def _test_args_object(self, tenant_users, events): alogs = ApiClient(auditlogs.URL_MGMT) expected = events[0] # id filter resp = alogs.with_auth(tenant_users.users[0].token).call( "GET", auditlogs.URL_LOGS + "?object_id=" + expected["object"]["id"]) resp = resp.json() assert len(resp) == 1 for i in range(len(resp)): check_log(resp[0], expected) # type filter for obj_type in ["deployment"]: expected = [e for e in events if e["object"]["type"] == obj_type] resp = alogs.with_auth(tenant_users.users[0].token).call( "GET", auditlogs.URL_LOGS + "?object_type=" + obj_type) resp = resp.json() assert len(resp) == len(expected) for i in range(len(resp)): check_log(resp[i], expected[i])
def create_tenant(name, docker_prefix=None): """ Create a tenant via cli, record its id and token for further use. """ cli = CliTenantadm(docker_prefix) api = ApiClient(tenantadm.URL_INTERNAL) id = cli.create_tenant(name) page = 0 per_page = 20 qs_params = {} found = None while True: page = page + 1 qs_params['page'] = page qs_params['per_page'] = per_page r = api.call('GET', tenantadm.URL_INTERNAL_TENANTS, qs_params=qs_params) assert r.status_code == 200 api_tenants = r.json() found = [at for at in api_tenants if at['id'] == id] if len(found) > 0: break if len(api_tenants) == 0: break assert len(found) == 1 token = found[0]['tenant_token'] return Tenant(name, id, token)
def test_authenticated_user_is_rejected(self, tenants): tc = ApiClient(tenantadm.URL_INTERNAL, host=tenantadm.HOST, schema="http://") uc = ApiClient(useradm.URL_MGMT) dc = ApiClient(deviceauth.URL_MGMT) u = tenants[0].users[0] # log in r = uc.call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200 token = r.text # check can access an api r = dc.with_auth(token).call("GET", deviceauth.URL_MGMT_DEVICES) assert r.status_code == 200 # suspend tenant r = tc.call( "PUT", tenantadm.URL_INTERNAL_SUSPEND, tenantadm.req_status("suspended"), path_params={"tid": tenants[0].id}, ) assert r.status_code == 200 time.sleep(10) # check token is rejected r = dc.with_auth(token).call("GET", deviceauth.URL_MGMT_DEVICES) assert r.status_code == 401
def _test_args_paging(self, tenant_users, events): alogs = ApiClient(auditlogs.URL_MGMT) cases = [ # default {"expected": events[:10]}, # default, but specified {"page": "1", "per_page": "20", "expected": events}, # past bounds {"page": "10", "expected": []}, # >1 page, custom number {"page": "2", "per_page": "3", "expected": events[3:6]}, ] for case in cases: arg = "?" if "page" in case: arg += "page=" + case["page"] if "per_page" in case: arg += "&per_page=" + case["per_page"] resp = alogs.with_auth(tenant_users.users[0].token).call( "GET", auditlogs.URL_LOGS + arg ) assert resp.status_code == 200 resp = resp.json() assert len(resp) == len(case["expected"]) for i in range(len(resp)): check_log(resp[i], case["expected"][i])
def test_accepted_dev_cant_authenticate(self, tenants_users_devices): dacd = ApiClient(deviceauth.URL_DEVICES) devauthm = ApiClient(deviceauth_v2.URL_MGMT) uc = ApiClient(useradm.URL_MGMT) tc = ApiClient(tenantadm.URL_INTERNAL) # accept a dev device = tenants_users_devices[0].devices[0] user = tenants_users_devices[0].users[0] r = uc.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert r.status_code == 200 utoken = r.text aset = device.authsets[0] change_authset_status(devauthm, aset.did, aset.id, 'accepted', utoken) # suspend r = tc.call('PUT', tenantadm.URL_INTERNAL_SUSPEND, tenantadm.req_status('suspended'), path_params={'tid': tenants_users_devices[0].id}) assert r.status_code == 200 time.sleep(10) # try requesting auth body, sighdr = deviceauth.auth_req( aset.id_data, aset.pubkey, aset.privkey, tenants_users_devices[0].tenant_token) r = dacd.call('POST', deviceauth.URL_AUTH_REQS, body, headers=sighdr) assert r.status_code == 401 assert r.json()['error'] == 'Account suspended'
def try_update(device, expected_status_code=200, artifact_name="bugs-bunny"): """ Try to make an update with a device :param devices: list of devices :param expected_status_code: expected status code :param artifact_name: artifact name used in the request """ api_dev_deploy = ApiClient(deployments.URL_DEVICES) # Try to retrieve next update and assert expected status code resp = api_dev_deploy.with_auth(device.token).call( 'GET', deployments.URL_NEXT, qs_params={"artifact_name": artifact_name, "device_type" : "qemux86-64"} ) assert resp.status_code == expected_status_code if resp.status_code == 200: # Update device status upon successful request api_dev_deploy.with_auth(device.token).call( "PUT", deployments.URL_STATUS.format(id=resp.json()["id"]), body={"status": "success"} )
def check_access_file_transfer(self, auth, devid, forbid=False): devconn = ApiClient( host=get_container_manager().get_mender_gateway(), base_url=deviceconnect.URL_MGMT, ) res = devconn.call( "GET", deviceconnect.URL_MGMT_FDOWNLOAD, headers=auth.get_auth_token(), path_params={"id": devid}, qs_params={"path": "/etc/mender/mender.conf"}, ) if forbid: assert res.status_code == 403 else: assert res.ok res = devconn.call( "PUT", deviceconnect.URL_MGMT_FUPLOAD, headers=auth.get_auth_token(), path_params={"id": devid}, qs_params={"path": "/etc/mender/mender.conf"}, ) if forbid: assert res.status_code == 403 else: assert res.status_code != 403
def create_tenant_test_setup(user_name, tenant_name, nr_deployments=3, nr_devices=100): """ Creates a tenant, and a user belonging to the tenant belonging to the user with 'nr_deployments', and 'nr_devices' """ api_mgmt_deploy = ApiClient(deployments.URL_MGMT) tenant = create_tenant(tenant_name) user = create_tenant_user(user_name, tenant) r = ApiClient(useradm.URL_MGMT).call( 'POST', useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert r.status_code == 200 user.utoken = r.text tenant.users = [user] upload_image("/tests/test-artifact.mender", user.utoken) # Create three deployments for the user for i in range(nr_deployments): request_body = { "name": str(i) + "st-dummy-deployment", "artifact_name": "deployments-phase-testing", "devices": ["uuid not needed" + str(i) for i in range(nr_devices)], } resp = api_mgmt_deploy.with_auth(user.utoken).call( 'POST', '/deployments', body=request_body, ) assert resp.status_code == 201 # Verify that the 'nr_deployments' expected deployments have been created resp = api_mgmt_deploy.with_auth(user.utoken).call('GET', '/deployments') assert resp.status_code == 200 assert len(resp.json()) == nr_deployments return tenant
def test_authenticated_user_is_rejected(self, tenants): tc = ApiClient(tenantadm.URL_INTERNAL) uc = ApiClient(useradm.URL_MGMT) dc = ApiClient(deviceauth_v2.URL_MGMT) u = tenants[0].users[0] # log in r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200 token = r.text # check can access an api r = dc.with_auth(token).call('GET', deviceauth_v2.URL_DEVICES) assert r.status_code == 200 # suspend tenant r = tc.call('PUT', tenantadm.URL_INTERNAL_SUSPEND, tenantadm.req_status('suspended'), path_params={'tid': tenants[0].id}) assert r.status_code == 200 time.sleep(10) # check token is rejected r = dc.with_auth(token).call('GET', deviceauth_v2.URL_DEVICES) assert r.status_code == 401
def test_reporting_search(self, user_reporting, test_case): reporting_client = ApiClient(reporting.URL_MGMT) rsp = reporting_client.with_auth(user_reporting.api_token).call( "POST", reporting.URL_MGMT_DEVICES_SEARCH, test_case["request"] ) assert rsp.status_code == test_case["status_code"], ( "Unexpected status code (%d) from /devices/search response: %s" % (rsp.status_code, rsp.text) ) if rsp.status_code == 200 and "response" in test_case: body = rsp.json() if body is None: body = [] test_case_response = test_case["response"](user_reporting) self.logger.info("expected: %r", test_case_response) self.logger.info("received: %r", body) assert len(body) == len(test_case_response), ( "Unexpected number of results: %s != %s" % ( [dev["id"] for dev in test_case_response], [dev["id"] for dev in body], ) ) if len(test_case_response) > 0: if "sort" not in test_case["request"]: body = sorted(body, key=lambda dev: dev["id"]) test_case_response = sorted( test_case_response, key=lambda dev: dev["id"] ) for i, dev in enumerate(test_case_response): assert dev["id"] == body[i]["id"], "Unexpected device in response" assert_device_attributes(dev, body[i])
def create_org(name, username, password, plan="os"): cli = CliTenantadm() user_id = None tenant_id = cli.create_org(name, username, password, plan=plan) tenant_token = json.loads(cli.get_tenant(tenant_id))["tenant_token"] api = ApiClient(useradm.URL_MGMT) # Try log in every second for 3 minutes. # - There usually is a slight delay (in order of ms) for propagating # the created user to the db. for i in range(3 * 60): rsp = api.call("POST", useradm.URL_LOGIN, auth=(username, password)) if rsp.status_code == 200: break time.sleep(1) if rsp.status_code != 200: raise ValueError( "User could not log in within three minutes after organization has been created." ) user_token = rsp.text rsp = api.with_auth(user_token).call("GET", useradm.URL_USERS) users = json.loads(rsp.text) for user in users: if user["email"] == username: user_id = user["id"] break if user_id == None: raise ValueError("Error retrieving user id.") tenant = Tenant(name, tenant_id, tenant_token) user = User(user_id, username, password) tenant.users.append(user) return tenant
def test_duplicate_email(self, clean_migrated_mongo): tc = ApiClient(tenantadm.URL_MGMT, host=tenantadm.HOST, schema="http://") uuidv4 = str(uuid.uuid4()) tenant = "test.mender.io-" + uuidv4 email = "some.user@{}.com".format(tenant) payload = { "request_id": "123456", "organization": tenant, "email": email, "password": "******", "g-recaptcha-response": "foobar", "token": "tok_visa", } rsp = tc.post(tenantadm.URL_MGMT_TENANTS, data=payload) assert rsp.status_code == 202 uuidv4 = str(uuid.uuid4()) tenant = "test.mender.io-" + uuidv4 payload = { "request_id": "123457", "organization": tenant, "email": email, "password": "******", "g-recaptcha-response": "foobar", "token": "tok_visa", } rsp = tc.post(tenantadm.URL_MGMT_TENANTS, data=payload) assert rsp.status_code == 409 self._cleanup_stripe(email)
def test_duplicate_email(self, clean_migrated_mongo): tc = ApiClient(tenantadm.URL_MGMT) tenant = "tenant{}".format(randstr()) email = "some.user@{}.com".format(tenant) payload = { "request_id": "123456", "organization": tenant, "email": email, "password": "******", "g-recaptcha-response": "foobar", "token": "tok_visa", } rsp = tc.post(tenantadm.URL_MGMT_TENANTS, data=payload) assert rsp.status_code == 202 tenant = "tenant{}".format(randstr()) payload = { "request_id": "123457", "organization": tenant, "email": email, "password": "******", "g-recaptcha-response": "foobar", "token": "tok_visa", } rsp = tc.post(tenantadm.URL_MGMT_TENANTS, data=payload) assert rsp.status_code == 409 self._cleanup_stripe(email)
def try_update(device, default_artifact_name="bugs-bunny", default_device_type="qemux86-64"): """ Try to make an update with a device :param devices: list of devices :param expected_status_code: expected status code :param default_artifact_name: default artifact name of the artifact used in the request NOTE: You can override the device type and artifact name by creating a device_type/artifact_name member of the Device object. """ api_dev_deploy = ApiClient(deployments.URL_DEVICES) # Try to retrieve next update and assert expected status code resp = api_dev_deploy.with_auth(device.token).call( 'GET', deployments.URL_NEXT, qs_params={"artifact_name": getattr( device, "artifact_name", default_artifact_name), "device_type": getattr( device, "device_type", default_device_type)} ) if resp.status_code == 200: # Update device status upon successful request api_dev_deploy.with_auth(device.token).call( "PUT", deployments.URL_STATUS.format(id=resp.json()["id"]), body={"status": "success"} ) return resp.status_code
def make_device_with_inventory(attributes, utoken, tenant_token): devauthm = ApiClient(deviceauth.URL_MGMT) devauthd = ApiClient(deviceauth.URL_DEVICES) invm = ApiClient(inventory.URL_MGMT) d = make_accepted_device(devauthd, devauthm, utoken, tenant_token) """ verify that the status of the device in inventory is "accepted" """ accepted = False timeout = 10 for i in range(timeout): r = invm.with_auth(utoken).call("GET", inventory.URL_DEVICE.format(id=d.id)) if r.status_code == 200: dj = r.json() for attr in dj["attributes"]: if attr["name"] == "status" and attr["value"] == "accepted": accepted = True break if accepted: break time.sleep(1) if not accepted: raise ValueError( "status for device %s has not been propagated within %d seconds" % (d.id, timeout)) submit_inventory(attributes, d.token) d.attributes = attributes return d
def _test_args_actor(self, tenant_users, events): alogs = ApiClient(auditlogs.URL_MGMT) ids = [user.id for user in tenant_users.users] emails = [user.name for user in tenant_users.users] for id in ids: expected = [e for e in events if e["actor"]["id"] == id] resp = alogs.with_auth(tenant_users.users[0].token).call( "GET", auditlogs.URL_LOGS + "?actor_id=" + id) assert resp.status_code == 200 resp = resp.json() assert len(resp) == len(expected) for i in range(len(resp)): check_log(resp[i], expected[i]) for email in emails: expected = [e for e in events if e["actor"]["email"] == email] resp = alogs.with_auth(tenant_users.users[0].token).call( "GET", auditlogs.URL_LOGS + "?actor_email=" + urllib.parse.quote(email)) assert resp.status_code == 200 resp = resp.json() assert len(resp) == len(expected) for i in range(len(resp)): check_log(resp[i], expected[i])
def test_upload_artifact_selection_match_depends_multiple_artifacts( self, mongo, clean_mongo): dev = self.setup_upload_artifact_selection( plan="enterprise", artifacts=( { "artifact_name": "test", "device_types": ["arm1"], "depends": ("rootfs_image_checksum:checksum", ), "provides": ("rootfs_image_checksum:provided", ), }, { "artifact_name": "test", "device_types": ["arm1"], "depends": ("rootfs_image_checksum:another-checksum", ), "provides": ("rootfs_image_checksum:provided", ), }, ), ) deploymentsd = ApiClient(deployments.URL_DEVICES) r = deploymentsd.with_auth(dev.token).call( "POST", deployments.URL_NEXT, body={ "device_type": "arm1", "artifact_name": "old-artifact", "rootfs_image_checksum": "another-checksum", }, ) assert r.status_code == 200
def test_deploy_to_group(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to deploy to devices outside the restricted groups. """ dplmnt_MGMT = ApiClient(deployments.URL_MGMT) i = 0 self.logger.info("RUN: %s", test_case["name"]) tenant = create_org("org%d" % i, "*****@*****.**" % i, "password", plan="enterprise") test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) # Upload a bogus artifact artifact = Artifact("tester", ["qemux86-64"], payload="bogus") rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS_ARTIFACTS, files=(( "artifact", ( "artifact.mender", artifact.make(), "application/octet-stream", ), ), ), ) assert rsp.status_code == 201, rsp.text # Attempt to create deployment with test user devices = [] for group in test_case["deploy_groups"]: for device in grouped_devices[group]: devices.append(device.id) rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS, body={ "artifact_name": "tester", "name": "dplmnt", "devices": devices }, ) assert rsp.status_code == test_case["status_code"], rsp.text self.logger.info("PASS: %s" % test_case["name"])
def test_ok(self, user): useradmm = ApiClient(useradm.URL_MGMT) devauthd = ApiClient(deviceauth_v1.URL_DEVICES) invm = ApiClient(inventory.URL_MGMT) invd = ApiClient(inventory.URL_DEV) # log in user r = useradmm.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert r.status_code == 200 utoken = r.text # prepare accepted devices devs = make_accepted_devices(utoken, devauthd, 3) # wait for devices to be provisioned time.sleep(3) for i, d in enumerate(devs): payload = [ { "name": "mac", "value": "mac-new-" + str(d.id) }, { #empty value for existing "name": "sn", "value": "", }, { #empty value for new "name": "new-empty", "value": "", } ] r = invd.with_auth(d.token).call('PATCH', inventory.URL_DEVICE_ATTRIBUTES, payload) assert r.status_code == 200 for d in devs: r = invm.with_auth(utoken).call('GET', inventory.URL_DEVICE, path_params={'id': d.id}) assert r.status_code == 200 api_dev = r.json() assert len(api_dev['attributes']) == 3 for a in api_dev['attributes']: if a['name'] == 'mac': assert a['value'] == 'mac-new-' + str(api_dev['id']) elif a['name'] == 'sn': assert a['value'] == '' elif a['name'] == 'new-empty': assert a['value'] == '' else: assert False, 'unexpected attribute ' + a['name']
def login_tenant_users(tenant): useradm_MGMT = ApiClient(useradm.URL_MGMT) for user in tenant.users: rsp = useradm_MGMT.call("POST", useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert rsp.status_code == 200, "Failed to setup test environment" user.token = rsp.text
def verify_dev_provisioned(self, dev, utoken): invm = ApiClient(inventory.URL_MGMT) r = invm.with_auth(utoken).call( "GET", inventory.URL_DEVICE, path_params={"id": dev.id} ) assert r.status_code == 200 api_dev = r.json()
class _TestMonitoringAlertsBase: useradm = ApiClient(useradm.URL_MGMT) devmond = ApiClient(devicemonitor.URL_DEVICES) invm = ApiClient(inventory.URL_MGMT) def test_alerting_email(self, test_case, user, devices, smtp_server): device = devices.pop(1) r = self.devmond.with_auth(device.token).call( "POST", devicemonitor.URL_ALERT, test_case["alerts"], ) assert r.status_code < 300 try: wait_start = datetime.now() smtp_server.await_messages(user.name, len(test_case["alerts"]), ONE_MINUTE_SEC) wait_time = datetime.now() - wait_start # Wait the same amount of time for which we expect # to see more messages incomming if there are any. time.sleep(wait_time.total_seconds()) except TimeoutError: raise TimeoutError( "did not receive the expected number of emails in time (%.0f seconds)" % ONE_MINUTE_SEC) messages = smtp_server.filtered_messages(user.name) assert len(messages) == len(test_case["alerts"]) regex = test_case.get("email_regex", []) if isinstance(regex, str): regex = [regex] for message in messages: data = message.data.decode("utf-8") assert device.id in data assert user.name in data for ex in regex: assert re.search( ex, data), "email did not contain expected content" rsp = self.invm.with_auth(user.token).call( "GET", inventory.URL_DEVICE.format(id=device.id)) assert rsp.status_code == 200 alert_count_attrs = { x["name"]: x["value"] for x in filter( lambda x: x["scope"] == "monitor", rsp.json()["attributes"], ) } assert len(alert_count_attrs) == 2 assert alert_count_attrs["alert_count"] == test_case["alert_count"] if test_case["alert_count"] > 0: assert alert_count_attrs["alerts"] == True else: assert alert_count_attrs["alerts"] == False
def test_deploy_to_devices(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to deploy to devices by providing list of device IDs. The only exception is single device deployment. """ self.logger.info("RUN: %s", test_case["name"]) uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") test_case["user"]["name"] = test_case["user"]["name"].replace("UUID", uuidv4) test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) # Upload a bogus artifact artifact = Artifact("tester", ["qemux86-64"], payload="bogus") dplmnt_MGMT = ApiClient(deployments.URL_MGMT) rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS_ARTIFACTS, files=( ( "artifact", ("artifact.mender", artifact.make(), "application/octet-stream"), ), ), ) assert rsp.status_code == 201, rsp.text # Attempt to create deployment with test user devices = [] for group in test_case["deploy_groups"]: for device in grouped_devices[group]: devices.append(device.id) rsp = dplmnt_MGMT.with_auth(test_user.token).call( "POST", deployments.URL_DEPLOYMENTS, body={"artifact_name": "tester", "name": "dplmnt", "devices": devices}, ) assert rsp.status_code == test_case["status_code"], rsp.text self.logger.info("PASS: %s" % test_case["name"])
def test_user_cannot_log_in(self, tenants_users): tc = ApiClient(tenantadm.URL_INTERNAL) uc = ApiClient(useradm.URL_MGMT) for u in tenants_users[0].users: r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200 # tenant's users can log in for u in tenants_users[0].users: r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200 assert r.status_code == 200 # suspend tenant r = tc.call('PUT', tenantadm.URL_INTERNAL_SUSPEND, tenantadm.req_status('suspended'), path_params={'tid': tenants_users[0].id}) assert r.status_code == 200 time.sleep(10) # none of tenant's users can log in for u in tenants_users[0].users: r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 401 # but other users still can for u in tenants_users[1].users: r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd)) assert r.status_code == 200
def test_set_and_deploy_configuration(self, clean_mongo, test_case): """ Tests adding group restrinction to roles and checking that users are not allowed to set and deploy configuration to devices outside the restricted groups. """ self.logger.info("RUN: %s", test_case["name"]) uuidv4 = str(uuid.uuid4()) tenant, username, password = ( "test.mender.io-" + uuidv4, "some.user+" + uuidv4 + "@example.com", "secretsecret", ) tenant = create_org(tenant, username, password, "enterprise") update_tenant(tenant.id, addons=["configure"]) test_case["user"]["name"] = test_case["user"]["name"].replace( "UUID", uuidv4) test_user = create_user(tid=tenant.id, **test_case["user"]) tenant.users.append(test_user) login_tenant_users(tenant) # Initialize tenant's devices grouped_devices = setup_tenant_devices(tenant, test_case["device_groups"]) # Add user to deployment group role = UserRole("RBAC_DEVGRP", test_case["permissions"]) add_user_to_role(test_user, tenant, role) deviceconf_MGMT = ApiClient(deviceconfig.URL_MGMT) device_id = grouped_devices[test_case["deploy_group"]][0].id # Attempt to set configuration rsp = deviceconf_MGMT.with_auth(test_user.token).call( "PUT", deviceconfig.URL_MGMT_DEVICE_CONFIGURATION.format(id=device_id), body={"foo": "bar"}, ) assert rsp.status_code == test_case[ "set_configuration_status_code"], rsp.text # Attempt to deploy the configuration rsp = deviceconf_MGMT.with_auth(test_user.token).call( "POST", deviceconfig.URL_MGMT_DEVICE_CONFIGURATION_DEPLOY.format( id=device_id), body={"retries": 0}, ) assert (rsp.status_code == test_case["deploy_configuration_status_code"]), rsp.text self.logger.info("PASS: %s" % test_case["name"])
def test_provides_depends_ignored_in_lower_plans(self, mongo, clean_mongo, plan): dev = self.setup_upload_artifact_selection( plan=plan, artifacts=( { "artifact_name": "test", "device_types": ["arm1"], "size": 256, }, { "artifact_name": "test", "device_types": ["arm1"], "depends": ( "foo:fooval", "bar:barval", ), "size": 1024, }, ), ) deploymentsd = ApiClient(deployments.URL_DEVICES) r = deploymentsd.with_auth(dev.token).call( "POST", deployments.URL_NEXT, body={ "device_type": "arm1", "artifact_name": "old-artifact", "foo": "fooval", "bar": "barval", }, ) assert r.status_code == 200 data = r.json() r = requests.get(data["artifact"]["source"]["uri"], verify=False) assert r.status_code == 200 f = tempfile.NamedTemporaryFile(delete=False) try: f.write(r.content) f.close() # p = subprocess.Popen(["mender-artifact", "read", f.name], stdout=subprocess.PIPE) stdout = p.stdout.read().decode("utf-8") m_size = re.search(r".*size: *([0-9]+).*", stdout, re.M | re.I) assert m_size is not None size = int(m_size.group(1)) # if provides/depends wasn't ignored - the matching, larger # artifact should have been selected # that's not the case, and we selected 'smallest of all' assert size == 256 finally: os.unlink(f.name)
def upload_image(filename, auth_token, description="abc"): api_client = ApiClient(deployments.URL_MGMT) api_client.headers={} r = api_client.with_auth(auth_token).call( 'POST', deployments.URL_DEPLOYMENTS_ARTIFACTS, files=(("description", (None, description)), ("size", (None, str(os.path.getsize(filename)))), ("artifact", (filename, open(filename, 'rb'), "application/octet-stream")))) assert r.status_code == 201
def check_access_auditlogs(self, auth, forbid=False): alogs = ApiClient( host=get_container_manager().get_mender_gateway(), base_url=auditlogs.URL_MGMT, ) res = alogs.call("GET", auditlogs.URL_LOGS, headers=auth.get_auth_token(),) if forbid: assert res.status_code == 403 else: assert res.ok
def check_access_rbac(self, auth, forbid=False): uadm = ApiClient( host=get_container_manager().get_mender_gateway(), base_url=useradm.URL_MGMT, ) res = uadm.call("GET", useradm.URL_ROLES, headers=auth.get_auth_token(),) if forbid: assert res.status_code == 403 else: assert res.ok
def setup_class(cls): cls.azure_iot_hub_mock = os.environ.get("AZURE_IOTHUB_MOCK") cls.azure_client = get_azure_client() cls.api_devauth_devices = ApiClient(base_url=deviceauth.URL_DEVICES) cls.api_devauth_mgmt = ApiClient(base_url=deviceauth.URL_MGMT) cls.api_azure = ApiClient(base_url=iot.URL_MGMT) cls.api_deviceconfig = ApiClient(base_url=deviceconfig.URL_MGMT) cls.devices = list() cls.logger = logging.getLogger(cls.__class__.__name__)