Tool to synchronize user records between the ID Broker and an ID Store
Copy local.env.dist
to local.env
and supply any necessary values.
Many of the tests depend on other containers. Before running any tests, build the full development environment using
make start
before running tests.
Run make testci
make bash
vendor/bin/behat --config=features/behat.yml --suite=notification_features
OR
docker-compose run --rm cli bash -c "vendor/bin/behat --config=features/behat.yml --suite=notification_features"
Substitute notification_features
with any of the suites defined in behat.yml
Some additional setup is required to run integration tests:
- Create a Google Sheets using the
google-sheets.csv
template file - Copy sheet ID from the browser address bar. It's the long string of characters after
/d/
and before/edit
- Save sheet ID in
local.env
asTEST_GOOGLE_SHEETS_CONFIG_spreadsheetId
- Set
TEST_GOOGLE_SHEETS_EMPLOYEE_ID
inlocal.env
to1234567
- Set
TEST_GOOGLE_SHEETS_CONFIG_applicationName
inlocal.env
toid-sync
- Create Google auth token (TBD: include or link to instructions)
- Save token in
application/google-auth.json
and setTEST_GOOGLE_SHEETS_CONFIG_jsonAuthFilePath
to/data/google-auth.json
Unless you have access to a test-only Workday account, you will need a valid employee ID and valid Workday credentials.
Set the TEST_WORKDAY_CONFIG_*****
variables in local.env
using local.env.dist
as an example.
Unless you have access to a test-only Sage account, you will need a valid employee ID and valid Sage credentials.
Set the TEST_SAGE_PEOPLE_CONFIG_*****
variables in local.env
using local.env.dist
as an example.
This is the primary key that uniquely identifies each user record. It can consist of any alph-numeric characters. Required.
A user’s first name. Required.
A user’s last name.
A user’s full name. If blank, the display name will be the first name and last name concatenated with a space in between.
A user’s primary email address. The user must have a primary email address. The ALLOW_EMPTY_EMAIL
configuration option can be set to true
to temporarily allow a user to only have a personal email address (see below). This can be useful if the onboarding process does not allow for an organizational email address to be created before the IdP user is added.
A user’s username. The user can use either their username or their email address on login. Required.
Flag to identify a temporarily disabled account. Must be one of: ‘yes’, ‘true’, 1, ‘no’, ‘false’, 0. Note that this is in addition to the “active” property that is implicitly set (or cleared) by the user’s inclusion in (or later exclusion from) the list of users provided to the IdP.
Flag to enforce the use of multi-factor authentication. Must be one of: ‘yes’, ‘true’, 1, ‘no’, ‘false’, 0
Email address of the user’s manager. This can be used in a situation where a user loses access to their multi-factor authentication and needs assistance. In such a situation, they can request assistance from their manager, who will receive a temporary code that can be given to the user once they have positively identified the person.
Alternate email address of the user. Upon creation of a new user, if specified, this address will be added as a password recovery option. May also be used temporarily as a new user's primary email address if configuration option ALLOW_EMPTY_EMAIL
is true
.
A comma-separated list of groups that can be used to limit access to certain applications (SAML Service Providers) based on SAML configuration elsewhere in the IdP system.
Name of Human Resources contact person, used for notifications such as "New User" notification.
Email address of Human Resources contact person, used for notifications such as "New User" notification.