def initialize_os_setup(env):
""" Seed the OS setup with all operational data - users and devices.
Return {"os_devs": [...], "os_users": [...]}
"""
uadmm = ApiClient(useradm.URL_MGMT, host=env.get_mender_gateway())
dauthd = ApiClient(deviceauth.URL_DEVICES, host=env.get_mender_gateway())
dauthm = ApiClient(deviceauth.URL_MGMT, host=env.get_mender_gateway())
users = [
create_user("*****@*****.**", "correcthorse", containers_namespace=env.name),
create_user("*****@*****.**", "correcthorse", containers_namespace=env.name),
]
r = uadmm.call("POST", useradm.URL_LOGIN, auth=(users[0].name, users[0].pwd))
assert r.status_code == 200
utoken = r.text
# create and accept some devs; save tokens
devs = []
for _ in range(10):
devs.append(make_accepted_device(dauthd, dauthm, utoken))
# get tokens for all
for d in devs:
body, sighdr = deviceauth.auth_req(
d.id_data, d.authsets[0].pubkey, d.authsets[0].privkey
)
r = dauthd.call("POST", deviceauth.URL_AUTH_REQS, body, headers=sighdr)
assert r.status_code == 200
d.token = r.text
return {"os_devs": devs, "os_users": users}
def get_tenant_username_and_password(self, plan):
_ = plan
uuidv4 = str(uuid.uuid4())
username, password = (
"some.user+" + uuidv4 + "@example.com",
"secretsecret",
)
create_user(username, password)
return None, username, password
def tenant_users(clean_migrated_mongo):
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"some.user+" + uuidv4 + "@example.com",
"secretsecret",
)
tenant = create_org(tenant, username, password, "enterprise")
user = create_user("foo+" + uuidv4 + "@user.com",
"correcthorsebatterystaple",
tid=tenant.id)
tenant.users.append(user)
update_tenant(tenant.id, addons=["troubleshoot"])
for u in tenant.users:
r = ApiClient(useradm.URL_MGMT).call("POST",
useradm.URL_LOGIN,
auth=(u.name, u.pwd))
assert r.status_code == 200
assert r.text is not None
assert r.text != ""
u.token = r.text
yield tenant
def test_deploy_to_group(self, clean_mongo, test_case):
"""
Tests adding group restrinction to roles and checking that users
are not allowed to deploy to devices outside the restricted
groups.
"""
dplmnt_MGMT = ApiClient(deployments.URL_MGMT)
i = 0
self.logger.info("RUN: %s", test_case["name"])
tenant = create_org("org%d" % i,
"*****@*****.**" % i,
"password",
plan="enterprise")
test_user = create_user(tid=tenant.id, **test_case["user"])
tenant.users.append(test_user)
login_tenant_users(tenant)
# Initialize tenant's devices
grouped_devices = setup_tenant_devices(tenant,
test_case["device_groups"])
# Add user to deployment group
role = UserRole("RBAC_DEVGRP", test_case["permissions"])
add_user_to_role(test_user, tenant, role)
# Upload a bogus artifact
artifact = Artifact("tester", ["qemux86-64"], payload="bogus")
rsp = dplmnt_MGMT.with_auth(test_user.token).call(
"POST",
deployments.URL_DEPLOYMENTS_ARTIFACTS,
files=((
"artifact",
(
"artifact.mender",
artifact.make(),
"application/octet-stream",
),
), ),
)
assert rsp.status_code == 201, rsp.text
# Attempt to create deployment with test user
devices = []
for group in test_case["deploy_groups"]:
for device in grouped_devices[group]:
devices.append(device.id)
rsp = dplmnt_MGMT.with_auth(test_user.token).call(
"POST",
deployments.URL_DEPLOYMENTS,
body={
"artifact_name": "tester",
"name": "dplmnt",
"devices": devices
},
)
assert rsp.status_code == test_case["status_code"], rsp.text
self.logger.info("PASS: %s" % test_case["name"])
def initialize_os_setup():
""" Seed the OS setup with all operational data - users and devices.
Return {"os_devs": [...], "os_users": [...]}
"""
uadmm = ApiClient('https://{}/api/management/v1/useradm'.format(
get_mender_gateway()))
dauthd = ApiClient('https://{}/api/devices/v1/authentication'.format(
get_mender_gateway()))
dauthm = ApiClient('https://{}/api/management/v2/devauth'.format(
get_mender_gateway()))
users = [
create_user("*****@*****.**",
"correcthorse",
docker_prefix=docker_compose_instance),
create_user("*****@*****.**",
"correcthorse",
docker_prefix=docker_compose_instance)
]
r = uadmm.call('POST',
useradm.URL_LOGIN,
auth=(users[0].name, users[0].pwd))
assert r.status_code == 200
utoken = r.text
# create and accept some devs; save tokens
devs = []
for i in range(10):
devs.append(make_accepted_device(dauthd, dauthm, utoken))
# get tokens for all
for d in devs:
body, sighdr = deviceauth_v1.auth_req(d.id_data, d.authsets[0].pubkey,
d.authsets[0].privkey)
r = dauthd.call('POST',
deviceauth_v1.URL_AUTH_REQS,
body,
headers=sighdr)
assert r.status_code == 200
d.token = r.text
return {"os_devs": devs, "os_users": users}
def test_deploy_to_devices(self, clean_mongo, test_case):
"""
Tests adding group restrinction to roles and checking that users
are not allowed to deploy to devices by providing list of device IDs.
The only exception is single device deployment.
"""
self.logger.info("RUN: %s", test_case["name"])
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"some.user+" + uuidv4 + "@example.com",
"secretsecret",
)
tenant = create_org(tenant, username, password, "enterprise")
test_case["user"]["name"] = test_case["user"]["name"].replace("UUID", uuidv4)
test_user = create_user(tid=tenant.id, **test_case["user"])
tenant.users.append(test_user)
login_tenant_users(tenant)
# Initialize tenant's devices
grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"])
# Add user to deployment group
role = UserRole("RBAC_DEVGRP", test_case["permissions"])
add_user_to_role(test_user, tenant, role)
# Upload a bogus artifact
artifact = Artifact("tester", ["qemux86-64"], payload="bogus")
dplmnt_MGMT = ApiClient(deployments.URL_MGMT)
rsp = dplmnt_MGMT.with_auth(test_user.token).call(
"POST",
deployments.URL_DEPLOYMENTS_ARTIFACTS,
files=(
(
"artifact",
("artifact.mender", artifact.make(), "application/octet-stream"),
),
),
)
assert rsp.status_code == 201, rsp.text
# Attempt to create deployment with test user
devices = []
for group in test_case["deploy_groups"]:
for device in grouped_devices[group]:
devices.append(device.id)
rsp = dplmnt_MGMT.with_auth(test_user.token).call(
"POST",
deployments.URL_DEPLOYMENTS,
body={"artifact_name": "tester", "name": "dplmnt", "devices": devices},
)
assert rsp.status_code == test_case["status_code"], rsp.text
self.logger.info("PASS: %s" % test_case["name"])
def test_set_and_deploy_configuration(self, clean_mongo, test_case):
"""
Tests adding group restrinction to roles and checking that users
are not allowed to set and deploy configuration to devices outside the restricted
groups.
"""
self.logger.info("RUN: %s", test_case["name"])
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"some.user+" + uuidv4 + "@example.com",
"secretsecret",
)
tenant = create_org(tenant, username, password, "enterprise")
update_tenant(tenant.id, addons=["configure"])
test_case["user"]["name"] = test_case["user"]["name"].replace(
"UUID", uuidv4)
test_user = create_user(tid=tenant.id, **test_case["user"])
tenant.users.append(test_user)
login_tenant_users(tenant)
# Initialize tenant's devices
grouped_devices = setup_tenant_devices(tenant,
test_case["device_groups"])
# Add user to deployment group
role = UserRole("RBAC_DEVGRP", test_case["permissions"])
add_user_to_role(test_user, tenant, role)
deviceconf_MGMT = ApiClient(deviceconfig.URL_MGMT)
device_id = grouped_devices[test_case["deploy_group"]][0].id
# Attempt to set configuration
rsp = deviceconf_MGMT.with_auth(test_user.token).call(
"PUT",
deviceconfig.URL_MGMT_DEVICE_CONFIGURATION.format(id=device_id),
body={"foo": "bar"},
)
assert rsp.status_code == test_case[
"set_configuration_status_code"], rsp.text
# Attempt to deploy the configuration
rsp = deviceconf_MGMT.with_auth(test_user.token).call(
"POST",
deviceconfig.URL_MGMT_DEVICE_CONFIGURATION_DEPLOY.format(
id=device_id),
body={"retries": 0},
)
assert (rsp.status_code ==
test_case["deploy_configuration_status_code"]), rsp.text
self.logger.info("PASS: %s" % test_case["name"])
def tenants_users(clean_migrated_mongo):
tenants = []
cli = CliTenantadm()
api = ApiClient(tenantadm.URL_INTERNAL)
for n in ["tenant1", "tenant2"]:
username = "******" # user[12]@tenant[12].com
password = "******"
# Create tenant with two users
tenant = create_org(n, username % (1, n), "123password", plan="enterprise")
tenant.users.append(create_user(username % (2, n), password, tenant.id))
tenants.append(tenant)
yield tenants
def test_get_emails_by_group(self, clean_mongo, test_case):
"""
Tests endpoint for retrieving list of users emails with access
to devices from given group.
"""
self.logger.info("RUN: %s", test_case["name"])
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"admin+" + uuidv4 + "@example.com",
"secretsecret",
)
tenant = create_org(tenant, username, password, "enterprise")
for i in range(len(test_case["users"])):
test_case["users"][i]["name"] = test_case["users"][i][
"name"].replace("UUID", uuidv4)
test_user = create_user(
test_case["users"][i]["name"],
test_case["users"][i]["pwd"],
tid=tenant.id,
roles=test_case["users"][i]["roles"],
)
tenant.users.append(test_user)
# Initialize tenant's devices
grouped_devices = setup_tenant_devices(tenant,
test_case["device_groups"])
device_id = grouped_devices[test_case["device_group"]][0].id
useradm_INT = ApiClient(useradm.URL_INTERNAL,
host=useradm.HOST,
schema="http://")
rsp = useradm_INT.call(
"GET",
useradm.URL_EMAILS,
path_params={
"tenant_id": tenant.id,
"device_id": device_id
},
)
assert rsp.status_code == test_case["status_code"], rsp.text
emails = rsp.json()["emails"]
assert len(emails) == test_case["emails_count"] + 1
for email in emails:
assert email.startswith(
test_case["emails_prefix"]) or email.startswith("admin")
def tenants_users(clean_migrated_mongo):
tenants = []
for _ in range(2):
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"ci.email.tests+" + uuidv4 + "@mender.io",
"secretsecret",
)
# Create tenant with two users
tenant = create_org(tenant, username, password, "enterprise")
tenant.users.append(
create_user("ci.email.tests+" + uuidv4 + "*****@*****.**",
password, tenant.id))
tenants.append(tenant)
yield tenants
def tenants_users(clean_migrated_mongo):
tenants = []
for n in range(2):
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"some.user+" + uuidv4 + "@foo.com",
"secretsecret",
)
# Create tenant with two users
tenant = create_org(tenant, username, password, "enterprise")
tenant.users.append(
create_user("some.other.user+" + uuidv4 + "@foo.com", password,
tenant.id))
tenants.append(tenant)
yield tenants
def setup_os_compat(request):
env = container_factory.get_compatibility_setup()
request.addfinalizer(env.teardown)
env.setup()
env.user = create_user(
"*****@*****.**", "correcthorse", containers_namespace=env.name
)
env.populate_clients()
clients = env.get_mender_clients()
assert len(clients) > 0, "Failed to setup clients"
env.devices = []
for client in clients:
dev = MenderDevice(client)
dev.ssh_is_opened()
env.devices.append(dev)
return env
def azure_user(clean_mongo) -> Optional[User]:
"""Create Mender user and create an Azure IoT Hub integration in iot-manager using the connection string."""
api_azure = ApiClient(base_url=iot.URL_MGMT)
uuidv4 = str(uuid.uuid4())
try:
tenant = create_org(
"test.mender.io-" + uuidv4,
f"user+{uuidv4}@example.com",
"password123",
)
user = tenant.users[0]
user.tenant = tenant
except RuntimeError: # If open-source
user = create_user(f"user+{uuidv4}@example.com", "password123")
# Authorize
rsp = ApiClient(useradm.URL_MGMT).call("POST",
useradm.URL_LOGIN,
auth=(user.name, user.pwd))
assert rsp.status_code == 200
user.token = rsp.text
connection_string = get_connection_string()
integration = {
"provider": "iot-hub",
"credentials": {
"connection_string": connection_string,
"type": "sas"
},
}
# create the integration in iot-manager
rsp = api_azure.with_auth(user.token).call("POST",
iot.URL_INTEGRATIONS,
body=integration)
assert rsp.status_code == 201
yield user
def user(clean_migrated_mongo):
yield create_user('*****@*****.**', 'correcthorse')
def test_create_artifact(self, mongo, clean_mongo):
uuidv4 = str(uuid.uuid4())
username, password = ("some.user+" + uuidv4 + "@example.com",
"secretsecret")
create_user(username, password)
self.run_create_artifact_test(username, password)
def user(clean_mongo):
yield create_user("*****@*****.**", "correcthorse")
def test_create_artifact(self, mongo, clean_mongo):
username, password = "******", "secretsecret"
create_user(username, password)
self.run_create_artifact_test(username, password)
