def connected_device(env):
uuidv4 = str(uuid.uuid4())
tname = "test.mender.io-{}".format(uuidv4)
email = "some.user+{}@example.com".format(uuidv4)
u = User("", email, "whatsupdoc")
cli = CliTenantadm(containers_namespace=env.name)
tid = cli.create_org(tname, u.name, u.pwd, plan="enterprise")
update_tenant(
tid,
addons=["troubleshoot"],
container_manager=get_container_manager(),
)
tenant = cli.get_tenant(tid)
tenant = json.loads(tenant)
ttoken = tenant["tenant_token"]
auth = Authentication(name="enterprise-tenant",
username=u.name,
password=u.pwd)
auth.create_org = False
auth.reset_auth_token()
devauth = DeviceAuthV2(auth)
env.new_tenant_client("mender-client", ttoken)
device = MenderDevice(env.get_mender_clients()[0])
devauth.accept_devices(1)
devices = devauth.get_devices_status("accepted")
assert 1 == len(devices)
wait_for_connect(auth, devices[0]["id"])
devconn = DeviceConnect(auth, devauth)
return device, devconn
def tenant_users(clean_migrated_mongo):
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"some.user+" + uuidv4 + "@example.com",
"secretsecret",
)
tenant = create_org(tenant, username, password, "enterprise")
user = create_user("foo+" + uuidv4 + "@user.com",
"correcthorsebatterystaple",
tid=tenant.id)
tenant.users.append(user)
update_tenant(tenant.id, addons=["troubleshoot"])
for u in tenant.users:
r = ApiClient(useradm.URL_MGMT).call("POST",
useradm.URL_LOGIN,
auth=(u.name, u.pwd))
assert r.status_code == 200
assert r.text is not None
assert r.text != ""
u.token = r.text
yield tenant
def test_set_and_deploy_configuration(self, clean_mongo, test_case):
"""
Tests adding group restrinction to roles and checking that users
are not allowed to set and deploy configuration to devices outside the restricted
groups.
"""
self.logger.info("RUN: %s", test_case["name"])
uuidv4 = str(uuid.uuid4())
tenant, username, password = (
"test.mender.io-" + uuidv4,
"some.user+" + uuidv4 + "@example.com",
"secretsecret",
)
tenant = create_org(tenant, username, password, "enterprise")
update_tenant(tenant.id, addons=["configure"])
test_case["user"]["name"] = test_case["user"]["name"].replace(
"UUID", uuidv4)
test_user = create_user(tid=tenant.id, **test_case["user"])
tenant.users.append(test_user)
login_tenant_users(tenant)
# Initialize tenant's devices
grouped_devices = setup_tenant_devices(tenant,
test_case["device_groups"])
# Add user to deployment group
role = UserRole("RBAC_DEVGRP", test_case["permissions"])
add_user_to_role(test_user, tenant, role)
deviceconf_MGMT = ApiClient(deviceconfig.URL_MGMT)
device_id = grouped_devices[test_case["deploy_group"]][0].id
# Attempt to set configuration
rsp = deviceconf_MGMT.with_auth(test_user.token).call(
"PUT",
deviceconfig.URL_MGMT_DEVICE_CONFIGURATION.format(id=device_id),
body={"foo": "bar"},
)
assert rsp.status_code == test_case[
"set_configuration_status_code"], rsp.text
# Attempt to deploy the configuration
rsp = deviceconf_MGMT.with_auth(test_user.token).call(
"POST",
deviceconfig.URL_MGMT_DEVICE_CONFIGURATION_DEPLOY.format(
id=device_id),
body={"retries": 0},
)
assert (rsp.status_code ==
test_case["deploy_configuration_status_code"]), rsp.text
self.logger.info("PASS: %s" % test_case["name"])
def _make_tenant(self, plan, env):
tname = "tenant-{}".format(plan)
email = "user@{}.com".format(tname)
cli = CliTenantadm(containers_namespace=env.name)
tid = cli.create_org(tname, email, "correcthorse", plan)
tenant = cli.get_tenant(tid)
tenant = json.loads(tenant)
ttoken = tenant["tenant_token"]
# the cli now sets all addons to 'enabled' -
# disable them for initial 'all disabled' state
update_tenant(
tenant["id"],
addons=[],
container_manager=get_container_manager(),
)
auth = Authentication(name=tname,
username=email,
password="******")
auth.create_org = False
auth.reset_auth_token()
devauth = DeviceAuthV2(auth)
env.new_tenant_client("test-container-{}".format(plan), ttoken)
device = MenderDevice(env.get_mender_clients()[0])
devauth.accept_devices(1)
devices = list(
set([
device["id"]
for device in devauth.get_devices_status("accepted")
]))
assert 1 == len(devices)
tenant = Tenant(tname, tid, ttoken)
u = User("", email, "correcthorse")
tenant.users.append(u)
tenant.device = device
tenant.device_id = devices[0]
tenant.auth = auth
tenant.devauth = devauth
return tenant
def test_filetransfer(self, enterprise_no_client):
u = User("", "*****@*****.**", "whatsupdoc")
cli = CliTenantadm(containers_namespace=enterprise_no_client.name)
tid = cli.create_org("os-tenant", u.name, u.pwd, plan="os")
# FT requires "troubleshoot"
update_tenant(
tid,
addons=["troubleshoot"],
container_manager=get_container_manager(),
)
tenant = cli.get_tenant(tid)
tenant = json.loads(tenant)
auth = authentication.Authentication(name="os-tenant",
username=u.name,
password=u.pwd)
auth.create_org = False
auth.reset_auth_token()
devauth_tenant = DeviceAuthV2(auth)
enterprise_no_client.new_tenant_client("configuration-test-container",
tenant["tenant_token"])
mender_device = MenderDevice(
enterprise_no_client.get_mender_clients()[0])
mender_device.ssh_is_opened()
devauth_tenant.accept_devices(1)
devices = list(
set([
device["id"]
for device in devauth_tenant.get_devices_status("accepted")
]))
assert 1 == len(devices)
wait_for_connect(auth, devices[0])
authtoken = auth.get_auth_token()
super().test_filetransfer(devices[0],
authtoken,
content_assertion="ServerURL")
def prepare_env_for_connect(env):
uuidv4 = str(uuid.uuid4())
tname = "test.mender.io-{}".format(uuidv4)
email = "some.user+{}@example.com".format(uuidv4)
u = User("", email, "whatsupdoc")
cli = CliTenantadm(containers_namespace=env.name)
tid = cli.create_org(tname, u.name, u.pwd, plan="os")
# FT requires "troubleshoot"
update_tenant(
tid,
addons=["troubleshoot"],
container_manager=get_container_manager(),
)
tenant = cli.get_tenant(tid)
tenant = json.loads(tenant)
env.tenant = tenant
auth = authentication.Authentication(name="os-tenant",
username=u.name,
password=u.pwd)
auth.create_org = False
auth.reset_auth_token()
devauth_tenant = DeviceAuthV2(auth)
mender_device = new_tenant_client(env, "mender-client",
tenant["tenant_token"])
mender_device.ssh_is_opened()
devauth_tenant.accept_devices(1)
devices = devauth_tenant.get_devices_status("accepted")
assert 1 == len(devices)
devid = devices[0]["id"]
authtoken = auth.get_auth_token()
wait_for_connect(auth, devid)
return devid, authtoken, auth, mender_device
def connected_device(self, env):
u = User("", "*****@*****.**", "whatsupdoc")
cli = CliTenantadm(containers_namespace=env.name)
tid = cli.create_org("enterprise-tenant", u.name, u.pwd, "enterprise")
update_tenant(
tid,
addons=["troubleshoot"],
container_manager=get_container_manager(),
)
tenant = cli.get_tenant(tid)
tenant = json.loads(tenant)
ttoken = tenant["tenant_token"]
auth = Authentication(name="enterprise-tenant",
username=u.name,
password=u.pwd)
auth.create_org = False
auth.reset_auth_token()
devauth = DeviceAuthV2(auth)
env.new_tenant_client("configuration-test-container", ttoken)
device = MenderDevice(env.get_mender_clients()[0])
devauth.accept_devices(1)
devices = list(
set([
device["id"]
for device in devauth.get_devices_status("accepted")
]))
assert 1 == len(devices)
wait_for_connect(auth, devices[0])
devconn = DeviceConnect(auth, devauth)
return device, devconn
def test_configuration(self, enterprise_no_client):
"""Tests the deployment and reporting of the configuration
The tests set the configuration of a device and verifies the new
configuration is reported back to the back-end.
"""
env = enterprise_no_client
# Create an enterprise plan tenant
u = User("", "*****@*****.**", "whatsupdoc")
cli = CliTenantadm(containers_namespace=env.name)
tid = cli.create_org("enterprise-tenant",
u.name,
u.pwd,
plan="enterprise")
# what we really need is "configure"
# but for trigger tests we're also checking device avail. in "deviceconnect"
# so add "troubleshoot" as well
update_tenant(
tid,
addons=["configure", "troubleshoot"],
container_manager=get_container_manager(),
)
tenant = cli.get_tenant(tid)
tenant = json.loads(tenant)
ttoken = tenant["tenant_token"]
logger.info(f"tenant json: {tenant}")
tenant = Tenant("tenant", tid, ttoken)
tenant.users.append(u)
# And authorize the user to the tenant account
auth = Authentication(name="enterprise-tenant",
username=u.name,
password=u.pwd)
auth.create_org = False
auth.reset_auth_token()
devauth_tenant = DeviceAuthV2(auth)
# Add a client to the tenant
enterprise_no_client.new_tenant_client("configuration-test-container",
tenant.tenant_token)
mender_device = MenderDevice(
enterprise_no_client.get_mender_clients()[0])
mender_device.ssh_is_opened()
enterprise_no_client.device = mender_device
devauth_tenant.accept_devices(1)
# list of devices
devices = list(
set([
device["id"]
for device in devauth_tenant.get_devices_status("accepted")
]))
assert 1 == len(devices)
wait_for_connect(auth, devices[0])
# set and verify the device's configuration
# retry to skip possible race conditions between update poll and update trigger
for _ in redo.retrier(attempts=3, sleeptime=1):
set_and_verify_config({"key": "value"}, devices[0],
auth.get_auth_token())
forced = was_update_forced(mender_device)
if forced:
return
assert False, "the update check was never triggered"
def test_upgrades(self, docker_env):
"""Test that plan/addon upgrades take effect on feature availability.
Special case is the trial tenant upgrade to a paid plan.
"""
tenant = docker_env.tenants["os"]
# add troubleshoot
update_tenant(
tenant.id,
addons=["troubleshoot"],
container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth, forbid=True)
self.check_access_sessionlogs(tenant.auth, forbid=True)
self.check_access_deviceconfig(
tenant.auth, tenant.device_id, forbid=True,
)
# self.check_access_rbac(tenant.auth, forbid=True)
# add configure
update_tenant(
tenant.id,
addons=["troubleshoot", "configure"],
container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_deviceconfig(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth, forbid=True)
self.check_access_sessionlogs(tenant.auth, forbid=True)
# self.check_access_rbac(tenant.auth, forbid=True)
# upgrade to "enterprise" - makes audit, session logs and rbac available
update_tenant(
tenant.id, plan="enterprise", container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_deviceconfig(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth)
self.check_access_sessionlogs(tenant.auth)
self.check_access_rbac(tenant.auth)
# upgrade trial tenant - straight to enterprise
tenant = docker_env.tenants["trial"]
tadmm = ApiClient(
host=get_container_manager().get_mender_gateway(),
base_url=tenantadm_v2.URL_MGMT,
)
res = tadmm.call(
"POST",
tenantadm_v2.URL_TENANT_UPGRADE_START,
path_params={"id": tenant.id},
headers=tenant.auth.get_auth_token(),
)
assert res.status_code == 200
res = res.json()
stripeutils.confirm("pm_card_visa", res["intent_id"])
body = {
"plan": "enterprise",
}
res = tadmm.call(
"POST",
tenantadm_v2.URL_TENANT_UPGRADE_COMPLETE,
path_params={"id": tenant.id},
body=body,
headers=tenant.auth.get_auth_token(),
)
assert res.status_code == 202
update_tenant(
tenant.id,
addons=["troubleshoot", "configure"],
container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_deviceconfig(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth)
self.check_access_sessionlogs(tenant.auth)
self.check_access_rbac(tenant.auth)
