def test_delete_tokens_by_non_existent_device_ok(self, accepted_tenants_devices, internal_api, management_api, device_api): td = accepted_tenants_devices tenant_foo_token = make_fake_tenant_token('foo') da_foo = DevAuthorizer(tenant_token=tenant_foo_token) d1_foo = td['foo'][0] token1 = request_token(d1_foo, da_foo, device_api.auth_requests_url) assert len(token1) > 0 d2_foo = td['foo'][1] token2 = request_token(d2_foo, da_foo, device_api.auth_requests_url) assert len(token2) > 0 tenant_bar_token = make_fake_tenant_token('bar') da_bar = DevAuthorizer(tenant_token=tenant_bar_token) d1_bar = td['bar'][0] token3 = request_token(d1_bar, da_bar, device_api.auth_requests_url) assert len(token2) > 0 verify_url = internal_api.make_api_url("/tokens/verify") verify_token(token1, 200, verify_url) verify_token(token2, 200, verify_url) verify_token(token3, 200, verify_url) payload = {'device_id': 'foo', 'tenant_id': 'foo'} rsp = requests.delete(internal_api.make_api_url("/tokens"), params=payload) assert rsp.status_code == 204 verify_token(token1, 200, verify_url) verify_token(token2, 200, verify_url) verify_token(token3, 200, verify_url)
def test_token_addons( self, test_case, clean_migrated_db, device_api, management_api, internal_api ): tenant_token = make_fake_tenant_token( "123456789012345678901234", ) dev_auth = DevAuthorizer(tenant_token=tenant_token) jwt = None dev = accept_device(device_api, management_api, tenant_token)[1] with orchestrator.run_fake_for_device_id(1) as server: jwt = request_token( dev, dev_auth, device_api.auth_requests_url, test_case["addons"] ) assert len(jwt) > 0 rsp = requests.post( internal_api.api_url + "tokens/verify", data="", headers={ "Authorization": "Bearer " + jwt, "X-Forwarded-Uri": test_case.get("forwarded_uri"), "X-Forwarded-Method": test_case.get("method"), }, ) assert rsp.status_code == test_case.get("status_code", 200)
def test_delete_tokens_by_non_existent_tenant_ok(self, accepted_tenants_devices, internal_api, management_api, device_api): try: td = accepted_tenants_devices tenant_foo_token = make_fake_tenant_token("foo") da_foo = DevAuthorizer(tenant_token=tenant_foo_token) d1_foo = td["foo"][0] with orchestrator.run_fake_for_device_id(1) as server: token1 = request_token(d1_foo, da_foo, device_api.auth_requests_url) assert len(token1) > 0 d2_foo = td["foo"][1] with orchestrator.run_fake_for_device_id(2) as server: token2 = request_token(d2_foo, da_foo, device_api.auth_requests_url) assert len(token2) > 0 tenant_bar_token = make_fake_tenant_token("bar") da_bar = DevAuthorizer(tenant_token=tenant_bar_token) d1_bar = td["bar"][0] with orchestrator.run_fake_for_device_id(1) as server: token3 = request_token(d1_bar, da_bar, device_api.auth_requests_url) assert len(token2) > 0 verify_url = internal_api.make_api_url("/tokens/verify") verify_token(token1, 200, verify_url) verify_token(token2, 200, verify_url) verify_token(token3, 200, verify_url) dev1 = management_api.find_device_by_identity( d1_foo.identity, Authorization="Bearer " + tenant_foo_token) payload = {"tenant_id": "baz"} rsp = requests.delete(internal_api.make_api_url("/tokens"), params=payload) assert rsp.status_code == 204 verify_token(token1, 200, verify_url) verify_token(token2, 200, verify_url) verify_token(token3, 200, verify_url) except bravado.exception.HTTPError as e: assert e.response.status_code == 204
def test_delete_tokens_by_non_existent_device_ok(self, accepted_tenants_devices, internal_api, management_api, device_api): try: td = accepted_tenants_devices tenant_foo_token = make_fake_tenant_token('foo') da_foo = DevAuthorizer(tenant_token=tenant_foo_token) d1_foo = td['foo'][0] with orchestrator.run_fake_for_device_id(1) as server: token1 = request_token(d1_foo, da_foo, device_api.auth_requests_url) assert len(token1) > 0 d2_foo = td['foo'][1] with orchestrator.run_fake_for_device_id(2) as server: token2 = request_token(d2_foo, da_foo, device_api.auth_requests_url) assert len(token2) > 0 tenant_bar_token = make_fake_tenant_token('bar') da_bar = DevAuthorizer(tenant_token=tenant_bar_token) d1_bar = td['bar'][0] with orchestrator.run_fake_for_device_id(1) as server: token3 = request_token(d1_bar, da_bar, device_api.auth_requests_url) assert len(token2) > 0 verify_url = internal_api.make_api_url("/tokens/verify") verify_token(token1, 200, verify_url) verify_token(token2, 200, verify_url) verify_token(token3, 200, verify_url) payload = {'device_id': 'foo', 'tenant_id': 'foo'} rsp = requests.delete(internal_api.make_api_url("/tokens"), params=payload) assert rsp.status_code == 204 verify_token(token1, 200, verify_url) verify_token(token2, 200, verify_url) verify_token(token3, 200, verify_url) except bravado.exception.HTTPError as e: assert e.response.status_code == 204
def accepted_tenants_devices(device_api, management_api, clean_migrated_db, cli, request): """Fixture that sets up an accepted devices for tenants. The fixture can be parametrized with a tenants, number of devices and number of authentication sets. Yields a dict: [tenant ID: [device object, ...], ]""" requested = request.param tenants_devices = dict() url = device_api.auth_requests_url for (tenant, dev_count, auth_count) in requested: tenant_devices = [] cli.migrate(tenant=tenant) tenant_token = make_fake_tenant_token(tenant) for _ in range(int(dev_count)): d = Device() for i in range(int(auth_count)): d.rotate_key() da = DevAuthorizer(tenant_token=tenant_token) # poke devauth so that device appears handlers = [ ( "POST", "/api/internal/v1/tenantadm/tenants/verify", lambda _: ( 200, {}, { "id": "507f191e810c19729de860ea", "name": "Acme", }, ), ), ] try: with orchestrator.run_fake_for_device_id(1) as server: with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, da, d) assert rsp.status_code == 401 except bravado.exception.HTTPError as e: assert e.response.status_code == 204 # try to find our devices in all devices listing dev = management_api.find_device_by_identity( d.identity, Authorization="Bearer " + tenant_token) devid = dev.id for a in dev.auth_sets: if compare_keys(a.pubkey, d.public_key): aid = a.id break try: with orchestrator.run_fake_for_device_id(devid) as server: management_api.accept_device(devid, aid, Authorization="Bearer " + tenant_token) token = request_token(d, da, device_api.auth_requests_url) assert len(token) > 0 except bravado.exception.HTTPError as e: assert e.response.status_code == 204 assert dev tenant_devices.append(d) tenants_devices[tenant] = tenant_devices yield tenants_devices
def test_check_device_limits( self, clean_db, cli, device_api, management_api, internal_api, test_case ): rsp_q_tadm = asyncio.Queue( maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"] ) rsp_q_wflows = asyncio.Queue( maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"] ) with self.init_service_mocks(wflows_rsp_q=rsp_q_wflows, tadm_rsp_q=rsp_q_tadm): tenant_token = make_fake_tenant_token(test_case["tenant"]["id"]) internal_api.put_max_devices_limit( test_case["tenant"]["id"], test_case["tenant"]["device_limit"] ) for _ in range(test_case["device_count"]): # POST /api/internal/v1/tenantadm/verify rsp_q_tadm.put_nowait( (200, {}, '{"id": "%s", "sub": "user"}' % test_case["tenant"]) ) # POST /api/v1/workflows/update_device_inventory rsp_q_wflows.put_nowait((201, {}, "")) # POST /api/v1/workflows/provision_device rsp_q_wflows.put_nowait((201, {}, "")) dev = Device() da = DevAuthorizer(tenant_token=tenant_token) rsp = device_auth_req(device_api.auth_requests_url, da, dev) assert rsp.status_code == 401 devs = management_api.list_devices( status="pending", Authorization="Bearer " + tenant_token ) for dev in devs: # POST /api/v1/workflows/update_device_status rsp_q_wflows.put_nowait((201, {}, "")) # POST /api/v1/workflows/provision_device rsp_q_wflows.put_nowait((201, {}, "")) management_api.put_device_status( dev["id"], dev["auth_sets"][0]["id"], "accepted", Authorization="Bearer " + tenant_token, ) if test_case["device_count"] >= ( (test_case["tenant"]["device_limit"] * test_case["threshold"] / 100.0) ): # GET /api/management/v1/tenantadm/users usersJSON = json.dumps(test_case["tenant"]["users"]) rsp_q_tadm.put_nowait((200, {}, usersJSON)) usernames = [user["name"] for user in test_case["tenant"]["users"]] # Verify that workflow is started for each user for i in range(len(test_case["tenant"]["users"])): def verify_workflow(handler): assert handler.request.path.endswith("device_limit_email") body_json = json.loads(handler.request.body.decode("utf-8")) assert body_json["to"] in usernames usernames.remove(body_json["to"]) handler.set_status(201) # POST /api/v1/workflows/device_limit_email rsp_q_wflows.put_nowait(verify_workflow) code, stdout, stderr = cli.check_device_limits() assert code == 0 # All pushed mock responses should be consumed at this point. assert ( rsp_q_tadm.empty() ), "TenantAdm mock responses not consumed as expected" assert ( rsp_q_wflows.empty() ), "Workflows mock responses not consumed as expected"
def devices_mt(management_api, device_api, clean_migrated_db): with tenantadm_fake_tenant_verify(): for t in TENANTS: token = make_fake_tenant_token(t) do_make_devices(management_api, device_api, token)
def test_error_preauth_limit(self, management_api, device_api, devices_mt, tenant_id): token = make_fake_tenant_token(tenant_id) self._do_test_error_preauth_limit(management_api, device_api, token)
def test_ok_preauth(self, management_api, device_api, devices_mt, tenant_id): with tenantadm_fake_tenant_verify(): token = make_fake_tenant_token(tenant_id) self._do_test_ok_preauth(management_api, device_api, token)