From cb547b2850bf617b7137f11517060da37b1c2ccc Mon Sep 17 00:00:00 2001
From: Alejandro Visiedo <avisiedo@redhat.com>
Date: Thu, 21 Sep 2023 12:41:03 +0200
Subject: [PATCH] refactor: fixes and improves maintenance

When we register a domain, we need to specify the org_id for the generated
identity; the org_id we use here must match the org_id used when generating the
token or the operation will fail with sign mismatching; now a ORG_ID environment
variable is used, that by default will be 12345 for better experience, but its
value can be override from the CLI.

This change additionally remove duplicated code and keep the scripts cleaner.
Bear in mind that 'curl.sh' wrapper prepare the request depending on the
environment variables if moving additional variables to the common scripts.

- Allows to customize ORG_ID variable; it could be helpful when checking data
  isolation.
- Allows to customize X_RH_IDENTITY and X_RH_FAKE_IDENTITY; it could be helpful
  when checking identity enforcement.
- Now the scripts can be invoked from anywhere in the repository.

Co-authored-by: Christian Heimes <cheimes@redhat.com>
Signed-off-by: Alejandro Visiedo <avisiedo@redhat.com>
---
 test/scripts/common.inc                | 49 ++++++++++++++++++++++++++
 test/scripts/ephe-domains-delete.sh    | 23 ++++--------
 test/scripts/ephe-domains-list.sh      | 13 +++----
 test/scripts/ephe-domains-patch.sh     | 23 ++++--------
 test/scripts/ephe-domains-read.sh      | 19 +++-------
 test/scripts/ephe-domains-register.sh  | 23 ++++--------
 test/scripts/ephe-domains-token.sh     | 12 +++----
 test/scripts/ephe-domains-update.sh    | 23 ++++--------
 test/scripts/ephe-hostconf.sh          | 23 +++++-------
 test/scripts/ephe-openapi.sh           | 10 +++---
 test/scripts/ephe.inc                  | 21 +++++++++++
 test/scripts/local-domains-delete.sh   | 17 ++++-----
 test/scripts/local-domains-list.sh     | 10 +++---
 test/scripts/local-domains-patch.sh    | 16 +++------
 test/scripts/local-domains-populate.py |  4 +--
 test/scripts/local-domains-read.sh     | 13 +++----
 test/scripts/local-domains-register.sh | 18 ++++------
 test/scripts/local-domains-token.sh    |  9 +++--
 test/scripts/local-domains-update.sh   | 19 ++++------
 test/scripts/local-hostconf.sh         | 16 ++++-----
 test/scripts/local-openapi.sh          |  9 +++--
 test/scripts/local.inc                 |  7 ++++
 22 files changed, 189 insertions(+), 188 deletions(-)
 create mode 100644 test/scripts/common.inc
 create mode 100644 test/scripts/ephe.inc
 create mode 100644 test/scripts/local.inc

diff --git a/test/scripts/common.inc b/test/scripts/common.inc
new file mode 100644
index 00000000..e54c9444
--- /dev/null
+++ b/test/scripts/common.inc
@@ -0,0 +1,49 @@
+#
+# Include file with common parts shared for local and ephemeral
+#
+
+# Troubleshooting:
+# - Run with DEBUG=1 to see some traces from curl.sh wrapper
+#   $ DEBUG=1 ./test/scripts/local-domain-token.sh
+# - Run with more verbose by:
+#   $ DEBUG=1 bash -xv ./test/scripts/local-domain-token.sh
+
+function error {
+    local err=$?
+    printf "ERROR: %s\n" "$*" >&2
+    exit $err
+}
+
+ORG_ID="${ORG_ID:-12345}"
+
+export IDENTITY_USER=""   # Use $(identity_user)
+export IDENTITY_SYSTEM="" # Use $(identity_system)
+export IDM_VERSION=""     # Use $(idm_version)
+
+SRCDIR="$(dirname "${BASH_SOURCE[0]}")"
+# shellcheck disable=SC2034  # ignore unused variable
+BASEDIR="$(dirname "$(dirname "${SRCDIR}")")"
+REPOBASEDIR="$(git rev-parse --show-toplevel)"
+export REPOBASEDIR
+export XRHIDGEN="${REPOBASEDIR}/tools/bin/xrhidgen"
+
+if [[ ! -x "${XRHIDGEN}" ]]; then
+    error "${XRHIDGEN} is missing, run 'make install-tools'"
+    exit 2
+fi
+
+function identity_user() {
+    "${XRHIDGEN}" -org-id "${ORG_ID}" user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0
+}
+export -f identity_user     # Needed for making it available in sub-shells
+
+function identity_system() {
+    "${XRHIDGEN}" -org-id "${ORG_ID}" system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0
+}
+export -f identity_system   # Needed for making it available in sub-shells
+
+function idm_version() {
+    IDM_VERSION='{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}'
+    printf "%s" "${IDM_VERSION}"
+}
+export -f idm_version
diff --git a/test/scripts/ephe-domains-delete.sh b/test/scripts/ephe-domains-delete.sh
index 83ae108a..6450f077 100755
--- a/test/scripts/ephe-domains-delete.sh
+++ b/test/scripts/ephe-domains-delete.sh
@@ -1,24 +1,15 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 export X_RH_IDM_REGISTRATION_TOKEN="${TOKEN}"
-export X_RH_IDM_VERSION="$( base64 -w0 <<< '{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}' )"
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i -X DELETE "${BASE_URL}/domains/${UUID}"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X DELETE "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-domains-list.sh b/test/scripts/ephe-domains-list.sh
index 2e387a6c..f424130f 100755
--- a/test/scripts/ephe-domains-list.sh
+++ b/test/scripts/ephe-domains-list.sh
@@ -1,12 +1,9 @@
 #!/bin/bash
+set -eo pipefail
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 unset X_RH_IDENTITY
-unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i "${BASE_URL}/domains"
-
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
+"${REPOBASEDIR}/scripts/curl.sh" -i "${BASE_URL}/domains"
diff --git a/test/scripts/ephe-domains-patch.sh b/test/scripts/ephe-domains-patch.sh
index d4ab3195..07b28e17 100755
--- a/test/scripts/ephe-domains-patch.sh
+++ b/test/scripts/ephe-domains-patch.sh
@@ -1,24 +1,15 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
 unset X_RH_IDM_REGISTRATION_TOKEN
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i -X PATCH -d @<( cat test/data/http/patch-rhel-idm-domain.json | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X PATCH -d @<(sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' < "${REPOBASEDIR}/test/data/http/patch-rhel-idm-domain.json") "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-domains-read.sh b/test/scripts/ephe-domains-read.sh
index e192c239..22e52f4a 100755
--- a/test/scripts/ephe-domains-read.sh
+++ b/test/scripts/ephe-domains-read.sh
@@ -1,21 +1,12 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-
-./scripts/curl.sh -i "${BASE_URL}/domains/${UUID}"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
+"${REPOBASEDIR}/scripts/curl.sh" -i "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-domains-register.sh b/test/scripts/ephe-domains-register.sh
index ad60a744..7d7cf0cc 100755
--- a/test/scripts/ephe-domains-register.sh
+++ b/test/scripts/ephe-domains-register.sh
@@ -1,24 +1,15 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# ephe-domains-token.sh
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 TOKEN="$1"
 [ "${TOKEN}" != "" ] || error "TOKEN is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_system)}"
 export X_RH_IDM_REGISTRATION_TOKEN="${TOKEN}"
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i -X POST -d @<( cat "test/data/http/register-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X POST -d @<(sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' < "${REPOBASEDIR}/test/data/http/register-rhel-idm-domain.json") "${BASE_URL}/domains"
diff --git a/test/scripts/ephe-domains-token.sh b/test/scripts/ephe-domains-token.sh
index 14a6a5be..ed5a7983 100755
--- a/test/scripts/ephe-domains-token.sh
+++ b/test/scripts/ephe-domains-token.sh
@@ -1,11 +1,9 @@
 #!/bin/bash
+set -eo pipefail
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_user)}"
+"${REPOBASEDIR}/scripts/curl.sh" -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"
diff --git a/test/scripts/ephe-domains-update.sh b/test/scripts/ephe-domains-update.sh
index 36f61feb..02075317 100755
--- a/test/scripts/ephe-domains-update.sh
+++ b/test/scripts/ephe-domains-update.sh
@@ -1,24 +1,15 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_system)}"
 unset X_RH_IDM_REGISTRATION_TOKEN
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i -X PUT -d @<( cat test/data/http/update-rhel-idm-domain.json | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X PUT -d @<(sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' < "${REPOBASEDIR}/test/data/http/update-rhel-idm-domain.json") "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-hostconf.sh b/test/scripts/ephe-hostconf.sh
index 436daa6b..e4a45177 100755
--- a/test/scripts/ephe-hostconf.sh
+++ b/test/scripts/ephe-hostconf.sh
@@ -1,23 +1,16 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 INVENTORY_ID=$"$1"
-FQDN="$2"
 [ "${INVENTORY_ID}" != "" ] || error "INVENTORY_ID is empty"
+FQDN="$2"
 [ "${FQDN}" != "" ] || error "FQDN is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "3f35fc7f-079c-4940-92ed-9fdc8694a0f3" -cert-type system | base64 -w0 )"
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-$(identity_system)}"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"
diff --git a/test/scripts/ephe-openapi.sh b/test/scripts/ephe-openapi.sh
index b739bd36..bca457c6 100755
--- a/test/scripts/ephe-openapi.sh
+++ b/test/scripts/ephe-openapi.sh
@@ -1,11 +1,9 @@
 #!/bin/bash
+set -eo pipefail
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/ephe.inc"
 
 unset X_RH_IDENTITY
 unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-./scripts/curl.sh -i "${BASE_URL}/openapi.json"
+"${REPOBASEDIR}/scripts/curl.sh" -i "${BASE_URL}/openapi.json"
diff --git a/test/scripts/ephe.inc b/test/scripts/ephe.inc
new file mode 100644
index 00000000..4d921453
--- /dev/null
+++ b/test/scripts/ephe.inc
@@ -0,0 +1,21 @@
+#
+# Include for common parts for ephemeral environment shared between all the scripts
+#
+# NOTE: Be aware that curl.sh wrapper set options based in the environment
+#       variables that has value when it is invoked, and set an environment
+#       variable could change the behave on how the request is formed.
+#
+# See: ./scripts/curl.sh
+#
+source "$(dirname "${BASH_SOURCE[0]}")/common.inc"
+
+NAMESPACE="$(oc project -q)"
+export NAMESPACE
+
+username="$( oc get secrets/env-"${NAMESPACE}"-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
+password="$( oc get secrets/env-"${NAMESPACE}"-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
+CREDS="${username}:${password}"
+export CREDS
+
+# shellcheck disable=SC2034  # ignore unused variable
+BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
diff --git a/test/scripts/local-domains-delete.sh b/test/scripts/local-domains-delete.sh
index b1e96d8d..91615ff3 100755
--- a/test/scripts/local-domains-delete.sh
+++ b/test/scripts/local-domains-delete.sh
@@ -1,19 +1,14 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset CREDS
 export X_RH_IDM_REGISTRATION_TOKEN="$TOKEN"
-export X_RH_IDM_VERSION="$( base64 -w0 <<< '{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}' )"
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i -X DELETE "${BASE_URL}/domains/${UUID}"
+unset X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X DELETE "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-domains-list.sh b/test/scripts/local-domains-list.sh
index 397e7c67..6057cb09 100755
--- a/test/scripts/local-domains-list.sh
+++ b/test/scripts/local-domains-list.sh
@@ -1,9 +1,11 @@
 #!/bin/bash
+set -eo pipefail
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
+
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
 unset X_RH_IDM_VERSION
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i "${BASE_URL}/domains"
-
+"${REPOBASEDIR}/scripts/curl.sh" -i "${BASE_URL}/domains"
diff --git a/test/scripts/local-domains-patch.sh b/test/scripts/local-domains-patch.sh
index 471dadd4..225bfa0b 100755
--- a/test/scripts/local-domains-patch.sh
+++ b/test/scripts/local-domains-patch.sh
@@ -1,19 +1,13 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
-# make db-cli <<< "select token from ipas order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset CREDS
 unset X_RH_IDM_REGISTRATION_TOKEN
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i -X PATCH -d @<( cat "test/data/http/patch-rhel-idm-domain.json" | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" ) "${BASE_URL}/domains/${UUID}"
+"${REPOBASEDIR}/scripts/curl.sh" -i -X PATCH -d @<(sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" < "${REPOBASEDIR}/test/data/http/patch-rhel-idm-domain.json") "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-domains-populate.py b/test/scripts/local-domains-populate.py
index 2544ed0e..4b5ff67e 100755
--- a/test/scripts/local-domains-populate.py
+++ b/test/scripts/local-domains-populate.py
@@ -8,6 +8,7 @@
 import uuid
 import requests
 import json
+import os
 
 
 CONTENT_TYPE = "application/json"
@@ -18,7 +19,7 @@
 HEADER_X_RH_IDM_VERSION = "X-Rh-Idm-Version"
 HEADER_X_RH_IDM_REGISTRATION_TOKEN = "X-Rh-Idm-Registration-Token"
 
-DEFAULT_ORG_ID = "12345"
+DEFAULT_ORG_ID = os.environ.get("ORG_ID", "12345")
 
 class xrhidgen:
     """Wrapper to call ./tools/bin/xrhidgen binary and get a x-rh-identity header"""
@@ -51,7 +52,6 @@ def __call__(self, *args):
         if self.xrhidgen_type is None or self.xrhidgen_type == '':
             sys.exit("'xrhidgen_type' is None")
         options.append(self.xrhidgen_type)
-        # ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system
         options.extend(self.extra_args)
         options.extend(args)
         output = subprocess.check_output(options)
diff --git a/test/scripts/local-domains-read.sh b/test/scripts/local-domains-read.sh
index 073c2805..3df734d8 100755
--- a/test/scripts/local-domains-read.sh
+++ b/test/scripts/local-domains-read.sh
@@ -1,16 +1,13 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i "${BASE_URL}/domains/${UUID}"
+"${REPOBASEDIR}/scripts/curl.sh" -i "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-domains-register.sh b/test/scripts/local-domains-register.sh
index ff780fbc..2d67389c 100755
--- a/test/scripts/local-domains-register.sh
+++ b/test/scripts/local-domains-register.sh
@@ -1,19 +1,15 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# local-domains-token.sh
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
 
 TOKEN="$1"
 [ "${TOKEN}" != "" ] || error "TOKEN is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_system)}"
 unset CREDS
 export X_RH_IDM_REGISTRATION_TOKEN="$TOKEN"
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i -X POST -d @<( cat "test/data/http/register-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X POST -d @<(sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' < "${REPOBASEDIR}/test/data/http/register-rhel-idm-domain.json") "${BASE_URL}/domains"
diff --git a/test/scripts/local-domains-token.sh b/test/scripts/local-domains-token.sh
index 20b870c8..1484f2b8 100755
--- a/test/scripts/local-domains-token.sh
+++ b/test/scripts/local-domains-token.sh
@@ -1,7 +1,10 @@
 #!/bin/bash
+set -eo pipefail
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
+
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"
+"${REPOBASEDIR}/scripts/curl.sh" -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"
diff --git a/test/scripts/local-domains-update.sh b/test/scripts/local-domains-update.sh
index 322df682..311fe0d3 100755
--- a/test/scripts/local-domains-update.sh
+++ b/test/scripts/local-domains-update.sh
@@ -1,20 +1,15 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
-# make db-cli <<< "select token from ipas order by id desc limit 1;\\q"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_system)}"
 unset CREDS
 unset X_RH_IDM_REGISTRATION_TOKEN
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i -X PUT -d @<( cat "test/data/http/update-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
+"${REPOBASEDIR}/scripts/curl.sh" -i -X PUT -d @<(sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' < "${REPOBASEDIR}/test/data/http/update-rhel-idm-domain.json") "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-hostconf.sh b/test/scripts/local-hostconf.sh
index e7b7c406..7cb91a2d 100755
--- a/test/scripts/local-hostconf.sh
+++ b/test/scripts/local-hostconf.sh
@@ -1,19 +1,17 @@
 #!/bin/bash
+set -eo pipefail
 
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
 
 INVENTORY_ID=$"$1"
 FQDN="$2"
 [ "${INVENTORY_ID}" != "" ] || error "INVENTORY_ID is empty"
 [ "${FQDN}" != "" ] || error "FQDN is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "3f35fc7f-079c-4940-92ed-9fdc8694a0f3" -cert-type system | base64 -w0 )"
-export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
+export X_RH_IDENTITY="${X_RH_IDENTITY:-$(identity_user)}"
+X_RH_IDM_VERSION="$(idm_version)"
+export X_RH_IDM_VERSION
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"
+"${REPOBASEDIR}/scripts/curl.sh" -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"
diff --git a/test/scripts/local-openapi.sh b/test/scripts/local-openapi.sh
index 30f3c34c..5e2edea4 100755
--- a/test/scripts/local-openapi.sh
+++ b/test/scripts/local-openapi.sh
@@ -1,9 +1,12 @@
 #!/bin/bash
+set -eo pipefail
 
-# export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+# shellcheck disable=SC1091
+source "$(dirname "${BASH_SOURCE[0]}")/local.inc"
+
+unset X_RH_IDENTITY
 unset X_RH_FAKE_IDENTITY
 unset CREDS
 unset X_RH_IDM_VERSION
 BASE_URL="http://localhost:8000/api/idmsvc/v1"
-./scripts/curl.sh -i "${BASE_URL}/openapi.json"
-
+"${REPOBASEDIR}/scripts/curl.sh" -i "${BASE_URL}/openapi.json"
diff --git a/test/scripts/local.inc b/test/scripts/local.inc
new file mode 100644
index 00000000..5a28ce01
--- /dev/null
+++ b/test/scripts/local.inc
@@ -0,0 +1,7 @@
+#
+# Include file with common parts shared for local and ephemeral
+#
+source "$(dirname "${BASH_SOURCE[0]}")/common.inc"
+
+# shellcheck disable=SC2034  # ignore unused variable
+BASE_URL="http://localhost:8000/api/idmsvc/v1"