def test_reject_bootstrap(self):
"""Make sure a rejected device does not perform an upgrade, and that it gets it's auth token removed"""
if not env.host_string:
execute(self.test_reject_bootstrap, hosts=get_mender_clients())
return
# iterate over devices and reject them
for device in adm.get_devices():
adm.set_device_status(device["id"], "rejected")
logging.info("Rejecting DeviceID: %s" % device["id"])
adm.check_expected_status("rejected", len(get_mender_clients()))
try:
deployment_id, _ = common_update_procedure(
install_image=conftest.get_valid_image())
except AssertionError:
logging.info("Failed to deploy upgrade to rejected device.")
Helpers.verify_reboot_not_performed()
# authtoken has been removed from mender-store
run("strings /data/mender/mender-store | grep -q 'authtoken' || false"
)
else:
pytest.fail("No error while trying to deploy to rejected device")
# re-accept device after test is done
adm.accept_devices(1)
def test_device_decommissioning(self):
""" Decommission a device successfully """
if not env.host_string:
execute(self.test_device_decommissioning, hosts=get_mender_clients())
return
adm.check_expected_status("pending", len(get_mender_clients()))
adm_id = adm.get_devices()[0]["id"]
device_id = adm.get_devices()[0]["device_id"]
adm.set_device_status(adm_id, "accepted")
# wait until inventory is populated
timeout = time.time() + (60 * 5)
while time.time() < timeout:
inventoryJSON = inv.get_devices()
if "attributes" in inventoryJSON[0]:
break
time.sleep(.5)
else:
assert False, "never got inventory"
# decommission actual device
deviceauth.decommission(device_id)
# now check that the device no longer exists in admissions
timeout = time.time() + (60 * 5)
while time.time() < timeout:
newAdmissions = adm.get_devices()[0]
if device_id != newAdmissions["device_id"] \
and adm_id != newAdmissions["id"]:
logger.info("device [%s] not found in inventory [%s]" % (device_id, str(newAdmissions)))
break
else:
logger.info("device [%s] found in inventory..." % (device_id))
time.sleep(.5)
else:
assert False, "decommissioned device still available in admissions"
# disabled for time being due to new deployment process
# make sure a deployment to the decommissioned device fails
# try:
# time.sleep(120) # sometimes deployment microservice hasn't removed the device yet
# logger.info("attempting to deploy to decommissioned device: %s" % (device_id))
# deployment_id, _ = common_update_procedure(install_image=conftest.get_valid_image(),
# devices=[device_id],
# verify_status=False)
#except AssertionError:
# logging.info("Failed to deploy upgrade to rejected device, as expected.")
#else:
# assert False, "No error while trying to deploy to rejected device"
# authtoken has been removed
#run("strings /data/mender/mender-store | grep -q 'authtoken' || false")
"""
def test_device_decommissioning(self):
""" Decommission a device successfully """
if not env.host_string:
execute(self.test_device_decommissioning,
hosts=get_mender_clients())
return
adm.check_expected_status("pending", len(get_mender_clients()))
adm_id = adm.get_devices()[0]["id"]
device_id = adm.get_devices()[0]["device_id"]
adm.set_device_status(adm_id, "accepted")
# wait until inventory is populated
timeout = time.time() + (60 * 5)
while time.time() < timeout:
inventoryJSON = inv.get_devices()
# we haven't gotten an inventory data yet.
if len(inventoryJSON) == 0:
continue
if "attributes" in inventoryJSON[0]:
break
time.sleep(.5)
else:
assert False, "never got inventory"
# get all completed decommission_device WFs for reference
c = Conductor(get_mender_conductor())
initial_wfs = c.get_decommission_device_wfs(device_id)
# decommission actual device
deviceauth.decommission(device_id)
# check that the workflow completed successfully
timeout = time.time() + (60 * 5)
while time.time() < timeout:
wfs = c.get_decommission_device_wfs(device_id)
if wfs['totalHits'] == initial_wfs['totalHits'] + 1:
break
else:
logger.info("waiting for decommission_device workflow...")
time.sleep(.5)
else:
assert False, "decommission_device workflow didn't complete for [%s]" % (
device_id, )
# check device gone from inventory
self.check_gone_from_inventory(device_id)
# check device gone from deviceauth
self.check_gone_from_deviceauth(device_id)
# now check that the device no longer exists in admission
self.check_gone_from_deviceadm(adm_id, device_id)
def accept_devices(self):
adm.check_expected_status("pending", len(get_mender_clients()))
# iterate over devices and accept them
for d in adm.get_devices():
adm.set_device_status(d["id"], "accepted")
logging.info("Accepting DeviceID: %s" % d["id"])
# make sure all devices are accepted
adm.check_expected_status("accepted", len(get_mender_clients()))
# print all device ids
for device in adm.get_devices_status("accepted"):
logging.info("Accepted DeviceID: %s" % device["id"])
def accept_devices(self):
adm.check_expected_status("pending", len(get_mender_clients()))
# iterate over devices and accept them
for d in adm.get_devices():
adm.set_device_status(d["id"], "accepted")
logging.info("Accepting DeviceID: %s" % d["id"])
# make sure all devices are accepted
adm.check_expected_status("accepted", len(get_mender_clients()))
# make sure mender-store contains authtoken
run("strings /data/mender/mender-store | grep -q 'authtoken'")
# print all device ids
for device in adm.get_devices_status("accepted"):
logging.info("Accepted DeviceID: %s" % device["id"])
def test_reject_bootstrap(self):
"""Make sure a rejected device does not perform an upgrade, and that it gets it's auth token removed"""
if not env.host_string:
execute(self.test_reject_bootstrap, hosts=get_mender_clients())
return
# iterate over devices and reject them
for device in adm.get_devices():
adm.set_device_status(device["id"], "rejected")
logging.info("Rejecting DeviceID: %s" % device["id"])
adm.check_expected_status("rejected", len(get_mender_clients()))
with Helpers.RebootDetector() as reboot:
try:
deployment_id, _ = common_update_procedure(
install_image=conftest.get_valid_image())
except AssertionError:
logging.info("Failed to deploy upgrade to rejected device.")
reboot.verify_reboot_not_performed()
else:
# use assert to fail, so we can get backend logs
pytest.fail(
"no error while trying to deploy to rejected device")
return
finished = False
# wait until auththoken is removed from file
for _ in range(10):
with settings(abort_exception=Exception):
try:
run("journalctl -u mender -l -n 3 | grep -q 'authentication request rejected'"
)
except:
time.sleep(30)
else:
finished = True
break
adm.accept_devices(1)
if not finished:
pytest.fail("failed to remove authtoken from mender-store file")
def test_device_decommissioning(self, standard_setup_one_client):
""" Decommission a device successfully """
if not env.host_string:
execute(self.test_device_decommissioning,
standard_setup_one_client,
hosts=get_mender_clients())
return
adm.check_expected_status("pending", len(get_mender_clients()))
adm_id = adm.get_devices()[0]["id"]
device_id = adm.get_devices()[0]["device_id"]
adm.set_device_status(adm_id, "accepted")
# wait until inventory is populated
timeout = time.time() + (60 * 5)
while time.time() < timeout:
inventoryJSON = inv.get_devices()
if "attributes" in inventoryJSON[0]:
break
time.sleep(.5)
else:
pytest.fail("never got inventory")
# decommission actual device
deviceauth.decommission(device_id)
# now check that the device no longer exists in admissions
timeout = time.time() + (60 * 5)
while time.time() < timeout:
newAdmissions = adm.get_devices()[0]
if device_id != newAdmissions["device_id"] \
and adm_id != newAdmissions["id"]:
logger.info("device [%s] not found in inventory [%s]" %
(device_id, str(newAdmissions)))
break
else:
logger.info("device [%s] found in inventory..." % (device_id))
time.sleep(.5)
else:
pytest.fail("decommissioned device still available in admissions")
# make sure a deployment to the decommissioned device fails
try:
time.sleep(
120
) # sometimes deployment microservice hasn't removed the device yet
logger.info("attempting to deploy to decommissioned device: %s" %
(device_id))
deployment_id, _ = common_update_procedure(
install_image=conftest.get_valid_image(),
devices=[device_id],
verify_status=False)
except AssertionError:
logging.info("Failed to deploy upgrade to rejected device")
# authtoken has been removed
run("strings /data/mender/mender-store | grep -q 'authtoken' || false"
)
else:
pytest.fail("No error while trying to deploy to rejected device")
"""
at this point, the device will re-appear, since it's actually still
online, and not actually decomissioned
"""
adm.check_expected_status("pending", len(get_mender_clients()))
# make sure inventory is empty as well
assert len(inv.get_devices()) == 0