authorization = OAuth2.adminUser()
And print Authorization
Feature file with Scenario outline not worked
Scenario Outline: <scenarioName>
Given path 'url'
And header Authorization = OAuth2.adminUser()
And def Authorization = OAuth2.adminUser()
And print Authorization
Examples:
| data |
Error : javascript evaluation failed: OAuth2.adminUser(), TypeError: OAuth2.adminUser is not a function in at line number 1 , I am having same error with 0.9.3 and moving function to common feature file.
This is a bug and will be fixed in the next version: https://github.com/intuit/karate/issues/982
A workaround is that you re-init the function for each loop under the Scenario Outline:
Scenario Outline:
* def OAuth2 = karate.call('classpath:com/utils.feature)
I have a .feature file that will receive argument from another feature file as __arg to generate token for oAuth
Given url urlRefreshToken
Given def json = __arg
And header Content-Type = 'application/json; charset=utf-8'
And request json
* header Authorization = 'Bearer' + __arg.refresh_token
When method POST
Then status 200
* def bearer = 'Bearer ' + response.access_token
I am trying to centralise the token generation for only one time on karate-config.js. However I cannot seem to be able to use karate.callSingle() with passed parameters.
I use the feature file to generate token on other feature files as:
* def getToken = call read('classpath:features/Utils/GetToken.feature') refreshTokenRaymond
* header Authorization = getToken.bearer
I am trying to invoke the feature file for generating token on karate-config.js to no avail. I tried to pass in the additional parameter like this on karate-config.js:
var config = {
baseUrl: 'url',
urlRefreshToken: 'url',
refreshToken: '{refreshToken: refreshToken}'
};
var token = karate.callSingle('classpath:features/Utils/GetToken.feature', [config, config.refreshToken])
I wonder if it is possible to pass multiple parameter to karate.callSingle() called from karate-config.js?
Any help will be greatly appreciated. Thanks!
call and karate.callSingle() take only one argument, but you can easily create a new JSON out of other JSONs. Actually since you seem to be passing config as the argument - you can easily access config.refreshToken as __arg.refreshToken.
Your code is very confusing - but hope that this hint is what gets you on your way:
Given def json = __arg.refreshToken
If you need to create a JSON out of other data - I think you already know how to do that:
var temp = { config: config, refreshToken: refreshToken };
var token = karate.callSingle('classpath:features/Utils/GetToken.feature', temp);