def connected_device(env): uuidv4 = str(uuid.uuid4()) tname = "test.mender.io-{}".format(uuidv4) email = "some.user+{}@example.com".format(uuidv4) u = User("", email, "whatsupdoc") cli = CliTenantadm(containers_namespace=env.name) tid = cli.create_org(tname, u.name, u.pwd, plan="enterprise") update_tenant( tid, addons=["troubleshoot"], container_manager=get_container_manager(), ) tenant = cli.get_tenant(tid) tenant = json.loads(tenant) ttoken = tenant["tenant_token"] auth = Authentication(name="enterprise-tenant", username=u.name, password=u.pwd) auth.create_org = False auth.reset_auth_token() devauth = DeviceAuthV2(auth) env.new_tenant_client("mender-client", ttoken) device = MenderDevice(env.get_mender_clients()[0]) devauth.accept_devices(1) devices = devauth.get_devices_status("accepted") assert 1 == len(devices) wait_for_connect(auth, devices[0]["id"]) devconn = DeviceConnect(auth, devauth) return device, devconn
def tenant_users(clean_migrated_mongo): uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") user = create_user("foo+" + uuidv4 + "@user.com", "correcthorsebatterystaple", tid=tenant.id) tenant.users.append(user) update_tenant(tenant.id, addons=["troubleshoot"]) for u in tenant.users: r = ApiClient(useradm.URL_MGMT).call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200 assert r.text is not None assert r.text != "" u.token = r.text yield tenant
def test_set_and_deploy_configuration(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to set and deploy configuration to devices outside the restricted groups. """ self.logger.info("RUN: %s", test_case["name"]) uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") update_tenant(tenant.id, addons=["configure"]) test_case["user"]["name"] = test_case["user"]["name"].replace( "UUID", uuidv4) test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) deviceconf_MGMT = ApiClient(deviceconfig.URL_MGMT) device_id = grouped_devices[test_case["deploy_group"]][0].id # Attempt to set configuration rsp = deviceconf_MGMT.with_auth(test_user.token).call( "PUT", deviceconfig.URL_MGMT_DEVICE_CONFIGURATION.format(id=device_id), body={"foo": "bar"}, ) assert rsp.status_code == test_case[ "set_configuration_status_code"], rsp.text # Attempt to deploy the configuration rsp = deviceconf_MGMT.with_auth(test_user.token).call( "POST", deviceconfig.URL_MGMT_DEVICE_CONFIGURATION_DEPLOY.format( id=device_id), body={"retries": 0}, ) assert (rsp.status_code == test_case["deploy_configuration_status_code"]), rsp.text self.logger.info("PASS: %s" % test_case["name"])
def _make_tenant(self, plan, env): tname = "tenant-{}".format(plan) email = "user@{}.com".format(tname) cli = CliTenantadm(containers_namespace=env.name) tid = cli.create_org(tname, email, "correcthorse", plan) tenant = cli.get_tenant(tid) tenant = json.loads(tenant) ttoken = tenant["tenant_token"] # the cli now sets all addons to 'enabled' - # disable them for initial 'all disabled' state update_tenant( tenant["id"], addons=[], container_manager=get_container_manager(), ) auth = Authentication(name=tname, username=email, password="******") auth.create_org = False auth.reset_auth_token() devauth = DeviceAuthV2(auth) env.new_tenant_client("test-container-{}".format(plan), ttoken) device = MenderDevice(env.get_mender_clients()[0]) devauth.accept_devices(1) devices = list( set([ device["id"] for device in devauth.get_devices_status("accepted") ])) assert 1 == len(devices) tenant = Tenant(tname, tid, ttoken) u = User("", email, "correcthorse") tenant.users.append(u) tenant.device = device tenant.device_id = devices[0] tenant.auth = auth tenant.devauth = devauth return tenant
def test_filetransfer(self, enterprise_no_client): u = User("", "*****@*****.**", "whatsupdoc") cli = CliTenantadm(containers_namespace=enterprise_no_client.name) tid = cli.create_org("os-tenant", u.name, u.pwd, plan="os") # FT requires "troubleshoot" update_tenant( tid, addons=["troubleshoot"], container_manager=get_container_manager(), ) tenant = cli.get_tenant(tid) tenant = json.loads(tenant) auth = authentication.Authentication(name="os-tenant", username=u.name, password=u.pwd) auth.create_org = False auth.reset_auth_token() devauth_tenant = DeviceAuthV2(auth) enterprise_no_client.new_tenant_client("configuration-test-container", tenant["tenant_token"]) mender_device = MenderDevice( enterprise_no_client.get_mender_clients()[0]) mender_device.ssh_is_opened() devauth_tenant.accept_devices(1) devices = list( set([ device["id"] for device in devauth_tenant.get_devices_status("accepted") ])) assert 1 == len(devices) wait_for_connect(auth, devices[0]) authtoken = auth.get_auth_token() super().test_filetransfer(devices[0], authtoken, content_assertion="ServerURL")
def prepare_env_for_connect(env): uuidv4 = str(uuid.uuid4()) tname = "test.mender.io-{}".format(uuidv4) email = "some.user+{}@example.com".format(uuidv4) u = User("", email, "whatsupdoc") cli = CliTenantadm(containers_namespace=env.name) tid = cli.create_org(tname, u.name, u.pwd, plan="os") # FT requires "troubleshoot" update_tenant( tid, addons=["troubleshoot"], container_manager=get_container_manager(), ) tenant = cli.get_tenant(tid) tenant = json.loads(tenant) env.tenant = tenant auth = authentication.Authentication(name="os-tenant", username=u.name, password=u.pwd) auth.create_org = False auth.reset_auth_token() devauth_tenant = DeviceAuthV2(auth) mender_device = new_tenant_client(env, "mender-client", tenant["tenant_token"]) mender_device.ssh_is_opened() devauth_tenant.accept_devices(1) devices = devauth_tenant.get_devices_status("accepted") assert 1 == len(devices) devid = devices[0]["id"] authtoken = auth.get_auth_token() wait_for_connect(auth, devid) return devid, authtoken, auth, mender_device
def connected_device(self, env): u = User("", "*****@*****.**", "whatsupdoc") cli = CliTenantadm(containers_namespace=env.name) tid = cli.create_org("enterprise-tenant", u.name, u.pwd, "enterprise") update_tenant( tid, addons=["troubleshoot"], container_manager=get_container_manager(), ) tenant = cli.get_tenant(tid) tenant = json.loads(tenant) ttoken = tenant["tenant_token"] auth = Authentication(name="enterprise-tenant", username=u.name, password=u.pwd) auth.create_org = False auth.reset_auth_token() devauth = DeviceAuthV2(auth) env.new_tenant_client("configuration-test-container", ttoken) device = MenderDevice(env.get_mender_clients()[0]) devauth.accept_devices(1) devices = list( set([ device["id"] for device in devauth.get_devices_status("accepted") ])) assert 1 == len(devices) wait_for_connect(auth, devices[0]) devconn = DeviceConnect(auth, devauth) return device, devconn
def test_configuration(self, enterprise_no_client): """Tests the deployment and reporting of the configuration The tests set the configuration of a device and verifies the new configuration is reported back to the back-end. """ env = enterprise_no_client # Create an enterprise plan tenant u = User("", "*****@*****.**", "whatsupdoc") cli = CliTenantadm(containers_namespace=env.name) tid = cli.create_org("enterprise-tenant", u.name, u.pwd, plan="enterprise") # what we really need is "configure" # but for trigger tests we're also checking device avail. in "deviceconnect" # so add "troubleshoot" as well update_tenant( tid, addons=["configure", "troubleshoot"], container_manager=get_container_manager(), ) tenant = cli.get_tenant(tid) tenant = json.loads(tenant) ttoken = tenant["tenant_token"] logger.info(f"tenant json: {tenant}") tenant = Tenant("tenant", tid, ttoken) tenant.users.append(u) # And authorize the user to the tenant account auth = Authentication(name="enterprise-tenant", username=u.name, password=u.pwd) auth.create_org = False auth.reset_auth_token() devauth_tenant = DeviceAuthV2(auth) # Add a client to the tenant enterprise_no_client.new_tenant_client("configuration-test-container", tenant.tenant_token) mender_device = MenderDevice( enterprise_no_client.get_mender_clients()[0]) mender_device.ssh_is_opened() enterprise_no_client.device = mender_device devauth_tenant.accept_devices(1) # list of devices devices = list( set([ device["id"] for device in devauth_tenant.get_devices_status("accepted") ])) assert 1 == len(devices) wait_for_connect(auth, devices[0]) # set and verify the device's configuration # retry to skip possible race conditions between update poll and update trigger for _ in redo.retrier(attempts=3, sleeptime=1): set_and_verify_config({"key": "value"}, devices[0], auth.get_auth_token()) forced = was_update_forced(mender_device) if forced: return assert False, "the update check was never triggered"
def test_upgrades(self, docker_env): """Test that plan/addon upgrades take effect on feature availability. Special case is the trial tenant upgrade to a paid plan. """ tenant = docker_env.tenants["os"] # add troubleshoot update_tenant( tenant.id, addons=["troubleshoot"], container_manager=get_container_manager(), ) tenant.auth.reset_auth_token() wait_for_connect(tenant.auth, tenant.device_id) self.check_access_remote_term(tenant.auth, tenant.device_id) self.check_access_file_transfer(tenant.auth, tenant.device_id) self.check_access_auditlogs(tenant.auth, forbid=True) self.check_access_sessionlogs(tenant.auth, forbid=True) self.check_access_deviceconfig( tenant.auth, tenant.device_id, forbid=True, ) # self.check_access_rbac(tenant.auth, forbid=True) # add configure update_tenant( tenant.id, addons=["troubleshoot", "configure"], container_manager=get_container_manager(), ) tenant.auth.reset_auth_token() wait_for_connect(tenant.auth, tenant.device_id) self.check_access_remote_term(tenant.auth, tenant.device_id) self.check_access_file_transfer(tenant.auth, tenant.device_id) self.check_access_deviceconfig(tenant.auth, tenant.device_id) self.check_access_auditlogs(tenant.auth, forbid=True) self.check_access_sessionlogs(tenant.auth, forbid=True) # self.check_access_rbac(tenant.auth, forbid=True) # upgrade to "enterprise" - makes audit, session logs and rbac available update_tenant( tenant.id, plan="enterprise", container_manager=get_container_manager(), ) tenant.auth.reset_auth_token() wait_for_connect(tenant.auth, tenant.device_id) self.check_access_remote_term(tenant.auth, tenant.device_id) self.check_access_file_transfer(tenant.auth, tenant.device_id) self.check_access_deviceconfig(tenant.auth, tenant.device_id) self.check_access_auditlogs(tenant.auth) self.check_access_sessionlogs(tenant.auth) self.check_access_rbac(tenant.auth) # upgrade trial tenant - straight to enterprise tenant = docker_env.tenants["trial"] tadmm = ApiClient( host=get_container_manager().get_mender_gateway(), base_url=tenantadm_v2.URL_MGMT, ) res = tadmm.call( "POST", tenantadm_v2.URL_TENANT_UPGRADE_START, path_params={"id": tenant.id}, headers=tenant.auth.get_auth_token(), ) assert res.status_code == 200 res = res.json() stripeutils.confirm("pm_card_visa", res["intent_id"]) body = { "plan": "enterprise", } res = tadmm.call( "POST", tenantadm_v2.URL_TENANT_UPGRADE_COMPLETE, path_params={"id": tenant.id}, body=body, headers=tenant.auth.get_auth_token(), ) assert res.status_code == 202 update_tenant( tenant.id, addons=["troubleshoot", "configure"], container_manager=get_container_manager(), ) tenant.auth.reset_auth_token() wait_for_connect(tenant.auth, tenant.device_id) self.check_access_remote_term(tenant.auth, tenant.device_id) self.check_access_file_transfer(tenant.auth, tenant.device_id) self.check_access_deviceconfig(tenant.auth, tenant.device_id) self.check_access_auditlogs(tenant.auth) self.check_access_sessionlogs(tenant.auth) self.check_access_rbac(tenant.auth)