def test_multi_tenancy_deployment(self):
""" Simply make sure we are able to run the multi tenancy setup and
bootstrap 2 different devices to different tenants """
auth.reset_auth_token()
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-deployment-1",
"fail": False
},
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-deployment-2",
"fail": True
}
]
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
adm.accept_devices(1)
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
assert len(inv.get_devices()) == 1
self.perform_update(mender_client_container=user["container"],
fail=user["fail"])
def test_reject_bootstrap(self):
"""Make sure a rejected device does not perform an upgrade, and that it gets it's auth token removed"""
if not env.host_string:
execute(self.test_reject_bootstrap, hosts=get_mender_clients())
return
# iterate over devices and reject them
for device in adm.get_devices():
adm.set_device_status(device["id"], "rejected")
logging.info("Rejecting DeviceID: %s" % device["id"])
adm.check_expected_status("rejected", len(get_mender_clients()))
try:
deployment_id, _ = common_update_procedure(
install_image=conftest.get_valid_image())
except AssertionError:
logging.info("Failed to deploy upgrade to rejected device.")
Helpers.verify_reboot_not_performed()
# authtoken has been removed from mender-store
run("strings /data/mender/mender-store | grep -q 'authtoken' || false"
)
else:
pytest.fail("No error while trying to deploy to rejected device")
# re-accept device after test is done
adm.accept_devices(1)
def test_multi_tenancy_deployment_aborting(self):
""" Simply make sure we are able to run the multi tenancy setup and
bootstrap 2 different devices to different tenants """
auth.reset_auth_token()
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-deployment-aborting-1",
}
]
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
adm.accept_devices(1)
for user in users:
deployment_id, _ = common_update_procedure(install_image=conftest.get_valid_image())
deploy.abort(deployment_id)
deploy.check_expected_statistics(deployment_id, "aborted", 1)
execute(self.mender_log_contains_aborted_string,
hosts=get_mender_client_by_container_name(user["container"]))
def setup_set_client_number_bootstrapped(clients):
docker_compose_cmd("scale mender-client=%d" % clients)
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(clients)
set_setup_type(None)
def standard_setup_one_client_bootstrapped():
if setup_type() == ST_OneClientBootstrapped:
return
restart_docker_compose()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_OneClientBootstrapped)
def standard_setup_two_clients_bootstrapped():
if setup_type() == ST_TwoClientsBootstrapped:
return
restart_docker_compose(2)
reset_mender_api()
adm.accept_devices(2)
set_setup_type(ST_TwoClientsBootstrapped)
def test_multi_tenancy_deployment_s3(self):
def verify_object_id_and_tagging():
from boto3 import client
tenant = auth.get_tenant_id()
conn = client('s3')
artifacts = deploy.get_artifacts()
assert len(artifacts) == 1
artifact_id = artifacts[0]["id"]
# verify object ID of proper MT format
for key in conn.list_objects(
Bucket='mender-artifacts-int-testing-us')['Contents']:
if key['Key'].startswith(tenant):
expectedObject = "%s/%s" % (tenant, artifact_id)
assert key['Key'] == expectedObject
# verify tagging is working
tags = conn.get_object_tagging(
Bucket='mender-artifacts-int-testing-us',
Key=expectedObject)["TagSet"][0]
assert tags["Value"] == tenant
assert tags["Key"] == "tenant_id"
# Delete artifact and make sure it's really gone
conn.delete_object(Bucket="mender-artifacts-int-testing-us",
Key=expectedObject)
deploy.delete_artifact(artifact_id)
conn.list_objects(Bucket='mender-artifacts-int-testing-us')
for key in conn.list_objects(
Bucket='mender-artifacts-int-testing-us').get(
'Contents', []):
if key['Key'].startswith(tenant):
pytest.fail("failed to delete artifact from s3")
auth.reset_auth_token()
users = [{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-mt-s3",
}]
for user in users:
auth.new_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
adm.accept_devices(1)
self.perform_update(mender_client_container=user["container"])
verify_object_id_and_tagging()
def standard_setup_two_clients_bootstrapped():
if setup_type() == ST_TwoClientsBootstrapped:
return
restart_docker_compose()
auth.reset_auth_token()
setup_set_client_number(2)
adm.accept_devices(2)
set_setup_type(ST_TwoClientsBootstrapped)
def test_clients_exclusive_to_user(self):
users = [
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-exclusive-1",
"client_id": "",
"device_id": ""
},
{
"email": "*****@*****.**",
"password": "******",
"username": "******",
"container": "mender-client-exclusive-2",
"client_id": "",
"device_id": ""
}
]
for user in users:
auth.set_tenant(user["username"], user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
adm.accept_devices(1)
# get the new devices client_id and setting it to the our test parameter
assert len(inv.get_devices()) == 1
user["client_id"] = inv.get_devices()[0]["id"]
user["device_id"] = adm.get_devices()[0]["device_id"]
for user in users:
# make sure that the correct number of clients appear for the given tenant
auth.set_tenant(user["username"], user["email"], user["password"])
assert len(inv.get_devices()) == 1
assert inv.get_devices()[0]["id"] == user["client_id"]
for user in users:
# wait until inventory is populated
auth.set_tenant(user["username"], user["email"], user["password"])
deviceauth.decommission(user["client_id"])
timeout = time.time() + (60 * 5)
device_id = user["device_id"]
while time.time() < timeout:
newAdmissions = adm.get_devices()[0]
if device_id != newAdmissions["device_id"] \
and user["client_id"] != newAdmissions["id"]:
logger.info("device [%s] not found in inventory [%s]" % (device_id, str(newAdmissions)))
break
else:
logger.info("device [%s] found in inventory..." % (device_id))
time.sleep(.5)
else:
assert False, "decommissioned device still available in admissions"
def standard_setup_with_signed_artifact_client(request):
stop_docker_compose()
reset_mender_api()
docker_compose_cmd(
"-f ../extra/signed-artifact-client-testing/docker-compose.signed-client.yml up -d"
)
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_SignedClient)
def standard_setup_with_signed_artifact_client(request):
if getattr(request, 'param', False) and request.param != "force_new" and setup_type() == ST_SignedClient:
return
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../extra/signed-artifact-client-testing/docker-compose.signed-client.yml up -d")
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_SignedClient)
def standard_setup_with_short_lived_token():
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../docker-compose.yml \
-f ../docker-compose.client.yml \
-f ../docker-compose.storage.minio.yml \
-f ../docker-compose.testing.yml \
-f ../extra/expired-token-testing/docker-compose.short-token.yml up -d",
use_common_files=False)
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_ShortLivedAuthToken)
def standard_setup_one_client_bootstrapped_with_s3():
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../docker-compose.yml \
-f ../docker-compose.client.yml \
-f ../docker-compose.testing.yml \
-f ../docker-compose.storage.minio.yml \
-f ../docker-compose.storage.s3.yml up -d",
use_common_files=False)
docker_compose_cmd("logs -f &")
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_OneClientsBootstrapped_AWS_S3)
def test_reject_bootstrap(self):
"""Make sure a rejected device does not perform an upgrade, and that it gets it's auth token removed"""
if not env.host_string:
execute(self.test_reject_bootstrap, hosts=get_mender_clients())
return
# iterate over devices and reject them
for device in adm.get_devices():
adm.set_device_status(device["id"], "rejected")
logging.info("Rejecting DeviceID: %s" % device["id"])
adm.check_expected_status("rejected", len(get_mender_clients()))
with Helpers.RebootDetector() as reboot:
try:
deployment_id, _ = common_update_procedure(
install_image=conftest.get_valid_image())
except AssertionError:
logging.info("Failed to deploy upgrade to rejected device.")
reboot.verify_reboot_not_performed()
else:
# use assert to fail, so we can get backend logs
pytest.fail(
"no error while trying to deploy to rejected device")
return
finished = False
# wait until auththoken is removed from file
for _ in range(10):
with settings(abort_exception=Exception):
try:
run("journalctl -u mender -l -n 3 | grep -q 'authentication request rejected'"
)
except:
time.sleep(30)
else:
finished = True
break
adm.accept_devices(1)
if not finished:
pytest.fail("failed to remove authtoken from mender-store file")
def standard_setup_one_client_bootstrapped_with_s3():
if setup_type() == ST_OneClientsBootstrapped_AWS_S3:
return
stop_docker_compose()
docker_compose_cmd("-f ../docker-compose.client.yml \
-f ../docker-compose.storage.s3.yml \
-f ../docker-compose.yml \
-f ../extra/travis-testing/s3.yml up -d",
use_common_files=False)
docker_compose_cmd("logs -f &")
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_OneClientsBootstrapped_AWS_S3)
def setup_failover():
"""
Setup with two servers and one client.
First server (A) behaves as usual, whereas the second server (B) should
not expect any clients. Client is initially set up against server A.
In docker all microservices for B has a suffix "-2"
"""
stop_docker_compose()
reset_mender_api()
docker_compose_cmd("-f ../docker-compose.yml \
-f ../docker-compose.client.yml \
-f ../docker-compose.storage.minio.yml \
-f ../docker-compose.testing.yml \
-f ../extra/failover-testing/docker-compose.failover-server.yml up -d",
use_common_files=False)
ssh_is_opened()
auth.reset_auth_token()
adm.accept_devices(1)
set_setup_type(ST_Failover)
def test_multi_tenancy_setup(self):
""" Simply make sure we are able to run the multi tenancy setup and
bootstrap 2 different devices to different tenants """
auth.reset_auth_token()
users = [
{
"email": "*****@*****.**",
"password": "******",
"container": "mender-client"
},
{
"email": "*****@*****.**",
"password": "******",
"container": "client2"
},
]
for user in users:
auth.new_tenant(user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
new_tenant_client(user["container"], t)
print "sleeping"
time.sleep(1000)
adm.accept_devices(1)
print adm.get_devices()
self.perform_update()
# deploy to each device
for user in users:
auth.set_tenant(user["email"], user["password"])
t = auth.current_tenant["tenant_token"]
adm.accept_devices(1)
def standard_setup_one_client_bootstrapped():
restart_docker_compose()
reset_mender_api()
adm.accept_devices(1)
set_setup_type(ST_OneClientBootstrapped)
