def _change_ap(self, user_as, attachment_point):
""" Helper: update UserAS, changing only the attachment point. """
prev_ap = user_as.attachment_point
prev_certificate_chain = user_as.certificate_chain
hosts_pending_before = set(Host.objects.needs_config_deployment())
update_useras(self, user_as, attachment_point=attachment_point)
# Check needs_config_deployment: hosts of UserAS and both APs
self.assertSetEqual(
hosts_pending_before
| set(user_as.hosts.all() | prev_ap.AS.hosts.all()
| attachment_point.AS.hosts.all()),
set(Host.objects.needs_config_deployment()))
# Check certificates reset if ISD changed
if prev_ap.AS.isd != attachment_point.AS.isd:
prev_version = prev_certificate_chain['0']['Version']
curr_version = user_as.certificate_chain['0']['Version']
self.assertEqual(
curr_version, prev_version + 1,
("Certificate needs to be recreated on ISD change: "
"ISD before: %s, ISD after:%s" %
(prev_ap.AS.isd, attachment_point.AS.isd)))
else:
self.assertEqual(prev_certificate_chain, user_as.certificate_chain)
utils.check_topology(self)
def test_delete_user(self):
testuser = get_testuser()
user_as_pks = []
user_as_hosts = []
attachment_point_hosts = set()
as_ids_combs = get_random_as_ids_combinations()
vpn_choice = VPNChoice.SOME
for i in range(testuser.max_num_ases()):
seed = 789 + i
r = random.Random(seed)
as_ids = r.choice(as_ids_combs)
user_as, att_confs = create_and_check_random_useras(
self, seed, as_ids, vpn_choice)
user_as_pks.append(user_as.pk)
user_as_hosts += list(user_as.hosts.all())
attachment_point_hosts |= set([
h for c in att_confs
for h in c.attachment_point.AS.hosts.all()
])
testuser.delete()
for user_as_pk in user_as_pks:
self.assertFalse(UserAS.objects.filter(pk=user_as_pk).exists())
self.assertEqual(
list(Host.objects.needs_config_deployment()),
sorted(user_as_hosts + list(attachment_point_hosts),
key=lambda host: host.pk))
utils.check_topology(self)
def update_useras(testcase,
user_as,
att_confs: List[AttachmentConf],
deleted_links: List[Link] = [],
**kwargs):
"""
Update a `UserAS` and the configuration of its attachments
"""
prev_aps_isd = user_as.isd
prev_cert_chain = user_as.certificates.latest(Certificate.CHAIN)
hosts_pending_before = set(Host.objects.needs_config_deployment())
with patch.object(AttachmentPoint, 'trigger_deployment',
autospec=True) as mock_deploy:
user_as.update(
label=kwargs.get('label', user_as.label),
installation_type=kwargs.get('installation_type',
user_as.installation_type),
)
user_as.update_attachments(att_confs, deleted_links)
# Check that deployment was triggered strictly once for each attachment point
testcase.assertEqual(
len([args[0] for args, kwargs in mock_deploy.call_args_list]),
len(set(args[0] for args, kwargs in mock_deploy.call_args_list)))
# Check that deployment was triggered for all the attachment points
testcase.assertEqual(
set(args[0] for args, kwargs in mock_deploy.call_args_list),
set(AttachmentConf.attachment_points(att_confs)) | set([
link.interfaceA.AS.attachment_point_info for link in deleted_links
]))
# Check needs_config_deployment: hosts of UserAS and both APs
aps_hosts = flatten(ap.AS.hosts.all()
for ap in AttachmentConf.attachment_points(att_confs))
testcase.assertSetEqual(
hosts_pending_before | set(user_as.hosts.all()) | set(aps_hosts),
set(Host.objects.needs_config_deployment()))
# Check certificates reset if ISD changed
curr_aps_isd = user_as.isd
cert_chain = user_as.certificates.latest(Certificate.CHAIN)
if prev_aps_isd != curr_aps_isd:
testcase.assertEqual(
cert_chain.version, prev_cert_chain.version + 1,
("Certificate needs to be recreated on ISD change: "
"ISD before: %s, ISD after:%s" % (prev_aps_isd, curr_aps_isd)))
testcase.assertEqual(
user_as.certificates.filter(type=Certificate.CHAIN).count(), 1)
else:
testcase.assertEqual(prev_cert_chain, cert_chain)
utils.check_topology(testcase)
def test_delete_single(self):
seed = 456
user_as = create_random_useras(self, seed=seed)
user_as_hosts = list(user_as.hosts.all())
attachment_point = user_as.attachment_point
user_as.delete()
self.assertEqual(
list(Host.objects.needs_config_deployment()),
sorted(user_as_hosts + list(attachment_point.AS.hosts.all()),
key=lambda host: host.pk))
utils.check_topology(self)
def update_useras(testcase,
user_as,
att_confs: List[AttachmentConf],
deleted_links: List[Link] = [],
wants_user_ap=False,
public_ip="",
wants_vpn=False,
**kwargs):
"""
Update a `UserAS` and the configuration of its attachments
"""
prev_aps_isd = user_as.isd
prev_cert_chain = Certificate.objects.latest(Key.CP_AS, user_as)
hosts_pending_before = set(Host.objects.needs_config_deployment())
user_as.update(
label=kwargs.get('label', user_as.label),
installation_type=kwargs.get('installation_type',
user_as.installation_type),
public_ip=public_ip,
wants_user_ap=wants_user_ap,
wants_vpn=wants_vpn,
)
user_as.update_attachments(att_confs, deleted_links)
# Check needs_config_deployment: hosts of UserAS and both APs
aps_hosts = flatten(ap.AS.hosts.all()
for ap in AttachmentConf.attachment_points(att_confs))
testcase.assertSetEqual(
hosts_pending_before | set(user_as.hosts.all()) | set(aps_hosts),
set(Host.objects.needs_config_deployment()))
# Check certificates reset if ISD changed
curr_aps_isd = user_as.isd
cert_chain = Certificate.objects.latest(Key.CP_AS, user_as)
if prev_aps_isd != curr_aps_isd:
testcase.assertEqual(
cert_chain.version, prev_cert_chain.version + 1,
("Certificate needs to be recreated on ISD change: "
"ISD before: %s, ISD after:%s" % (prev_aps_isd, curr_aps_isd)))
testcase.assertEqual(
user_as.certificates().filter(key__usage=Key.CP_AS).count(), 1)
else:
testcase.assertEqual(prev_cert_chain, cert_chain)
utils.check_topology(testcase)
def test_delete_single(self):
seed = 456
r = random.Random(seed)
vpn_choice = VPNChoice.SOME
as_ids = r.choice(get_random_as_ids_combinations())
user_as, att_confs = create_and_check_random_useras(
self, seed, as_ids, vpn_choice)
user_as_hosts = list(user_as.hosts.all())
user_as.delete()
self.assertEqual(
list(Host.objects.needs_config_deployment()),
sorted(user_as_hosts + list(
set(h for c in att_confs
for h in c.attachment_point.AS.hosts.all())),
key=lambda host: host.pk))
utils.check_topology(self)
def test_delete_user(self):
testuser = get_testuser()
user_as_pks = []
user_as_hosts = []
attachment_point_hosts = set()
for i in range(testuser.max_num_ases()):
seed = 789 + i
user_as = create_random_useras(self, seed=seed)
user_as_pks.append(user_as.pk)
user_as_hosts += list(user_as.hosts.all())
attachment_point_hosts |= set(
user_as.attachment_point.AS.hosts.all())
testuser.delete()
for user_as_pk in user_as_pks:
self.assertFalse(UserAS.objects.filter(pk=user_as_pk).exists())
self.assertEqual(
list(Host.objects.needs_config_deployment()),
sorted(user_as_hosts + list(attachment_point_hosts),
key=lambda host: host.pk))
utils.check_topology(self)
