def do_test_ok_preauth_and_remove(self): """ Test the removal of a preauthorized auth set, verify it's gone from all API results. """ # preauthorize preauth_iddata = "{\"mac\":\"preauth-mac\"}" preauth_key = "preauth-key" r = adm.preauth(preauth_iddata, preauth_key) assert r.status_code == 201 devs = adm.get_devices(2) dev_preauth = [d for d in devs if d['device_identity'] == preauth_iddata] assert len(dev_preauth) == 1 dev_preauth = dev_preauth[0] # remove from admission r = adm.delete_auth_set(dev_preauth['id']) assert r.status_code == 204 # verify removed from admission devs = adm.get_devices(1) dev_removed = [d for d in devs if d['device_identity'] == preauth_iddata] assert len(dev_removed) == 0 # verify removed from deviceauth r = deviceauth.get_device(dev_preauth['id']) assert r.status_code == 404 # verify removed from inventory r = inv.get_device(dev_preauth['id']) assert r.status_code == 404
def do_test_ok_preauth_and_bootstrap(self): """ Test the happy path from preauthorizing a device to a successful bootstrap. Verify that the device/auth set appear correctly in admission API results. """ client = get_mender_clients()[0] # we'll use the same pub key for the preauth'd device, so get it res = execute(Client.get_pub_key, hosts=client) preauth_key = res[client].exportKey() # stick an extra newline on the key - this is how a device would send it preauth_key += '\n' # preauthorize a new device preauth_iddata = {"mac": "mac-preauth"} # serialize manually to avoid an extra space (id data helper doesn't insert one) preauth_iddata_str = "{\"mac\":\"mac-preauth\"}" r = adm.preauth(preauth_iddata_str, preauth_key) assert r.status_code == 201 # verify the device appears correctly in api results devs = adm.get_devices(2) dev_preauth = [d for d in devs if d['status'] == 'preauthorized'] assert len(dev_preauth) == 1 dev_preauth = dev_preauth[0] assert dev_preauth['device_identity'] == preauth_iddata_str assert dev_preauth['key'] == preauth_key # make one of the existing devices the preauthorized device # by substituting id data and restarting res = execute(Client.substitute_id_data, preauth_iddata, hosts=client) res = execute(Client.restart, hosts=client) # verify api results - after some time the device should be 'accepted' for _ in range(120): time.sleep(15) dev_accepted = adm.get_devices_status(status="accepted", expected_devices=2) if len([d for d in dev_accepted if d['status'] == 'accepted']) == 1: break logging.info("devices: " + str(dev_accepted)) dev_accepted = [d for d in dev_accepted if d['status'] == 'accepted'] logging.info("accepted devices: " + str(dev_accepted)) execute(Client.get_logs, hosts=client) assert len(dev_accepted) == 1, "looks like the device was never accepted" dev_accepted = dev_accepted[0] logging.info("accepted device: " + str(dev_accepted)) assert dev_accepted['device_identity'] == preauth_iddata_str assert dev_accepted['key'] == preauth_key # verify device was issued a token res = execute(Client.have_authtoken, hosts=client) assert res[client]
def do_test_fail_preauth_existing(self): """ Test 'conflict' response when an identity data set already exists. """ # wait for the device to appear devs = adm.get_devices(1) dev = devs[0] # try to preauthorize the same id data, new key r = adm.preauth(dev['device_identity'], 'preauth-key') assert r.status_code == 409
def do_test_ok_preauth_and_remove(self): """ Test the removal of a preauthorized auth set, verify it's gone from all API results. """ # preauthorize preauth_iddata = "{\"mac\":\"preauth-mac\"}" preauth_key = '''-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty 1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0 iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG UwIDAQAB -----END PUBLIC KEY----- ''' r = adm.preauth(preauth_iddata, preauth_key) assert r.status_code == 201 devs = adm.get_devices(2) dev_preauth = [d for d in devs if d['device_identity'] == preauth_iddata] assert len(dev_preauth) == 1 dev_preauth = dev_preauth[0] # remove from admission r = adm.delete_auth_set(dev_preauth['id']) assert r.status_code == 204 # verify removed from admission devs = adm.get_devices(1) dev_removed = [d for d in devs if d['device_identity'] == preauth_iddata] assert len(dev_removed) == 0 # verify removed from deviceauth r = deviceauth.get_device(dev_preauth['id']) assert r.status_code == 404 # verify removed from inventory r = inv.get_device(dev_preauth['id']) assert r.status_code == 404
def do_test_fail_preauth_existing(self): """ Test 'conflict' response when an identity data set already exists. """ # wait for the device to appear devs = adm.get_devices(1) dev = devs[0] # try to preauthorize the same id data, new key preauth_key = '''-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty 1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0 iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG UwIDAQAB -----END PUBLIC KEY----- ''' r = adm.preauth(dev['device_identity'], preauth_key) assert r.status_code == 409