def test_fail_no_upgrade(self, api_client_int, clean_db, mongo): # start with a valid deployment tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(tenant_id) assert r.status_code == 201 deployment_id = str(uuid4()) dev = Device() configuration_deployment = {"name": "foo", "configuration": '{"foo":"bar"}'} make_deployment( api_client_int, tenant_id, deployment_id, dev.devid, configuration_deployment, ) # try get upgrade # valid device id + type, but different tenant other_tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(other_tenant_id) assert r.status_code == 201 dc = SimpleDeviceClient() nodep = dc.get_next_deployment( dev.fake_token_mt(other_tenant_id), artifact_name="dontcare", device_type=dev.device_type, ) assert nodep is None # correct tenant, incorrect device id (but correct type) otherdev = Device() nodep = dc.get_next_deployment( otherdev.fake_token_mt(tenant_id), artifact_name="dontcare", device_type=dev.device_type, ) assert nodep is None # correct tenant, correct device id, incorrect type nodep = dc.get_next_deployment( otherdev.fake_token_mt(tenant_id), artifact_name="dontcare", device_type=otherdev.device_type, ) assert nodep is None
def test_ok(self, api_client_int, clean_db, mongo): tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(tenant_id) assert r.status_code == 201 deployment_id = "foo" deployment_id = str(uuid4()) device_id = "bar" url = api_client_int.make_api_url( "/tenants/{}/configuration/deployments/{}/devices/{}".format( tenant_id, deployment_id, device_id ) ) configuration_deployment = {"name": "foo", "configuration": '{"foo":"bar"}'} rsp = requests.post(url, json=configuration_deployment, verify=False) assert rsp.status_code == 201 loc = rsp.headers.get("Location", None) assert loc api_deployment_id = os.path.basename(loc) assert api_deployment_id == deployment_id # verify the deployment has been stored correctly in mongodb deployment = mongo[ "deployment_service-{}".format(tenant_id) ].deployments.find_one({"_id": deployment_id}) assert deployment is not None assert deployment["type"] == "configuration" assert deployment["configuration"]
def test_create_ok(self, api_client_int, clean_db): _, r = api_client_int.create_tenant('foobar') assert r.status_code == 201 assert 'deviceadm-foobar' in clean_db.database_names() assert 'migration_info' in clean_db[ 'deviceadm-foobar'].collection_names()
def test_ok(self, api_client_int, clean_db, mongo, test_set): """ Happy path - correct link obtained from the service, leading to a successful download of a correct artifact. """ # set up deployment tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(tenant_id) assert r.status_code == 201 deployment_id = str(uuid4()) dev = Device() dev.device_type = test_set["dev_type"] configuration_deployment = { "name": test_set["name"], "configuration": test_set["config"], } make_deployment( api_client_int, tenant_id, deployment_id, dev.devid, configuration_deployment, ) # obtain + verify deployment instructions dc = SimpleDeviceClient() nextdep = dc.get_next_deployment( dev.fake_token_mt(tenant_id), artifact_name="dontcare", device_type=test_set["dev_type"], ) assert nextdep.artifact["artifact_name"] == test_set["name"] assert nextdep.artifact["source"]["uri"] is not None assert nextdep.artifact["source"]["expire"] is not None assert nextdep.artifact["device_types_compatible"] == [test_set["dev_type"]] # get/verify download contents r = requests.get( nextdep.artifact["source"]["uri"], verify=False, ) assert r.status_code == 200 with open("/testing/out.mender", "wb+") as f: f.write(r.content) self.verify_artifact( "/testing/out.mender", test_set["name"], test_set["dev_type"], test_set["config"], )
def test_fail_wrong_deployment_id(self, api_client_int, clean_db): tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(tenant_id) assert r.status_code == 201 deployment_id = "foo" deployment_id = "baz" device_id = "bar" url = api_client_int.make_api_url( "/tenants/{}/configuration/deployments/{}/devices/{}".format( tenant_id, deployment_id, device_id ) ) configuration_deployment = {"name": "foo", "configuration": '{"foo":"bar"}'} rsp = requests.post(url, json=configuration_deployment, verify=False) assert rsp.status_code == 400
def test_fail_duplicate_deployment(self, api_client_int, clean_db): tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(tenant_id) assert r.status_code == 201 deployment_id = "foo" deployment_id = str(uuid4()) device_id = "bar" url = api_client_int.make_api_url( "/tenants/{}/configuration/deployments/{}/devices/{}".format( tenant_id, deployment_id, device_id ) ) configuration_deployment = {"name": "foo", "configuration": '{"foo":"bar"}'} rsp = requests.post(url, json=configuration_deployment, verify=False) assert rsp.status_code == 201 loc = rsp.headers.get("Location", None) assert loc api_deployment_id = os.path.basename(loc) assert api_deployment_id == deployment_id rsp = requests.post(url, json=configuration_deployment, verify=False) assert rsp.status_code == 409
def test_failures(self, api_client_int, clean_db, mongo): """ Simulate invalid or malicious download requests. """ # for reference - get a real, working link to an actual deployment tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(tenant_id) assert r.status_code == 201 deployment_id = str(uuid4()) dev = Device() configuration_deployment = {"name": "foo", "configuration": '{"foo":"bar"}'} make_deployment( api_client_int, tenant_id, deployment_id, dev.devid, configuration_deployment, ) dc = SimpleDeviceClient() nextdep = dc.get_next_deployment( dev.fake_token_mt(tenant_id), artifact_name="dontcare", device_type="hammer", ) uri = nextdep.artifact["source"]["uri"] qs = parse_qs(urlparse(uri).query) # now break the url in various ways # wrong deployment (signature error) uri_bad_depl = uri.replace(deployment_id, str(uuid4())) r = requests.get( uri_bad_depl, verify=False, ) assert r.status_code == 403 # wrong tenant in url (signature error) other_tenant_id = str(ObjectId()) _, r = api_client_int.create_tenant(other_tenant_id) assert r.status_code == 201 uri_bad_tenant = uri.replace(tenant_id, other_tenant_id) r = requests.get( uri_bad_tenant, verify=False, ) assert r.status_code == 403 # wrong dev type (signature error) other_dev = Device() other_dev.device_type = "foo" uri_bad_devtype = uri.replace(dev.device_type, other_dev.device_type) r = requests.get( uri_bad_devtype, verify=False, ) assert r.status_code == 403 # wrong dev id (signature error) uri_bad_devid = uri.replace(dev.devid, other_dev.devid) r = requests.get( uri_bad_devid, verify=False, ) assert r.status_code == 403 # wrong x-men-signature uri_bad_sig = uri.replace( qs["x-men-signature"][0], "mftJRzBafnvMXhmMBH3THQertiEk0dZKP075bjBKccc" ) r = requests.get( uri_bad_sig, verify=False, ) assert r.status_code == 403 # no x-men-signature uri_no_sig = uri.replace("&x-men-signature=", "") r = requests.get( uri_no_sig, verify=False, ) assert r.status_code == 400 # no x-men-expire uri_no_exp = uri.replace("&x-men-expire=", "") r = requests.get( uri_no_exp, verify=False, ) assert r.status_code == 400