def test_multi_tenancy_deployment(self):
        """ Simply make sure we are able to run the multi tenancy setup and
           bootstrap 2 different devices to different tenants """

        auth.reset_auth_token()

        users = [
            {
                "email": "*****@*****.**",
                "password": "******",
                "username": "******",
                "container": "mender-client-deployment-1",
                "fail": False
            },
            {
                "email": "*****@*****.**",
                "password": "******",
                "username": "******",
                "container": "mender-client-deployment-2",
                "fail": True
            }
        ]

        for user in users:
            auth.new_tenant(user["username"], user["email"], user["password"])
            t = auth.current_tenant["tenant_token"]
            new_tenant_client(user["container"], t)
            auth_v2.accept_devices(1)

        for user in users:
            auth.new_tenant(user["username"], user["email"], user["password"])

            assert len(inv.get_devices()) == 1
            self.perform_update(mender_client_container=user["container"],
                                fail=user["fail"])
    def test_multi_tenancy_deployment_aborting(self):
        """ Simply make sure we are able to run the multi tenancy setup and
           bootstrap 2 different devices to different tenants """

        auth.reset_auth_token()

        users = [
            {
                "email": "*****@*****.**",
                "password": "******",
                "username": "******",
                "container": "mender-client-deployment-aborting-1",
            }
        ]

        for user in users:
            auth.new_tenant(user["username"], user["email"], user["password"])
            t = auth.current_tenant["tenant_token"]
            new_tenant_client(user["container"], t)
            auth_v2.accept_devices(1)

        for user in users:
            deployment_id, _ = common_update_procedure(install_image=conftest.get_valid_image())
            deploy.abort(deployment_id)
            deploy.check_expected_statistics(deployment_id, "aborted", 1)

            execute(self.mender_log_contains_aborted_string,
                    hosts=get_mender_client_by_container_name(user["container"]))
Example #3
0
def setup_set_client_number_bootstrapped(clients):
    docker_compose_cmd("scale mender-client=%d" % clients)
    ssh_is_opened()

    auth.reset_auth_token()
    auth_v2.accept_devices(clients)

    set_setup_type(None)
Example #4
0
def standard_setup_with_signed_artifact_client(request):
    stop_docker_compose()
    reset_mender_api()

    docker_compose_cmd("-f ../extra/signed-artifact-client-testing/docker-compose.signed-client.yml up -d")

    ssh_is_opened()
    auth.reset_auth_token()
    auth_v2.accept_devices(1)
    set_setup_type(ST_SignedClient)
    def test_clients_exclusive_to_user(self):
        users = [
            {
              "email": "*****@*****.**",
              "password": "******",
              "username": "******",
              "container": "mender-client-exclusive-1",
              "client_id": "",
              "device_id": ""
            },
            {
               "email": "*****@*****.**",
               "password": "******",
               "username": "******",
               "container": "mender-client-exclusive-2",
               "client_id": "",
               "device_id": ""
            }
        ]

        for user in users:
            auth.set_tenant(user["username"], user["email"], user["password"])

            t = auth.current_tenant["tenant_token"]
            new_tenant_client(user["container"], t)
            auth_v2.accept_devices(1)

            # get the new devices client_id and setting it to the our test parameter
            assert len(inv.get_devices()) == 1
            user["client_id"] = inv.get_devices()[0]["id"]
            user["device_id"] = auth_v2.get_devices()[0]["id"]

        for user in users:
            # make sure that the correct number of clients appear for the given tenant
            auth.set_tenant(user["username"], user["email"], user["password"])
            assert len(inv.get_devices()) == 1
            assert inv.get_devices()[0]["id"] == user["client_id"]

        for user in users:
            # wait until inventory is populated
            auth.set_tenant(user["username"], user["email"], user["password"])
            auth_v2.decommission(user["client_id"])
            timeout = time.time() + (60 * 5)
            device_id = user["device_id"]
            while time.time() < timeout:
                    newAdmissions = auth_v2.get_devices()[0]
                    if device_id != newAdmissions["id"] \
                       and user["client_id"] != newAdmissions["id"]:
                        logger.info("device [%s] not found in inventory [%s]" % (device_id, str(newAdmissions)))
                        break
                    else:
                        logger.info("device [%s] found in inventory..." % (device_id))
                    time.sleep(.5)
            else:
                assert False, "decommissioned device still available in inventory"
    def test_multi_tenancy_deployment_s3(self):

        def verify_object_id_and_tagging():
            from boto3 import client

            tenant = auth.get_tenant_id()
            conn = client('s3')

            artifacts = deploy.get_artifacts()
            assert len(artifacts) == 1

            artifact_id = artifacts[0]["id"]

            # verify object ID of proper MT format
            for key in conn.list_objects(Bucket='mender-artifacts-int-testing-us')['Contents']:
                if key['Key'].startswith(tenant):
                    expectedObject = "%s/%s" % (tenant, artifact_id)
                    assert key['Key'] == expectedObject

            # verify tagging is working
            tags = conn.get_object_tagging(Bucket='mender-artifacts-int-testing-us', Key=expectedObject)["TagSet"][0]
            assert tags["Value"] == tenant
            assert tags["Key"] == "tenant_id"

            # Delete artifact and make sure it's really gone
            conn.delete_object(Bucket="mender-artifacts-int-testing-us",
                               Key=expectedObject)

            deploy.delete_artifact(artifact_id)

            conn.list_objects(Bucket='mender-artifacts-int-testing-us')

            for key in conn.list_objects(Bucket='mender-artifacts-int-testing-us').get('Contents', []):
                if key['Key'].startswith(tenant):
                    pytest.fail("failed to delete artifact from s3")

        auth.reset_auth_token()

        users = [
            {
                "email": "*****@*****.**",
                "password": "******",
                "username": "******",
                "container": "mender-client-mt-s3",
            }
        ]

        for user in users:
            auth.new_tenant(user["username"], user["email"], user["password"])
            t = auth.current_tenant["tenant_token"]
            new_tenant_client(user["container"], t)
            auth_v2.accept_devices(1)
            self.perform_update(mender_client_container=user["container"])
            verify_object_id_and_tagging()
Example #7
0
def standard_setup_with_short_lived_token():
    stop_docker_compose()
    reset_mender_api()

    docker_compose_cmd("-f ../docker-compose.yml \
                        -f ../docker-compose.client.yml \
                        -f ../docker-compose.storage.minio.yml  \
                        -f ../docker-compose.testing.yml \
                        -f ../extra/expired-token-testing/docker-compose.short-token.yml up -d",
                        use_common_files=False)

    ssh_is_opened()
    auth.reset_auth_token()
    auth_v2.accept_devices(1)
    set_setup_type(ST_ShortLivedAuthToken)
Example #8
0
def standard_setup_one_client_bootstrapped_with_s3():
    stop_docker_compose()
    reset_mender_api()

    docker_compose_cmd("-f ../docker-compose.yml \
                        -f ../docker-compose.client.yml \
                        -f ../docker-compose.testing.yml \
                        -f ../docker-compose.storage.minio.yml \
                        -f ../docker-compose.storage.s3.yml up -d",
                        use_common_files=False)

    docker_compose_cmd("logs -f &")
    ssh_is_opened()

    auth.reset_auth_token()
    auth_v2.accept_devices(1)

    set_setup_type(ST_OneClientsBootstrapped_AWS_S3)
    def test_reject_bootstrap(self):
        """Make sure a rejected device does not perform an upgrade, and that it gets it's auth token removed"""
        if not env.host_string:
            execute(self.test_reject_bootstrap, hosts=get_mender_clients())
            return

        # iterate over devices and reject them
        for device in auth_v2.get_devices():
            auth_v2.set_device_auth_set_status(device["id"], device["auth_sets"][0]["id"], "rejected")
            logging.info("Rejecting DeviceID: %s" % device["id"])

        auth_v2.check_expected_status("rejected", len(get_mender_clients()))

        with Helpers.RebootDetector() as reboot:
            try:
                deployment_id, _ = common_update_procedure(install_image=conftest.get_valid_image())
            except AssertionError:
                logging.info("Failed to deploy upgrade to rejected device.")
                reboot.verify_reboot_not_performed()

            else:
                # use assert to fail, so we can get backend logs
                pytest.fail("no error while trying to deploy to rejected device")
                return

        finished = False
        # wait until auththoken is removed from file
        for _ in range(10):
            with settings(abort_exception=Exception):
                try:
                    run("journalctl -u mender -l -n 3 | grep -q 'authentication request rejected'")
                except:
                    time.sleep(30)
                else:
                    finished = True
                    break

        auth_v2.accept_devices(1)

        if not finished:
            pytest.fail("failed to remove authtoken from mender-store file")
Example #10
0
def setup_failover():
    """
    Setup with two servers and one client.
    First server (A) behaves as usual, whereas the second server (B) should
    not expect any clients. Client is initially set up against server A.
    In docker all microservices for B has a suffix "-2"
    """
    stop_docker_compose()
    reset_mender_api()

    docker_compose_cmd("-f ../docker-compose.yml \
                        -f ../docker-compose.client.yml \
                        -f ../docker-compose.storage.minio.yml  \
                        -f ../docker-compose.testing.yml \
                        -f ../extra/failover-testing/docker-compose.failover-server.yml up -d",
                        use_common_files=False)

    ssh_is_opened()
    auth.reset_auth_token()
    auth_v2.accept_devices(1)
    set_setup_type(ST_Failover)
Example #11
0
def standard_setup_two_clients_bootstrapped():
    restart_docker_compose(2)
    reset_mender_api()
    auth_v2.accept_devices(2)

    set_setup_type(ST_TwoClientsBootstrapped)
Example #12
0
def standard_setup_one_client_bootstrapped():
    restart_docker_compose()
    reset_mender_api()
    auth_v2.accept_devices(1)

    set_setup_type(ST_OneClientBootstrapped)