New parameters and functions, and test setup (#443)

* feature: first test setup

* feature: update test setup

* feature: update test base admin

* feature: add test aac api protection

* fix: remove unncessary stuff

* fix: pre-commit

* fix: pre-commit

* fix: remove trailing spaces

* fix: pre-commit update

* fix: pylint

* refactor: pyproject

* refactor: pyproject

* documentation: start with documentation

* refactor: setup build and test WIP

* feature: test for risk profiles

* documentation: update

* documentation: update version

* refactor: update tox

* refactor: update pylint github action

* refactor: avoid error

* documentation: typo

* feature: support for type=federation

* fix: corrections

* feature: test for management authentication

* fix: add new parameters for oauth configuration of rp

* fix: replace .format with f-strings

* feature: new module

* fix: comments

* feature: test for new module

* feature: new sms connection module

* fix: format to f-string

* fix: change compare method

* fix: disable all pylint checks

* feature: add test for sms connection

* feature: update pre-commit

* feature: update pylint config

* fix: format() -> f-string

* fix: pylint generate text report

* fix: format() -> f-string

* fix: format() -> f-string

* fix: format() -> f-string

* fix: pytest move commit to fixture

* feature: new attributes in 10.0.8

* fix: format() -> f-string

* fix: pylint

* fix: pylint format -> f-string

* fix: ignore error

* feature: test for admin ssh keys

* fix: small updates, and test

* documentation: update pylint and changelog

* documentation: move changelog into docs

* documentation: update .gitignore (exlcude reports)

* feature: tracing configuration (new in 10.0.8)

* documentation: wip

Author: tombosmansibm

.config/requirements-docs.in

@@ -0,0 +1,6 @@
+mkdocs
+mkdocs-material
+markdown-exec
+mkdocstrings
+pymdown-extensions
+markdown_include

.config/requirements-test.in

@@ -0,0 +1,22 @@
+black # IDE support
+coverage-enable-subprocess # see https://github.com/nedbat/coveragepy/issues/1341#issuecomment-1228942657
+coverage[toml] >= 6.4.4
+jmespath
+license-expression >= 30.3.0 # Apache 2.0
+mypy # IDE support
+netaddr # needed by ipwrap filter
+pip # tox command
+psutil # soft-dep of pytest-xdist
+pylint # IDE support
+pytest >= 7.2.2
+pytest-instafail >= 0.5.0 # only for local development, via PYTEST_ADDOPTS=-edit
+pytest-mock
+pytest-dotenv
+pytest-sugar  # shows failures immediately, even with xdist
+pytest-xdist[psutil,setproctitle] >= 2.1.0
+tox >= 4.0.0
+tox-extra>=2.1
+tox-uv>=1.25
+tox>=4.24.2
+types-jsonschema # IDE support
+types-pyyaml # IDE support

.config/requirements.in

@@ -0,0 +1,11 @@
+# alphabetically sorted:
+black>=24.3.0 # MIT (security)
+filelock>=3.8.2 # The Unlicense
+importlib-metadata # Apache
+jsonschema>=4.10.0 # MIT, version needed for improved errors
+packaging>=22.0 # Apache-2.0,BSD-2-Clause
+pathspec>=0.10.3 # Mozilla Public License 2.0 (MPL 2.0)
+pyyaml>=6.0.2 # MIT (compilation probles with older versions)
+requests
+jmespath>=1.0.0
+PyYAML

.github/workflows/pylint.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.8", "3.9", "3.10"]
+        python-version: ["3.11"]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
@@ -20,4 +20,4 @@ jobs:
         pip install pylint
     - name: Analysing the code with pylint
       run: |
-        pylint $(git ls-files '*.py')
+        pylint $(git ls-files 'ibmsecurity/isam/*.py') --exit-zero

.gitignore

@@ -44,6 +44,8 @@ nosetests.xml
 coverage.xml
 *,cover
 .hypothesis/
+report.txt
+report_.*.txt
 
 # Translations
 *.mo

.pre-commit-config.yaml

@@ -12,16 +12,18 @@ repos:
     hooks:
       - id: black
         stages: [pre-push]
-  - repo: https://github.com/PyCQA/flake8
-    rev: 7.1.1
-    hooks:
-      - id: flake8
-        args: ["--ignore=E501"]
+  #- repo: https://github.com/PyCQA/flake8
+  #  rev: 7.1.1
+  #  hooks:
+  #    - id: flake8
+  #      args: ["--ignore=E501"]
   - repo: https://github.com/PyCQA/pylint
-    rev: v3.3.2
+    rev: v3.3.7
     hooks:
       - id: pylint
         args: [
-           "-ry",
-           "--exit-zero"
+           "--recursive=y",
+           "--exit-zero",
+           "--rcfile=pylintrc",
+           "--output-format=github:report.txt"
         ]

conftest.py

@@ -0,0 +1,61 @@
+"""PyTest fixtures for testing the project."""
+from __future__ import annotations
+
+import os
+
+import pytest
+
+from ibmsecurity.appliance.isamappliance import ISAMAppliance
+from ibmsecurity.user.applianceuser import ApplianceUser
+import ibmsecurity.isam.appliance
+
+@pytest.fixture(scope="session")
+def iviaServer():
+    """Initiate an ISAMAppliance."""
+    # s = IviaLogin()
+    _username = os.getenv('IVIA_ADMIN')
+    _pw = os.getenv('IVIA_PW')
+    _host = os.getenv('IVIA_HOST')
+    _port = os.getenv('IVIA_PORT') or 443
+    # Create a user credential for ISAM appliance
+    u = ApplianceUser(username=_username, password=_pw)
+    # Create an ISAM appliance with above credential
+    isam_server = ISAMAppliance(hostname=_host, user=u, lmi_port=_port)
+    yield isam_server
+    returnValue = ibmsecurity.isam.appliance.commit(isamAppliance=isam_server)
+    print('\nCommit result')
+    print( returnValue )
+    print('\n')
+    return returnValue
+
+# ibmsecurity
+def pytest_runtest_setup(item):
+    print("setting up function:", item.name)
+    yield
+
+
+# @pytest.fixture(autouse=True)
+# def pytest_configure(config: Config) -> None:
+#   """Register custom markers."""
+#    print('configure')
+
+#@pytest.fixture(scope="session", autouse=True)
+#def ivia_commit(iviaServer):
+#   """Commit the changes"""
+#   print('TEST')
+#   # caplog.set_level(logging.INFO)
+
+#   returnValue = ibmsecurity.isam.appliance.commit(isamAppliance=iviaServer)
+#   # logging.log(logging.DEBUG, returnValue)
+#   print(returnValue)
+
+#@pytest.hookimpl(hookwrapper=True)
+#def pytest_sessionfinish(session, iviaServer):
+#   """Commit the changes"""
+#   # caplog.set_level(logging.INFO)
+#
+#   returnValue = ibmsecurity.isam.appliance.commit(isamAppliance=iviaServer)
+#   yield returnValue
+#        # logging.log(logging.DEBUG, returnValue)
+#   print(returnValue)
+#   print("\nTest session finished!")

changelog.md renamed to docs/changelog.md

@@ -2,6 +2,14 @@
 
 ## Latest
 
+- feature: base/management_authentication.py - type federation
+- build: test setup
+- feature: web/reverse_proxy/oauth_configuration.py - add new parameters in 10.0.8
+- feature: web/reverse_proxy/oauth2_configuration.py - OAuth2 IBM Security Verify OIDC Provider configuration (new in 10.0.4)
+- feature: aac/server_connections/sms.py - SMS Server Connection (new in 10.0.8)
+- fix: base/admin_ssh_keys.py - Ignore error when same ssh key exists under different name
+- pylint: change format() to f-strings
+- feature: base/tracing.py - Get tracing configuration (new in 10.0.8)
 
 ## 2025.3.28.0
 

docs/contributing.md

@@ -0,0 +1,64 @@
+# Contributing to ibmsecurity WIP
+
+To contribute to ibmsecurity, please use pull requests on a branch of your own
+fork.
+
+After [creating your fork on GitHub], you can do:
+
+```shell-session
+$ git clone --recursive [email protected]:your-name/ibmsecurity
+$ cd ibmsecurity
+$ # Recommended: Initialize and activate a Python virtual environment
+$ pip install --upgrade pip
+$ pip install -e '.[test]'       # Install testing dependencies
+$ tox run -e lint
+$ git checkout -b your-branch-name
+# DO SOME CODING HERE
+# Add tests under `test/`
+$ tox run -e lint,py
+$ git add your new files
+$ git commit -v
+$ git push origin your-branch-name
+```
+
+You will then be able to create a pull request from your commit.
+
+## Setup
+
+### Local appliance
+
+There is no mock code for testing, unfortunately.
+So you need a running IBM Verify Access/IBM Identity Verify Access appliance or container to be able to run the tests.
+
+### Env
+
+Create a .env file in the root directory of the project, with the details to connect to your IVIA appliance, for instance :
+
+````properties
+IVIA_ADMIN=admin@local
+IVIA_PW=admin
+IVIA_HOST=<ip address of lmi>
+# IVIA_PORT = 80
+````
+
+## Standards
+
+Automated tests will be run against all PRs, to run checks locally before
+pushing commits, just use [tox](https://tox.wiki/en/latest/).
+
+## Talk to us
+
+
+
+## Code of Conduct
+
+
+
+## Module dependency graph
+
+
+
+## Documentation changes
+
+To build the docs, run `tox -e docs`. At the end of the build, you will see the
+local location of your built docs.

docs/index.md

@@ -0,0 +1,10 @@
+# IBMSecurity Documentation
+
+## About ibmsecurity
+
+This repository contains Python code to manage IBM Security Appliances using their respective REST APIs.
+ISAM appliance has the most mature code.
+
+Code for ISDS appliance is under development.
+
+Code for ISVG appliance is brand new (tested with 10.0.1.0 and higher only).