From da824a9ed54b03a6b2cdfd246630790c09b1f68b Mon Sep 17 00:00:00 2001
From: Alejandro Visiedo <avisiedo@redhat.com>
Date: Thu, 21 Sep 2023 12:41:03 +0200
Subject: [PATCH] refactor: fixes and improves maintenance

When we register a domain, we need to specify the org_id for the generated
identity; the org_id we use here must match the org_id used when generating the
token or the operation will fail with sign mismatching; now a ORG_ID environment
variable is used, that by default will be 12345 for better experience, but its
value can be override from the CLI.

This change additionally remove duplicated code and keep the scripts cleaner.
Bear in mind that 'curl.sh' wrapper prepare the request depending on the
environment variables if moving additional variables to the common scripts.

- Allows to customize ORG_ID variable; it could be helpful when checking data
  isolation.
- Allows to customize X_RH_IDENTITY and X_RH_FAKE_IDENTITY; it could be helpful
  when checking identity enforcement.

Signed-off-by: Alejandro Visiedo <avisiedo@redhat.com>
---
 test/scripts/common.inc.sh             | 17 +++++++++++++++++
 test/scripts/ephe-domains-delete.sh    | 16 ++--------------
 test/scripts/ephe-domains-list.sh      |  9 ++-------
 test/scripts/ephe-domains-patch.sh     | 16 ++--------------
 test/scripts/ephe-domains-read.sh      | 15 ++-------------
 test/scripts/ephe-domains-register.sh  | 16 ++--------------
 test/scripts/ephe-domains-token.sh     |  8 ++------
 test/scripts/ephe-domains-update.sh    | 16 ++--------------
 test/scripts/ephe-hostconf.sh          | 16 +++-------------
 test/scripts/ephe-openapi.sh           |  6 +-----
 test/scripts/ephe.inc.sh               | 18 ++++++++++++++++++
 test/scripts/local-domains-delete.sh   | 12 ++----------
 test/scripts/local-domains-list.sh     |  5 ++---
 test/scripts/local-domains-patch.sh    | 13 ++-----------
 test/scripts/local-domains-populate.py |  4 ++--
 test/scripts/local-domains-read.sh     | 10 ++--------
 test/scripts/local-domains-register.sh | 12 ++----------
 test/scripts/local-domains-token.sh    |  4 ++--
 test/scripts/local-domains-update.sh   | 13 ++-----------
 test/scripts/local-hostconf.sh         | 10 ++--------
 test/scripts/local-openapi.sh          |  4 ++--
 test/scripts/local.inc.sh              |  7 +++++++
 22 files changed, 80 insertions(+), 167 deletions(-)
 create mode 100644 test/scripts/common.inc.sh
 create mode 100644 test/scripts/ephe.inc.sh
 create mode 100644 test/scripts/local.inc.sh

diff --git a/test/scripts/common.inc.sh b/test/scripts/common.inc.sh
new file mode 100644
index 000000000..d33f981f3
--- /dev/null
+++ b/test/scripts/common.inc.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# Include file with common parts shared for local and ephemeral
+#
+
+function error {
+    local err=$?
+    printf "ERROR: %s\n" "$*" >&2
+    exit $err
+}
+
+ORG_ID="${ORG_ID:-12345}"
+
+IDENTITY_USER="$( ./tools/bin/xrhidgen -org-id "${ORG_ID}" user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+[ "${IDENTITY_USER}" != "" ] || error "IDENTITY_USER got empty: check that you executed 'make install-tools'"
+IDENTITY_SYSTEM="$( ./tools/bin/xrhidgen -org-id "${ORG_ID}" system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+[ "${IDENTITY_SYSTEM}" != "" ] || error "IDENTITY_SYSTEM got empty: check that you executed 'make install-tools'"
diff --git a/test/scripts/ephe-domains-delete.sh b/test/scripts/ephe-domains-delete.sh
index 83ae108ac..3b0780ac3 100755
--- a/test/scripts/ephe-domains-delete.sh
+++ b/test/scripts/ephe-domains-delete.sh
@@ -1,24 +1,12 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+source "./test/scripts/ephe.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_USER}}"
 export X_RH_IDM_REGISTRATION_TOKEN="${TOKEN}"
 export X_RH_IDM_VERSION="$( base64 -w0 <<< '{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}' )"
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X DELETE "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-domains-list.sh b/test/scripts/ephe-domains-list.sh
index 2e387a6cc..3fda8796a 100755
--- a/test/scripts/ephe-domains-list.sh
+++ b/test/scripts/ephe-domains-list.sh
@@ -1,12 +1,7 @@
 #!/bin/bash
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+source "./test/scripts/ephe.inc.sh"
 
 unset X_RH_IDENTITY
-unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_USER}}"
 ./scripts/curl.sh -i "${BASE_URL}/domains"
-
diff --git a/test/scripts/ephe-domains-patch.sh b/test/scripts/ephe-domains-patch.sh
index d4ab3195e..0376b1fed 100755
--- a/test/scripts/ephe-domains-patch.sh
+++ b/test/scripts/ephe-domains-patch.sh
@@ -1,24 +1,12 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+source "./test/scripts/ephe.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_USER}}"
 unset X_RH_IDM_REGISTRATION_TOKEN
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PATCH -d @<( cat test/data/http/patch-rhel-idm-domain.json | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-domains-read.sh b/test/scripts/ephe-domains-read.sh
index e192c2392..0cbfec1a7 100755
--- a/test/scripts/ephe-domains-read.sh
+++ b/test/scripts/ephe-domains-read.sh
@@ -1,21 +1,10 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
+source "./test/scripts/ephe.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
-
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_USER}}"
 ./scripts/curl.sh -i "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-domains-register.sh b/test/scripts/ephe-domains-register.sh
index ad60a7442..57a3f72d3 100755
--- a/test/scripts/ephe-domains-register.sh
+++ b/test/scripts/ephe-domains-register.sh
@@ -1,24 +1,12 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# ephe-domains-token.sh
+source "./test/scripts/ephe.inc.sh"
 
 TOKEN="$1"
 [ "${TOKEN}" != "" ] || error "TOKEN is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_SYSTEM}}"
 export X_RH_IDM_REGISTRATION_TOKEN="${TOKEN}"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d @<( cat "test/data/http/register-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains"
diff --git a/test/scripts/ephe-domains-token.sh b/test/scripts/ephe-domains-token.sh
index 14a6a5be6..cca9d4d3a 100755
--- a/test/scripts/ephe-domains-token.sh
+++ b/test/scripts/ephe-domains-token.sh
@@ -1,11 +1,7 @@
 #!/bin/bash
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+source "./test/scripts/ephe.inc.sh"
 
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_USER}}"
 ./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"
diff --git a/test/scripts/ephe-domains-update.sh b/test/scripts/ephe-domains-update.sh
index 36f61feb9..8d82c5c16 100755
--- a/test/scripts/ephe-domains-update.sh
+++ b/test/scripts/ephe-domains-update.sh
@@ -1,24 +1,12 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make ephemeral-db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+source "./test/scripts/ephe.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_SYSTEM}}"
 unset X_RH_IDM_REGISTRATION_TOKEN
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PUT -d @<( cat test/data/http/update-rhel-idm-domain.json | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/ephe-hostconf.sh b/test/scripts/ephe-hostconf.sh
index 436daa6b5..105fad28b 100755
--- a/test/scripts/ephe-hostconf.sh
+++ b/test/scripts/ephe-hostconf.sh
@@ -1,23 +1,13 @@
 #!/bin/bash
 
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+source "./test/scripts/ephe.inc.sh"
 
 INVENTORY_ID=$"$1"
-FQDN="$2"
 [ "${INVENTORY_ID}" != "" ] || error "INVENTORY_ID is empty"
+FQDN="$2"
 [ "${FQDN}" != "" ] || error "FQDN is empty"
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
-
 unset X_RH_IDENTITY
-export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "3f35fc7f-079c-4940-92ed-9fdc8694a0f3" -cert-type system | base64 -w0 )"
+export X_RH_FAKE_IDENTITY="${X_RH_FAKE_IDENTITY:-${IDENTITY_SYSTEM}}"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"
diff --git a/test/scripts/ephe-openapi.sh b/test/scripts/ephe-openapi.sh
index b739bd36f..46883778c 100755
--- a/test/scripts/ephe-openapi.sh
+++ b/test/scripts/ephe-openapi.sh
@@ -1,11 +1,7 @@
 #!/bin/bash
 
-export NAMESPACE="$(oc project -q)"
-CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
-CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
-export CREDS
+source "./test/scripts/ephe.inc.sh"
 
 unset X_RH_IDENTITY
 unset X_RH_FAKE_IDENTITY
-BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/openapi.json"
diff --git a/test/scripts/ephe.inc.sh b/test/scripts/ephe.inc.sh
new file mode 100644
index 000000000..bb34e3578
--- /dev/null
+++ b/test/scripts/ephe.inc.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Include for common parts for ephemeral environment shared between all the scripts
+#
+# NOTE: Be aware that curl.sh wrapper set options based in the environment
+#       variables that has value when it is invoked, and set an environment
+#       variable could change the behave on how the request is formed.
+#
+# See: ./scripts/curl.sh
+#
+source "./test/scripts/common.inc.sh"
+
+export NAMESPACE="$(oc project -q)"
+CREDS="$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultUsername}' | base64 -d )"
+CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.defaultPassword}' | base64 -d )"
+export CREDS
+
+BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
diff --git a/test/scripts/local-domains-delete.sh b/test/scripts/local-domains-delete.sh
index b1e96d8dc..bc1970e75 100755
--- a/test/scripts/local-domains-delete.sh
+++ b/test/scripts/local-domains-delete.sh
@@ -1,19 +1,11 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
+source "./test/scripts/local.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_USER}}"
 unset CREDS
 export X_RH_IDM_REGISTRATION_TOKEN="$TOKEN"
 export X_RH_IDM_VERSION="$( base64 -w0 <<< '{"ipa-hcc": "0.7", "ipa": "4.10.0-8.el9_1"}' )"
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X DELETE "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-domains-list.sh b/test/scripts/local-domains-list.sh
index 397e7c675..425fc95a1 100755
--- a/test/scripts/local-domains-list.sh
+++ b/test/scripts/local-domains-list.sh
@@ -1,9 +1,8 @@
 #!/bin/bash
+source "./test/scripts/local.inc.sh"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_USER}}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
 unset X_RH_IDM_VERSION
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/domains"
-
diff --git a/test/scripts/local-domains-patch.sh b/test/scripts/local-domains-patch.sh
index 471dadd4d..2a9aff716 100755
--- a/test/scripts/local-domains-patch.sh
+++ b/test/scripts/local-domains-patch.sh
@@ -1,19 +1,10 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
-# make db-cli <<< "select token from ipas order by id desc limit 1;\\q"
+source "./test/scripts/local.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_USER}}"
 unset CREDS
 unset X_RH_IDM_REGISTRATION_TOKEN
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PATCH -d @<( cat "test/data/http/patch-rhel-idm-domain.json" | sed -e "s/{{createDomain.response.body.domain_id}}/${UUID}/g" ) "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-domains-populate.py b/test/scripts/local-domains-populate.py
index 2544ed0e1..4b5ff67ea 100755
--- a/test/scripts/local-domains-populate.py
+++ b/test/scripts/local-domains-populate.py
@@ -8,6 +8,7 @@
 import uuid
 import requests
 import json
+import os
 
 
 CONTENT_TYPE = "application/json"
@@ -18,7 +19,7 @@
 HEADER_X_RH_IDM_VERSION = "X-Rh-Idm-Version"
 HEADER_X_RH_IDM_REGISTRATION_TOKEN = "X-Rh-Idm-Registration-Token"
 
-DEFAULT_ORG_ID = "12345"
+DEFAULT_ORG_ID = os.environ.get("ORG_ID", "12345")
 
 class xrhidgen:
     """Wrapper to call ./tools/bin/xrhidgen binary and get a x-rh-identity header"""
@@ -51,7 +52,6 @@ def __call__(self, *args):
         if self.xrhidgen_type is None or self.xrhidgen_type == '':
             sys.exit("'xrhidgen_type' is None")
         options.append(self.xrhidgen_type)
-        # ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system
         options.extend(self.extra_args)
         options.extend(args)
         output = subprocess.check_output(options)
diff --git a/test/scripts/local-domains-read.sh b/test/scripts/local-domains-read.sh
index 073c28055..a7008a84a 100755
--- a/test/scripts/local-domains-read.sh
+++ b/test/scripts/local-domains-read.sh
@@ -1,16 +1,10 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+source "./test/scripts/local.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_USER}}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-domains-register.sh b/test/scripts/local-domains-register.sh
index ff780fbcd..553f4ea23 100755
--- a/test/scripts/local-domains-register.sh
+++ b/test/scripts/local-domains-register.sh
@@ -1,19 +1,11 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# local-domains-token.sh
+source "./test/scripts/local.inc.sh"
 
 TOKEN="$1"
 [ "${TOKEN}" != "" ] || error "TOKEN is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_SYSTEM}}"
 unset CREDS
 export X_RH_IDM_REGISTRATION_TOKEN="$TOKEN"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d @<( cat "test/data/http/register-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains"
diff --git a/test/scripts/local-domains-token.sh b/test/scripts/local-domains-token.sh
index 20b870c8d..cdda6350c 100755
--- a/test/scripts/local-domains-token.sh
+++ b/test/scripts/local-domains-token.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
+source "./test/scripts/local.inc.sh"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_USER}}"
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"
diff --git a/test/scripts/local-domains-update.sh b/test/scripts/local-domains-update.sh
index 322df682c..367188d73 100755
--- a/test/scripts/local-domains-update.sh
+++ b/test/scripts/local-domains-update.sh
@@ -1,20 +1,11 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$1" >&2
-    exit $err
-}
-
-# make db-cli <<< "select domain_uuid from domains order by id desc limit 1;\\q"
-# make db-cli <<< "select token from ipas order by id desc limit 1;\\q"
+source "./test/scripts/local.inc.sh"
 
 UUID="$1"
 [ "${UUID}" != "" ] || error "UUID is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_SYSTEM}}"
 unset CREDS
 unset X_RH_IDM_REGISTRATION_TOKEN
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X PUT -d @<( cat "test/data/http/update-rhel-idm-domain.json" | sed -e 's/{{subscription_manager_id}}/6f324116-b3d2-11ed-8a37-482ae3863d30/g' ) "${BASE_URL}/domains/${UUID}"
diff --git a/test/scripts/local-hostconf.sh b/test/scripts/local-hostconf.sh
index e7b7c4066..0a8e28412 100755
--- a/test/scripts/local-hostconf.sh
+++ b/test/scripts/local-hostconf.sh
@@ -1,19 +1,13 @@
 #!/bin/bash
-
-function error {
-    local err=$?
-    printf "%s\n" "$*" >&2
-    exit $err
-}
+source "./test/scripts/local.inc.sh"
 
 INVENTORY_ID=$"$1"
 FQDN="$2"
 [ "${INVENTORY_ID}" != "" ] || error "INVENTORY_ID is empty"
 [ "${FQDN}" != "" ] || error "FQDN is empty"
 
-export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "3f35fc7f-079c-4940-92ed-9fdc8694a0f3" -cert-type system | base64 -w0 )"
+export X_RH_IDENTITY="${X_RH_IDENTITY:-${IDENTITY_SYSTEM}}"
 export X_RH_IDM_VERSION='{"ipa-hcc": "0.9", "ipa": "4.10.0-8.el9_1", "os-release-id": "rhel", "os-release-version-id": "9.1"}'
 unset X_RH_FAKE_IDENTITY
 unset CREDS
-BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i -X POST -d '{}' "${BASE_URL}/host-conf/${INVENTORY_ID}/${FQDN}"
diff --git a/test/scripts/local-openapi.sh b/test/scripts/local-openapi.sh
index 30f3c34c1..b66fa37b4 100755
--- a/test/scripts/local-openapi.sh
+++ b/test/scripts/local-openapi.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
+source "./test/scripts/local.inc.sh"
 
-# export X_RH_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
+unset X_RH_IDENTITY
 unset X_RH_FAKE_IDENTITY
 unset CREDS
 unset X_RH_IDM_VERSION
 BASE_URL="http://localhost:8000/api/idmsvc/v1"
 ./scripts/curl.sh -i "${BASE_URL}/openapi.json"
-
diff --git a/test/scripts/local.inc.sh b/test/scripts/local.inc.sh
new file mode 100644
index 000000000..fec172b43
--- /dev/null
+++ b/test/scripts/local.inc.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+#
+# Include file with common parts shared for local and ephemeral
+#
+source "./test/scripts/common.inc.sh"
+
+BASE_URL="http://localhost:8000/api/idmsvc/v1"