def test_get_devices(self, management_api, devices):
devcount = 50
devs = management_api.list_devices()
# try to get a maximum number of devices
devs = management_api.list_devices(page=1, per_page=500)
print('got', len(devs), 'devices')
assert 500 >= len(devs) >= devcount
# we have added at least `devcount` devices, so listing some lower
# number of device should return exactly that number of entries
plimit = devcount // 2
devs = management_api.list_devices(page=1, per_page=plimit)
assert len(devs) == plimit
def _do_test_error_preauth_limit(self,
management_api,
device_api,
tenant_token=""):
auth = management_api.make_auth(tenant_token)
devs = management_api.list_devices(**auth)
assert len(devs) == 6
limit = 3
for i in range(limit):
dev = devs[i]
aid = dev.auth_sets[0].id
with orchestrator.run_fake_for_device_id(dev.id):
management_api.accept_device(dev.id, aid, **auth)
try:
d = Device(IDDATA)
d.public_key = PUBKEY
d.private_key = PRIVKEY
da = DevAuthorizer(tenant_token)
rsp = device_auth_req(device_api.auth_requests_url, da, d)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 401
dev = management_api.find_device_by_identity(d.identity, **auth)
assert dev.auth_sets[0].status == 'preauthorized'
def _test_ok(self, management_api, devices, **kwargs):
aid = '1'
device_id = '2'
key = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
'''
iddata = '{"foo":"bar"}'
req = management_api.make_preauth_req(aid, device_id, iddata, key)
_, rsp = management_api.preauthorize(req, **kwargs)
assert rsp.status_code == 201
devs = management_api.list_devices(**kwargs)
assert len(devs) == 6
found = [d for d in devs if d.id == device_id]
assert len(found) == 1
found = found[0]
assert found.id == device_id
assert found.id_data == iddata
assert len(found.auth_sets) == 1
auth_set = found.auth_sets[0]
assert auth_set.id == aid
assert auth_set.id_data == iddata
assert compare_keys(auth_set.pubkey, key)
assert auth_set.status == 'preauthorized'
def _test_ok(self, management_api, devices, **kwargs):
aid = '1'
device_id = '2'
key = 'key'
iddata = json.dumps({'foo': 'bar'})
req = management_api.make_preauth_req(aid, device_id, iddata, key)
_, rsp = management_api.preauthorize(req)
assert rsp.status_code == 201
devs = management_api.list_devices()
assert len(devs) == 6
found = [d for d in devs if d.id == device_id]
assert len(found) == 1
found = found[0]
assert found.id == device_id
assert found.id_data == iddata
assert len(found.auth_sets) == 1
auth_set = found.auth_sets[0]
assert auth_set.id == aid
assert auth_set.id_data == iddata
assert auth_set.pubkey == key
assert auth_set.status == 'preauthorized'
def test_id_data_formatting(self, device_api, management_api,
clean_migrated_db):
reference_id_data = [
'{"attribute_foo":"foo"}',
'{"attribute_bar":2, "attribute_foo":1}',
'{"attribute_foo":"foo","mac": "00:00:00:01","sn": "0001"}',
]
reformatted_id_data = [
'{"attribute_foo": "foo"}',
' { "attribute_foo": "foo" }',
'{"attribute_foo":1, "attribute_bar":2}',
'{ "attribute_foo":1, "attribute_bar":2}',
'{"sn": "0001","mac": "00:00:00:01","attribute_foo":"foo"}',
]
# submit first auth req with 'reference data', second with 'reformatted' data
# must result in only 3 devices
with deviceadm.run_fake_for_device(deviceadm.ANY_DEVICE) as server:
for reference in reference_id_data:
dev = Device(reference)
da = DevAuthorizer()
rsp = device_auth_req(device_api.auth_requests_url, da, dev)
assert rsp.status_code == 401
devs = management_api.list_devices()
assert len(devs) == 3
with deviceadm.run_fake_for_device(deviceadm.ANY_DEVICE) as server:
for reformatted in reformatted_id_data:
dev = Device(reformatted)
da = DevAuthorizer()
rsp = device_auth_req(device_api.auth_requests_url, da, dev)
assert rsp.status_code == 401
devs = management_api.list_devices()
assert len(devs) == 3
# verify we have the correct id data
json_reference_id_data = [json.loads(i) for i in reference_id_data]
for d in devs:
api_id_data = json.loads(d.id_data)
found_in_reference = [
x for x in json_reference_id_data if x == api_id_data
]
assert len(found_in_reference) == 1
def _test_conflict(self, management_api, devices, **kwargs):
existing = devices[0][0]
req = management_api.make_preauth_req('1', '2', existing.identity,
'key')
try:
_, rsp = management_api.preauthorize(req)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 409
devs = management_api.list_devices()
assert len(devs) == 5
def _test_conflict(self, management_api, devices, **kwargs):
existing = devices[0][0]
req = management_api.make_preauth_req('1', '2', existing.identity,
existing.public_key)
try:
_, rsp = management_api.preauthorize(req, **kwargs)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 409
else:
assert False, "unexpected code " + str(rsp.status_code)
devs = management_api.list_devices(**kwargs)
assert len(devs) == 5
def test_device_new(self, device_api, management_api, clean_migrated_db):
d = Device()
da = DevAuthorizer()
rsp = device_auth_req(device_api.auth_requests_url, da, d)
assert rsp.status_code == 401
devs = management_api.list_devices()
assert len(devs) == 1
dev = devs[0]
assert len(dev.auth_sets) == 1
aset = dev.auth_sets[0]
assert compare_keys(aset.pubkey, d.public_key)
def _test_delete_authset_preauth_OK(self, management_api, devices,
**kwargs):
# preauthorize a device
aid = 'aid-preauth'
device_id = 'id-preauth'
iddata = json.dumps({'mac': 'mac-preauth'})
key = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
'''
req = management_api.make_preauth_req(aid, device_id, iddata, key)
_, rsp = management_api.preauthorize(req, **kwargs)
assert rsp.status_code == 201
# check device created
dev = management_api.get_device(id=device_id, **kwargs)
assert dev
assert len(dev.auth_sets) == 1
assert dev.auth_sets[0].status == 'preauthorized'
assert dev.auth_sets[0].id == aid
# delete auth set, check device deleted
rsp = management_api.delete_authset(dev.id, aid, **kwargs)
assert rsp.status_code == 204
found = None
try:
found = management_api.get_device(id=device_id, **kwargs)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 404
assert not found
# check all other devices intact
after_devs = management_api.list_devices(**kwargs)
assert len(after_devs) == len(devices)
def test_device_new(self, device_api, management_api, clean_migrated_db):
d = Device()
da = DevAuthorizer()
try:
with orchestrator.run_fake_for_device_id(1) as server:
rsp = device_auth_req(device_api.auth_requests_url, da, d)
assert rsp.status_code == 401
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
devs = management_api.list_devices()
assert len(devs) == 1
dev = devs[0]
assert len(dev.auth_sets) == 1
aset = dev.auth_sets[0]
assert compare_keys(aset.pubkey, d.public_key)
def do_make_devices(management_api, device_api, tenant_token=""):
"""
Prepare a set of devices, including a 'preauthorized' one.
"""
auth = {}
if tenant_token != '':
auth = management_api.make_auth(tenant_token=tenant_token)
cnt = 5
devs = make_devices(device_api, cnt, tenant_token)
aid = AID
device_id = DEVID
iddata = IDDATA
key = PUBKEY
req = management_api.make_preauth_req(aid, device_id, iddata, key)
_, rsp = management_api.preauthorize(req, **auth)
assert rsp.status_code == 201
devs = management_api.list_devices(**auth)
assert len(devs) == cnt + 1
def _do_test_ok_preauth(self, management_api, device_api, tenant_token=""):
d = Device(IDDATA)
d.public_key = PUBKEY
d.private_key = PRIVKEY
da = DevAuthorizer(tenant_token=tenant_token)
# get the authset id - need it for the url
auth = management_api.make_auth(tenant_token)
dbg = management_api.list_devices()
print(dbg)
dev = management_api.find_device_by_identity(d.identity, **auth)
assert dev
with devadm_fake_status_update(AID), \
orchestrator.run_fake_for_device_id(DEVID):
rsp = device_auth_req(device_api.auth_requests_url, da, d)
assert rsp.status_code == 200
dev = management_api.get_device(id=dev.id, **auth)
assert dev.auth_sets[0].status == 'accepted'
def test_check_device_limits(
self, clean_db, cli, device_api, management_api, internal_api, test_case
):
rsp_q_tadm = asyncio.Queue(
maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"]
)
rsp_q_wflows = asyncio.Queue(
maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"]
)
with self.init_service_mocks(wflows_rsp_q=rsp_q_wflows, tadm_rsp_q=rsp_q_tadm):
tenant_token = make_fake_tenant_token(test_case["tenant"]["id"])
internal_api.put_max_devices_limit(
test_case["tenant"]["id"], test_case["tenant"]["device_limit"]
)
for _ in range(test_case["device_count"]):
# POST /api/internal/v1/tenantadm/verify
rsp_q_tadm.put_nowait(
(200, {}, '{"id": "%s", "sub": "user"}' % test_case["tenant"])
)
# POST /api/v1/workflows/update_device_inventory
rsp_q_wflows.put_nowait((201, {}, ""))
# POST /api/v1/workflows/provision_device
rsp_q_wflows.put_nowait((201, {}, ""))
dev = Device()
da = DevAuthorizer(tenant_token=tenant_token)
rsp = device_auth_req(device_api.auth_requests_url, da, dev)
assert rsp.status_code == 401
devs = management_api.list_devices(
status="pending", Authorization="Bearer " + tenant_token
)
for dev in devs:
# POST /api/v1/workflows/update_device_status
rsp_q_wflows.put_nowait((201, {}, ""))
# POST /api/v1/workflows/provision_device
rsp_q_wflows.put_nowait((201, {}, ""))
management_api.put_device_status(
dev["id"],
dev["auth_sets"][0]["id"],
"accepted",
Authorization="Bearer " + tenant_token,
)
if test_case["device_count"] >= (
(test_case["tenant"]["device_limit"] * test_case["threshold"] / 100.0)
):
# GET /api/management/v1/tenantadm/users
usersJSON = json.dumps(test_case["tenant"]["users"])
rsp_q_tadm.put_nowait((200, {}, usersJSON))
usernames = [user["name"] for user in test_case["tenant"]["users"]]
# Verify that workflow is started for each user
for i in range(len(test_case["tenant"]["users"])):
def verify_workflow(handler):
assert handler.request.path.endswith("device_limit_email")
body_json = json.loads(handler.request.body.decode("utf-8"))
assert body_json["to"] in usernames
usernames.remove(body_json["to"])
handler.set_status(201)
# POST /api/v1/workflows/device_limit_email
rsp_q_wflows.put_nowait(verify_workflow)
code, stdout, stderr = cli.check_device_limits()
assert code == 0
# All pushed mock responses should be consumed at this point.
assert (
rsp_q_tadm.empty()
), "TenantAdm mock responses not consumed as expected"
assert (
rsp_q_wflows.empty()
), "Workflows mock responses not consumed as expected"