def auth_file_platform_tuple(volttron_instance_encrypt): platform = volttron_instance_encrypt auth_file = AuthFile(os.path.join(platform.volttron_home, 'auth.json')) allow_entries, groups, roles = auth_file.read() gevent.sleep(0.5) return auth_file, platform
def test_upgrade_file_verison_0_to_1_1_minimum_entries(tmpdir_factory): """The only required field in 'version 0' was credentials""" mechanism = "CURVE" publickey = "A" * 43 version0 = { "allow": [{ "credentials": mechanism + ":" + publickey }], } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(json.dumps(version0, indent=2)) upgraded = AuthFile(filename) entries = upgraded.read()[0] assert len(entries) == 1 assert entries[0].user_id is not None expected = version0['allow'][0] expected["credentials"] = publickey expected["mechanism"] = mechanism expected["domain"] = None expected["address"] = None expected["user_id"] = entries[0].user_id # this will be a UUID expected["enabled"] = True expected["comments"] = None expected["capabilities"] = [] expected["roles"] = [] expected["groups"] = [] assert_auth_entries_same(expected, vars(entries[0]))
def test_upgrade_file_verison_0_to_1_1_minimum_entries(tmpdir_factory): """The only required field in 'version 0' was credentials""" mechanism = "CURVE" publickey = "A" * 43 version0 = { "allow": [{"credentials": mechanism + ":" + publickey}], } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(json.dumps(version0, indent=2)) upgraded = AuthFile(filename) entries = upgraded.read()[0] assert len(entries) == 1 assert entries[0].user_id is not None expected = version0['allow'][0] expected["credentials"] = publickey expected["mechanism"] = mechanism expected["domain"] = None expected["address"] = None expected["user_id"] = entries[0].user_id # this will be a UUID expected["enabled"] = True expected["comments"] = None expected["capabilities"] = [] expected["roles"] = [] expected["groups"] = [] assert_auth_entries_same(expected, vars(entries[0]))
def set_auth_identities(agent_credential_map): """Updates auth entries' identity field in auth file based on existing agents""" auth_file = AuthFile() entries, deny_entries, groups, roles = auth_file.read() for entry in entries: for credential in agent_credential_map: if entry.credentials == credential: entry.identity = agent_credential_map[credential] auth_file._write(entries, deny_entries, groups, roles) return
def test_upgrade_file_verison_0_to_latest(tmpdir_factory): mechanism = "CURVE" publickey = "A" * 43 version0 = { "allow": [ { "domain": "vip", "address": "127.0.0.1", "user_id": "user123", "enabled": True, "comments": "This is a test entry", "capabilities": ["can_publish_temperature"], "roles": [], "groups": [], "credentials": mechanism + ":" + publickey } ], "roles": { "manager": ["can_managed_platform"] }, "groups": { "admin": ["reader", "writer"] }, "version": { "major": 0, "minor": 0 }, } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(jsonapi.dumps(version0, indent=2)) upgraded = AuthFile(filename) entries, denied_entries, groups, roles = upgraded.read() assert groups == version0['groups'] assert roles == version0['roles'] assert len(entries) == 1 expected = version0['allow'][0] expected["credentials"] = publickey expected["mechanism"] = mechanism expected["capabilities"] = {'can_publish_temperature': None, 'edit_config_store': {'identity': entries[0].user_id}} expected["rpc_method_authorizations"] = {} assert_auth_entries_same(expected, vars(entries[0])) # RPC Method Authorizations added with 1.3 for entry in upgraded.auth_data["allow_list"]: assert entry["rpc_method_authorizations"] == {}
def test_upgrade_file_verison_0_to_1_1(tmpdir_factory): mechanism = "CURVE" publickey = "A" * 43 version0 = { "allow": [ { "domain": "vip", "address": "127.0.0.1", "user_id": "user123", "enabled": True, "comments": "This is a test entry", "capabilities": ["can_publish_temperature"], "roles": [], "groups": [], "credentials": mechanism + ":" + publickey } ], "roles": { "manager": ["can_managed_platform"] }, "groups": { "admin": ["reader", "writer"] } } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(json.dumps(version0, indent=2)) upgraded = AuthFile(filename) entries, groups, roles = upgraded.read() assert groups == version0['groups'] assert roles == version0['roles'] assert len(entries) == 1 expected = version0['allow'][0] expected["credentials"] = publickey expected["mechanism"] = mechanism assert_auth_entries_same(expected, vars(entries[0]))
def test_upgrade_file_verison_0_to_latest_minimum_entries(tmpdir_factory): """The only required field in 'version 0' was credentials""" mechanism = "CURVE" publickey = "A" * 43 version0 = { "allow": [{"credentials": mechanism + ":" + publickey}], "version": { "major": 0, "minor": 0 }, } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(jsonapi.dumps(version0, indent=2)) upgraded = AuthFile(filename) entries = upgraded.read()[0] assert len(entries) == 1 assert entries[0].user_id is not None expected = version0['allow'][0] expected["credentials"] = publickey expected["mechanism"] = mechanism expected["domain"] = None expected["address"] = None expected["user_id"] = entries[0].user_id #this will be a UUID expected["enabled"] = True expected["comments"] = None expected["capabilities"] = {'edit_config_store': {'identity': entries[0].user_id}} expected["rpc_method_authorizations"] = {} expected["roles"] = [] expected["groups"] = [] assert_auth_entries_same(expected, vars(entries[0])) # RPC Method Authorizations added with 1.3 for entry in upgraded.auth_data["allow_list"]: assert entry["rpc_method_authorizations"] == {}
def test_upgrade_file_verison_0_to_1_1(tmpdir_factory): mechanism = "CURVE" publickey = "A" * 43 version0 = { "allow": [{ "domain": "vip", "address": "127.0.0.1", "user_id": "user123", "enabled": True, "comments": "This is a test entry", "capabilities": ["can_publish_temperature"], "roles": [], "groups": [], "credentials": mechanism + ":" + publickey }], "roles": { "manager": ["can_managed_platform"] }, "groups": { "admin": ["reader", "writer"] } } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(json.dumps(version0, indent=2)) upgraded = AuthFile(filename) entries, groups, roles = upgraded.read() assert groups == version0['groups'] assert roles == version0['roles'] assert len(entries) == 1 expected = version0['allow'][0] expected["credentials"] = publickey expected["mechanism"] = mechanism assert_auth_entries_same(expected, vars(entries[0]))
def upgrade_old_agents(aip): """ Moves any keystore.json from agent-data to dist-info. Only applies to agents in auth file. """ vhome = Path(aip.env.volttron_home) agent_map = aip.get_agent_identity_to_uuid_mapping() auth_file = AuthFile() install_dir = vhome.joinpath("agents") for agent in agent_map: agent_path = install_dir.joinpath(agent_map[agent]) try: agent_data = get_agent_path(agent_path, 'agent-data') # Skip if no agent-data exists except KeyError as err: print(f"agent-data not found for {err}") continue keystore_path = agent_data.joinpath('keystore.json') try: dist_info = get_agent_path(agent_path, 'dist-info') # Skip if no dist-info exists except KeyError as err: print(f"dist-info not found for {err}") continue keystore_dest_path = dist_info.joinpath('keystore.json') if keystore_path.exists(): agent_keystore = KeyStore(keystore_path) for entry in auth_file.read()[0]: # Only move if agent exists in auth file if entry.credentials == agent_keystore.public: shutil.move(str(keystore_path), str(keystore_dest_path)) break return
def test_upgrade_file_version_1_2_to_1_3(tmpdir_factory): """The only required field in 'version 0' was credentials""" version1_2 = { "roles":{ "manager":[ "can_managed_platform" ] }, "version":{ "major":1, "minor":2 }, "groups":{ "admin":[ "reader", "writer" ] }, "allow":[ { "domain":"vip", "user_id":"user1", "roles":[], "enabled":True, "mechanism":"CURVE", "capabilities":{'can_publish_temperature': None, 'edit_config_store': {'identity': 'user1'}}, "groups":[], "address":"127.0.0.1", "credentials":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "comments":"This is a test entry" }, { "domain": "vip", "user_id": "user2", "roles": [], "enabled": True, "mechanism": "CURVE", "capabilities": {'blah': None, 'foo': None, 'edit_config_store': {'identity': 'user2'}}, "groups": [], "address": "127.0.0.1", "credentials": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "comments": "This is a test entry" }, { "domain": "vip", "user_id": CONTROL, "roles": [], "enabled": True, "mechanism": "CURVE", "capabilities": {'edit_config_store': {'identity': '/.*/'}}, "groups": [], "address": "127.0.0.1", "credentials": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "comments": "This is a test entry" }, { "domain": "vip", "user_id": VOLTTRON_CENTRAL_PLATFORM, "roles": [], "enabled": True, "mechanism": "CURVE", "capabilities": {'edit_config_store': {'identity': '/.*/'}}, "groups": [], "address": "127.0.0.1", "credentials": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "comments": "This is a test entry" } ] } filename = str(tmpdir_factory.mktemp('auth_test').join('auth.json')) with open(filename, 'w') as fp: fp.write(jsonapi.dumps(version1_2, indent=2)) upgraded = AuthFile(filename) entries = upgraded.read()[0] assert len(entries) == 4 for entry in entries: assert entry.rpc_method_authorizations == {}